Integrating Okta with Kaseya SIEM

This guide explains how to connect an Okta environment to Kaseya SIEM to monitor identity-based events such as authentication failures, password resets, and changes to multi-factor authentication (MFA).

Requirements

Before starting, ensure the customer meets these criteria:

Okta Admin Privileges: You must have administrative access to the Okta tenant to create an app integration.
Client Domain: You need the full Okta domain URL in the format: https://yourdomain.okta.com.
API Scopes: The integration requires specific permissions to read logs (okta.logs.read).

Pre-configuration in Okta

You must create a custom application in the Okta Admin Console to provide an API bridge for Kaseya SIEM.

Log in to the Okta Admin Console.
Navigate to Applications > Applications and click Create App Integration.
Select OIDC: OpenID Connect as the Sign-in method and choose Web Application as the Application type.
- Application Settings:
  - Name: Enter "Kaseya SIEM"
  - Grant Types: Select Authorization Code and Refresh Token.

Sign-in Redirect URIs: Add the following URLs exactly:

https://manage.saasalerts.com/products/oauth2/redirect

In the Assignments section, select Skip group assignment for now.

Scopes: Once created, navigate to the Okta API Scopes tab in the app settings and grant okta.logs.read.

Connecting in Kaseya SIEM

Once the Okta app is configured, use the generated credentials to link the systems.

Navigate to Organizations in Kaseya SIEM and click the Edit (pencil) icon for the target client.
Go to the Applications tab and click + New Application.
Locate the Okta tile and click Connect.
Enter Credentials:
- Domain: Your specific Okta URL (e.g., https://yourdomain.okta.com).
- Client ID & Client Secret: Copy these from the General tab of your new Okta app integration.
Click Finish.

A pop-up will appear to authorize the connection; sign in with your Okta admin credentials and click Allow.

Verifying the connection

Status Check: The Okta tile should now show a Green "Active" status in the client's application list.
Data Flow: Log data should begin appearing in the Analysis tab within 15–30 minutes.
Monitored Events: Confirm you see events such as Authentication Success, Authentication Failure, and MFA Enabled/Disabled.

Troubleshooting

Redirect URI Mismatch: If you receive an error during the login pop-up, verify that the Sign-in Redirect URI in Okta matches the one provided in the configuration exactly.
Insufficient Permissions: If the connection is active but no logs appear, ensure the okta.logs.read scope was properly granted and consented to.
Pop-up Blocked: Ensure your browser is not blocking the Okta authentication window during the Connect step.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.