Sending Okta Logs

Last updated on 27 March, 2023

Okta is a commonly used identity management service for adding authentication and authorization functionality to applications. The following describes how to set up the collection and forwarding of Okta system logs to LM Logs for further ingestion and processing.


Deploying the AWS CloudFormation Stack

The integration uses an AWS CloudFormation stack including a Lambda function written in Python. The integration components are available in this LogicMonitor GitHub repository.

Do the following to create and deploy the integration components.

  1. Navigate to the Okta Log Collector for LM Logs GitHub repository.
  2. In the repository, select Launch Stack to initiate the stack creation.
  3. Log into AWS and select the create stack option in CloudFormation.
  4. Enter a name for the stack, for example “lm-okta-log-collector”.
  5. Enter parameter values as applicable, for parameter descriptions see Configuration Options.

  6. Select Create Stack to deploy the Lambda function.

When you have created the stack, Okta system logs will be collected and forwarded periodically based on the configured time range.

Configuration Options

FunctionName(Required) The name of the log forwarding Lambda function. 
Default value: LM-Okta-Log-Collector
LMCompanyName(Required) Your LogicMonitor account (portal) name. 
LMAccessId(Required) The LogicMonitor API tokens access ID
LMAccessKey(Required) The LogicMonitor API tokens access key.
OktaDomain(Required) Your Okta domain, for example “”.
OktaAPIKey(Required) Your Okta API key used to fetch logs from Okta, see Requirements.
LMLogsServiceNameUsed for anomaly detection if no resource mapping exists. Default value: okta-system-logs
LMResourceIdResource mapping in JSON format, ignored when LMLogsServiceName is specified. For example, if specified as {"system.hostname" : "prod-node-us-west-1"} all logs are mapped against the device with property “system.hostname = prod-node-us-west-1”.
IncludeMetadataKeysComma-separated keys to add as event metadata fields in an lm-log event. For nested JSON specify ‘.’ Example: actor.displayname,actor.type. Default values: severity,actor.displayName,actor.type,actor.alternateId,,displayMessage,eventType,target
ScheduleExpressionCron expression for triggering the Lambda function. For example when set to “rate(2 minutes)”, the function runs every 2 minutes. See the AWS documentation. Default value: rate(2 minutes)
FunctionMemorySizeMemory size in MBs for the Okta Log Collector Lambda function. Default value: 2048
FunctionTimeoutInSecondsTimeout in seconds for the Okta Log Collector Lambda function. Default value: 110


See the following if you are experiencing issues after setting up the collection and forwarding of Okta logs to LM Logs.

No Logs Appear in LM Logs Page

If you don’t see any logs in the LM Logs page, check the following:

  • Ensure that the credentials used and parameter configurations are valid.
  • Investigate the CloudWatch logs to get more information.

Lambda Function Timeouts

In case of frequent Lambda function timeouts, try the following: 

  • Increase the memory size (FunctionMemorySize), this results in faster CPU assignment.
  • Increase the trigger time rate (ScheduleExpression) to for example 5 minutes.
In This Article