Okta Advanced Server Access collector
Configuration requirements
To run this collector there are some requirements detailed below that you need to consider.
Configuration | Details |
---|---|
Credentials | To retrieve an auth token, you need to create a Service User and API key. |
ASA Permissions | Create a group and give it the right permissions. |
More information
Refer to the Vendor setup section to know more about these configurations.
Overview
Okta Advanced Server Access is an application that manages SSH and RDP access to Linux and Windows servers. Using Okta as its source of truth, Advanced Server Access reconciles with your internal servers to provide Zero Trust software that you can use to secure them. To start using Advanced Server Access, you have to create a team and configure some settings. In Advanced Server Access, a team is a named group of users who can authenticate with Okta. A team is an Advanced Server Access tenant, which is similar to an Okta tenant. All configurations and resources in Advanced Server Access are scoped to a team.
Learn more about this technology by accessing the web documentation here.
Data source description
The collector process the OKTA ASA API responses and send them to the Devo platform, which will categorize all the information received on tables in your Devo domain.
The OKTA ASA Resource API allows to retrieve of account activities for the event resource:
Resource type | Definition | Devo data table |
---|---|---|
Events | Advanced Server Access (ASA) Audit Events provide log data of ASA User actions such as accessing ASA Servers, enrolling ASA Clients, and creating resources. |
|
For more information about the OKTA ASA Resource API, visit the OKTA ASA API Reference.
Vendor Setup
Getting credentials
To retrieve an auth token, you need to create a Service User and API key.
Auth tokens may expire at any time, so code that uses them should be prepared to handle a 401 Unauthorized
response code by creating a new auth token.
Also, you will need to provide a team name in order to run the collector. That can be found on your Okta ASA Dashboard account options, at the top-right corner. The name followed by the rocket icon is your team name.
Permissions
The permissions of ASA Users are determined by their ASA Group membership. Each ASA Group to which an ASA User belongs implies permissions through Team-wide Roles and Project membership.
Create a group, assign it to a user, and give it reporting permission only. That permission will be enough to extract audit events.
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Change log for v1.x.x
Release | Released on | Release type | Details | Recommendations |
---|---|---|---|---|
| Jul 29, 2022 | IMPROVEMENT | Improvements:
|
|
| Nov 3, 2022 | IMPROVEMENT | Improvements:
|
|