Skip to main content

Stream Okta events

Once SlashID is set up to monitor your Okta environment, you can also receive security detection events via the AWS EventBridge log stream. Follow these steps to configure event streaming.

Step 1: Get the Event streaming token

  1. In the SlashID console, navigate to your Okta integration (SlashID console > Identity Protection > Configuration > Integrations).
  2. Copy the Event Streaming Token and store it securely, you’ll need it later.

Step 2: Create a new log stream in Okta

First, you need to create a new AWS EventBridge log stream in your Okta console. Follow the first half of this Okta guide to complete this step.

Step 3: Configure the log stream in AWS

To accept partner events from Okta, configure your Amazon EventBridge log stream.

1. Set up the event bus

  1. Log in to the AWS console and navigate to Amazon EventBridge.

  2. In the navigation panel, under Integration, select Partner event sources.

  3. If you successfully activated an AWS EventBridge log stream in Okta, you should see a partner event source in Pending status,named in this format:

aws.partner/okta.com/yourOktaSubdomain/yourAWSEventSourceName

  1. Select the log stream and click Associate with an event bus.

  2. On the Associate with event bus page, select the required permissions and click Associate.
    The partner event source is now active, and events will flow into the associated event bus.

Create a new rule

  1. Select Rules from the Buses section of the navigation panel.

  2. From the dropdown menu, select the Okta event bus you created in Step 1.

  3. Click on the Create rule button.

  4. In the Define rule details panel, give a name to your new rule and click Next.

Define an event pattern

  1. In the Build event pattern panel:
  • Event source: AWS events or EventBridge partner events
  • Sample event type: EventBridge partner events
  • Creation method: Use pattern form
  • Event source: EventBridge partners
  • Partner: Okta
  • Event type: All events

Click Next.

Configure target

  1. In the Select target(s) panel:
  • Target types: EventBridge API destination
  • API destination: Create a new API destination
  • Name: choose a user-friendly name for your new SlashID API target (e.g., "slashid-sink-okta")
  • API destination endpoint: https://api.slashid.com/nhi/events
  • HTTP method: POST
  • Connection type: Create a new connection
  • Connection name: choose a user-friendly name for your new connection (e.g., "slashid-sink-okta-connection")
  • API type: Public
  • Configure authorization: Custom configuration
  • Authorization type: API Key
  • API key name: Authorization
  • Value: use the SlashID Event streaming token you copied in Step 1 in the format Bearer [SLASHID-EVENT-STREAMING-TOKEN]
  • Execution role: Create a new role for this specific resource
  • Role name: leave as is or modify it

Click Next.

  1. Add tags if required, review the new rule and click Create rule.

Verify Configuration

  • The new rule should now appear in the Rules page with Status Enabled.
  • The new connection should appear as Authorized in the Integration > Connections page.