Okta-workload-principal
16 operations, identified by eventType in the audit log.
| eventType | Description |
|---|---|
| workload_principal.activate | Workload principal has been activated. This event can be used to track the activation of workload principals within the organization, including details about the agent and the user who performed the activation. When fired, this event contains information about the workload principal, such as its configuration, and the user who activated it. |
| workload_principal.ai_agent.credential.activate | Activate an AI agent credential. This event can be used to track the activation of credentials for AI agents within the organization, including details about the credential and the user who performed the activation. |
| workload_principal.ai_agent.credential.create | Create an AI agent credential. This event can be used to track the creation of credentials for AI agents within the organization, including details about the credential and the user who performed the creation. |
| workload_principal.ai_agent.credential.deactivate | Deactivate an AI agent credential. This event can be used to track the deactivation of credentials for AI agents within the organization, including details about the credential and the user who performed the deactivation. |
| workload_principal.ai_agent.credential.delete | Delete an AI agent credential. This event can be used to track the deletion of credentials for AI agents within the organization, including details about the credential and the user who performed the deletion. |
| workload_principal.deactivate | Workload principal has been deactivated. This event can be used to track the deactivation of workload principals within the organization, including details about the agent and the user who performed the deactivation. When fired, this event contains information about the workload principal, such as its configuration, and the user who deactivated it. |
| workload_principal.delete | Workload principal has been deleted. This event can be used to track the deletion of workload principals within the organization, including details about the agent and the user who performed the deletion. When fired, this event contains information about the workload principal, such as its configuration, and the user who deleted it. |
| workload_principal.register | Workload Principal has been registered. This event can be used to track the registration of workload principals within the organization, including details about the user who registered it. When fired, this event contains information about the workload principal, such as its type, configuration, and the user who registered it. |
| workload_principal.resource_connection.activate | Workload principal resource connection activation. This event can be used to track the activation of resource connections for workload principals within the organization, including details about the connection and the user who made the activation. When fired, this event contains information about the workload principal, the resource connection activated, and the user who performed the activation. |
| workload_principal.resource_connection.create | Workload principal resource connection creation. This event can be used to track the creation of resource connections for workload principals within the organization, including details about the connection and the user who made the creation. When fired, this event contains information about the workload principal, the resource connection created, and the user who performed the creation. |
| workload_principal.resource_connection.deactivate | Workload principal resource connection deactivation. This event can be used to track the deactivation of resource connections for workload principals within the organization, including details about the connection and the user who made the deactivation. When fired, this event contains information about the workload principal, the resource connection deactivated, and the user who performed the deactivation. |
| workload_principal.resource_connection.delete | Workload principal resource connection deletion. This event can be used to track the deletion of resource connections for workload principals within the organization, including details about the connection and the user who made the deletion. When fired, this event contains information about the workload principal, the resource connection deleted, and the user who performed the deletion. |
| workload_principal.resource_connection.update | Workload principal resource connection update. This event can be used to track updates made to resource connections for workload principals within the organization, including details about the changes and the user who made them. When fired, this event contains information about the workload principal, the resource connection updated, the changes made, and the user who performed the update. |
| workload_principal.sign_on_provider.add | Sign-on provider has been added to workload principal. This event can be used to track the addition of sign-on providers to workload principals within the organization, including details about the provider and the user who made the addition. When fired, this event contains information about the workload principal, the sign-on provider added, and the user who performed the addition. |
| workload_principal.sign_on_provider.remove | Sign-on provider has been removed from workload principal. This event can be used to track the removal of sign-on providers from workload principals within the organization, including details about the provider and the user who made the removal. When fired, this event contains information about the workload principal, the sign-on provider removed, and the user who performed the removal. |
| workload_principal.update | workload principal has been updated. This event can be used to track updates made to workload principals within the organization, including details about the changes and the user who made them. When fired, this event contains information about the workload principal, such as its configuration changes, and the user who updated it. |
workload_principal.activate
#Description
Workload principal has been activated. This event can be used to track the activation of workload principals within the organization, including details about the agent and the user who performed the activation. When fired, this event contains information about the workload principal, such as its configuration, and the user who activated it.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.activate https://developer.okta.com/docs/reference/api/event-types/#workload_principal-activate
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.ai_agent.credential.activate
#Description
Activate an AI agent credential. This event can be used to track the activation of credentials for AI agents within the organization, including details about the credential and the user who performed the activation.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.ai_agent.credential.activate https://developer.okta.com/docs/reference/api/event-types/#workload_principal-ai_agent-credential-activate
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.ai_agent.credential.create
#Description
Create an AI agent credential. This event can be used to track the creation of credentials for AI agents within the organization, including details about the credential and the user who performed the creation.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.ai_agent.credential.create https://developer.okta.com/docs/reference/api/event-types/#workload_principal-ai_agent-credential-create
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.ai_agent.credential.deactivate
#Description
Deactivate an AI agent credential. This event can be used to track the deactivation of credentials for AI agents within the organization, including details about the credential and the user who performed the deactivation.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.ai_agent.credential.deactivate https://developer.okta.com/docs/reference/api/event-types/#workload_principal-ai_agent-credential-deactivate
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.ai_agent.credential.delete
#Description
Delete an AI agent credential. This event can be used to track the deletion of credentials for AI agents within the organization, including details about the credential and the user who performed the deletion.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.ai_agent.credential.delete https://developer.okta.com/docs/reference/api/event-types/#workload_principal-ai_agent-credential-delete
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.deactivate
#Description
Workload principal has been deactivated. This event can be used to track the deactivation of workload principals within the organization, including details about the agent and the user who performed the deactivation. When fired, this event contains information about the workload principal, such as its configuration, and the user who deactivated it.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.deactivate https://developer.okta.com/docs/reference/api/event-types/#workload_principal-deactivate
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.delete
#Description
Workload principal has been deleted. This event can be used to track the deletion of workload principals within the organization, including details about the agent and the user who performed the deletion. When fired, this event contains information about the workload principal, such as its configuration, and the user who deleted it.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.delete https://developer.okta.com/docs/reference/api/event-types/#workload_principal-delete
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.register
#Description
Workload Principal has been registered. This event can be used to track the registration of workload principals within the organization, including details about the user who registered it. When fired, this event contains information about the workload principal, such as its type, configuration, and the user who registered it.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.register https://developer.okta.com/docs/reference/api/event-types/#workload_principal-register
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.resource_connection.activate
#Description
Workload principal resource connection activation. This event can be used to track the activation of resource connections for workload principals within the organization, including details about the connection and the user who made the activation. When fired, this event contains information about the workload principal, the resource connection activated, and the user who performed the activation.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.resource_connection.activate https://developer.okta.com/docs/reference/api/event-types/#workload_principal-resource_connection-activate
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.resource_connection.create
#Description
Workload principal resource connection creation. This event can be used to track the creation of resource connections for workload principals within the organization, including details about the connection and the user who made the creation. When fired, this event contains information about the workload principal, the resource connection created, and the user who performed the creation.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.resource_connection.create https://developer.okta.com/docs/reference/api/event-types/#workload_principal-resource_connection-create
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.resource_connection.deactivate
#Description
Workload principal resource connection deactivation. This event can be used to track the deactivation of resource connections for workload principals within the organization, including details about the connection and the user who made the deactivation. When fired, this event contains information about the workload principal, the resource connection deactivated, and the user who performed the deactivation.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.resource_connection.deactivate https://developer.okta.com/docs/reference/api/event-types/#workload_principal-resource_connection-deactivate
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.resource_connection.delete
#Description
Workload principal resource connection deletion. This event can be used to track the deletion of resource connections for workload principals within the organization, including details about the connection and the user who made the deletion. When fired, this event contains information about the workload principal, the resource connection deleted, and the user who performed the deletion.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.resource_connection.delete https://developer.okta.com/docs/reference/api/event-types/#workload_principal-resource_connection-delete
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.resource_connection.update
#Description
Workload principal resource connection update. This event can be used to track updates made to resource connections for workload principals within the organization, including details about the changes and the user who made them. When fired, this event contains information about the workload principal, the resource connection updated, the changes made, and the user who performed the update.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.resource_connection.update https://developer.okta.com/docs/reference/api/event-types/#workload_principal-resource_connection-update
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.sign_on_provider.add
#Description
Sign-on provider has been added to workload principal. This event can be used to track the addition of sign-on providers to workload principals within the organization, including details about the provider and the user who made the addition. When fired, this event contains information about the workload principal, the sign-on provider added, and the user who performed the addition.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.sign_on_provider.add https://developer.okta.com/docs/reference/api/event-types/#workload_principal-sign_on_provider-add
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.sign_on_provider.remove
#Description
Sign-on provider has been removed from workload principal. This event can be used to track the removal of sign-on providers from workload principals within the organization, including details about the provider and the user who made the removal. When fired, this event contains information about the workload principal, the sign-on provider removed, and the user who performed the removal.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.sign_on_provider.remove https://developer.okta.com/docs/reference/api/event-types/#workload_principal-sign_on_provider-remove
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/
workload_principal.update
#Description
workload principal has been updated. This event can be used to track updates made to workload principals within the organization, including details about the changes and the user who made them. When fired, this event contains information about the workload principal, such as its configuration changes, and the user who updated it.
Fields #
| Name | Description |
|---|---|
actor.id | Unique ID of the actor performing the event. |
actor.type | Type of actor: User, Client, System, PublicClientApp, etc. |
actor.alternateId | Username or email of the actor. |
actor.displayName | Display name of the actor. |
target[].id | ID of each target object (user, group, application, ...). |
target[].type | Type of each target object. |
target[].alternateId | Username or email of each target object. |
outcome.result | Result: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN. |
outcome.reason | Human-readable reason for the outcome. |
client.ipAddress | IP address of the client. |
client.userAgent.rawUserAgent | Raw user agent string. |
client.geographicalContext.country | Country of origin for the request. |
securityContext.isProxy | Whether the request came through a proxy or anonymizer. |
authenticationContext.externalSessionId | Session ID correlating events in one user session. |
transaction.id | Transaction ID correlating multiple log entries for one action. |
References #
- Okta Event Types Catalog: workload_principal.update https://developer.okta.com/docs/reference/api/event-types/#workload_principal-update
- Okta System Log API Reference https://developer.okta.com/docs/reference/api/system-log/