We have been playing around with the authentication and authorization service provider Okta, and found the possibilities for the streaming of logs at this layer of infrastructure pretty compelling. Okta provides services for platforms to provide authentication, authorization, and user management in their web or mobile app, and as all API service providers should, Okta has an API for programmatically accessing all aspects of your user management infrastructure.
After you setup your Okta account and environment, you get assigned a base URL for making API calls that are unique to your installation, and once you have this, you can begin streaming your authentication and authorization logs using the Okta Log API, using the following dimensions:
By Query:
curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://{yourOktaDomain}.com/api/v1/logs?q=Jane+Doe"
By Event Type:
curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://{yourOktaDomain}.com/api/v1/logs?logs?filter=eventType eq 'user.session.end'"
By Date:
curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://{yourOktaDomain}.com/api/v1/logs?since=2017-03-11"
When you look at some of the common use cases available via the Okta Log API, you begin to see some pretty interesting, and relevant streams of data as it pertains to a user management system:
– Password Resets for Users – eventType eq “user.account.reset_password”
– Find Rate Limit Errors – displayMessage eq “Rate limit violation”
– Application Assignment – application.user_membership.add
– Application Access – eventType eq “user.authentication.sso”
– User Creation – user.lifecycle.create
– User Locked Out – user.account.lock
– Self Service Unlock – self_service.account_unlock
– Sign-in Success – user.authentication.sso
– Suspicious Activity – outcome.reason eq “Authentication failed: bad username or password”
– Application Access – eventType eq “user.authentication.sso”
All of these event types have the potential to be assembled into a pretty interesting user management dashboard providing access to real time streams of user activity data. Allowing anyone to stay in sync with what is happening with users, and understanding the healthy, and even unhealthy behavior that is occurring. Providing critical observability into a layer of our platform operations that will touch every area of doing business online.
Okta provides a pretty compelling use case for streaming data as part of our user management systems. Providing programmatic access to the authentication and authorization layers of our application(s), as well as API infrastructure. Okta provides a baseline of the event-driven architecture we will all need at this critical layer of our platform operations. Some of the events occurring at this layer provide some of the most relevant events we use to measure the success of our platforms, making it some of the first resources we should be investing in when it comes to our event-driven, and real time streaming infrastructure.
Follow us on social