Configuring the BlueApp for Okta

Role Availability Read-Only Investigator Analyst Manager

After you configure the connection between the BlueApp for Okta and the Okta API, the predefined, scheduled job collects event logs from Okta every 20 minutes. After USM Anywhere collects and analyzes the first of these events, the Okta dashboard is available in the Dashboards menu.

Create an Okta API Token

Before you can collect and analyze Okta log data within USM Anywhere, you must have an API token that USM Anywhere can use to connect to your Okta environment. Okta issues an API token for a specific user and all requests with that token act on behalf of that user.

Important: You must have Okta Super Administrator or Org Administrator privileges to generate a valid API token for integration with the BlueApp for Okta. See their Administrators article for more information about administrator privileges in Okta.

To acquire the API token for Okta

  1. Open your Okta administration dashboard with your user login.
  2. Select Security > API.
  3. At the top of the page, click Create Token.
  4. In the dialog box, enter a name for the token and click Create Token.

    The name should indicate the intended use for the token, such as USM-Anywhere.

    Enter a name for the new Okta API token

    Okta generates the unique token and displays the value in the dialog box.

    Copy the displayed API token value

  5. Copy the token to your clipboard or an encrypted text file and click OK, got it.

    The list in the page includes your new token.

    Enetr a name for the new Okta API token

Enable the BlueApp for Okta API Connection

After you generate an Okta API token and copy the value, you're ready to enable the BlueApp in USM Anywhere.

To enable the BlueApp for Okta

  1. In USM Anywhere, go to Data Sources > BlueApps.
  2. Click the Available Apps tab.
  3. Search for the BlueApp, and then click the tile.
  4. Click Configure API.
  5. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled BlueApp.

    BlueApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the BlueApp API endpoints.

  6. Enter the connection information to access the API for your Okta environment:

    Select the Settings tab to enter the Okta URL and API token

    • Okta URL: Enter the URL that you use to access your Okta environment.
    • Okta API Token: Click Change Okta API Token and enter the API token created with your user account.
  7. Click Save.
  8. Verify the connection.

    After USM Anywhere completes a successful connection to the Okta APIs, a icon displays in the Health column.

    If the icon displays, there is a problem with the connection. The Message column provides information about the issue. Repeat the steps to fix the configuration or troubleshoot your Okta connection.

BlueApp Log Collection

Once the BlueApp has been configured, you can choose to have USM Anywhere collect logs from the app on a regular basis.

To configure log collection for the BlueApp

  1. Go to Settings > Scheduler.
  2. In the Job Scheduler, search for the BlueApp on the sensor to which it was deployed.
  3. In the enabled column, click the icon for the inactive collection job.

    The icon turns green, and collection is enabled.

  4. (Optional.) Click the icon to customize the frequency of the event collection.