Splunk® Supported Add-ons

Splunk Add-on for Okta Identity Cloud

Configure credentials for Splunk Add-on for Okta Identity Cloud

Setup Okta Identity Cloud for OAuth2

To utilize the OAuth2 in Okta Identity Cloud, create a Web App in the Okta Identity Cloud environment:

  1. Go to Applications > Applications. Click on "Create App Integration".
  2. Click "OIDC - OpenID Connect" and then click "Web Application" for Application Type.
  3. Click Next.
  4. Provide an "App Integration Name".
  5. For "Grant Type", check "Refresh Token".
  6. In "Assignments", you can select any of the options. Ensure that the App that is created is assigned to the admin user of the account. See step 8 to assign the app to a user.
  7. Click "Save". The app is created with Client ID and Client Secret. Save both these values, they will be used while configuring the Account in Splunk Add-on for Okta Identity Cloud.
  8. Navigate to "Assignments" and click on Assign > Assign to people.
    1. Search for your super admin account's username and click on "Assign".
    2. Click "Save and Go Back".
    3. Click Done.
    4. Navigate to "Okta API Scopes" and grant the following scopes to the new App:
      • okta.users.read - to read/get the users related data in the add-on.
      • okta.logs.read - to read/get the system logs in the add-on.
      • okta.groups.read - to read/get the groups related data in the add-on.
      • okta.apps.read - to read/get the apps related data in the add-on.
    5. The app is now ready to use for authorizing add-on API requests to collect the data.

You must provide the Okta API Scopes to the App to collect data with the add-on's OAuth2 functionality. You must also assign the Web App to the admin of the Okta Identity Cloud account.

Setup Splunk add-on for Okta Identity Cloud to utilize the OAuth2 mechanism

Before you configure an account in the add-on, make sure you have created a Web App in Okta Identity Cloud using the previous steps and that all the correct scopes have been assigned to that app.

  1. In Splunk Web, go to the Splunk Add-on for Okta Identity Cloud, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Okta Identity Cloud.
  2. Click the Configuration tab.
  3. Click the Okta Accounts tab.
  4. Click the Add button.
  5. Select Auth Type as "OAuth 2.0 Authentication" and fill in the fields:
    Field Description
    Okta Account Name Choose a unique name of your Okta Identity Cloud account
    Client ID Client ID of the Web App you created in Okta Identity Cloud
    Client Secret Client Secret of the Web App you created in the Okta Identity Cloud
    Okta Domain Your Okta Domain, formatted as <my_domain_name>.okta.com
    Redirect URI (you don't need to fill this) Paste this redirect URI in the Sign-in Redirect URI section of the Web App that you created in Okta Identity Cloud
    Scope (you don't need to fill this) Scopes that will requested by the add-on from the Okta web app, and based on the scopes granted in the web app, the access token will be generated
  6. Click Add.
  7. A popup opens for authorization consent from your Okta Identity Cloud environment. Enter your authorization credentials. If you have SSO, SAML or other authentication set up, enter the authorization credentials in the popup. Ensure that you complete authentication process in less than 30 seconds.

If no scopes are granted in the web app created in Okta Identity Cloud, the account won't be saved in the add-on.

Set up the Splunk Add-on for Okta Identity Cloud to utilize API Token mechanism

This Add-on communicates with Okta's API to retrieve relevant data and therefore requires an API token to authenticate the calls to Okta's API.

To create an API token see your Okta Identity Cloud documentation.

Before using this Add-on, ensure you have created an API key for your Okta domain.

  1. On Splunk Web, go to the Splunk Add-on for Okta Identity Cloud, either by clicking the name of this add-on on the left navigation banner or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Okta Identity Cloud.
  2. Click the Configuration tab.
  3. Click the Okta Accounts tab.
  4. Click the Add button.
  5. In the Add Okta Accounts dialogue box, "Basic Authentication" is selected by default. Fill in the required fields:
    Field Description
    Okta Account Name Choose a unique name of your Okta Identity Cloud organization.
    Okta Domain Your Okta Domain, formatted as <my_domain_name>.okta.com
    Okta API Token The API token that you obtained from Okta.
Last modified on 03 September, 2024
Migrate from Okta Identity Cloud Add-on for Splunk to the Splunk Add-on for Okta Identity Cloud   Configure the Splunk Add-on for Okta Identity Cloud

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters