Skip to main content

Overview

Okta’s Log Streaming feature pushes every System Log event to AWS EventBridge in near real time. From there, an EventBridge API Destination forwards them directly to Bronto — no Lambda function, no verification handshake, and no middleware required. This is the recommended approach for sending Okta events to Bronto. Okta Event Hooks are not a good fit for this direct integration because they require a verification payload exchange that Bronto ingestion endpoints do not support. To use Event Hooks, you would need to place a proxy service in front of Bronto to handle the verification step and then forward the events.

Prerequisites

  • A Bronto account and API key (how to create one)
  • An AWS account with permissions to configure EventBridge
  • Super admin access to your Okta org
  • Okta Log Streaming is available on Okta’s Enterprise plan. Contact Okta support to confirm it is enabled for your org.

How it works

Okta System Log → AWS EventBridge (partner event bus) → EventBridge Rule → API Destination → Bronto
Okta sends all System Log events to a dedicated EventBridge partner event bus. An EventBridge rule matches those events and routes them to a Bronto API Destination, which POSTs them to Bronto’s ingestion endpoint with your API key and routing headers attached.

Step 1 — Add the AWS EventBridge log stream in Okta

  1. In the Okta Admin Console, go to Reports → Log Streaming.
  2. Click Add Log Stream and select AWS EventBridge.
  3. Fill in the configuration:
FieldValue
NameBronto
AWS Event Source Nameokta-bronto (no spaces or special characters)
AWS Account IDYour 12-digit AWS account ID
AWS RegionSelect the region closest to your Bronto region
  1. Click Save. The stream appears as Active on the Log Streaming page.
Okta streams all System Log events — there is no event filtering available on the Okta side. Filtering can be applied at the EventBridge rule level if needed.
For full details, see the Okta Log Streaming documentation.

Step 2 — Activate the partner event bus in AWS

  1. In the AWS Console, go to Amazon EventBridge → Partner event sources.
  2. Find the pending event source — it will be named in the format:
aws.partner/okta.com/<your-okta-subdomain>/okta-bronto
  1. Select it and click Associate with an event bus.
  2. Set the required permissions and click Associate. The status changes to Active.

Step 3 — Create a Bronto connection in EventBridge

The connection stores your Bronto API key and routing headers. In EventBridge → API Destinations → Connections → Create connection:
FieldValue
Connection namebronto-connection
Authorization typeAPI Key
API key namex-bronto-api-key
API key value<YOUR_BRONTO_API_KEY>
The x-bronto-dataset and x-bronto-collection headers are added at the API destination level, not the connection level. You will set these in Step 4 via the Invocation Http Parameters section in the console. Alternatively, you can set them on the connection via the AWS CLI: 
aws events update-connection \
  --name bronto-connection \
  --auth-parameters '{
    "ApiKeyAuthParameters": {
      "ApiKeyName": "x-bronto-api-key",
      "ApiKeyValue": "<YOUR_BRONTO_API_KEY>"
    },
    "InvocationHttpParameters": {
      "HeaderParameters": [
        { "Key": "x-bronto-dataset", "Value": "Okta", "IsValueSecret": false },
        { "Key": "x-bronto-collection", "Value": "<YOUR_COLLECTION_NAME>", "IsValueSecret": false }
      ]
    }
  }'

Step 4 — Create a Bronto API destination

In EventBridge → API Destinations → Create API destination:
FieldValue
Namebronto-destination
API destination endpointhttps://ingestion.eu.bronto.io (or us)
HTTP methodPOST
Connectionbronto-connection
Expand Invocation Http Parameters and add two header parameters:
Parameter nameKeyValue
Headerx-bronto-datasetOkta
Headerx-bronto-collection<YOUR_COLLECTION_NAME>
Use the base endpoint https://ingestion.eu.bronto.io with no path. Do not append /v1/logs — that path accepts only OTLP protobuf. EventBridge sends JSON and must target the base endpoint.

Step 5 — Create an EventBridge rule

The rule must be created on the Okta partner event bus, not the default event bus. Rules on the default bus will not receive Okta events.
  1. In EventBridge → Rules, change the event bus dropdown from default to aws.partner/okta.com/<your-subdomain>/okta-bronto.
  2. Click Create rule.
  3. Give the rule a name, e.g. okta-to-bronto.
  4. Select Advanced builder (top left) for step-by-step configuration.
  5. On the Build event pattern step, select Custom pattern (JSON editor) and paste:
{
  "source": [{
    "prefix": "aws.partner/okta.com"
  }],
  "detail-type": ["SystemLog"]
}
  1. On the Select target(s) step, set:
    • Target type: EventBridge API destination
    • Select Use an existing API destinationbronto-destination
    • Execution role: Create a new role for this specific resource (default)
  2. Click through to Review and create.
A common mistake is creating the rule on the default event bus. Always confirm the event bus shown at the top of the Rules page matches your Okta partner event bus name before creating the rule.

Verify in Bronto

Open Bronto and go to Search. Trigger a test event, for example by signing in or out of the Okta Admin Console, and confirm the event appears in the UI. Each event arrives as a full Okta System Log record nested inside an EventBridge envelope. The Okta event payload is in the detail object.

What you will see in Bronto

Okta events arrive wrapped in the EventBridge event structure. The Okta System Log payload is in the detail field. Useful fields in Bronto include:
  • detail.eventType, for example user.session.start
  • detail.actor.alternateId, identifying who triggered the event
  • detail.outcome.result, showing success or failure
  • detail.published, the event timestamp
  • detail.severity
Common filters include:
  • detail.eventType
  • detail.actor.alternateId
  • detail.severity

Troubleshooting

  • No events appearing in Bronto? Confirm the Okta log stream shows as Active under Reports → Log Streaming and that the EventBridge partner event source is Associated in the AWS console.
  • Rule shows no invocations? Check that the rule is on the Okta partner event bus, not the default event bus. Go to EventBridge → Rules, switch the bus dropdown to aws.partner/okta.com/<your-subdomain>/okta-bronto, and confirm your rule appears there. Rules on the default bus will never receive Okta events.
  • Getting 401 errors? Verify the x-bronto-api-key value in the EventBridge connection matches a valid Bronto API key with the Ingestion role.
  • Events arriving without a dataset or collection? Confirm the x-bronto-dataset and x-bronto-collection header parameters are set in the Invocation Http Parameters section of the bronto-destination API destination.
  • Partner event source stuck in Pending? The source only becomes active after you associate it with an event bus in the AWS console — see Step 2.
  • Log Streaming not available in Okta? This feature requires the Okta Enterprise plan. Contact Okta support to enable it for your org.