Okta REST API protocol configuration options

To receive events from Okta, configure a log source in IBM® QRadar® by using the Okta REST API protocol.

The Okta REST API protocol is an outbound/active protocol that queries Okta events and users API endpoints to retrieve information about actions that are completed by users in an organization.

The following table describes the protocol-specific parameters for the Okta REST API protocol:
Table 1. Okta REST API protocol parameters
Parameter Description
Log Source Identifier

A unique name for the log source.

The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can be the same value as the log source Name. If you have more than one Okta log source that is configured, you might want to identify the first log source as okta1, the second log source as okta2, and the third log source as okta3.

IP or Hostname oktaprise.okta.com
Authentication Token A single authentication token that is generated by the Okta console and must be used for all API transactions.
Use Proxy

If QRadar accesses Okta by using a proxy, enable this option.

When a proxy is configured, all traffic for the log source travels through the proxy for QRadar to access Okta.

If the proxy requires authentication, configure the Hostname, Proxy Port, Proxy Username, and Proxy Password fields. If the proxy does not require authentication, you can leave the Proxy Username and Proxy Password fields blank.


If you select Use Proxy, this parameter is displayed.

Proxy Port

If you select Use Proxy, this parameter is displayed.

Proxy Username

If you select Use Proxy, this parameter is displayed.

Proxy Password

If you select Use Proxy, this parameter is displayed.

Recurrence A time interval to determine how frequently the poll is made for new data. The time interval can include values in hours (H), minutes (M), or days (D). For example, 2H = 2 hours, 15M = 15 minutes, 30 = seconds. The default is 1M.
EPS Throttle

The maximum number of events per second that are sent to the flow pipeline. The default is 5000.

Ensure that the EPS Throttle value is higher than the incoming rate or data processing might fall behind.