Join fellow LogicMonitor users at the Elevate Community Conference and get hands-on with our latest product innovations.

Register Now

Platform

Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

Platform Overview
Infrastructure Monitoring
Cloud Monitoring
Digital Experience
AIOPS

Solutions

Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

Solutions Overview
By Initiative
By Industry

Resources

Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

View Resources
Learn

About us

Get to know LogicMonitor and our team.

About us
Get to know us
Services

Documentation

Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

View Resources
Support
TRY IT FREE
ON DEMAND DEMO

Product Documentation

Sending Okta Logs

Last updated on 01 July, 2025

Okta is a commonly used identity management service for adding authentication and authorization functionality to applications. The following describes how to set up the collection and forwarding of Okta system logs to LM Logs for further ingestion and processing.

Integrating Okta Logs with LM on AWS

You can leverage an AWS CloudFormation Stack to automate your log collection, processing, and forwarding from Okta. For more information, see Okta Log Ingestion with AWS Overview.

Integrating OKTA Logs with LM on Azure

This integration provides an Azure ARM Template which includes a Function App periodically collecting Okta system logs and forwarding it to LogicMonitor.

Requirements

  • LogicMonitor API tokens to authenticate all requests to the log ingestion API. For more information, see API Tokens.
  • Okta API access key. To know how to generate Okta API access key, see Create the Token in the Okta documentation.

Configuration Parameters

Use the following parameters while deploying integration on Azure.

ParameterDescription
AZURE_REGIONRegion in which the resources should be created
LM_COMPANYThe LogicMonitor account name
LM_DOMAIN_NAMEThe LogicMonitor domain nameBy default, it is set to “logicmonitor.com”. The supported domains for this variable are as follows:
lmgov.us
qa-lmgov.us
logicmonitor.com
LM_ACCESS_IDThe LM API tokens access ID
LM_ACCESS_KEYThe LM API tokens access key
LM_BEARER_TOKENThe LM API Bearer token. You must specify LMBearerToken if not providing LMAccessId, LMAccessKey. If you provide all, LMAccessId and LMAccessKey are used to authenticate with LogicMonitor. 
OKTA_DOMAINOkta domain, for example, “company.okta.com”
OKTA_API_KEYOkta API key to fetch logs from okta
LM_SERVICE_NAME_KEYThis is used for anomaly detection. By default, it is set to okta-system-logs.
LM_RESOURCE_IDThis parameter is ignored if LM_SERVICE_NAME is set. It specifies resource mapping in JSON format. If specified as {“system.hostname” : “prod-node-us-west-1”}, all logs are will mapped to the device with property system.hostname = prod-node-us-west-1.
INCLUDE_METADATA_KEYSComma separated keys to add as event metadata in a lm-log event. For nested json specify ‘.’ For example – actor.displayname,actor.type. By default, it is set to ‘severity,actor.displayname,actor.type,actor.alternateId,client.geographicalContext.city,displayMessage,eventType’
S3_FOLDERThe S3 bucket name where the code is stored. By default it is set to stable. The staging option refers to develop branch and the stable option refers to master branch. 

Deploying OKTA Log Integration with LM on Azure

  1. Select the following link to open the custom deployment template in the Microsoft Azure portal: Deploy from a custom template.
  2. Sign in with your Azure credentials if prompted.
  3. On the Custom deployment page, enter the required parameter values.
  4. Select Review + create.

If the deployment is successful, logs appear in the LogicMonitor portal.

Troubleshooting

Enabling Debug Logging

You can enable Application Insights in the Function App to check whether it is receiving logs. For more information, see Enable streaming execution logs.

You can configure the application logging type and level using the Azure CLI webapp log config command. Example:

az webapp log config --resource-group <Azure Function's Resource Group name> --name <Azure Function name> --application-logging true --level verbose --detailed-error-messages true

After configuring application logging, you can see the logs using Azure CLI webapp log tail. Example:

az webapp log tail --resource-group <Azure Function's Resource Group name> --name <Azure Function name>

Integrating Okta Log with LM on GCP

This integration provides a GCP stack which includes a cloud function that periodically collects Okta system logs and forwards them to LogicMonitor.

Requirements

  • LogicMonitor API tokens to authenticate all requests to the log ingestion API. For more information, see API Tokens.
  • Okta API access key. To know how to generate Okta API access key, see Create the Token in the Okta documentation.

Configuration Parameters

ParameterDescription
LM_RESOURCE_IDThis parameter is ignored if LM_SERVICE_NAME is set. It specifies resource mapping in JSON format. If specified as {“system.hostname” : “prod-node-us-west-1”}, all logs are will mapped to the device with property system.hostname = prod-node-us-west-1.
LM_SERVICE_NAMEThis is used for anomaly detection. By default, it is set to okta-system-logs.
OKTA_DOMAINThe Okta domain. For example, “company.okta.com”.
LM_DOMAIN_NAMEThe LogicMonitor domain nameBy default, it is set to “logicmonitor.com”. The supported domains for this variable are as follows:
lmgov.us
qa-lmgov.us
logicmonitor.com
COMPANY_NAMEThe LogicMonitor account name.
LM_ACCESS_KEYThe LM API token access key.
LM_ACCESS_IDThe LM API token access ID.
LM_BEARER_TOKENThe LM API Bearer token. You must specify the LM_BEARER_TOKEN if you are not providing the LM_ACCESS_ID and LM_ACCESS_KEY. If you provide all three (the bearer token, access ID, and access key), the LM_ACCESS_ID and LM_ACCESS_KEY is used to authenticate with LogicMonitor.
INCLUDE_METADATA_KEYSComma separated keys to add as event metadata in a lm-log event. For nested JSON, specify ‘.’ For example, – actor.displayname,actor.type. By default, it is set to ‘severity,actor.displayname,actor.type,actor.alternateId,client.geographicalContext.city,displayMessage,eventType’
OKTA_API_KEYAPI key used to fetch logs from Okta.

Deploying LM Integration on GCP

  1. In Google Cloud Console, select Activate Cloud Shell on the top right. A Cloud Shell Terminal below the workspace is displayed.
  2. Run the following commands to install the integration:
    export OKTA_DOMAIN=<okta domain> \
    export OKTA_API_KEY=<okta api key> \
    export COMPANY_NAME=<lm company name> \
    export LM_DOMAIN_NAME=<lm domain name> \
    export LM_ACCESS_ID=<lm access id> \
    export LM_ACCESS_KEY=<lm access key> \
    export INCLUDE_METADATA_KEYS=actor.displayName \
    export REGION=<region> \ source <(curl -s https://lm-logs-okta-collector-gcp.s3.amazonaws.com/stable/gcp.sh) && deploy_lm_logs_okta

If the deployment is successful, logs appear in the LogicMonitor portal.

Removing the integration

Run the following commands to delete the Okta log integration with LM on GCP and all its resources from the GCP console:

export REGION=<region> \
source <(curl -s https://lm-logs-okta-collector-gcp.s3.amazonaws.com/stable/gcp.sh) && delete_lm_logs_okta
In This Article

Start Your Trial

Full access to the LogicMonitor platform.
Comprehensive monitoring and alerting for unlimited devices.