Execution Log Streaming

Early Access release

The Execution Log Streaming feature captures event metadata for all flows. You can track metadata for every flow, or just for specific high-risk or high-impact flows. This feature is useful when you want a detailed event history for analysis and alert activities.

By integrating Execution Log Streaming with a Security Information and Event Management (SIEM) system, you can collect and collate metadata of events for further analysis.

Instead of using helper flows to stream information to a SIEM, the Execution Log Streaming is a built-in feature. This minimizes the amount of configuration and maintenance required. Also, unlike using helper flows, Execution Log Streaming doesn't count against the number of flows included under your Okta Workflows limits.

Benefits

Streaming the detailed metadata of your Okta Workflows flow executions into your SIEM architecture offers several benefits:

  • Immediate alerting for high severity errors or consistently repeated errors within your flows

  • Audit the health and performance of flows on timescales that exceed the normal 30-day retention period for Okta Workflows

  • Understand your flow usage and progression towards flow limits

  • Configure alerts and analysis in your SIEM system using familiar tools

  • No platform dependencies or storage limits

Event metadata

The events recorded by Execution Log Streaming include:

  • Starting flows

  • Successfully completed flows

  • Flows that failed due to errors

  • Flows canceled by users

  • Paused flows

  • Flows that are rate limited by third-party services

  • Flows throttled by Okta

Limits

There are maximum limits on the number of execution events that can be passed to your SIEM recipient.

Next steps

Configure Execution Log Streaming

Manage Execution Log Streaming for individual flows

Event metadata for Execution Log Streaming

System events for Execution Log Streaming