Okta-access
22 operations, identified by eventType in the audit log.
| eventType | Description |
|---|---|
| access.request.cancel | Access request canceled. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request cancellation. Okta Identity Governance API can be used to get more details about the canceled request. |
| access.request.condition.activate | Access request condition activated. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition activation. Okta Identity Governance API can be used to get more details about the activated access request condition. |
| access.request.condition.create | Access request condition created. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition creation. Okta Identity Governance API can be used to get more details about the created access request condition. |
| access.request.condition.deactivate | Access request condition deactivated. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition deactivation. Okta Identity Governance API can be used to get more details about the deactivated access request condition. |
| access.request.condition.delete | Access request condition deleted. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition deletion. Okta Identity Governance API can be used to get more details about the deleted access request condition. |
| access.request.condition.invalidate | Access request condition invalidated. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition invalidation. Okta Identity Governance API can be used to get more details about the invalidated access request condition. |
| access.request.condition.update | Access request condition updated. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition update. Okta Identity Governance API can be used to get more details about the updated access request condition. |
| access.request.create | Access request created. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request creation. Okta Identity Governance API can be used to get more details about the created request. |
| access.request.expire | Access request expired. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request expiration. Okta Identity Governance API can be used to get more details about the expired request. |
| access.request.reject | Access request rejected. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request rejection. Okta Identity Governance API can be used to get more details about the rejected request. |
| access.request.resolve | Access request resolved. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request resolution. Okta Identity Governance API can be used to get more details about the resolved request. |
| access.request.sequence.create | Access request sequence created. Can be used to audit the approval sequence and when it was created and what was defined within the sequence to verify the approvals required. Okta Identity Governance API can be used to get more details about the created access request sequence. |
| access.request.sequence.delete | Access request sequence deleted. Can be used to audit the approval sequence and when it was deleted and what was defined within the sequence to verify the approvals required. Okta Identity Governance API can be used to get more details about the deleted access request sequence. |
| access.request.sequence.update | Access request sequence updated. Can be used to audit the approval sequence and when it was updated and what was defined within the sequence to verify the approvals required. Okta Identity Governance API can be used to get more details about the updated access request sequence. |
| access.request.settings.update | Access request settings updated. Can be used to audit access request settings to an Okta resource or to trigger downstream automation that depends on access request settings update. Okta Identity Governance API can be used to get more details about the updated access request settings. |
| access.request.update | Access request updated. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request update, which can include changes to the request task(s). Okta Identity Governance API can be used to get more details about the updated request. |
| access.review.action | Record a reviewer's decision on an access review item. Audit specific access decisions (e.g., approve, revoke) made during a review. This event records the intended action. The access.review.remediate event indicates fulfillment of the action. |
| access.review.close | Close a security access review. Identify when a review is closed and whether the closure was manual or automatic based on its end date. This event occurs when a security access review is closed. |
| access.review.create | Create a Security access review. Audit the initiation of security access review for a specific user. This event is often triggered by a risk detection event, such as user.risk.detect, but can be triggered by other mechanisms. |
| access.review.remediate | Fulfill an security access review action. Confirm the outcome of applying a reviewer's specified action. This event records the terminal state of an action indicated in access.review.action. |
| access.review.start | Complete the data gathering for a security access review. Confirm the outcome of the background process that collects user access data in preparation for the review. This event fires once the asynchronous data gathering process is complete and the review is ready. |
| access.review.update | Update a security access review. Track modifications to a review, such as changing its reviewers or end date. This event occurs when an update is made to a security access review. |
access.request.cancel
#Description
Access request canceled. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request cancellation. Okta Identity Governance API can be used to get more details about the canceled request.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.cancel https://developer.okta.com/docs/reference/api/event-types/#access-request-cancel
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.condition.activate
#Description
Access request condition activated. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition activation. Okta Identity Governance API can be used to get more details about the activated access request condition.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.condition.activate https://developer.okta.com/docs/reference/api/event-types/#access-request-condition-activate
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.condition.create
#Description
Access request condition created. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition creation. Okta Identity Governance API can be used to get more details about the created access request condition.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.condition.create https://developer.okta.com/docs/reference/api/event-types/#access-request-condition-create
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.condition.deactivate
#Description
Access request condition deactivated. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition deactivation. Okta Identity Governance API can be used to get more details about the deactivated access request condition.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.condition.deactivate https://developer.okta.com/docs/reference/api/event-types/#access-request-condition-deactivate
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.condition.delete
#Description
Access request condition deleted. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition deletion. Okta Identity Governance API can be used to get more details about the deleted access request condition.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.condition.delete https://developer.okta.com/docs/reference/api/event-types/#access-request-condition-delete
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.condition.invalidate
#Description
Access request condition invalidated. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition invalidation. Okta Identity Governance API can be used to get more details about the invalidated access request condition.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.condition.invalidate https://developer.okta.com/docs/reference/api/event-types/#access-request-condition-invalidate
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.condition.update
#Description
Access request condition updated. Can be used to audit access request condition to an Okta resource or to trigger downstream automation that depends on access request condition update. Okta Identity Governance API can be used to get more details about the updated access request condition.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.condition.update https://developer.okta.com/docs/reference/api/event-types/#access-request-condition-update
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.create
#Description
Access request created. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request creation. Okta Identity Governance API can be used to get more details about the created request.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.create https://developer.okta.com/docs/reference/api/event-types/#access-request-create
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.expire
#Description
Access request expired. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request expiration. Okta Identity Governance API can be used to get more details about the expired request.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.expire https://developer.okta.com/docs/reference/api/event-types/#access-request-expire
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.reject
#Description
Access request rejected. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request rejection. Okta Identity Governance API can be used to get more details about the rejected request.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.reject https://developer.okta.com/docs/reference/api/event-types/#access-request-reject
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.resolve
#Description
Access request resolved. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request resolution. Okta Identity Governance API can be used to get more details about the resolved request.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.resolve https://developer.okta.com/docs/reference/api/event-types/#access-request-resolve
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.sequence.create
#Description
Access request sequence created. Can be used to audit the approval sequence and when it was created and what was defined within the sequence to verify the approvals required. Okta Identity Governance API can be used to get more details about the created access request sequence.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.sequence.create https://developer.okta.com/docs/reference/api/event-types/#access-request-sequence-create
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.sequence.delete
#Description
Access request sequence deleted. Can be used to audit the approval sequence and when it was deleted and what was defined within the sequence to verify the approvals required. Okta Identity Governance API can be used to get more details about the deleted access request sequence.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.sequence.delete https://developer.okta.com/docs/reference/api/event-types/#access-request-sequence-delete
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.sequence.update
#Description
Access request sequence updated. Can be used to audit the approval sequence and when it was updated and what was defined within the sequence to verify the approvals required. Okta Identity Governance API can be used to get more details about the updated access request sequence.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.sequence.update https://developer.okta.com/docs/reference/api/event-types/#access-request-sequence-update
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.settings.update
#Description
Access request settings updated. Can be used to audit access request settings to an Okta resource or to trigger downstream automation that depends on access request settings update. Okta Identity Governance API can be used to get more details about the updated access request settings.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.settings.update https://developer.okta.com/docs/reference/api/event-types/#access-request-settings-update
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.request.update
#Description
Access request updated. Can be used to audit access to an Okta resource or to trigger downstream automation that depends on request update, which can include changes to the request task(s). Okta Identity Governance API can be used to get more details about the updated request.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.request.update https://developer.okta.com/docs/reference/api/event-types/#access-request-update
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.review.action
#Description
Record a reviewer's decision on an access review item. Audit specific access decisions (e.g., approve, revoke) made during a review. This event records the intended action. The access.review.remediate event indicates fulfillment of the action.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.review.action https://developer.okta.com/docs/reference/api/event-types/#access-review-action
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.review.close
#Description
Close a security access review. Identify when a review is closed and whether the closure was manual or automatic based on its end date. This event occurs when a security access review is closed.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.review.close https://developer.okta.com/docs/reference/api/event-types/#access-review-close
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.review.create
#Description
Create a Security access review. Audit the initiation of security access review for a specific user. This event is often triggered by a risk detection event, such as user.risk.detect, but can be triggered by other mechanisms.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.review.create https://developer.okta.com/docs/reference/api/event-types/#access-review-create
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.review.remediate
#Description
Fulfill an security access review action. Confirm the outcome of applying a reviewer's specified action. This event records the terminal state of an action indicated in access.review.action.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.review.remediate https://developer.okta.com/docs/reference/api/event-types/#access-review-remediate
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.review.start
#Description
Complete the data gathering for a security access review. Confirm the outcome of the background process that collects user access data in preparation for the review. This event fires once the asynchronous data gathering process is complete and the review is ready.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.review.start https://developer.okta.com/docs/reference/api/event-types/#access-review-start
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
access.review.update
#Description
Update a security access review. Track modifications to a review, such as changing its reviewers or end date. This event occurs when an update is made to a security access review.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: access.review.update https://developer.okta.com/docs/reference/api/event-types/#access-review-update
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/