Session recording allows teams to securely record a complete and accurate history of individual Secure Shell (SSH) and Remote Desktop (RDP) sessions. Teams can use these recordings for audit, training, or server monitoring purposes.
During a session, the gateway temporarily stores files at a specified location. After a session ends, teams can store the finalized session logs locally on the gateway or upload them to remote platforms such as Amazon Web Services (AWS) S3 or Google Cloud Storage (GCS). See Configure the Okta Privileged Access gateway.
Session logs are formatted to include a UTC timestamp, the Okta Privileged Access team name, and the account of the Okta Privileged Access user. For example, a sample session log filename is YYYYMMDDTHHMMSS.SSSS-teamName-userName.asa.
Signing and encryption
Okta Privileged Access signs session logs to provide integrity. This prevents attackers from manipulating a log file to hide their actions. New signing keys are generated roughly every 24 hours.
Okta Privileged Access doesn't store or encrypt session logs. To enable automatic encryption, Okta recommends storing the logs in an encrypted cloud bucket. See Session recording.