DataDog · DhruvaPatel-crest · Dec 23, 2024 · Dec 23, 2024 · Dec 23, 2024 · Dec 23, 2024
@@ -306,6 +306,11 @@ datadog_checks_base/datadog_checks/base/checks/windows/              @DataDog/wi
 /mux/manifest.json                                                  @DataDog/saas-integrations @DataDog/documentation
 /mux/metadata.csv                                                   @DataDog/saas-integrations @DataDog/documentation
 
+/okta_workflows/                                                          @DataDog/saas-integrations
+/okta_workflows/*.md                                                      @DataDog/saas-integrations @DataDog/documentation
+/okta_workflows/manifest.json                                             @DataDog/saas-integrations @DataDog/documentation
+/okta_workflows/assets/logs/                                              @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core
+
 /palo_alto_cortex_xdr/                                               @DataDog/saas-integrations
 /palo_alto_cortex_xdr/*.md                                           @DataDog/saas-integrations @DataDog/documentation
 /palo_alto_cortex_xdr/manifest.json                                  @DataDog/saas-integrations @DataDog/documentation

@@ -379,6 +379,8 @@ integration/nvidia_triton:
 - nvidia_triton/**/*
 integration/oke:
 - oke/**/*
+integration/okta_workflows:
+- okta_workflows/**/*
 integration/oom_kill:
 - oom_kill/**/*
 integration/openai:

@@ -0,0 +1,8 @@
+# CHANGELOG - okta_workflows
+
+## 1.0.0 / 2024-12-23
+
+***Added***:
+
+* Initial Release
+
@@ -0,0 +1,53 @@
+# Okta Workflows
+
+## Overview
+[Okta Workflows][1] is a no-code automation platform provided by Okta, designed to simplify and automate identity-related tasks and processes. It allows organizations to build custom workflows that integrate seamlessly with Okta's identity and access management capabilities and third-party applications, enhancing operational efficiency, security, and user experience.
+
+The Okta Workflows integration collects Okta workflow event logs and sends it into Datadog for comprehensive analysis.
+
+## Setup
+
+### Generate API Credentials in Okta Workflows
+1. Log in to the [Okta Admin Console][2] as an **admin** which has the [Read-only administrators][3] role.
+2. Follow the steps in [this guide][5] to generate an API token.
+
+### Get Okta Workflows Domain
+1. Sign in to your Okta organization with your administrator account.
+2. Locate the **Domain** by clicking your username in the top-right corner of the Admin Console. The domain appears in the dropdown menu. Your Okta domain looks like
+     - example.oktapreview.com
+     - example.okta.com
+     - example.okta-emea.com
+
+### Connect your Okta Workflows Account to Datadog
+1. Add your API Token and Okta Domain
+
+   | Parameters           | Description                       |
+   |--------------------- |-----------------------------------|
+   | API Token            | The API Key of Okta Workflows.    |
+   | Okta Domain          | The Domain of Okta Workflows.     |
+
+2. Click the Save button to save your settings.
+
+## Data Collected
+
+### Logs
+
+The Okta Workflows integration collects and forwards okta workflow event logs to Datadog.
+
+### Metrics
+
+The Okta Workflows integration does not collect any metrics.
+
+### Events
+
+The Okta Workflows integration does not include any events.
+
+## Support
+
+For further assistance, contact [Datadog Support][3].
+
+[1]: https://www.okta.com/products/workflows/
+[2]: https://login.okta.com/
+[3]: https://help.okta.com/en-us/content/topics/security/administrators-read-only-admin.htm
+[4]: https://docs.datadoghq.com/help/
+[5]: https://help.okta.com/en-us/content/topics/security/api.htm?cshid=ext-create-api-token#create-okta-api-token
@@ -0,0 +1,227 @@
+id: okta-workflows
+metric_id: okta-workflows
+backend_only: false
+facets:
+  - groups:
+      - Event
+    name: Event Name
+    path: evt.name
+    source: log
+  - groups:
+      - Event
+    name: Event Outcome
+    path: evt.outcome
+    source: log
+  - groups:
+      - Web Access
+    name: User-Agent
+    path: http.useragent
+    source: log
+  - groups:
+      - Web Access
+    name: Browser
+    path: http.useragent_details.browser.family
+    source: log
+  - groups:
+      - Web Access
+    name: Device
+    path: http.useragent_details.device.family
+    source: log
+  - groups:
+      - Web Access
+    name: OS
+    path: http.useragent_details.os.family
+    source: log
+  - groups:
+      - Geoip
+    name: City Name
+    path: network.client.geoip.city.name
+    source: log
+  - groups:
+      - Geoip
+    name: Continent Code
+    path: network.client.geoip.continent.code
+    source: log
+  - groups:
+      - Geoip
+    name: Continent Name
+    path: network.client.geoip.continent.name
+    source: log
+  - groups:
+      - Geoip
+    name: Country ISO Code
+    path: network.client.geoip.country.iso_code
+    source: log
+  - groups:
+      - Geoip
+    name: Country Name
+    path: network.client.geoip.country.name
+    source: log
+  - groups:
+      - Geoip
+    name: Subdivision ISO Code
+    path: network.client.geoip.subdivision.iso_code
+    source: log
+  - groups:
+      - Geoip
+    name: Subdivision Name
+    path: network.client.geoip.subdivision.name
+    source: log
+  - groups:
+      - Web Access
+    name: Client IP
+    path: network.client.ip
+    source: log
+  - groups:
+      - User
+    name: User Email
+    path: usr.email
+    source: log
+  - groups:
+      - User
+    name: User ID
+    path: usr.id
+    source: log
+  - groups:
+      - User
+    name: User Name
+    path: usr.name
+    source: log
+  - groups:
+      - Geoip
+    name: AS Domain
+    path: network.client.geoip.as.domain
+    source: log
+pipeline:
+  type: pipeline
+  name: Okta Workflows
+  enabled: true
+  filter:
+    query: source:okta-workflows
+  processors:
+    - type: service-remapper
+      name: Define `service` as the official service of the log
+      enabled: true
+      sources:
+        - service
+    - type: date-remapper
+      name: Define `log.published` as the official date of the log
+      enabled: true
+      sources:
+        - log.published
+    - type: message-remapper
+      name: Define `log.displayMessage` as the official message of the log
+      enabled: true
+      sources:
+        - log.displayMessage
+    - type: status-remapper
+      name: Define `log.severity` as the official status of the log
+      enabled: true
+      sources:
+        - log.severity
+    - type: attribute-remapper
+      name: Map `log.eventType` to `evt.name`
+      enabled: true
+      sources:
+        - log.eventType
+      sourceType: attribute
+      target: evt.name
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: attribute-remapper
+      name: Map `log.outcome.result` to `evt.outcome`
+      enabled: true
+      sources:
+        - log.outcome.result
+      sourceType: attribute
+      target: evt.outcome
+      targetType: attribute
+      targetFormat: string
+      preserveSource: false
+      overrideOnConflict: false
+    - type: attribute-remapper
+      name: Map `log.client.userAgent.rawUserAgent` to `http.useragent`
+      enabled: true
+      sources:
+        - log.client.userAgent.rawUserAgent
+      sourceType: attribute
+      target: http.useragent
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: user-agent-parser
+      name: User-Agent Parser for `http.useragent`
+      enabled: true
+      sources:
+        - http.useragent
+      target: http.useragent_details
+      encoded: false
+      combineVersionDetails: false
+    - type: attribute-remapper
+      name: Map `log.actor.id` to `usr.id`
+      enabled: true
+      sources:
+        - log.actor.id
+      sourceType: attribute
+      target: usr.id
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: attribute-remapper
+      name: Map `log.actor.alternateId` to `usr.email`
+      enabled: true
+      sources:
+        - log.actor.alternateId
+      sourceType: attribute
+      target: usr.email
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: attribute-remapper
+      name: Map `log.actor.displayName` to `usr.name`
+      enabled: true
+      sources:
+        - log.actor.displayName
+      sourceType: attribute
+      target: usr.name
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: attribute-remapper
+      name: Map `log.actor.type` to `usr.type`
+      enabled: true
+      sources:
+        - log.actor.type
+      sourceType: attribute
+      target: usr.type
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: attribute-remapper
+      name: Map `log.actor.detailEntry` to `usr.details`
+      enabled: true
+      sources:
+        - log.actor.detailEntry
+      sourceType: attribute
+      target: usr.details
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: attribute-remapper
+      name: Map `log.client.ipAddress` to `network.client.ip`
+      enabled: true
+      sources:
+        - log.client.ipAddress
+      sourceType: attribute
+      target: network.client.ip
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: geo-ip-parser
+      name: GeoIP for the `network.client.ip`
+      enabled: true
+      sources:
+        - network.client.ip
+      target: network.client.geoip
+      ip_processing_behavior: do-nothing