developer.okta.com
Open in
urlscan Pro
2600:9000:2156:8e00:d:5427:c40:93a1
Public Scan
URL:
https://developer.okta.com/docs/reference/api/event-types/
Submission: On September 06 via api from US — Scanned from DE
Submission: On September 06 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
* Community
* Forum
* Toolkit
*
*
* Blog
* Pricing
* Okta.com
* Log in
* Core Okta API
* Rate Limits
* Error Codes
* User query options
* Sign in Your Users
* Authentication
* Identity Providers
* OpenID Connect & OAuth 2.0 API
* WebFinger
* Manage Okta Objects
* Administrator Roles
* Apps
* Authenticators Admin
* Authorization Servers
* Brands
* CAPTCHAs
* Devices
* Domains
* Dynamic Client Registration
* Event Types
* Factors
* Features
* Groups
* Identity Sources
* Key Management
* Linked Objects
* Log Streaming
* Mappings
* MyAccount
* Org
* Policy
* Push Providers
* Risk Events
* Risk Providers
* Schemas
* Sessions
* Subscriptions
* System Log
* Templates
* ThreatInsight
* Trusted Origins
* UI Schema
* User Types
* Users
* Zones
Sign up
Guides Concepts References Languages & SDKs Release Notes
* Core Okta API
* Rate Limits
* Rate limit dashboard
* Authn/End-user rate limits
* Management rate limits
* Other endpoint rate limits
* Additional limits
* Rate limit best practices
* Client-based rate limits
* DynamicScale
* Previous rate limits
* System Log events for rate limits
* Error Codes
* User query options
* Sign in Your Users
* Authentication
* Identity Providers
* OpenID Connect & OAuth 2.0 API
* WebFinger
* Manage Okta Objects
* Administrator Roles
* Apps
* Authenticators Admin
* Authorization Servers
* Brands
* CAPTCHAs
* Devices
* Domains
* Dynamic Client Registration
* Event Types
* Factors
* Features
* Groups
* Identity Sources
* Key Management
* Linked Objects
* Log Streaming
* Mappings
* MyAccount
* Org
* Policy
* Push Providers
* Risk Events
* Risk Providers
* Schemas
* Sessions
* Subscriptions
* System Log
* Templates
* ThreatInsight
* Trusted Origins
* UI Schema
* User Types
* Users
* Zones
* Advanced Server Access API
* Introduction
* ASA Attributes API
* ASA Audits API
* ASA Clients API
* ASA Entitlements API
* ASA Groups API
* ASA Projects API
* ASA Service Users API
* ASA Teams API
* ASA Users API
* SCIM Protocol
* SCIM V2.0
* SCIM V1.1
* Postman Collections
* Hooks
* Event Hooks Management API
* Inline Hooks Management API
* Inline Hook Types
* Password Import Hook
* Registration Hook
* SAML Hook
* Telephony Hook
* Token Hook
* User Import Hook
* Hooks best practices
* Okta Expression Language
* Expression Language in Identity Engine
* Release Life Cycle
* Architecture Center
* Case studies
* CompanyX
* Reference Architectures
* Directory coexistence
* Lab overview and prerequisites
* Migrate users from Azure AD
* Migrate users from an LDAP server
* Migrate users from a generic database
* Manage multiple Okta environments
* Lab overview and prerequisites
* Configure Terraform Cloud
* Create resources
* Rename a group
* Deploy changes to production
* Detect drift
* Synchronize environments daily
1. References
2. Core Okta API
3. Event Types
ON THIS PAGE
Catalog
Loading...
EVENT TYPES
Event types are the primary method of categorization within the Okta eventing
platform. They allow consumers to easily group notable system occurrences based
on behavior. This resource contains the complete event type catalog of this
platform.
CATALOG
The following is a full listing of event types used in the System Log API with
associated description and related metadata. For migration purposes it also
includes a mapping to the equivalent event type in the legacy Events API. The
relationship between System Log API and Events API event types is generally
one-to-many. Note that there are currently some System Log API event types which
do not have an Events API equivalent.
> Important: As of April 20th, 2020, the Events API does not track new event
> types added to the System Log API. For this reason we highly recommend
> migrating to the System Log API. For more information, see our Events API End
> of Life FAQ (opens new window).
All Releases 2023.07.2 2023.06.1 2023.04.1 2023.04.0 2023.03.0 2023.02.2
2023.02.0 2023.01.2 2023.01.0 2022.12.0 2022.11.2 2022.11.1 2022.10.2 2022.10.0
2022.08.0 2022.07.0 2022.06.2 2022.06.0 2022.05.3 2022.05.1 2022.05.0 2022.04.3
2022.04.2 2022.02.0 2021.12.0 2021.11.0 2021.10.2 2021.10.0 2021.09.1 2021.08.0
2021.07.1 2021.07.0 2021.05.1 2021.04.2 2021.03.2 2021.02.2 2021.02.1 2021.01.2
2021.01.1 2021.01.0 2020.12.0 2020.10.4 2020.09.4 2020.09.3 2020.09.1 2020.08.4
2020.08.0 2020.07.1 2020.06.3 2020.06.1 2020.05.1 2020.05.0 2020.03.0 2020.02.0
2020.01.0 2019.12.0 2019.11.0 2019.09.0 2019.08.3 2019.08.0 2019.07.1 2019.07.0
2019.05.4 2019.05.0 2019.04.2 2019.04.0 2019.03.4 2019.03.3 2019.03.1 2019.03.0
2019.02.3 2019.02.2 2019.02.1 2019.01.2 2019.01.1 2018.47 2018.43 2018.42
2018.37 2018.36 2018.35 2018.32 2018.28 2018.25 2018.23 2018.22 2018.15 2018.13
2018.10 2018.08 2018.06 2018.05 2018.04 2018.03 2018.01 2017.52 2017.51 2017.50
2017.49 2017.48 2017.47 2017.45 2017.44 2017.43 2017.39 2017.33 2017.32 2017.29
2017.28 2017.27 2017.25 2017.24 2017.22 2017.20 2017.19 2017.15 2017.11 2017.06
2017.02 2017.01 2016.51 2016.50 2016.48 2016.45 2016.39 2016.33 2016.29 2016.27
2016.24 2016.20 2016.18 2016.15 2016.14 2016.13 2016.12 2016.11 2016.10 2016.09
2016.06 2016.05 2016.04 2016.02 2015.47 2014.25 2014.18 2011.01
Found 852 matches
ANALYTICS.REPORTS.EXPORT.DOWNLOAD
A user has downloaded an export file that Okta has generated for a report
available in the admin console. This event may be used to identify access by a
user to a report data set from Okta. This may be useful to audit access to
report data for security investigations, compliance audits, and evaluation of
the utility of a report within the Org. This event only indicates that a user
has downloaded the export file. The user that downloaded it may not be the user
that requested generation of the export file. See
analytics.reports.export.request and analytics.reports.export.generate for
related actions.
Since: 2022.05.1
ANALYTICS.REPORTS.EXPORT.GENERATE
Okta has generated an export file for a report available in the admin console.
This event may be used to identify whether Okta successfully generated the
export file that a user requested for a report. This event is primarily useful
for troubleshooting if a report fails to generate. This event does not indicate
whether a user downloaded the report file. See analytics.reports.export.request
and analytics.reports.export.download for related actions.
Since: 2022.05.1
ANALYTICS.REPORTS.EXPORT.REQUEST
A user has requested that Okta generate an export file for a report available in
the admin console. This event may be used to identify a request by a user to
export a report data set from Okta. This may be useful to audit access to report
data for security investigations, compliance audits, and evaluation of the
utility of a report within the Org. This event only indicates that a user
requested the export. It does not indicate that an export file was successfully
generated by Okta nor that the export file was accessed by a user. See
analytics.reports.export.generate and analytics.reports.export.download for
those actions.
Since: 2022.05.1
APP.ACCESS_REQUEST.APPROVER.APPROVE
Legacy event types: app.access_request.approver.approve
Request to access an app was approved by an administrator-defined approver.
app-instance-requestevent-hook-eligible
Since: 2017.43
APP.ACCESS_REQUEST.APPROVER.DENY
Legacy event types: app.access_request.approver.deny
Request to access an app was denied by an administrator-defined approver.
app-instance-requestevent-hook-eligible
Since: 2017.43
APP.ACCESS_REQUEST.DELETE
Legacy event types: app.access_request.delete
Request to access an app was deleted by an administrator.
app-instance-requestevent-hook-eligible
Since: 2017.43
APP.ACCESS_REQUEST.DENY
Legacy event types: app.access_request.deny
Request to access an app was denied after at least one approver denied the
request.
app-instance-requestevent-hook-eligible
Since: 2017.43
APP.ACCESS_REQUEST.EXPIRE
Legacy event types: app.access_request.expire
Request to access an app expired by the system due to lack of approver action.
app-instance-requestevent-hook-eligible
Since: 2017.43
APP.ACCESS_REQUEST.GRANT
Legacy event types: app.access_request.grant
Request to access an app was granted after all approvers approved the request.
app-instance-requestevent-hook-eligible
Since: 2017.43
APP.ACCESS_REQUEST.REQUEST
Legacy event types: app.access_request.request
Request to access an app was performed by a user.
app-instance-requestevent-hook-eligible
Since: 2017.43
APP.AD.API.USER_IMPORT.ACCOUNT_LOCKED
Legacy event types: app.ad.api.user_import.account_locked
Active Directory user account set to locked following profile update: user is
locked in active directory.
ad-app
Since: 2016.10
APP.AD.API.USER_IMPORT.WARN.SKIPPED_CONTACT.ATTRIBUTE_INVALID_VALUE
Legacy event types:
app.ad.api.user_import.warn.skipped_contact.attribute_invalid_value
Skipping import of contact due to invalid attribute. Please consult with your
Active Directory admin if you believe this contact should be imported.
ad-app
Since: 2015.47
APP.AD.API.USER_IMPORT.WARN.SKIPPED_USER.ATTRIBUTE_INVALID_VALUE
Legacy event types:
app.ad.api.user_import.warn.skipped_user.attribute_invalid_value
Skipping import of user due to an invalid AD attribute.
ad-app
Since: 2015.47
APP.AD.API.USER_IMPORT.WARN.SKIPPED_USER.MISSING_REQUIRED_ATTRIBUTE
Skipping import of user due to a required AD attribute being null.
ad-app
Since: 2011.01
APP.APP_INSTANCE.CSR.GENERATE
Legacy event types: app.app_instance.csr.generate
Certificate signing request (CSR) generated.
app
Since: 2017.15
APP.APP_INSTANCE.CSR.PUBLISH
Legacy event types: app.app_instance.csr.publish
Certificate signing request (CSR) published.
app
Since: 2017.15
APP.APP_INSTANCE.CSR.REVOKE
Legacy event types: app.app_instance.csr.revoke
Certificate signing request (CSR) revoked.
app
Since: 2017.15
APP.APP_INSTANCE.PROVISION_SYNC_JOB.COMPLETED
Legacy event types: app.app_instance.provision_sync_job.completed
Fired when a provision sync job has successfully completed. This can be used to
confirm that a provision sync job has finished running and is no longer
processing users. When fired, this event contains details about number of users
processed in the job. Related events include
app.app_instance.provision_sync_job.started and
app.app_instance.provision_sync_job.failed.
adminappuser-provision
Since: 2019.08.3
APP.APP_INSTANCE.PROVISION_SYNC_JOB.FAILED
Legacy event types: app.app_instance.provision_sync_job.failed
Fired when a provision sync job has failed. This can be used to identify when a
provision sync job has failed. When fired, this event contains information about
the reason the provision sync job failed. Related events include
app.app_instance.provision_sync_job.started and
app.app_instance.provision_sync_job.completed.
adminappuser-provision
Since: 2019.08.3
APP.APP_INSTANCE.PROVISION_SYNC_JOB.STARTED
Legacy event types: app.app_instance.provision_sync_job.started
Fired when a provision sync job has successfully started. This can be used to
confirm that a provision sync job has successfully started. Related events
include app.app_instance.provision_sync_job.completed and
app.app_instance.provision_sync_job.failed.
adminappuser-provision
Since: 2019.08.3
APP.AUDIT_REPORT.DOWNLOAD.LOCAL.ACTIVE
Legacy event types: app.audit_report.download.local.active
Application access report downloaded.
app
Since: 2017.52
APP.AUDIT_REPORT.DOWNLOAD.LOCAL.DEPROV
Legacy event types: app.audit_report.download.local.deprov
Recent unassignments report downloaded.
app
Since: 2017.52
APP.AUDIT_REPORT.DOWNLOAD.ROGUE.REPORT
Legacy event types: app.audit_report.download.rogue.report
Rogue report downloaded.
app
Since: 2017.52
APP.GENERIC.UNAUTH_APP_ACCESS_ATTEMPT
Legacy event types: app.generic.unauth_app_access_attempt
User attempted unauthorized access to app.
app
Since: 2016.06
APP.INBOUND_DEL_AUTH.LOGIN_SUCCESS
Legacy event types: app.inbound_del_auth.login_success
Successful inbound delegated authentication request for user.
delegated-auth
Since: 2016.18
APP.KERBEROS_RICH_CLIENT.ACCOUNT_NOT_FOUND
Legacy event types: app.kerberos_rich_client.account_not_found
Kerberos based rich client authentication failed: Could not find Office 365 app
user for the AD user with principal id.
appkerberos-rich-client
Since: 2017.50
APP.KERBEROS_RICH_CLIENT.INSTANCE_NOT_FOUND
Legacy event types: app.kerberos_rich_client.instance_not_found
Kerberos based rich client authentication failed: Unknown app instance id.
appkerberos-rich-client
Since: 2017.50
APP.KERBEROS_RICH_CLIENT.MULTIPLE_ACCOUNTS_FOUND
Legacy event types: app.kerberos_rich_client.multiple_accounts_found
Kerberos based rich client authentication failed: Multiple users with username
found.
appkerberos-rich-client
Since: 2017.50
APP.KERBEROS_RICH_CLIENT.USER_AUTHENTICATION_SUCCESSFUL
Legacy event types: app.kerberos_rich_client.user_authentication_successful
Kerberos based rich client authentication successful for Office 365 user.
appkerberos-rich-client
Since: 2017.52
APP.KEYS.CLONE
Legacy event types: app.keys.clone_legacy
Application signing key cloned.
app
Since: 2017.25
APP.KEYS.GENERATE
Legacy event types: app.keys.generate_legacy
New signing key generated.
app
Since: 2017.25
APP.KEYS.ROTATE
Legacy event types: app.keys.rotate_legacy
Application signing key rotated.
app
Since: 2017.25
APP.LDAP.PASSWORD.CHANGE.FAILED
Legacy event types: app.ldap.password.change.failed
Password change failed.
ldap-app
Since: 2014.18
APP.OAUTH2.ADMIN.CONSENT.GRANT
Legacy event types: app.oauth2.admin.consent.grant_success
Administrator consent granted for scope. This event can be used to track when an
administrator grants consent to a client to request a specific scope. This event
is fired when an admin grants consent.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2019.12.0
APP.OAUTH2.ADMIN.CONSENT.REVOKE
Legacy event types: app.oauth2.admin.consent.revoke_success
Administrator consent revoked for scope. This event can be used to track when an
administrator revokes consent to a client to request a specific scope. This
event is fired when an admin revokes consent.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2019.12.0
APP.OAUTH2.API_RESOURCE.CREATE
OAuth2 API Resource is created. Manage and audit lifecycle events of API
resources. Administrators are made aware that a new API resource is getting
created under Authorization servers.
oauth2oauth2-api-resource
Since: 2022.04.2
APP.OAUTH2.API_RESOURCE.DELETE
OAuth2 API Resource is deleted. Manage and audit lifecycle events of API
resources. Administrators are made aware that a new API resource is getting
deleted under Authorization servers.
oauth2oauth2-api-resource
Since: 2022.04.2
APP.OAUTH2.API_RESOURCE.UPDATE
OAuth2 API Resource is updated. Manage and audit lifecycle events of API
resources. Administrators are made aware that a new API resource is getting
updated under Authorization servers.
oauth2oauth2-api-resource
Since: 2022.04.2
APP.OAUTH2.AS.AUTHORIZE
Legacy event types: app.oauth2.as.authorize_failure
OAuth2 authorization request.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.AUTHORIZE.CODE
Legacy event types: app.oauth2.as.authorize.code_success
OAuth2 authorization code request.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.AUTHORIZE.IMPLICIT.ACCESS_TOKEN
Legacy event types: app.oauth2.as.authorize.implicit.access_token_success
OAuth2 authorization implicit access token request.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.AUTHORIZE.IMPLICIT.ID_TOKEN
Legacy event types: app.oauth2.as.authorize.implicit.id_token_success
OAuth2 authorization implicit ID token request.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.AUTHORIZE.SCOPE_DENIED
Legacy event types: app.oauth2.as.authorize.scope_denied_failure
Some of the requested scopes were denied by the policy.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.CONSENT.GRANT
Legacy event types: app.oauth2.as.consent.grant_failure,
app.oauth2.as.consent.grant_success
User granted consent to app.
event-hook-eligibleoauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.CONSENT.REVOKE
Legacy event types: app.oauth2.as.consent.revoke_failure,
app.oauth2.as.consent.revoke_success
Consent revoked.
event-hook-eligibleoauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.CONSENT.REVOKE.IMPLICIT.AS
Legacy event types: app.oauth2.as.consent.revoke.implicit.as_success
All consent revoked for authorization server.
event-hook-eligibleoauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.CONSENT.REVOKE.IMPLICIT.CLIENT
Legacy event types: app.oauth2.as.consent.revoke.implicit.client_success
All consent revoked for client.
event-hook-eligibleoauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.CONSENT.REVOKE.IMPLICIT.SCOPE
Legacy event types: app.oauth2.as.consent.revoke.implicit.scope_success
All consent revoked for scope.
event-hook-eligibleoauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.CONSENT.REVOKE.IMPLICIT.USER
Legacy event types: app.oauth2.as.consent.revoke.implicit.user_success
Consent for all scopes revoked for user.
event-hook-eligibleoauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.CONSENT.REVOKE.USER
Legacy event types: app.oauth2.as.consent.revoke.user_failure,
app.oauth2.as.consent.revoke.user_success
All consent revoked for user.
event-hook-eligibleoauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.CONSENT.REVOKE.USER.CLIENT
Legacy event types: app.oauth2.as.consent.revoke.user.client_failure,
app.oauth2.as.consent.revoke.user.client_success
User consent revoked for client.
event-hook-eligibleoauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.EVALUATE.CLAIM
Legacy event types: app.oauth2.as.evaluate.claim_failure
Claim evaluation for OAuth2 token.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.INTERACT.INTERACTION_CODE
Fired when interaction code is generated by OIE. This event can be used by
administrators to audit interaction_code generation, and troubleshoot why the
IdX transaction has failed. When fired, this event contains hashed values of the
interaction_code and interaction_handle, as well as information about the client
to which they were issued.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2021.01.0
APP.OAUTH2.AS.INTERACT.INTERACTION_HANDLE
Fired when interaction handle is generated by OIE. This event can be used by
administrators to detect if additional interaction is required and an
interaction handle has been issued. When fired this event contains interaction
handle hash and the client to which it was issued.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2021.01.0
APP.OAUTH2.AS.KEY.ROLLOVER
Legacy event types: app.oauth2.as.key.rollover.legacy
Custom Authorization Server token signing key rolled over.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.TOKEN.DETECT_REUSE
Legacy event types: app.oauth2.as.token.detect_reuse
Detect one-time refresh token attempted reuse. This event can be used by
administrators to detect and audit attempted reuse of one-time refresh tokens.
When fired this event contains information about the user, client to which the
refresh token was minted, and the hash of the refresh tokens.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2020.09.3
APP.OAUTH2.AS.TOKEN.GRANT
Legacy event types: app.oauth2.as.token.grant_failure
OAuth2 token request.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.TOKEN.GRANT.ACCESS_TOKEN
Legacy event types: app.oauth2.as.token.grant.access_token_success
OAuth2 access token is granted.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.TOKEN.GRANT.DEVICE_SECRET
Legacy event types: app.oauth2.as.token.grant.device_secret_success
Grant an OAuth2 device_secret for the Native SSO flow. This event adds tracking
to let admins know when Native SSO is being used to protect desktop or mobile
apps. When fired this event contains the device secret id which administrators
can use to correlate with single logout events across native desktop apps.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2021.04.2
APP.OAUTH2.AS.TOKEN.GRANT.ID_TOKEN
Legacy event types: app.oauth2.as.token.grant.id_token_success
OAuth2 id token is granted.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.TOKEN.GRANT.REFRESH_TOKEN
Legacy event types: app.oauth2.as.token.grant.refresh_token_success
OAuth2 refresh token is granted.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AS.TOKEN.REVOKE
Legacy event types: app.oauth2.as.token.revoke_failure,
app.oauth2.as.token.revoke_success
OAuth2 token revocation request.
oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14
APP.OAUTH2.AUTHORIZE
Legacy event types: app.oauth2.authorize_failure
OIDC authorization request.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.AUTHORIZE.CODE
Legacy event types: app.oauth2.authorize.code_success
OIDC authorization code request.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.AUTHORIZE.IMPLICIT.ACCESS_TOKEN
Legacy event types: app.oauth2.authorize.implicit.access_token_success
OIDC authorization implicit access token request.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.AUTHORIZE.IMPLICIT.ID_TOKEN
Legacy event types: app.oauth2.authorize.implicit.id_token_success
OIDC authorization implicit ID token request.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.CLIENT.LIFECYCLE.ACTIVATE
Legacy event types: app.oauth2.client.lifecycle.activate
Activate OAuth client.
oauth2oauth2-clientoauth2-client-lifecycle
Since: 2017.24
APP.OAUTH2.CLIENT.LIFECYCLE.CREATE
Legacy event types: app.oauth2.client.lifecycle.create
Create OAuth client.
oauth2oauth2-clientoauth2-client-lifecycle
Since: 2017.24
APP.OAUTH2.CLIENT.LIFECYCLE.DEACTIVATE
Legacy event types: app.oauth2.client.lifecycle.deactivate
Deactivate OAuth client.
oauth2oauth2-clientoauth2-client-lifecycle
Since: 2017.24
APP.OAUTH2.CLIENT.LIFECYCLE.DELETE
Legacy event types: app.oauth2.client.lifecycle.delete
Delete OAuth client.
oauth2oauth2-clientoauth2-client-lifecycle
Since: 2017.24
APP.OAUTH2.CLIENT.LIFECYCLE.UPDATE
Legacy event types: app.oauth2.client.lifecycle.update
Update OAuth client.
oauth2oauth2-clientoauth2-client-lifecycle
Since: 2017.24
APP.OAUTH2.CLIENT.PRIVILEGE.GRANT
An OAuth 2.0 client app's admin privileges changed. This can be used to audit
the provisioning of admin privileges for OAuth 2.0 client apps. When fired, this
event contains information about the type of admin privileges the OAuth 2.0
client app currently has. Related events include:
APP_OAUTH2_CLIENT_PRIVILEGE_REVOKE.
event-hook-eligibleoauth2oauth2-client
Since: 2023.04.1
APP.OAUTH2.CLIENT.PRIVILEGE.REVOKE
All privileges for OAuth 2.0 client app were revoked. This can be used to audit
the deprovisioning of admin privileges from OAuth 2.0 client apps. When fired,
this event indicates the OAuth 2.0 client app has no more admin privileges. All
of OAuth 2.0 client app's privileges were revoked. Related events include:
APP_OAUTH2_CLIENT_PRIVILEGE_GRANT.
event-hook-eligibleoauth2oauth2-client
Since: 2023.04.1
APP.OAUTH2.CLIENT_ID_RATE_LIMIT_WARNING
Legacy event types: app.oauth2.client_id_rate_limit_warning
Fired when requests from a single client id has consumed majority of an org's
rate limit on the OAuth2 endpoint. This event can be used by admins to discover
and deactivate a rogue client. The admin is able to manage the client via the
Syslog UI. When fired, this event contains information about the responsible
client id. As of release, this event is fired when a single client id consumes
90% of an org's OAuth2 rate limit; this threshold is subject to change.
oauth2oauth2-client
Since: 2019.04.2
APP.OAUTH2.CONSENT.GRANT
User granted consent to app. This event can be used to identify the org AS
consent grant. When fired, the event contains information about the successful
consent grant by org AS.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2021.10.2
APP.OAUTH2.CREDENTIALS.LIFECYCLE.ACTIVATE
OAuth client credentials (either client secret or JWK) is added for an
application. Use this event to find out if an application has a new client
secret or private/public key that has been added. This could be used to audit
changes made to client credentials.
oauth2oauth2-clientoauth2-client-credentials-lifecycle
Since: 2022.05.3
APP.OAUTH2.CREDENTIALS.LIFECYCLE.CREATE
OAuth client credentials (either client secret or JWK) is activated for an
application. Use this event to find out if an application has activated a new
client secret or private/public key. This could be used to audit changes made to
client credentials.
oauth2oauth2-clientoauth2-client-credentials-lifecycle
Since: 2022.05.3
APP.OAUTH2.CREDENTIALS.LIFECYCLE.DEACTIVATE
OAuth client credentials (either client secret or JWK) is deactivated for an
application. Use this event to find out if an application has an existing client
secret or private/public key that has been deactivated. This could be used to
audit changes made to client credentials.
oauth2oauth2-clientoauth2-client-credentials-lifecycle
Since: 2022.05.3
APP.OAUTH2.CREDENTIALS.LIFECYCLE.DELETE
OAuth client credentials (either client secret or JWK) is deleted for an
application. Use this event to find out if an application has an existing client
secret or private/public key that has been deleted. This could be used to audit
changes made to client credentials.
oauth2oauth2-clientoauth2-client-credentials-lifecycle
Since: 2022.05.3
APP.OAUTH2.INTERACT.INTERACTION_CODE
Fired when interaction code is generated by OIE. This event can be used by
administrators to audit interaction_code generation, and troubleshoot why the
IdX transaction has failed. When fired, this event contains hashed values of the
interaction_code and interaction_handle, as well as information about the client
to which they were issued.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2021.01.0
APP.OAUTH2.INTERACT.INTERACTION_HANDLE
Fired when interaction handle is generated by OIE. This event can be used by
administrators to detect if additional interaction is required and an
interaction handle has been issued. When fired this event contains interaction
handle hash and the client to which it was issued.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2021.01.0
APP.OAUTH2.INVALID_CLIENT_CREDENTIALS
Legacy event types: app.oauth2.invalid_client_credentials_failure
Multiple requests with invalid client credentials for client id.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.INVALID_CLIENT_IDS
Legacy event types: app.oauth2.invalid_client_ids_failure
Multiple requests with invalid client ids.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.KEY.ROLLOVER
Legacy event types: app.oauth2.key.rollover.legacy
Org Authorization Server token signing key rolled over.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.SIGNON
Legacy event types: app.oauth2.signon_failure, app.oauth2.signon_success
User performed OIDC single sign on to app.
oauth2oauth2-client
Since: 2016.14
APP.OAUTH2.TOKEN.DETECT_REUSE
Legacy event types: app.oauth2.token.detect_reuse
Detect one-time refresh token attempted reuse. This event can be used by
administrators to detect and audit attempted reuse of one-time refresh tokens.
When fired this event contains information about the user, client to which the
refresh token was minted, and the hash of the refresh tokens.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2020.09.3
APP.OAUTH2.TOKEN.GRANT
Legacy event types: app.oauth2.token.grant_failure
OIDC token request.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.TOKEN.GRANT.ACCESS_TOKEN
Legacy event types: app.oauth2.token.grant.access_token_success
OIDC access token is granted.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.TOKEN.GRANT.ID_TOKEN
Legacy event types: app.oauth2.token.grant.id_token_success
OIDC id token is granted.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.TOKEN.GRANT.REFRESH_TOKEN
Legacy event types: app.oauth2.token.grant.refresh_token_success
OIDC refresh token is granted.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.TOKEN.REVOKE
Legacy event types: app.oauth2.token.revoke_failure,
app.oauth2.token.revoke_success
OIDC token revocation request.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.TOKEN.REVOKE.IMPLICIT.AS
Legacy event types: app.oauth2.token.revoke.implicit.as_success
Tokens revoked for authorization server.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.TOKEN.REVOKE.IMPLICIT.CLIENT
Legacy event types: app.oauth2.token.revoke.implicit.client_success
Tokens revoked for client.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.TOKEN.REVOKE.IMPLICIT.USER
Legacy event types: app.oauth2.token.revoke.implicit.user_success
Tokens revoked for user.
oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14
APP.OAUTH2.TRUSTED_SERVER.ADD
Trusted authorization server is added. Administrators can use this event to
debug and audit trusted authorization server operations. When fired, this event
contains the authorization server IDs of the servers involved.
event-hook-eligibleoauth2oauth2-as-runtimeoauth2-custom-as
Since: 2023.02.0
APP.OAUTH2.TRUSTED_SERVER.DELETE
Trusted authorization server is removed. Administrators can use this event to
debug and audit trusted authorization server operations. When fired, this event
contains the authorization server IDs of the servers involved.
event-hook-eligibleoauth2oauth2-as-runtimeoauth2-custom-as
Since: 2023.02.0
APP.OFFICE365.API.CHANGE.DOMAIN.FEDERATION.SUCCESS
Legacy event types: app.office365.api.change.domain.federation.success
Successfully updated the domain federation from old settings to new settings.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.AD.USER
Legacy event types: app.office365.api.error.ad.user
User is assigned to more than one instance of Active Directory, could not set
Immutable ID.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.CHECK.USER.EXISTS
Legacy event types: app.office365.api.error.check.user.exists
Could not determine status of Office 365 user, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.CREATE.USER
Legacy event types: app.office365.api.error.create.user
Could not create user in Office 365, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.DEACTIVATE.USER
Legacy event types: app.office365.api.error.deactivate.user
Could not deactivate Office 365 user, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.DOWNLOAD.CUSTOM.OBJECTS
Legacy event types: app.office365.api.error.download.custom.objects
Could not download group/role/license data for your Office 365 instance,
received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.DOWNLOAD.GROUPS
Legacy event types: app.office365.api.error.download.groups
Could not download all groups from your Office 365 instance, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.DOWNLOAD.USERS
Legacy event types: app.office365.api.error.download.users
Could not download all users from your Office 365 instance, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.ENDPOINT.UNAVAILABLE
Legacy event types: app.office365.api.error.endpoint.unavailable
Unable to reach the Office 365 endpoint.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GET.COMPANY.DIRSYNC.FAILURE
Legacy event types: app.office365.api.error.get.company.dirsync.failure
Unable to read Office 365 directory sync for the company, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GET.COMPANY.DIRSYNC.STATUS.FAILURE
Legacy event types: app.office365.api.error.get.company.dirsync.status.failure
Unable to provision user to Office 365, because 'Directory Sync' value in Azure
Active Directory is unsupported. Please visit the Azure Active Directory portal
and set 'Directory Sync' state to Activated and retry.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GET.COMPANY.DIRSYNC.STATUS.PENDING
Legacy event types: app.office365.api.error.get.company.dirsync.status.pending
Unable to provision user to Office 365, because 'Directory Sync' value in Azure
Active Directory not yet in Activated state. This may take up to 72 hours.
Please visit the Azure Active Directory portal and retry when in Activated
state.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GET.OBJECT.IDS.BY.GROUP.ID
Legacy event types: app.office365.api.error.get.object.ids.by.group.id
Could not get users by group id from your Office 365 instance, received error.
office365-app
Since: 2018.37
APP.OFFICE365.API.ERROR.GROUP.CREATE.FAILURE
Legacy event types: app.office365.api.error.group.create.failure
Could not create Office 365 group, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GROUP.CREATE.FAILURE.NAME.IN.USE
Legacy event types: app.office365.api.error.group.create.failure.name.in.use
Could not create Office 365 group because the name is already in use, received
error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GROUP.DELETE.FAILURE
Legacy event types: app.office365.api.error.group.delete.failure
Could not delete Office 365 group, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GROUP.MEMBERSHIP.UPDATE.ASSIGNMENT.FAILURE
Legacy event types:
app.office365.api.error.group.membership.update.assignment.failure
Could not update the Office 365 group membership because of an error assigning a
user to the group, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GROUP.MEMBERSHIP.UPDATE.FAILURE
Legacy event types: app.office365.api.error.group.membership.update.failure
Could not update the Office 365 group membership, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GROUP.MEMBERSHIP.UPDATE.GROUP.NOT.FOUND.FAILURE
Legacy event types:
app.office365.api.error.group.membership.update.group.not.found.failure
Could not update the Office 365 group membership because the group could not be
found, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GROUP.MEMBERSHIP.UPDATE.REMOVAL.FAILURE
Legacy event types:
app.office365.api.error.group.membership.update.removal.failure
Could not update the Office 365 group membership because of an error removing a
user from the group, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GROUP.UPDATE.FAILURE
Legacy event types: app.office365.api.error.group.update.failure
Could not update Office 365 group, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.GROUP.UPDATE.FAILURE.NOT.FOUND
Legacy event types: app.office365.api.error.group.update.failure.not.found
Could not update Office 365 group because it was not found, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.IMPORT.PROFILE
Legacy event types: app.office365.api.error.import.profile
Could not import profile for Office 365 user, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.NO.ENDPOINTS.FOUND
Legacy event types: app.office365.api.error.no.endpoints.found
No Office 365 endpoint found to send our request.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.PUSH.PASSWORD
Legacy event types: app.office365.api.error.push.password
Could not push password for Office 365 user, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.PUSH.PROFILE
Legacy event types: app.office365.api.error.push.profile
Could not push profile for Office 365 user, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.REACTIVATE.USER
Legacy event types: app.office365.api.error.reactivate.user
Could not reactivate Office 365 user, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.REMOVE.DOMAIN.FEDERATION.FAILURE
Legacy event types: app.office365.api.error.remove.domain.federation.failure
Unable to remove the domain federation, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.REMOVE.DOMAIN.FEDERATION.FAILURE.ACCESS.DENIED
Legacy event types:
app.office365.api.error.remove.domain.federation.failure.access.denied
Unable to remove the domain federation because the admin user is not authorized
to perform the task.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.REMOVE.DOMAIN.FEDERATION.FAILURE.DOMAIN.NOT.FOUND
Legacy event types:
app.office365.api.error.remove.domain.federation.failure.domain.not.found
Unable to remove the domain federation because the specified domain was not
found.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.REVOKE.REFRESH.TOKEN
Legacy event types: app.office365.api.error.revoke.refresh.token
Failed to revoke refresh tokens for user.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SET.COMPANY.DIRSYNC.FAILURE
Legacy event types: app.office365.api.error.set.company.dirsync.failure
Unable to enable Office 365 directory sync for the company, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SET.COMPANY.DIRSYNC.STATUS.FAILURE
Legacy event types: app.office365.api.error.set.company.dirsync.status.failure
Unable to enable Office 365 directory sync for the company, because 'Directory
Sync' value in Azure Active Directory is unsupported. Please visit the Azure
Active Directory portal and set 'Directory Sync' state to Activated.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SET.DOMAIN.FEDERATION.FAILURE
Legacy event types: app.office365.api.error.set.domain.federation.failure
Unable to setup the domain federation, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SET.DOMAIN.FEDERATION.FAILURE.ACCESS.DENIED
Legacy event types:
app.office365.api.error.set.domain.federation.failure.access.denied
Unable to setup the domain federation because the admin user is not authorized
to perform the task.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SET.DOMAIN.FEDERATION.FAILURE.DOMAIN.DEFAULT
Legacy event types:
app.office365.api.error.set.domain.federation.failure.domain.default
Unable to setup the domain federation because the specified domain is the
default domain.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SET.DOMAIN.FEDERATION.FAILURE.DOMAIN.NOT.FOUND
Legacy event types:
app.office365.api.error.set.domain.federation.failure.domain.not.found
Unable to setup the domain federation because the specified domain was not
found.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SYNC.CONTACT
Legacy event types: app.office365.api.error.sync.contact
Failed to sync contact, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SYNC.FINALIZE
Legacy event types: app.office365.api.error.sync.finalize
Failed to finalize export to Office 365, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SYNC.GROUP
Legacy event types: app.office365.api.error.sync.group
Failed to sync group, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SYNC.NOT.ACTIVATED
Legacy event types: app.office365.api.error.sync.not.activated
Sync could not execute because Office 365 directory sync for the company not yet
Activated. Sync will retry after a period of time.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SYNC.SET.ATTRIBUTE
Legacy event types: app.office365.api.error.sync.set.attribute
Failed to set attribute, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.SYNC.USER
Legacy event types: app.office365.api.error.sync.user
Failed to sync user, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.UNABLE.TO.CREATE.GRAPH.CLIENT
Legacy event types: app.office365.api.error.unable.to.create.graph.client
An error occurred while creating the Azure Active Directory Graph API client.
Please try the last operation again. If this error persists, please contact Okta
support.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.VALIDATE.ADMIN.CREDS
Legacy event types: app.office365.api.error.validate.admin.creds
User does not have the Company Administrator role. Please try again with a user
which has this role.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.VALIDATE.CREDS
Legacy event types: app.office365.api.error.validate.creds
Could not validate your Office 365 credentials, received error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.VALIDATE.CREDS.UNKNOWN.EXCEPTION
Legacy event types: app.office365.api.error.validate.creds.unknown.exception
Could not communicate with Office 365 to validate your credentials, received
error.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.ERROR.X-MS-FORWARDED-CLIENT-IP-HEADER.ABSENT
Legacy event types:
app.office365.api.error.x-ms-forwarded-client-ip-header.absent
X-MS-Forwarded-Client-IP header either empty or not found in the request.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.REMOVE.DOMAIN.FEDERATION.SUCCESS
Legacy event types: app.office365.api.remove.domain.federation.success
Successfully removed the domain federation.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.SET.DOMAIN.FEDERATION.SUCCESS
Legacy event types: app.office365.api.set.domain.federation.success
Successfully set up the domain federation with new settings.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.SYNC.COMPLETE
Legacy event types: app.office365.api.sync.complete
User sync completed.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.SYNC.HEARTBEAT.SENT
Legacy event types: app.office365.api.sync.heartbeat.sent
Heartbeat sent to Microsoft Azure Active Directory.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.SYNC.JOB.COMPLETE
Legacy event types: app.office365.api.sync.job.complete
Sync job completed.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.SYNC.JOB.COMPLETE.CONTACT
Legacy event types: app.office365.api.sync.job.complete.contact
Sync job completed.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.SYNC.JOB.COMPLETE.GROUP
Legacy event types: app.office365.api.sync.job.complete.group
Sync job completed.
appoffice365-app
Since: 2017.01
APP.OFFICE365.API.SYNC.JOB.COMPLETE.USER
Legacy event types: app.office365.api.sync.job.complete.user
Sync job completed.
appoffice365-app
Since: 2017.01
APP.OFFICE365.CLIENTPLATFORM.CONVERSION.JOB.PROCESSING.APP.INSTANCE
Legacy event types:
app.office365.clientplatform.conversion.job.processing.app.instance
Begin processing client access conversion for app instance.
appoffice365-app
Since: 2017.01
APP.OFFICE365.CLIENTPLATFORM.CONVERSION.JOB.SKIPPING.MIGRATION
Legacy event types:
app.office365.clientplatform.conversion.job.skipping.migration
Skipping migration of client access rules for app instance.
appoffice365-app
Since: 2017.01
APP.OFFICE365.DIRSYNC.SKIPPING.CONFLICT-OBJECT
Legacy event types: app.office365.dirsync.skipping.conflict-object
Skipping sync of conflict object.
appoffice365-app
Since: 2017.01
APP.OFFICE365.DIRSYNC.SKIPPING.CRITICAL-SYSTEM-OBJECT
Legacy event types: app.office365.dirsync.skipping.critical-system-object
Skipping sync of critical system object.
appoffice365-app
Since: 2017.01
APP.OFFICE365.DIRSYNC.SKIPPING.NON-SECURITY-GROUP-INVALID-MAIL
Legacy event types:
app.office365.dirsync.skipping.non-security-group-invalid-mail
Skipping sync of non security object with invalid mail.
appoffice365-app
Since: 2017.01
APP.OFFICE365.DIRSYNC.SKIPPING.RESERVED-ATTRIBUTE-VALUE
Legacy event types: app.office365.dirsync.skipping.reserved-attribute-value
Skipping sync of object with reserved attribute value.
appoffice365-app
Since: 2017.01
APP.OFFICE365.DIRSYNC.SKIPPING.SYSTEMMAILBOX
Legacy event types: app.office365.dirsync.skipping.systemmailbox
Skipping sync of system mailbox object.
appoffice365-app
Since: 2017.01
APP.OFFICE365.DIRSYNC.SKIPPING.WITHOUT-NAME-AND-DISPLAYNAME
Legacy event types: app.office365.dirsync.skipping.without-name-and-displayname
Skipping sync of non security object without name and display name.
appoffice365-app
Since: 2017.01
APP.OFFICE365.ERROR.IMPORTING.USER
Legacy event types: app.office365.error.importing.user
An error occurred while importing user.
appoffice365-app
Since: 2017.01
APP.OFFICE365.GRAPH.API.ERROR.NO.MAILBOX.FOUND
Legacy event types: app.office365.graph.api.error.no.mailbox.found
No MailBox found for Office 365 user.
appoffice365-app
Since: 2017.01
APP.OFFICE365.GRAPH.API.ERROR.RATE-LIMIT.EXCEEDED
Legacy event types: app.office365.graph.api.error.rate-limit.exceeded
Rate limit exceeded for Microsoft Graph.
appoffice365-app
Since: 2017.01
APP.OFFICE365.GRAPH.API.ERROR.SERVICE.PRINCIPAL.CREATION.FAILED
Legacy event types:
app.office365.graph.api.error.service.principal.creation.failed
Failure while trying to create service principal.
office365-app
Since: 2017.01
APP.OFFICE365.GRAPH.API.ERROR.SERVICE.PRINCIPAL.MSGRAPH.AUTHENTICATION.FAILURE
Legacy event types:
app.office365.graph.api.error.service.principal.msgraph.authentication.failure
Failure while trying to create service principal due to a Mircrosoft Graph
authentication issue.
office365-app
Since: 2017.01
APP.OFFICE365.SERVICE.PRINCIPAL.CLEANUP.JOB.COMPLETE
Legacy event types: app.office365.service.principal.cleanup.job.complete
End processing Office 365 service principal cleanup.
appoffice365-app
Since: 2017.01
APP.OFFICE365.SERVICE.PRINCIPAL.CLEANUP.JOB.INVALID.CREDENTIALS
Legacy event types:
app.office365.service.principal.cleanup.job.invalid.credentials
The admin username or password is invalid. Please use the Azure Active Directory
cmdlets to execute the command 'Remove-MsolServicePrincipal -AppPrincipalId' to
manually cleanup the service principal.
appoffice365-app
Since: 2017.01
APP.OFFICE365.SERVICE.PRINCIPAL.CLEANUP.JOB.PROCESSING
Legacy event types: app.office365.service.principal.cleanup.job.processing
Begin performing Office 365 service principal cleanup.
appoffice365-app
Since: 2017.01
APP.OFFICE365.SERVICE.PRINCIPAL.CLEANUP.JOB.SKIPPING.MISSING.CREDS
Legacy event types:
app.office365.service.principal.cleanup.job.skipping.missing.creds
Skipping app instance during Office 365 service principal cleanup as it does not
contain Office 365 admin user credentials. Please use the Azure Active Directory
cmdlets to execute the command 'Remove-MsolServicePrincipal -AppPrincipalId' to
manually cleanup the service principal.
appoffice365-app
Since: 2017.01
APP.OFFICE365.SERVICE.PRINCIPAL.CLEANUP.JOB.SKIPPING.NO.SERVICE.PRINCIPAL
Legacy event types:
app.office365.service.principal.cleanup.job.skipping.no.service.principal
Skipping app instance during Office 365 service principal cleanup as it does not
have a service principal.
appoffice365-app
Since: 2017.01
APP.OFFICE365.SERVICE.PRINCIPAL.CLEANUP.JOB.UNABLE.TO.DELETE.SERVICE.PRINCIPAL
Legacy event types:
app.office365.service.principal.cleanup.job.unable.to.delete.service.principal
Unable to automatically delete the Office 365 service principal. Please use the
Azure Active Directory cmdlets to execute the command
'Remove-MsolServicePrincipal -AppPrincipalId' to manually cleanup the service
principal.
appoffice365-app
Since: 2017.01
APP.OFFICE365.USER.DELETE.SUCCESS
Legacy event types: app.office365.user.delete.success
Successfully deleted the Office 365 user.
appoffice365-app
Since: 2017.01
APP.OFFICE365.USER.LIFECYCLE.ACTION.FAILED
Legacy event types: app.office365.user.lifecycle.action.failed
Unable to complete app user lifecycle action for AppUser.
appoffice365-app
Since: 2017.01
APP.OFFICE365.USER.REMOVE.LICENSES.SUCCESS
Legacy event types: app.office365.user.remove.licenses.success
Successfully removed all the licenses for the Office 365 user.
appoffice365-app
Since: 2017.01
APP.POLICY.SIGN_ON.UPDATE
Update app sign on policy. This event is used to audit when an app sign on
policy is updated. This event is fired when an admin updates an app's sign on
policy and logs what was changed.
policy
Since: 2022.08.0
APP.RADIUS.AGENT.LISTENER.FAILED
Radius agent listener failed.
appradius
Since: 2018.13
APP.RADIUS.AGENT.LISTENER.SUCCEEDED
Radius agent listener succeeded.
appradius
Since: 2018.13
APP.RADIUS.AGENT.PORT_INACCESSIBLE
Legacy event types: app.radius.agent.port_inaccessible
Radius agent failed to listen on port.
appradius
Since: 2018.13
APP.RADIUS.AGENT.PORT_REACCESSIBLE
Legacy event types: app.radius.agent.port_reaccessible
Radius agent was able to listen on port again.
appradius
Since: 2018.13
APP.RADIUS.INFO_ACCESS.NO_PERMISSION
No permission accessing any Radius app info. This event can be used to monitor
and notify admins when some users who access radius app info have no permission.
Fired when users who access radius app info have no permission.
appradius
Since: 2020.08.0
APP.RADIUS.INFO_ACCESS.PARTIAL_PERMISSION
No permission accessing info for part of Radius apps. This event can be used to
monitor and notify admins when some users who access radius app info have only
partial permission. Fired when users who access radius app info have partial
permission.
appradius
Since: 2020.08.0
APP.REALTIMESYNC.IMPORT.DETAILS.ADD_USER
Legacy event types: app.realtimesync.import.details.add_user
Real time sync added new User.
app
Since: 2014.25
APP.REALTIMESYNC.IMPORT.DETAILS.DELETE_USER
Legacy event types: app.realtimesync.import.details.delete_user
Real time sync removed existing User.
app
Since: 2014.25
APP.REALTIMESYNC.IMPORT.DETAILS.UPDATE_USER
Legacy event types: app.realtimesync.import.details.suspend_user,
app.realtimesync.import.details.unsuspend_user,
app.realtimesync.import.details.update_user
Fired when a real time import includes an update to an existing user. This can
be used to see details about the user updates included in a real time sync
import. When fired, this event contains information about the type of update
made, including whether or not a user was suspend or unsuspended. Related events
include: app.realtimesync.import.details_add_user and
app.realtimesync.import.details_delete_user.
app
Since: 2014.25
APP.RUM.CONFIG.VALIDATION.ERROR
Legacy event types: app.rum.config.validation.error
Error validating instance configuration. Can be used to identify configuration
issues with remote user management.
rum
Since: 2018.42
APP.RUM.IS.API.ACCOUNT.ERROR
Legacy event types: app.rum.is.api.account.error
RUM API account is not configured or empty. Can be used to identify RUM API
account configuration issues.
rum
Since: 2018.42
APP.RUM.PACKAGE.THROWN.ERROR
Legacy event types: app.rum.package.thrown.error
Errors during execution. Can be used to identify any errors during execution of
remote user management.
rum
Since: 2018.42
APP.RUM.VALIDATION.ERROR
Legacy event types: app.rum.validation.error
Error during package validation. Can be used to identify validation issues with
remote user management packages.
rum
Since: 2018.42
APP.SAML.SENSITIVE.ATTRIBUTE.UPDATE
Legacy event types: app.saml.sensitive.attribute.update
Fired when a SAML assertion contains a sensitive attribute, and that sensitive
attribute has been updated (modified/added/deleted). This event does not fire
when non-sensitive SAML attributes are updated. This can be used to audit that a
sensitive attribute attached to an outbound SAML assertion has been correctly
modified, added, or deleted. When fired, this event contains the specific
attributes that have been modified, added, or deleted to/from the SAML
assertion. Related events include: application.lifecycle.update.
appcvd
Since: 2019.01.1
APP.USER_MANAGEMENT
Legacy event types: app.user_management.app_group_member_import.delete_failure,
app.user_management.app_group_member_import.delete_success,
app.user_management.app_group_member_import.insert_failure,
app.user_management.app_group_member_import.insert_success
Imported new or deleted existing member of an application group.
app-user-management
Since: 2016.04
APP.USER_MANAGEMENT.GROUPPUSH.MAPPING.CREATED.FROM.RULE
Legacy event types: app.user_management.grouppush.mapping.created.from.rule
A Group Push mapping to the group has been created from the rule.
app
Since: 2017.51
APP.USER_MANAGEMENT.GROUPPUSH.MAPPING.CREATED.FROM.RULE.ERROR.DUPLICATE
Legacy event types:
app.user_management.grouppush.mapping.created.from.rule.error.duplicate
A Group Push mapping to the group did not get created from rule because an
existing mapping already existed.
app
Since: 2017.51
APP.USER_MANAGEMENT.GROUPPUSH.MAPPING.CREATED.FROM.RULE.ERROR.VALIDATION
Legacy event types:
app.user_management.grouppush.mapping.created.from.rule.error.validation
A Group Push mapping to the group did not get created from rule because of the
validation error.
app
Since: 2017.51
APP.USER_MANAGEMENT.GROUPPUSH.MAPPING.CREATED.FROM.RULE.ERRORS
Legacy event types:
app.user_management.grouppush.mapping.created.from.rule.errors
A Group Push mapping to the group did not get created from rule.
app
Since: 2017.51
APP.USER_MANAGEMENT.GROUPPUSH.MAPPING.OKTA.USERS.IGNORED
Legacy event types: app.user_management.grouppush.mapping.okta.users.ignored
Okta users ignored while pushing group to AppInstance.
appapp-user-management
Since: 2018.03
APP.USER_MANAGEMENT.IMPORT.CSV.LINE.ERROR
Legacy event types: app.user_management.import.csv.line.error
Error reading line from CSV.
app
Since: 2017.51
APP.USER_MANAGEMENT.PUSH_NEW_USER_SUCCESS
Legacy event types: app.user_management.push_new_user_success
Successfully pushed new user account to app.
app
Since: 2017.51
APP.USER_MANAGEMENT.UPDATE_FROM_MASTER_FAILED
Legacy event types: app.user_management.update_from_master_failed
Could not apply import.
app
Since: 2017.51
APP.USER_MANAGEMENT.USER_GROUP_IMPORT.CREATE_FAILURE
Legacy event types: app.user_management.user_group_import.create_failure
Failed to create group from app.
appapp-user-management
Since: 2018.03
APP.USER_MANAGEMENT.USER_GROUP_IMPORT.DELETE_SUCCESS
Legacy event types: app.user_management.user_group_import.delete_success
Deleted the group from app.
appapp-user-management
Since: 2018.03
APP.USER_MANAGEMENT.USER_GROUP_IMPORT.UPDATE_FAILURE
Legacy event types: app.user_management.user_group_import.update_failure
Failed to update group from app.
appapp-user-management
Since: 2018.03
APP.USER_MANAGEMENT.USER_GROUP_IMPORT.UPSERT_FAIL
Legacy event types: app.user_management.user_group_import.upsert_failure
Failed to import the group from app. This event helps identify when a group is
failed to be imported. Fired when we skip processing an import of a group.
appapp-user-management
Since: 2020.07.1
APP.USER_MANAGEMENT.USER_GROUP_IMPORT.UPSERT_SUCCESS
Legacy event types: app.user_management.user_group_import.upsert_success
Imported the group from app.
appapp-user-management
Since: 2018.03
APPLICATION.APPUSER.MAPPING.INVALID.EXPRESSION
Legacy event types: application.appuser.mapping.invalid.expression
App user property mapping has invalid expressions. Can be used to identify
invalid expressions. Note that a single event is fired for all invalid
expressions.
app
Since: 2018.47
APPLICATION.CACHE.INVALIDATE
Legacy event types: invalidate_app_list.app.created,
invalidate_app_list.app.updated, invalidate_app_list.app_details.updated,
invalidate_app_list.metadata.changed
Event fired when a app list cache is invalidated because a new app is created.
Can be used to make sure App List cache is invalidated after a new app is
created.
invalidate-app-list-cache
Since: 2018.42
APPLICATION.CONFIGURATION.DETECT_ERROR
Legacy event types: app.app_instance.config-error
Application configuration error detected.
app
Since: 2016.13
APPLICATION.CONFIGURATION.DISABLE_DELAUTH_OUTBOUND
Legacy event types: app.app_instance.outbound_delauth_disabled
Disable delegated authentication for app.
app
Since: 2016.13
APPLICATION.CONFIGURATION.DISABLE_FED_BROKER_MODE
Legacy event types: app.generic.config.fed_broker_mode_disabled
Disable Federation Broker Mode for app.
app
Since: 2017.24
APPLICATION.CONFIGURATION.ENABLE_DELAUTH_OUTBOUND
Legacy event types: app.app_instance.outbound_delauth_enabled
Enable delegated authentication for app.
app
Since: 2016.13
APPLICATION.CONFIGURATION.ENABLE_FED_BROKER_MODE
Legacy event types: app.generic.config.fed_broker_mode_enabled
Enable Federation Broker Mode for app.
app
Since: 2017.24
APPLICATION.CONFIGURATION.IMPORT_SCHEMA
Legacy event types: app.api.error.download_app_schema,
app.google.user_management.error.download_app_schema,
app.jira.api.error.download.server.set.values,
app.okta_org2org.user_management.error.download_app_schema,
app.okta_org2org.user_management.error.download_user_type,
app.okta_org2org.user_management.error.parse_schema,
app.okta_org2org.user_management.error.schema.property.not.exist,
app.salesforce.user_management.failure.download_user_schema,
app.servicenow.api.error.get.costcenters,
app.servicenow.api.error.get.departments,
app.servicenow.api.error.get.locations,
app.servicenow_app2.api.error.get.costcenters,
app.servicenow_app2.api.error.get.departments,
app.servicenow_app2.api.error.get.locations,
app.veeva_vault.api.error.download.custom.objects,
app.workday.api.error.user-management-error-download-app-schema
Okta couldn't download application configuration. Can be used to identify when
an app schema couldn't be downloaded from a remote application. Event fired when
Okta couldn't download application-specific data from a remote app. This may
happen when admin updates provisioning details.
app-api
Since: 2017.33
APPLICATION.CONFIGURATION.RESET_LOGO
Legacy event types: app.app_instance.logo_reset
Reset app logo.
app
Since: 2016.13
APPLICATION.CONFIGURATION.UPDATE
Legacy event types: app.api.error.api.validation,
app.api.error.download_custom_objects,
app.api.error.download_schema_enum_values,
app.api.generic.configuration.message,
app.boxnet.api.error.validate_parent_folder,
app.google.user_management.error.download_custom_objects,
app.hipchat.api.error.validation, app.jira.api.error.binding,
app.jira.api.error.login, app.jira.api.error.logout,
app.netsuite.api.error.download_custom_objects,
app.rightscale.api.error.validate, app.sendwordnow.api.error.auth,
app.workday.api.error.validate, app.zendesk.api.error.role.restriction,
verificationFailed
Okta couldn't verify api credentials. Can be used when Okta couldn't check the
credentials by execution some custom, application dependent, set of requests.
Okta fires this event to notify issues with credentials validation. Could be
issues with proper permissions as well.
app-api
Since: 2017.33
APPLICATION.CONFIGURATION.UPDATE_API_CREDENTIALS_FOR_PASS_CHANGE
Legacy event types:
app.user_management.updating_api_credentials_for_password_change
Update API credentials due to user updating password.
app
Since: 2016.13
APPLICATION.CONFIGURATION.UPDATE_LOGO
Legacy event types: app.app_instance.logo_update
Change app logo.
app
Since: 2016.13
APPLICATION.CONFIGURATION.UPDATE_RATE_LIMITS
Update rate limits for an OAuth App. This can be used to track the updates to
rate limits for an OAuth application. When fired, this event contains details
about the actor, who triggered the event, the OAuth app, for which the rate
limit was updated, etc. Actual value change details can be found in debug data
such as the old and new values.
app
Since: 2023.01.0
APPLICATION.INTEGRATION.API_QUERY
Legacy event types: app.hipchat.api.error.query
Unable to query remote API. Can be used to determine when okta fails to query
remote application. Okta fires this event for unspecified events which include
remote api response processing.
app-api
Since: 2017.33
APPLICATION.INTEGRATION.AUTHENTICATION_FAILURE
Legacy event types: app.api.error.auth, app.api.error.oauth.get.token,
app.api.error.oauth.refresh.token, app.auth_error.INVALID_CREDENTIALS,
app.bigmachines.api.error.connection, app.bigmachines.api.error.login,
app.bigmachines.api.error.logout, app.bloomfire.api.error.api.validation,
app.bloomfire.sso.error.api_key_empty, app.bloomfire.sso.error.api_key_invalid,
app.bloomfire.sso.error.user_not_extracted, app.confluence.api.error.login,
app.confluence.api.error.logout, app.cornerstone.api.error.api.validation,
app.cornerstone.api.error.init, app.coupa.api.connection.error,
app.crashplanpro.api.auth.invalid_login_url,
app.crashplanpro.api.invalid_set_of_roles, app.docusign.api.error.no.accounts,
app.docusign.api.error.not.account.member, app.dropbox.api.error.validation,
app.echosign.api.error.connection, app.egnyte.auth.type.validation.failure,
app.egnyte.username.validation.failure,
app.evernote_business.api.error.validation,
app.gotomeeting.user_management.config.failure.api_login_failure,
app.gotomeeting_rest.user_management.config.failure.api_auth_failed,
app.netsuite.api.error.auth, app.pagerduty.api.auth.error.invalid.admin.role,
app.pagerduty.api.auth.error.invalid.admin.username,
app.pagerduty.api.auth.error.invalid.api.key,
app.postini.user_management.config.failure.api_login_failed,
app.rightscale.api.error.login,
app.salesforce.user_management.failure.api_service_not_available,
app.salesforce.user_management.failure.general_api_login_failure,
app.salesforce.user_management.failure.invalid_api_credentials,
app.salesforce.user_management.failure.password_expired,
app.servicenow.api.error.validation, app.servicenow_app2.api.error.validation,
app.sugarcrm.api.error.login, app.sugarcrm.api.error.logout,
app.veeva_vault.api.error.validation, app.yammer.api.error.validation,
app.zendesk.api.error.validation.error, github.api.error.empty_oauth_token,
github.api.error.not_a_member_of_the_org, github.api.error.not_admin_user
Error authenticating. Can be used when Okta couldn't authenticate with the
provided credentials to a remote api. Okta fires this event when it couldn't
access a remote api with provided credentials.
app-api
Since: 2017.33
APPLICATION.INTEGRATION.GENERAL_FAILURE
Legacy event types: app.amazon_aws.connected.accounts.modification,
app.api.error.generic, app.bloomfire.api.error.generic, app.coupa.api.error,
app.crashplanpro.api.rest.unexpected_response_status,
app.eqanalyzer.url.encoding, app.exacttarget.api.error.init,
app.google.sso.failure.domain_not_found,
app.google.sso.failure.invalid_continue_url,
app.google.sso.failure.invalid_domain,
app.google.sso.failure.relay_state_not_found,
app.gotomeeting.user_management.config.failure.api_not_available,
app.gotomeeting.user_management.config.failure.api_url_is_malformed,
app.gotomeeting_rest.user_management.config.failure.api_not_available,
app.rightscale.api.error.idp, app.scim.is.api.account.error,
app.sugarcrm.api.error.get.entry.list, app.sugarcrm.api.error.hash.password,
app.sugarcrm.api.error.set.entry, app.workday.api.error.bind,
roambi.api.error.auth.empty.account.response, roambi.api.error.auth.empty.code,
roambi.api.error.auth.unexpected.response
Generic error occured. Can be used when there is some uncategorized error
occurs. Okta fires this event for different unhandled exceptions.
app-api
Since: 2017.33
APPLICATION.INTEGRATION.RATE_LIMIT_EXCEEDED
Legacy event types: app.api.error.rate.limit.exceeded,
app.boxnet.api.error.rate_limit_exceeded,
app.clarizen.api.error.rate_limit.exceeded,
app.dropbox.api.error.rateLimit.exceeded, app.egnyte.rate.limiting.exceeded,
app.google.user_management.error.rateLimit, app.hipchat.rateLimit.exceeded,
app.litmos.import.rate_limit_exceeded, github.api.error.rate_limit.remaining,
github.api.error.rate_limit.reset_date
API rate limit exceeded. Can be used when Okta reaches api calls/minute rate
limit. Okta fires this event when there are too many requests for a specific
customer.
app-api
Since: 2017.33
APPLICATION.INTEGRATION.TRANSFER_FILES
Legacy event types: app.boxnet.api.error.transfer.files
Unable to transfer files. Can be used when Okta fails to transfer files from one
user to another. Okta fires this event when it fails to process user-to-user
file transfers.
app-api
Since: 2017.33
APPLICATION.LIFECYCLE.ACTIVATE
Legacy event types: app.generic.config.app_activated
Activate application.
appevent-hook-eligible
Since: 2016.13
APPLICATION.LIFECYCLE.CREATE
Legacy event types: app.app_editor.app.create
Create application.
appevent-hook-eligible
Since: 2016.13
APPLICATION.LIFECYCLE.DEACTIVATE
Legacy event types: app.generic.config.app_deactivated
Deactivate application.
appevent-hook-eligible
Since: 2016.13
APPLICATION.LIFECYCLE.DELETE
Legacy event types: app.generic.config.app_deleted
Delete application.
appevent-hook-eligible
Since: 2016.13
APPLICATION.LIFECYCLE.UPDATE
Legacy event types: app.app_editor.app.update, app.generic.config.app_updated
Update application.
appevent-hook-eligible
Since: 2016.13
APPLICATION.POLICY.SIGN_ON.DENY_ACCESS
Legacy event types: app.app_instance.sign_on_policy.access_denied
Deny user access due to app sign on policy. When fired due to app assurance
being evaluated as unsatisfiable (the policy requirements could not be satisfied
by the users' current set of available authenticator enrollments), this event
contains information about the user and the app that the user is trying to
authenticate into.
appevent-hook-eligible
Since: 2016.13
APPLICATION.POLICY.SIGN_ON.RULE.CREATE
Legacy event types: app.app_instance.sign_on_policy.new_rule
Create rule for app sign on policy.
app
Since: 2016.13
APPLICATION.POLICY.SIGN_ON.RULE.DELETE
Legacy event types: app.app_instance.sign_on_policy.delete_rule
Delete rule from app sign on policy.
app
Since: 2016.13
APPLICATION.POLICY.SIGN_ON.UPDATE
Legacy event types: app.app_instance.sign_on_policy.change
Update app sign on policy.
app
Since: 2016.13
APPLICATION.PROVISION.FIELD_MAPPING_RULE.CHANGE
Legacy event types: platform.field_mapping_rule.assign.change,
platform.field_mapping_rule.import.change
Event fired when field mapping rules modified. Can be used to make sure when
custom mapping rules are modified.
field-mapping-rule-modification
Since: 2018.42
APPLICATION.PROVISION.GROUP.ADD
Legacy event types: app.api.error.create.group, app.api.error.upsert_group,
app.api.error.upsert_group_duplicate, app.boxnet.api.error.create.group,
app.confluence.api.error.create.new.group,
app.google.user_management.error.create_group,
app.google.user_management.error.create_group_duplicate,
app.jira.api.error.create.group, app.jira.api.error.upsert.group,
app.samanage.api.error.long_group_name,
app.servicenow_app2.api.error.upsert.group
Fired when Okta provisions a new group on a remote application. Can be used to
identify when Okta provisions a group on a remote application. Event fired when
the group provisioning failed for any reason.
app-api
Since: 2017.33
APPLICATION.PROVISION.GROUP.IMPORT
Legacy event types: app.api.error.download_groups,
app.api.error.get_group_by_id, app.boxnet.api.error.download.groups,
app.confluence.api.error.parse.groups,
app.google.user_management.error.download_groups,
app.jira.api.error.download.groups, app.rightscale.api.error.download.groups,
app.servicenow_app2.api.error.download.groups, app.workday.api.error.get-groups,
app.workday.api.error.parse-groups
Fired when Okta downloads a remote group. Can be used to identify when Okta
tries to download remote group details. Event fired when Okta fails to reach the
group detail from a remote application.
app-api
Since: 2017.33
APPLICATION.PROVISION.GROUP.REMOVE
Legacy event types: app.api.error.delete_group,
app.boxnet.api.error.delete.group, app.confluence.api.error.remove.group,
app.google.user_management.error.delete_group, app.jira.api.error.delete.group,
app.servicenow_app2.api.error.delete.group
Fired when Okta removes a remote group. Can be used to identify when a group has
been unassigned. Event fired when Okta failed to delete group from remote
application.
app-api
Since: 2017.33
APPLICATION.PROVISION.GROUP.UPDATE
Legacy event types: app.api.error.group_name_long_length,
app.api.error.update.group, app.boxnet.api.error.update.group,
app.clarizen.api.error.update_group,
app.google.user_management.error.update_group, app.jira.api.error.update.group
Fired when Okta updates the user group. Can be used to identify when a group has
been updated. Event fired when Okta fails to update a remote group for any
reason.
app-api
Since: 2017.33
APPLICATION.PROVISION.GROUP.VERIFY_EXISTS
Legacy event types: app.api.error.check_group_exists,
app.api.error.group.more_than_one_with_same_id, app.api.error.group.not_found,
app.boxnet.api.error.check_group_exists,
app.confluence.api.error.check.group.exists,
app.google.user_management.error.check_group_exists,
app.google.user_management.error.check_group_exists.invalid_domain,
app.jira.api.error.check.group.exists, app.servicenow_app2.api.warn.upsert.group
Fired when group no longer exists on a remote application. Can be used to
identify when a group no longer exists on a remote application. Event fired when
group push enhancement enabled and there is no group found on update or delete.
app-api
Since: 2017.33
APPLICATION.PROVISION.GROUP_MEMBERSHIP.ADD
Legacy event types: app.api.error.add_group_membership,
app.boxnet.api.error.push.groups_set,
app.confluence.api.error.add.user.to.group,
app.google.user_management.error.add_member_to_group,
app.servicenow_app2.api.error.add.group.memberships
Failed to assign a user to a group. Can be used when Okta failed to assign user
to a group on remote application. Okta fires this event if there are any issues
while provision a membership to a remote application.
app-api
Since: 2017.33
APPLICATION.PROVISION.GROUP_MEMBERSHIP.IMPORT
Legacy event types: app.api.error.download_memberships,
app.boxnet.api.error.download.group_users,
app.google.user_management.error.download_group_members,
app.servicenow_app2.api.error.download.group.memberships,
app.workday.api.error.get-group-assignments,
app.workday.api.error.parse-group-assignments
Error while downloading memberships. Can be used when Okta failed to download
users and groups relationships. Okta fires this event if there are any issues
while importing a membership from a remote application.
app-api
Since: 2017.33
APPLICATION.PROVISION.GROUP_MEMBERSHIP.REMOVE
Legacy event types: app.api.error.remove_group_membership,
app.boxnet.api.error.push.remove_from_groups,
app.confluence.api.error.remove.user.to.group,
app.google.user_management.error.remove_member_from_group,
app.servicenow_app2.api.error.delete.group.memberships
Fired when there is an error while removing user(s) from group. Can be used when
Okta failed to unassign user from a group on remote application. Okta fires this
event when there are any issues while provision a membership to a remote
application.
app-api
Since: 2017.33
APPLICATION.PROVISION.GROUP_MEMBERSHIP.UPDATE
Legacy event types: app.api.error.update_group_membership,
app.jira.api.error.update.group.membership,
app.salesforce.user_management.failure.add_user_to_public_group,
app.salesforce.user_management.failure.remove_user_from_public_group
Fired when there is an error while updating user group membership for group. Can
be used when Okta failed to push updated memberships to a remote application.
Okta fires this event when couldn't update memberships on a remote application.
Could be user removal/addition.
app-api
Since: 2017.33
APPLICATION.PROVISION.GROUP_PUSH.ACTIVATE_MAPPING
Legacy event types: platform.group_push.activate_mapping
Group push activated mappings.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.DELETE_APPGROUP
Legacy event types: platform.group_push.delete_appgroup
Group push deleted application group.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.AND.GROUPS.DELETED.RULE.DELETED
Legacy event types:
app.user_management.grouppush.mapping.and.groups.deleted.rule.deleted
An existing mapping and its target groups have been deleted because a mapping
rule was deleted.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.APP.GROUP.RENAMED
Legacy event types: app.user_management.grouppush.mapping.app.group.renamed
A mapped app group has been renamed because the source group was renamed.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.APP.GROUP.RENAMED.FAILED
Legacy event types:
app.user_management.grouppush.mapping.app.group.renamed.failed
A mapped app group couldn't be renamed when the source group was renamed.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.CREATED
Legacy event types: app.user_management.grouppush.mapping.created
A new mapping has been created.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.CREATED.FROM.RULE.WARNING.DUPLICATE.NAME
Legacy event types:
app.user_management.grouppush.mapping.created.from.rule.warning.duplicate.name
A new mapping from a rule was not created due to a duplicate group name.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.CREATED.FROM.RULE.WARNING.DUPLICATE.NAME.TOBECREATED
Legacy event types:
app.user_management.grouppush.mapping.created.from.rule.warning.duplicate.name.tobecreated
A new mapping from a rule was not created due to another mapping will be created
that has the same user group name.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.CREATED.FROM.RULE.WARNING.UPSERTGROUP.DUPLICATE.NAME
Legacy event types:
app.user_management.grouppush.mapping.created.from.rule.warning.upsertGroup.duplicate.name
An upsert to a group caused group push rule re-evaluation. A new mapping from a
rule was not created due to a duplicate group name.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.DEACTIVATED.SOURCE.GROUP.RENAMED
Legacy event types:
app.user_management.grouppush.mapping.deactivated.source.group.renamed
An existing mapping has been deactivated because the source group was renamed.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.DEACTIVATED.SOURCE.GROUP.RENAMED.FAILED
Legacy event types:
app.user_management.grouppush.mapping.deactivated.source.group.renamed.failed
An existing mapping couldn't be deactivated when the source group was renamed.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.UPDATE.OR.DELETE.FAILED
Legacy event types:
app.user_management.grouppush.mapping.update.or.delete.failed
Group push mapping change failed and will be retried. Can be used to identify
transient errors that may temporarily impact the group push mapping but likely
do not require admin intervention. This event typically requires no action as
the corresponding operation will be retried. Refer to
application.provision.group_push.mapping.update.or.delete.failed for events that
may require intervention.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.MAPPING.UPDATE.OR.DELETE.FAILED.WITH.ERROR
Legacy event types:
app.user_management.grouppush.mapping.update.or.delete.failed.with.error
Group push mapping change failed and cannot be retried. Can be used to identify
group push mapping errors which may require admin intervention to address.
Unlike the similarly named event,
application.provision.group_push.mapping.update.or.delete.failed, when this
event is fired the corresponding action that triggered it will not be retried by
Okta and may indicate a configuration problem. For example, invalid
authorization credentials with the target application due to an expired password
or invalid access token.
appevent-hook-eligible
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.PUSH_MEMBERSHIPS
Legacy event types: platform.group_push.push_memberships
Group push pushed memberships.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.PUSHED
Legacy event types: app.user_management.grouppush.pushed
A group was pushed to an app.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.REMOVED
Legacy event types: app.user_management.grouppush.removed
A group was removed from an app.
app
Since: 2017.29
APPLICATION.PROVISION.GROUP_PUSH.UPDATED
Legacy event types: app.user_management.grouppush.updated
A group was updated in an app.
app
Since: 2017.29
APPLICATION.PROVISION.INTEGRATION.CALL_API
Legacy event types: app.amazon_aws.api.error.get.roles,
app.rum.execution.security.exception,
app.rum.execution.standard.attributes.exception,
app.rum.failure.timeout.reschedule
Application integration API called.
app-api
Since: 2016.15
APPLICATION.PROVISION.USER.ACTIVATE
Legacy event types: app.api.error.activate_user,
app.user_management.activate_user
Activate user's application membership.
app-api
Since: 2016.14
APPLICATION.PROVISION.USER.DEACTIVATE
Legacy event types: app.api.error.deactivate_user,
app.bigmachines.api.error.deactivate, app.boxnet.api.error.deactivate_user,
app.clarizen.api.error.entity.not_found,
app.confluence.api.error.deactivate.user, app.confluence.api.error.remove.user,
app.cornerstone.api.error.api.deactivate_user,
app.dropbox.api.error.deactivation,
app.evernote_business.api.error.deactivation,
app.exacttarget.api.error.deactivate_user,
app.google.user_management.error.deactivate_user,
app.hipchat.api.error.deactivation, app.netsuite.api.error.deactivate_user,
app.pagerduty.api.deactivate.user.unexpected.status,
app.servicenow.api.error.deactivate.user,
app.servicenow_app2.api.error.deactivate.user,
app.sugarcrm.api.error.deactivate.user, app.user_management.deactivate_user,
app.user_management.deactivate_user.api_account,
app.user_management.deactivate_user_failed,
app.veeva_vault.api.error.deactivate.user, app.yammer.api.error.deactivation,
roambi.api.error.deactivate_user.confirmation
Push user deactivation to external application.
app-api
Since: 2016.14
APPLICATION.PROVISION.USER.DEPROVISION
Legacy event types: app.user_management.deprovision_task_complete
Deprovision user from external application.
app
Since: 2016.14
APPLICATION.PROVISION.USER.IMPORT
Legacy event types: app.api.error.download_users,
app.bloomfire.api.error.download_users, app.boxnet.api.error.download.users,
app.confluence.api.error.download.users, app.dropbox.api.error.download.users,
app.echosign.api.error.download.users, app.exacttarget.api.error.download_users,
app.google.user_management.error.download_org_units,
app.google.user_management.error.download_users,
app.gotomeeting.user_management.config.failure.user_import,
app.gotomeeting_rest.user_management.config.failure.user_import,
app.hipchat.api.error.download.users, app.jira.api.error.download.users,
app.netsuite.api.error.download_users,
app.postini.user_management.failure.download_users,
app.rightscale.api.error.download.users,
app.salesforce.user_management.failure.user_import,
app.sendwordnow.api.error.service, app.servicenow.api.error.download.users,
app.servicenow_app2.api.error.download.users,
app.sugarcrm.api.error.download.users, app.veeva_vault.api.error.download.users,
app.workday.api.error.connect-custom-report,
app.workday.api.error.custom-report-unknown-failure,
app.workday.api.error.get-locations, app.workday.api.error.get-tx-logs,
app.workday.api.error.get-worker-by-username, app.workday.api.error.get-workers,
app.workday.api.error.minimum-concurrent-connections,
app.workday.api.error.parse-custom-report, app.workday.api.error.parse-workers,
app.workday.api.error.timezone-deactivations-processing-errors,
app.workday.api.error.universal-directory-setup-error,
app.workday.api.get-custom-report-data-empty,
app.yammer.api.error.download.users, gooddata.api.error.project.access.forbidden
Deactivate user from external application.
app-api
Since: 2017.33
APPLICATION.PROVISION.USER.IMPORT_PROFILE
Legacy event types: app.api.error.import_user_by_id,
app.api.error.import_user_profile, app.bigmachines.api.error.import,
app.boxnet.api.error.import.user.profile,
app.confluence.api.error.convert.remote.user.to.app.user,
app.confluence.api.error.get.user, app.confluence.api.error.get.user.groups,
app.confluence.api.error.import.user.profile,
app.cornerstone.api.error.api.import_profile,
app.crashplanpro.api.user_not_found,
app.docusign.api.error.import.inactive.user,
app.docusign.api.error.import.permission.profile,
app.dropbox.api.error.import.profile, app.dropbox.api.error.query,
app.echosign.api.error.import.profile,
app.exacttarget.api.error.import_user_profile,
app.google.user_management.error.import_user_profile,
app.hipchat.api.error.import.profile, app.jira.api.error.check.get.user,
app.jira.api.error.convert.remote.user.to.app.user,
app.jira.api.error.import.user.profile,
app.netsuite.api.error.import_user_profile, app.rightscale.api.error.get.users,
app.sendwordnow.api.error.get_user,
app.sendwordnow.api.error.import_user_profile,
app.servicenow.api.error.import.user.profile,
app.servicenow_app2.api.error.import.manager.profile,
app.servicenow_app2.api.error.import.user.profile,
app.sugarcrm.api.error.import.user.profile,
app.veeva_vault.api.error.import.user.profile,
app.workday.api.error.get-worker-by-id, app.yammer.api.error.import.profile
Import profile from external application.
app-api
Since: 2017.33
APPLICATION.PROVISION.USER.PASSWORD
Legacy event types: app.api.error.empty_password,
app.api.error.push_password_update,
app.confluence.api.error.push.password.update,
app.cornerstone.api.error.api.password_push,
app.dropbox.api.error.push.password.update,
app.exacttarget.api.error.push_password_update,
app.google.user_management.error.push_password_update,
app.hipchat.api.error.push.password, app.jira.api.error.push.password.update,
app.netsuite.api.error.push_password_update,
app.salesforce.user_management.failure.cant.push.password,
app.salesforce.user_management.sso.only.user.password.rejected,
app.servicenow.api.error.push.password.update,
app.servicenow_app2.api.error.push.password.update,
app.sugarcrm.api.error.push.password.update
Issue pushing user password to external application.
app-api
Since: 2017.33
APPLICATION.PROVISION.USER.PUSH
Legacy event types: app.api.error.create_pending_user,
app.api.error.create_user, app.api.error.user.not_found,
app.api.error.user.not_found_or_deleted, app.bigmachines.api.error.create,
app.bloomfire.api.error.create_user,
app.boxnet.api.error.assign_folder_permissions,
app.boxnet.api.error.create_new_user,
app.boxnet.api.error.create_personal_folder,
app.boxnet.api.error.create_personal_folder.conflict,
app.boxnet.api.error.invalid_user_login,
app.boxnet.api.error.personal_folder_name,
app.boxnet.api.error.personal_folder_sync_state,
app.confluence.api.error.create.new.user,
app.cornerstone.api.error.api.create_user, app.dropbox.api.error.create.user,
app.echosign.api.error.create, app.evernote_business.api.error.create.user,
app.evernote_business.api.error.create.user.limit.reached,
app.exacttarget.api.error.create_user,
app.google.user_management.error.create_new_user,
app.google.user_management.error.invalid_manager,
app.google.user_management.error.invalid_orgunit_id,
app.gotomeeting.user_management.config.failure.user_provisioning,
app.gotomeeting_rest.user_management.config.failure.user_provisioning,
app.hipchat.api.error.create.user, app.jira.api.error.create.new.user,
app.netsuite.api.error.create_user,
app.postini.user_management.config.failure.provisioning,
app.rightscale.api.error.create.user,
app.salesforce.user_management.failure.provisioning,
app.samanage.api.error.incorrect.attribute,
app.sendwordnow.api.error.create_user, app.servicenow.api.error.create.new.user,
app.servicenow_app2.api.error.create.new.user,
app.sugarcrm.api.error.create.new.user, app.user_management.push_new_user,
app.user_management.push_pending_user,
app.veeva_vault.api.error.create.new.user, app.yammer.api.error.create.user,
app.yammer.api.warn.send.invite, gooddata.api.error.incorrect.roles.count,
gooddata.api.error.project.assignment.failed,
gooddata.api.error.project.not.found
Push new user to external application.
app-api
Since: 2016.14
APPLICATION.PROVISION.USER.PUSH_OKTA_PASSWORD
Legacy event types: app.user_management.push_okta_password_update
Push user's Okta password to application.
app
Since: 2016.14
APPLICATION.PROVISION.USER.PUSH_PASSWORD
Legacy event types: app.user_management.push_unique_password_update
Push user's password to application.
app
Since: 2016.14
APPLICATION.PROVISION.USER.PUSH_PROFILE
Legacy event types: app.api.error.manager.not_found_for_user,
app.api.error.push_profile_update, app.bigmachines.api.error.profile.update,
app.boxnet.api.error.add.email.alias, app.boxnet.api.error.push.profile.update,
app.boxnet.api.error.user.push.conflict_in_group,
app.confluence.api.error.convert.app.user.to.remote.user,
app.confluence.api.error.push.profile.update,
app.cornerstone.api.error.api.push_profile,
app.crashplanpro.api.user_has_invalid_fields,
app.docusign.api.error.update.inactive.user,
app.docusign.api.error.update.permission.profile,
app.dropbox.api.error.push.profile, app.dropbox.api.error.set.user.permissions,
app.exacttarget.api.error.push_profile_update,
app.generic.user_management.error.add_manager_to_user,
app.google.api.error.InsufficientPermission,
app.google.license_management.error.assign_license,
app.google.license_management.error.remove_license,
app.google.role_management.error.assign_role,
app.google.role_management.error.remove_role,
app.google.user_management.error.push_profile_update,
app.google.user_management.error.reconcile_email_aliases,
app.hipchat.api.error.push.profile,
app.jira.api.error.convert.app.user.to.remote.user,
app.jira.api.error.push.profile.update,
app.netsuite.api.error.push_profile_update,
app.pagerduty.api.push.profile.update.unexpected.status,
app.rightscale.api.error.push.profile,
app.sendwordnow.api.error.update_user_profile,
app.servicenow.api.error.import.manager.profile,
app.servicenow.api.error.push.profile.update,
app.servicenow_app2.api.error.push.profile.update,
app.sugarcrm.api.error.push.profile.update,
app.user_management.provision_user.user_inactive,
app.user_management.push_profile_failure,
app.user_management.push_profile_success,
app.user_management.push_profile_update,
app.veeva_vault.api.error.push.profile.update,
app.workday.api.error.get-employee-personal-info,
app.workday.api.error.update-employee-personal-info,
app.workday.api.error.user-management-error-push-profile-update,
app.yammer.api.error.push.profile, moveit_dmz.error.too.long.username.or.email
Push user's profile to external application.
app-api
Since: 2016.14
APPLICATION.PROVISION.USER.REACTIVATE
Legacy event types: app.api.error.reactivate_user,
app.bigmachines.api.error.activate, app.boxnet.api.error.reactivate_user,
app.confluence.api.error.reactivate.user,
app.cornerstone.api.error.api.reactivate_user,
app.exacttarget.api.error.reactivate_user,
app.google.user_management.error.reactivate_user,
app.hipchat.api.error.reactivation, app.netsuite.api.error.reactivate_user,
app.servicenow.api.error.reactivate.user,
app.servicenow_app2.api.error.reactivate.user,
app.sugarcrm.api.error.reactivate.user, app.user_management.reactivate_user,
app.veeva_vault.api.error.reactivate.user,
roambi.api.error.reactivate_user.confirmation
Push user reactivation in external application.
app-api
Since: 2016.14
APPLICATION.PROVISION.USER.SYNC
Legacy event types: app.user_management.provision_user,
app.user_management.provision_user_failed
Sync user in external application.
appevent-hook-eligible
Since: 2016.14
APPLICATION.PROVISION.USER.VERIFY_EXISTS
Legacy event types: app.api.error.check_user_exists,
app.api.error.user.more_than_one_with_same_id,
app.bigmachines.api.error.check.user.exists,
app.bloomfire.api.error.check_user_exists,
app.boxnet.api.error.check_user_exists,
app.confluence.api.error.check.user.exists,
app.cornerstone.api.error.api.check_user_exists,
app.crashplanpro.api.ambiguous_search_results_by_user,
app.dropbox.api.error.check.user, app.echosign.api.error.search.by.id,
app.echosign.api.error.search.by.login,
app.exacttarget.api.error.check_user_exists,
app.google.user_management.error.check_user_exists,
app.google.user_management.error.check_user_exists.invalid_domain,
app.hipchat.api.error.check.user, app.jira.api.error.check.user.exists,
app.netsuite.api.error.check_user_exists, app.sendwordnow.api.error.user_exists,
app.servicenow.api.error.check.user.exists,
app.servicenow_app2.api.error.check.user.exists,
app.sugarcrm.api.error.check.user.exists,
app.user_management.verified_user_with_thirdparty,
app.veeva_vault.api.error.check.user.exists, app.yammer.api.error.check.user,
github.api.error.user_not_found
Verify user exists in external application.
app-api
Since: 2016.14
APPLICATION.REGISTRATION_POLICY.LIFECYCLE.CREATE
Legacy event types: app.registration_policy.lifecycle.create
Create registration policy.
app
Since: 2017.52
APPLICATION.REGISTRATION_POLICY.LIFECYCLE.UPDATE
Legacy event types: app.registration_policy.lifecycle.update
Update registration policy.
app
Since: 2017.52
APPLICATION.USER_MEMBERSHIP.ADD
Legacy event types: app.generic.provision.assign_user_to_app
Add user to application membership.
event-hook-eligibleuser-provision
Since: 2016.02
APPLICATION.USER_MEMBERSHIP.APPROVE
Legacy event types: app.generic.provision.approve_user_for_app
User approved for application (assigned by not provisioned).
user-provision
Since: 2016.33
APPLICATION.USER_MEMBERSHIP.CHANGE_PASSWORD
Legacy event types: app.generic.config.app_password_update
Change application password for user.
appevent-hook-eligible
Since: 2016.11
APPLICATION.USER_MEMBERSHIP.CHANGE_USERNAME
Legacy event types: app.generic.config.app_username_update
Change user's application username.
app
Since: 2016.02
APPLICATION.USER_MEMBERSHIP.DEPROVISION
Legacy event types: app.generic.provision.deprovision_user_from_app
User deprovisioned from application (was previously revoked).
user-provision
Since: 2016.33
APPLICATION.USER_MEMBERSHIP.PROVISION
Legacy event types: app.generic.provision.provision_user_for_app
User provisioned to application (was previously approved).
user-provision
Since: 2016.33
APPLICATION.USER_MEMBERSHIP.REMOVE
Legacy event types: app.generic.provision.deactivate_user_from_app
Remove user's application membership.
event-hook-eligibleuser-provision
Since: 2016.02
APPLICATION.USER_MEMBERSHIP.RESTORE
Legacy event types: app.generic.reversibility.individual.app.recovery,
app.generic.reversibility.personal.app.recovery
Restore user assignment to an application.
app
Since: 2016.02
APPLICATION.USER_MEMBERSHIP.RESTORE_PASSWORD
Legacy event types: app.generic.reversibility.credentials.recovery
Restore user's password for an application.
app
Since: 2016.02
APPLICATION.USER_MEMBERSHIP.REVOKE
Legacy event types: app.generic.provision.revoke_user_from_app
User revoked from application (unassigned but not yet deprovisioned).
user-provision
Since: 2016.33
APPLICATION.USER_MEMBERSHIP.SHOW_PASSWORD
Legacy event types: app.generic.show.password
Show user's password for application.
app
Since: 2016.02
APPLICATION.USER_MEMBERSHIP.UPDATE
Legacy event types: app.generic.config.app_user_property_update
Updated user application property.
app
Since: 2016.02
CORE.CONCURRENCY.ORG.LIMIT.VIOLATION
Legacy event types: core.concurrency.org.limit.violation
Too many requests in flight.
concurrency-limit
Since: 2017.39
CORE.EL.EVALUATE
Legacy event types: core.el.evaluate_failure
Evaluate Expression Language.
okta-el
Since: 2017.20
CORE.USER_AUTH.IDP.X509.CRL_DOWNLOAD_FAILURE
Legacy event types: core.user_auth.idp.x509.crl_download_failure
Failed to download CRL from the endpoint.
x509-idp-auth
Since: 2017.52
CREDENTIAL.REGISTER
Legacy event types: credential.register
Fired when a credential is registered. This event fires when the registration of
a credential is successful or fails. This can be used to audit that a credential
has been successfully registered, and troubleshoot why a credential registration
attempt has failed.
user-factor
Since: 2019.02.3
CREDENTIAL.REVOKE
Legacy event types: credential.revoke
Fired when a credential is revoked. This event fires when the revocation of a
credential is successful or fails. This can be used to audit that a credential
has been successfully revoked, and troubleshoot why a credential revocation
attempt has failed.
user-factor
Since: 2019.02.3
DEVICE.CUSTOM_PUSH.SEND_NOTIFICATION
Fired when a Push notification sent to a device for custom app. Used to log
success and failure for the push notifications with relevant information to
allow org developers to troubleshoot push configurations for custom push
authenticator. Note that this event is fired whenever a Push is sent.
custom-push
Since: 2022.05.3
DEVICE.ENROLLMENT.CREATE
Enroll new device. This can be used by any admin to monitor when a new device is
registered successfully for Okta Verify. The user must have below the max
allowed devices and a valid device status (not suspended or deactivated).The
targets field contains key details of the enrolled device including name,
status, serialNumber, imei, meid, osVersion, osPlatform. which may be useful for
identifying the device, tracking which device platforms and OS versions that
enrolled in Okta Device Authenticator.
device-identityevent-hook-eligibleoie-onlyuser
Since: 2020.10.4
DEVICE.LIFECYCLE.ACTIVATE
Activate device. You can use the event to audit device status change. When
triggered, the device can be suspended or deactivated. Also, a user can access
protected resources from an active device if permitted by the App Sign-On
policies applied to the resources.
device-identityevent-hook-eligibleoie-onlyuser
Since: 2021.07.1
DEVICE.LIFECYCLE.DEACTIVATE
Deactivate device. You can use the event to audit device status change. When a
device is deactivated, it can not be associated with any Okta Verify factor in
the future.
device-identityevent-hook-eligibleoie-onlyuser
Since: 2021.07.1
DEVICE.LIFECYCLE.DELETE
Delete device. You can use the event to audit device status change. When
triggered, the device no longer appears in the Admin Console.
device-identityevent-hook-eligibleoie-onlyuser
Since: 2021.07.1
DEVICE.LIFECYCLE.SUSPEND
Suspend device. You can use the event to audit device status change. When
triggered, access to the device is temporarily paused for users such as
contractors or employees who take a leave of absence. Only active devices can be
suspended. If a device suspension fails, the cause may be that the device was
not active and therefore cannot be suspended.
device-identityevent-hook-eligibleoie-onlyuser
Since: 2021.07.1
DEVICE.LIFECYCLE.UNSUSPEND
Unsuspend device. You can use the event to audit device status change. When
triggered, all Okta Verify factors associated with the device are unsuspended,
and users can access protected resources from the device.
device-identityevent-hook-eligibleoie-onlyuser
Since: 2021.07.1
DEVICE.PASSWORD_SYNC.AUTHENTICATION
Fired when the OS tries to sync a local account password with an Okta password.
Can be used to audit that a credential has been successfully registered, and
troubleshoot why a credential registration attempt has failed. Note that the
event is fired even when the password sync is unsuccessful.
device-accessoie-only
Since: 2023.06.1
DEVICE.PASSWORD_SYNC.ENROLLMENT.CREATE
This event fires when Desktop Password Sync enrollment is successful or fails.
Can be used to audit which users enrolled in Desktop Password Sync or
troubleshoot why enrollment failed. Note that the event is fired even when the
enrollment is unsuccessful.
device-accessoie-only
Since: 2023.06.1
DEVICE.PLATFORM.ADD
Triggered when an admin adds a device management platform. You can use the event
to audit device management platform status change. When triggered, the device
management platform will be available to the org.
device-identityoie-onlyuser
Since: 2021.07.1
DEVICE.PLATFORM.DELETE
Triggered when an admin deletes a device management platform. You can use the
event to audit device management platform status change. When triggered, the
device management platform no longer appears in the Admin Console.
device-identityoie-onlyuser
Since: 2021.07.1
DEVICE.PLATFORM.UPDATE
Triggered when an admin updates a device management platform configuration. You
can use the event to audit device management platform configuration change. An
admin can only update some fields in the device management platform
configuration.
device-identityoie-onlyuser
Since: 2021.07.1
DEVICE.PUSH.PROVIDER.CREATE
Indicates that a new push notification service has been successfully created.
The notification service enables push notification as an authentication option
through Okta to a push provider such as the Apple Push Notification service or
the Google Firebase Cloud Messaging service. You can use this event to verify
when a notification service was created for a custom app. When triggered, a new
push notification service appears in the Admin Console.
oie-onlypush-provider
Since: 2022.04.3
DEVICE.PUSH.PROVIDER.DELETE
Indicates that a push notification service has been deleted. The notification
service enables push notification as an authentication option through Okta to a
push provider such as the Apple Push Notification service or the Google Firebase
Cloud Messaging service. You can use this event to verify when a notification
service was deleted for a custom app. When triggered, a push notification
service is removed from the Admin Console.
oie-onlypush-provider
Since: 2022.04.3
DEVICE.PUSH.PROVIDER.UPDATE
Indicates that a push notification service has been updated. The notification
service enables push notification as an authentication option through Okta to a
push provider such as the Apple Push Notification service or the Google Firebase
Cloud Messaging service. You can use this event to verify when a notification
service was updated for a custom app. When triggered, a push notification
service is updated in the Admin Console.
oie-onlypush-provider
Since: 2022.04.3
DEVICE.USER.ADD
Add device to user. You can use the event to audit device user association
activity. The event is triggered when a user adds a new account in Okta Verify.
device-identityevent-hook-eligibleoie-onlyuser
Since: 2021.07.1
DEVICE.USER.REMOVE
Remove device from user. You can use the event to audit device user association
activity. The device remains in the Universal Directory after the user is
removed.
device-identityevent-hook-eligibleoie-onlyuser
Since: 2021.07.1
DIRECTORY.APP_USER_PROFILE.BOOTSTRAP
Legacy event types: cvd.appuser_profile_bootstrapped
Bootstrap application user profile.
cvddirectory
Since: 2016.12
DIRECTORY.APP_USER_PROFILE.UPDATE
Legacy event types: cvd.appuser_profile_updated
Update application user profile.
cvddirectory
Since: 2016.12
DIRECTORY.LINKED_OBJECT.CREATE
An admin can create a linked object that is related to user profiles. This event
may be used to identify when a linked object is created, and who created the
linked object. This may be useful for admins to validate why a change in the
user profile has happened. While linked object creation does not trigger or
happen as a result of another event, it is overall related to custom property
update, creation and deletion. This event only indicates the creation of a
linked object. See directory.linked_object.delete for deletion of linked
objects.
cvddirectory
Since: 2022.11.1
DIRECTORY.LINKED_OBJECT.DELETE
An admin can delete a linked object that is related to user profiles. This event
may be used to identify when a linked object is deleted, and who deleted the
linked object. This may be useful for admins to validate why a change in the
user profile has happened. While linked object creation does not trigger or
happen as a result of another event, it is overall related to custom property
update, creation and deletion. This event only indicates the deletion of a
linked object. See directory.linked_object.create for creation of linked
objects.
cvddirectory
Since: 2022.11.1
DIRECTORY.MAPPING.UPDATE
Legacy event types: cvd.mappings_updated
Update universal directory mappings.
cvddirectory
Since: 2016.12
DIRECTORY.NON_DEFAULT_USER_PROFILE.CREATE
Legacy event types: cvd.non_default_user_profile_created
Create non-default universal directory user profile. This can be used to audit
that a new non-default universal directory user profile has been created. When
fired, this event contains the name and id of the newly created user profile.
cvddirectory
Since: 2019.04.2
DIRECTORY.USER_PROFILE.BOOTSTRAP
Legacy event types: cvd.user_profile_bootstrapped
Bootstrap universal directory user profile.
cvddirectory
Since: 2016.12
DIRECTORY.USER_PROFILE.UPDATE
Legacy event types: cvd.user_profile_updated
Update universal directory user profile directory.user_profile.update.
cvddirectory
Since: 2016.12
EVENT_HOOK.ACTIVATED
Legacy event types: platform.event_hook.activated
Triggered when an event hook has been activated. Used to notify admins that an
event hook has been activated. When triggered, this events contains information
about the activated event hook.
event-hook
Since: 2019.03.4
EVENT_HOOK.CREATED
Legacy event types: platform.event_hook.created
Triggered when an event hook has been created. Used to notify admins that an
event hook has been created. When triggered, this events contains information
about the created event hook.
event-hook
Since: 2019.03.4
EVENT_HOOK.DEACTIVATED
Legacy event types: platform.event_hook.deactivated
Triggered when an event hook has been deactivated. Used to notify admins that an
event hook has been deactivated. When triggered, this events contains
information about the deactivated event hook.
event-hook
Since: 2019.03.4
EVENT_HOOK.DELETED
Legacy event types: platform.event_hook.deleted
Triggered when an event hook has been deleted. Used to notify admins that an
event hook has been deleted. When triggered, this events contains information
about the deleted event hook.
event-hook
Since: 2019.03.4
EVENT_HOOK.DELIVERY
Legacy event types: platform.event_hook.delivered.failure,
platform.event_hook.delivered.success
Triggered when an event hook delivery fails. Used to identify when an event hook
from Okta is not successfully delivered to the configured endpoint. Note that
the event is triggered only when the delivery is unsuccessful.
event-hook
Since: 2019.04.0
EVENT_HOOK.UPDATED
Legacy event types: platform.event_hook.updated
Triggered when an event hook has been updated. Used to notify admins that an
event hook has been updated. When triggered, this events contains information
about the updated event hook.
event-hook
Since: 2019.03.4
EVENT_HOOK.VERIFIED
Legacy event types: platform.event_hook.verified.failure,
platform.event_hook.verified.success
Triggered when attempting to verify an event hook. Used to notify admins about
the outcome of event hook endpoint URL verification. Note that the event is
fired even when the verification is unsuccessful.
event-hook
Since: 2019.03.4
GROUP.APPLICATION_ASSIGNMENT.ADD
Legacy event types: group.application_assignment.add
Add assigned application to group.
event-hook-eligiblegroup
Since: 2016.06
GROUP.APPLICATION_ASSIGNMENT.REMOVE
Legacy event types: group.application_assignment.remove
Remove assigned application from group.
event-hook-eligiblegroup
Since: 2016.05
GROUP.APPLICATION_ASSIGNMENT.SKIP_ASSIGNMENT_RECONCILE
Legacy event types: group.application_assignment.skip_assignment_reconcile
No Description
group
Since: 2017.51
GROUP.APPLICATION_ASSIGNMENT.UPDATE
Legacy event types: group.application_assignment.update
Update assigned application in group.
event-hook-eligiblegroup
Since: 2016.13
GROUP.LIFECYCLE.CREATE
Legacy event types: group.lifecycle.create
Create Okta group. This can be used to make sure an Okta group is successfully
created. Event fired when an Okta group is successfully created.
event-hook-eligiblegroup
Since: 2019.11.0
GROUP.LIFECYCLE.DELETE
Legacy event types: group.lifecycle.delete
Delete Okta group. This can be used to make sure an Okta group is successfully
deleted. Event fired when an Okta group is successfully deleted.
event-hook-eligiblegroup
Since: 2019.11.0
GROUP.PRIVILEGE.GRANT
Legacy event types: core.group.admin_privilege.granted
Group's admin privilege granted. This can be used to audit the provisioning of
admin privileges for groups. When fired, this event contains information about
the type of admin privileges the group currently has, and what entity sources
the group. The group granted privileges can be an Okta sourced group, and
AD-sourced group, or an LDAP-sourced group Related events include:
GROUP_PRIVILEGE_REVOKE.
event-hook-eligiblegroup
Since: 2019.03.0
GROUP.PRIVILEGE.REVOKE
Legacy event types: core.group.admin_privilege.revoked
Group's admin privilege revoked. This can be used to audit the deprovisioning of
admin privileges from groups. When fired, this event indicates the group has no
more admin privileges. All of group's privileges were revoked. Related events
include: GROUP_PRIVILEGE_GRANT.
event-hook-eligiblegroup
Since: 2019.03.0
GROUP.PROFILE.UPDATE
Okta group profile updated. Events of this type can be used by an IT
administrator who wants to trigger an Okta Workflow to provision groups into
downstream systems. The utility of the Event type is for Provisioning use cases
to downstream systems.A classic example of this is a customer who uses Okta for
Office 365 LCM, and wants to push a distribution list from Okta to Office 365.
event-hook-eligiblegroup
Since: 2021.03.2
GROUP.USER_MEMBERSHIP.ADD
Legacy event types: core.user_group_member.user_add
Add user to group membership.
event-hook-eligiblegroup
Since: 2016.02
GROUP.USER_MEMBERSHIP.REMOVE
Legacy event types: core.user_group_member.user_remove
Remove user from group membership.
event-hook-eligiblegroup
Since: 2016.02
GROUP.USER_MEMBERSHIP.RULE.ADD_EXCLUSION
Legacy event types: core.user.added_to_rule_exclusion
Add user to group membership exclusion rule.
group
Since: 2017.51
GROUP.USER_MEMBERSHIP.RULE.DEACTIVATED
Legacy event types: cvd.group_rule_deactivated
No Description
group
Since: 2017.51
GROUP.USER_MEMBERSHIP.RULE.ERROR
Legacy event types: cvd.group.user_membership.rule.error
group membership rule is in error state.
group
Since: 2017.51
GROUP.USER_MEMBERSHIP.RULE.EVALUATION
Legacy event types: cvd.group.user_membership.rule.evaluation
No Description
group
Since: 2017.51
GROUP.USER_MEMBERSHIP.RULE.INVALIDATE
Legacy event types: cvd.group_rule_invalidated
Invalidate group membership rule.
group
Since: 2017.51
GROUP.USER_MEMBERSHIP.RULE.TRIGGER
Legacy event types: cvd.group_rule_triggered
Trigger group membership rule.
group
Since: 2017.51
IAM.RESOURCESET.BINDINGS.ADD
Admin role assignment is created. This event can be used to track and audit when
a new admin role assignment is created. When fired this event contains
information about the new user or group admin assignments for roles associated
with the resource set.
admin-roleevent-hook-eligible
Since: 2021.02.2
IAM.RESOURCESET.BINDINGS.DELETE
Admin assignment is deleted. This event can be used to track and audit when an
admin role assignment is deleted. When fired this event contains information
about the deleted user or group admin assignments for roles associated with the
resource set.
admin-roleevent-hook-eligible
Since: 2021.02.2
IAM.RESOURCESET.CREATE
Resource set is created. This event can be used to track and audit when a
resource set is created. When fired this event contains information about the
resources contained in the resource set that is created.
admin-roleevent-hook-eligible
Since: 2021.02.2
IAM.RESOURCESET.DELETE
Resource set is deleted. This event can be used to track and audit when a
resource set is deleted. When fired this event contains information about the
resources contained in the resource set that is deleted.
admin-roleevent-hook-eligible
Since: 2021.02.2
IAM.RESOURCESET.RESOURCES.ADD
Resources are added to a resource set. This event can be used to audit the
resources added to a resource set. When fired this event contains information
about the resources added to the resource set.
admin-roleevent-hook-eligible
Since: 2021.02.2
IAM.RESOURCESET.RESOURCES.DELETE
Resources are deleted from a resource set. This event can be used to audit the
resources deleted from a resource set. When fired this event contains
information about the resources deleted from the resource set.
admin-roleevent-hook-eligible
Since: 2021.02.2
IAM.ROLE.CREATE
Custom admin role is created. This event can be used to track and audit when a
custom admin role is created. When fired this event contains information about
the permissions contained in the role that is created.
admin-roleevent-hook-eligible
Since: 2021.02.2
IAM.ROLE.DELETE
Custom admin role is deleted. This event can be used to track and audit when a
custom admin role is deleted. When fired this event contains information about
the permissions contained in the role that is deleted.
admin-roleevent-hook-eligible
Since: 2021.02.2
IAM.ROLE.PERMISSION.CONDITIONS.ADD
Conditions added to a permission in Okta. Use this event to evaluate impact on
admin privileges as their scope might be impacted. This event is triggered when
a condition is added to a role-based permission in Okta. A condition on a
permission allows super admins to implement finer grained authorizations for
stricter security postures. The event can be accompanied with other events for
permissions such as iam.role.permissions.add.
admin-roleevent-hook-eligible
Since: 2022.12.0
IAM.ROLE.PERMISSION.CONDITIONS.DELETE
Conditions deleted from a permission in Okta. Use this event to evaluate impact
on admin privileges as their scope might be impacted. This event is triggered
when a condition is deleted from a role-based permission in Okta. A condition on
a permission allows super admins to implement finer grained authorizations for
stricter security postures. The event can be accompanied with other events for
permissions such as iam.role.permissions.delete.
admin-roleevent-hook-eligible
Since: 2022.12.0
IAM.ROLE.PERMISSIONS.ADD
Permissions are added to a custom admin role. This event can be used to audit
the permissions added to a custom admin role. When fired this event contains
information about the permissions added to the role.
admin-roleevent-hook-eligible
Since: 2021.02.2
IAM.ROLE.PERMISSIONS.DELETE
Permissions are deleted from a custom admin role. This event can be used to
audit the permissions deleted from a custom admin role. When fired this event
contains information about the permissions deleted from the role.
admin-roleevent-hook-eligible
Since: 2021.02.2
INLINE_HOOK.ACTIVATED
Legacy event types: platform.inline_hook.activated
Triggered when an inline hook in activated. Used to identify when an inline hook
lifecycle status was changed to activated. When triggered, this events contains
information about the activated inline hook.
inline-hook
Since: 2019.01.2
INLINE_HOOK.CREATED
Legacy event types: platform.inline_hook.created
Triggered when an inline hook has been created. Used to notify admins that an
inline hook has been created. When triggered, this events contains information
about the created inline hook.
inline-hook
Since: 2019.01.2
INLINE_HOOK.DEACTIVATED
Legacy event types: platform.inline_hook.deactivated
Triggered when an inline hook is deactivated. Used to identify when an inline
hook lifecycle status was changed to deactivated. When triggered, this events
contains information about the deactivated inline hook.
inline-hook
Since: 2019.01.2
INLINE_HOOK.DELETED
Legacy event types: platform.inline_hook.deleted
Triggered when an inline hook has been deleted. Used to notify admins that an
inline hook has been deleted. When triggered, this events contains information
about the deleted inline hook.
inline-hook
Since: 2019.01.2
INLINE_HOOK.EXECUTED
Legacy event types: platform.inline_hook.executed.failure,
platform.inline_hook.executed.success
Triggered when an inline hook has been executed. Used to notify admins about the
outcome of execution of an inline hook. Note that the event is fired when the
execution is unsuccessful.
event-hook-eligibleinline-hook
Since: 2019.01.2
INLINE_HOOK.RESPONSE.PROCESSED
Legacy event types: platform.inline_hook.response.processed.failure,
platform.inline_hook.response.processed.success
Triggered after Okta has finished processing response from an inline hook. Used
to notify admins about the outcome of processing response from an inline hook.
Note that the event is fired even when the processing is unsuccessful.
inline-hook
Since: 2019.01.2
INLINE_HOOK.UPDATED
Legacy event types: platform.inline_hook.updated
Triggered when an inline hook has been modified. Used to notify admins that an
inline hook has been updated. When triggered, this events contains information
about the updated inline hook.
inline-hook
Since: 2019.01.2
INTEGRATION.API_SERVICE.LIFECYCLE.AUTHORIZE
Authorize API service integration. This event is triggered when an admin
authorized an OAuth 2.0 service app from the Okta Integration Network (OIN) to
access the Okta org (tenant) using Okta management APIs. An API service
integration is an integration to an OAuth 2.0 service app available from the
Okta Integration Network (OIN).
appintegration
Since: 2023.02.2
INTEGRATION.API_SERVICE.LIFECYCLE.REVOKE
Revoke API service integration. This event is triggered when an admin revoked
API access from an OAuth 2.0 service app to the Okta org. An API service
integration is an integration to an OAuth 2.0 service app available from the
Okta Integration Network (OIN).
appintegration
Since: 2023.02.2
MASTER_APPLICATION.USER_MEMBERSHIP.ADD
Legacy event types: app.generic.provision.assign_user_to_app
User provisioned to app.
uncategorized
Since: 2018.06
MIM.COMMAND.GENERIC.ACKNOWLEDGED
Legacy event types: mim.command.generic.acknowledged
No Description
mim
Since: 2016.13
MIM.COMMAND.GENERIC.CANCELLED
Legacy event types: mim.command.generic.cancelled
No Description
mim
Since: 2016.13
MIM.COMMAND.GENERIC.DELEGATED
Legacy event types: mim.command.generic.delegated
No Description
mim
Since: 2016.13
MIM.COMMAND.GENERIC.ERROR
Legacy event types: mim.command.generic.error
No Description
mim
Since: 2016.13
MIM.COMMAND.GENERIC.NEW
Legacy event types: mim.command.generic.new
No Description
mim
Since: 2016.13
MIM.COMMAND.GENERIC.NOTNOW
Legacy event types: mim.command.generic.notnow
No Description
mim
Since: 2016.13
MIM.COMMAND.IOS.ACKNOWLEDGED
Legacy event types: mim.command.ios.acknowledged
No Description
mim
Since: 2016.13
MIM.COMMAND.IOS.CANCELLED
Legacy event types: mim.command.ios.cancelled
No Description
mim
Since: 2016.13
MIM.COMMAND.IOS.ERROR
Legacy event types: mim.command.ios.error
No Description
mim
Since: 2016.13
MIM.COMMAND.IOS.FORMATERROR
Legacy event types: mim.command.ios.formaterror
No Description
mim
Since: 2016.13
MIM.COMMAND.IOS.NEW
Legacy event types: mim.command.ios.new
No Description
mim
Since: 2016.13
MIM.CREATEENROLLMENT.ANDROID
Legacy event types: mim.createEnrollment.ANDROID
No Description
mim
Since: 2016.39
MIM.CREATEENROLLMENT.IOS
Legacy event types: mim.createEnrollment.IOS
No Description
mim
Since: 2016.39
MIM.CREATEENROLLMENT.OSX
Legacy event types: mim.createEnrollment.OSX
No Description
mim
Since: 2016.39
MIM.CREATEENROLLMENT.UNKNOWN
Legacy event types: mim.createEnrollment.UNKNOWN
No Description
mim
Since: 2016.39
MIM.CREATEENROLLMENT.WINDOWS
Legacy event types: mim.createEnrollment.WINDOWS
No Description
mim
Since: 2016.39
MIM.STREAMDEVICESAPPLISTCSVDOWNLOAD
Legacy event types: mim.streamDevicesAppListCSVDownload
No Description
mim
Since: 2016.39
MIM.STREAMDEVICESCSVDOWNLOAD
Legacy event types: mim.streamDevicesCSVDownload
No Description
mim
Since: 2016.39
NETWORK_ZONE.RULE.DISABLED
Legacy event types: network_zone.rule.disabled
No Description
network-zone
Since: 2016.12
OAUTH2.AS.ACTIVATED
Legacy event types: api.oauth2.as.activated
Authorization server is activated.
oauth2oauth2-as-lifecycle
Since: 2017.22
OAUTH2.AS.CREATED
Legacy event types: api.oauth2.as.created
Authorization server is created.
oauth2oauth2-as-lifecycle
Since: 2016.50
OAUTH2.AS.DEACTIVATED
Legacy event types: api.oauth2.as.deactivated
Authorization server is deactivated.
oauth2oauth2-as-lifecycle
Since: 2017.22
OAUTH2.AS.DELETED
Legacy event types: api.oauth2.as.deleted
Authorization server is deleted.
oauth2oauth2-as-lifecycle
Since: 2016.50
OAUTH2.AS.UPDATED
Legacy event types: api.oauth2.as.updated
Authorization server is updated.
oauth2oauth2-as-lifecycle
Since: 2016.50
OAUTH2.CLAIM.CREATED
Legacy event types: api.oauth2.claim.created
OAuth2 claim is created.
oauth2oauth2-claim
Since: 2016.50
OAUTH2.CLAIM.DELETED
Legacy event types: api.oauth2.claim.deleted
OAuth2 claim is deleted.
oauth2oauth2-claim
Since: 2016.50
OAUTH2.CLAIM.UPDATED
Legacy event types: api.oauth2.claim.updated
OAuth2 claim is updated.
oauth2oauth2-claim
Since: 2016.50
OAUTH2.SCOPE.CREATED
Legacy event types: api.oauth2.scope.created
OAuth2 scope is created.
oauth2oauth2-scope
Since: 2016.50
OAUTH2.SCOPE.DELETED
Legacy event types: api.oauth2.scope.deleted
OAuth2 scope is deleted.
oauth2oauth2-scope
Since: 2016.50
OAUTH2.SCOPE.UPDATED
Legacy event types: api.oauth2.scope.updated
OAuth2 scope is updated.
oauth2oauth2-scope
Since: 2016.50
OMM.APP.VPN.SETTINGS.CHANGED
Legacy event types: omm.app.VPN.settings.changed
No Description
omm
Since: 2018.01
OMM.APP.WIFI.SETTINGS.CHANGED
Legacy event types: omm.app.WIFI.settings.changed
No Description
omm
Since: 2018.01
OMM.APP.EAS.CERT_BASED.SETTINGS.CHANGED
Legacy event types: omm.app.eas.cert_based.settings.changed
No Description
omm
Since: 2018.01
OMM.APP.EAS.DISABLED
Legacy event types: omm.app.eas.disabled
No Description
omm
Since: 2018.01
OMM.APP.EAS.SETTINGS.CHANGED
Legacy event types: omm.app.eas.settings.changed
No Description
omm
Since: 2018.01
OMM.CMA.CREATED
Legacy event types: omm.cma.created
No Description
omm
Since: 2018.01
OMM.CMA.DELETED
Legacy event types: omm.cma.deleted
No Description
omm
Since: 2018.01
OMM.CMA.UPDATED
Legacy event types: omm.cma.updated
No Description
omm
Since: 2018.01
OMM.ENROLLMENT.CHANGED
Legacy event types: omm.enrollment.changed
No Description
omm
Since: 2018.01
ORG.NOT_CONFIGURED_ORIGIN.REDIRECTION.USAGE
Legacy event types: org.not_configured_origin.redirection.usage
Using untrusted origin for redirection.
adminorg
Since: 2017.44
PAM.AD_CONNECTION.CREATE
This event is triggered after an Active Directory Connection is created for
discovering servers.
pam
Since: 2022.02.0
PAM.AD_CONNECTION.DELETE
This event is triggered after an Active Directory Connection is deleted.
pam
Since: 2022.02.0
PAM.AD_CONNECTION.UPDATE
his event is triggered after an Active Directory Connection is updated.
pam
Since: 2022.02.0
PAM.AD_TASK_SETTINGS.CREATE
This event is triggered after settings that are related to discovering servers
in an Active Directory connection are created.
pam
Since: 2022.02.0
PAM.AD_TASK_SETTINGS.DELETE
This event is triggered after settings that are related to discovering servers
in an Active Directory connection are deleted.
pam
Since: 2022.02.0
PAM.AD_TASK_SETTINGS.UPDATE
This event is triggered after settings that are related to discovering servers
in an Active Directory connection are updated.
pam
Since: 2022.02.0
PAM.AD_TASK_SETTINGS.UPDATE_SCHEDULE
This event is triggered after the schedule for discovering Active Directory
servers is updated.
pam
Since: 2022.02.0
PAM.AD_USER_SYNC_TASK_SETTINGS.ACTIVATE
This event is triggered after the settings for discovering Active Directory
users in an Active Directory connection is activated. Use this event to monitor
activation of AD User Sync Task Settings objects. This event contains reference
to an AD User Sync Task Settings object.
pam
Since: 2023.06.1
PAM.AD_USER_SYNC_TASK_SETTINGS.CREATE
This event is triggered after settings that are related to discovering users in
an Active Directory connection are created. Use this event to monitor creation
of AD User Sync Task Settings objects. This event contains reference to an AD
User Sync Task Settings object.
pam
Since: 2023.06.1
PAM.AD_USER_SYNC_TASK_SETTINGS.DEACTIVATE
This event is triggered after the settings for discovering Active Directory
users in an Active Directory connection is deactivated. Use this event to
monitor deactivation of AD User Sync Task Settings objects. This event contains
reference to an AD User Sync Task Settings object.
pam
Since: 2023.06.1
PAM.AD_USER_SYNC_TASK_SETTINGS.DELETE
This event is triggered after the settings for discovering Active Directory
users in an Active Directory connection is deleted. Use this event to monitor
deletion of AD User Sync Task Settings objects. This event contains reference to
an AD User Sync Task Settings object.
pam
Since: 2023.06.1
PAM.AD_USER_SYNC_TASK_SETTINGS.UPDATE
This event is triggered after settings that are related to discovering users in
an Active Directory connection are updated. Use this event to monitor update of
AD User Sync Task Settings objects. This event contains reference to an AD User
Sync Task Settings object.
pam
Since: 2023.06.1
PAM.AD_USER_SYNC_TASK_SETTINGS.UPDATE_SCHEDULE
This event is triggered after the schedule for discovering Active Directory
users in an Active Directory connection is updated. Use this event to monitor
schedule update of AD User Sync Task Settings objects. This event contains
reference to an AD User Sync Task Settings object.
pam
Since: 2023.06.1
PAM.APIKEY.DELETE
This event is triggered after a service user's API key is deleted.
pam
Since: 2022.02.0
PAM.APIKEY.ROTATE
This event is triggered after a service user's API key is rotated.
pam
Since: 2022.02.0
PAM.AUTH_TOKEN.ISSUE
This event is triggered when an ASA client has been authenticated and is issued
an authentication token with elevated capabilities.
pam
Since: 2022.02.0
PAM.BILLING_CONTACT.CREATE
This event is triggered after a billing contact is created for an ASA team. This
event is only applicable to legacy ASA customers.
pam
Since: 2022.02.0
PAM.CLIENT.ASSIGN
This event is triggered after an ASA client is assigned to an ASA user.
pam
Since: 2022.02.0
PAM.CLIENT.ENROLL
This event is triggered after an ASA client is enrolled with ASA.
pam
Since: 2022.02.0
PAM.CLIENT.REMOVE
This event is triggered after an ASA client is removed from a team.
pam
Since: 2022.02.0
PAM.CLIENT.STATE.UPDATE
This event is triggered after the state of an ASA client is updated.
pam
Since: 2022.02.0
PAM.CLIENT_ENROLLMENT_POLICIES.CREATE
This event is triggered after an ASA client enrollment policy is created.
pam
Since: 2022.02.0
PAM.CLIENT_ENROLLMENT_POLICIES.DELETE
This event is triggered after an ASA client enrollment policy is deleted.
pam
Since: 2022.02.0
PAM.CLIENT_ENROLLMENT_POLICIES.UPDATE
This event is triggered after an ASA client enrollment policy is updated.
pam
Since: 2022.02.0
PAM.CLIENT_ENROLLMENT_POLICY_TOKEN.DELETE
This event is triggered after an ASA client enrollment token is deleted.
pam
Since: 2022.02.0
PAM.CLIENT_ENROLLMENT_POLICY_TOKEN.ROTATE
This event is triggered after an ASA client enrollment token is rotated.
pam
Since: 2022.02.0
PAM.CLOUD_ACCOUNT.CREATE
This event is triggered after a project cloud account is created for importing
servers into ASA.
pam
Since: 2022.02.0
PAM.CLOUD_ACCOUNT.DELETE
This event is triggered after a cloud account has been removed from a project.
pam
Since: 2022.02.0
PAM.CLOUD_ACCOUNT.UPDATE
This event is triggered after a cloud account, which is used for importing
servers into ASA, is updated.
pam
Since: 2022.02.0
PAM.ENTITLEMENT_SUDO.ADD_TO_PROJECT
This event is triggered after a sudo entitlement object is added to a project.
pam
Since: 2022.02.0
PAM.ENTITLEMENT_SUDO.CREATE
This event is triggered after a sudo entitlement object is created.
pam
Since: 2022.02.0
PAM.ENTITLEMENT_SUDO.REMOVE
This event is triggered after a sudo entitlement object is removed.
pam
Since: 2022.02.0
PAM.ENTITLEMENT_SUDO.REMOVE_FROM_PROJECT
This event is triggered after a sudo entitlement object is removed from a
project.
pam
Since: 2022.02.0
PAM.ENTITLEMENT_SUDO.UPDATE
This event is triggered after a sudo entitlement object is updated.
pam
Since: 2022.02.0
PAM.GATEWAY.CREATE
This event is triggered after an ASA gateway is created.
pam
Since: 2022.02.0
PAM.GATEWAY.DELETE
This event is triggered after an ASA gateway is deleted.
pam
Since: 2022.02.0
PAM.GATEWAY.SETUP_TOKEN.CREATE
This event is triggered after a gateway setup token is created.
pam
Since: 2022.02.0
PAM.GATEWAY.SETUP_TOKEN.DELETE
This event is triggered after a gateway setup token is deleted.
pam
Since: 2022.02.0
PAM.GATEWAY.SETUP_TOKEN.UPDATE
This event is triggered after a gateway setup token is updated.
pam
Since: 2022.02.0
PAM.GATEWAY.UPDATE
This event is triggered after settings are updated on an ASA gateway.
pam
Since: 2022.02.0
PAM.GATEWAY_CREDS.ISSUE
This event is triggered after the gateway issues credentials for a server.
pam
Since: 2022.02.0
PAM.GROUP.BULK_MEMBERSHIP_CHANGE
This event is triggered after the members belonging to an ASA group were updated
in bulk by a SCIM driver.
pam
Since: 2022.02.0
PAM.GROUP.CREATE
This event is triggered after an ASA group is created.
pam
Since: 2022.02.0
PAM.GROUP.DELETE
This event is triggered after an ASA group is deleted.
pam
Since: 2022.02.0
PAM.INCOMING_FEDERATION.APPROVE
This event is triggered when an ASA team admin from another team has approved a
request to federate identities identities from their team to this team. Only
applicable to legacy ASA customers.
pam
Since: 2022.02.0
PAM.INCOMING_FEDERATION.REQUEST
This event is triggered after an ASA team admin submits a request to federate
identities from a different team to their team. This event is only applicable to
legacy ASA customers.
pam
Since: 2022.02.0
PAM.MEMBER.ADD
This event is triggered after a user is added to an ASA group.
pam
Since: 2022.02.0
PAM.MEMBER.REMOVE
This event is triggered after a user is removed from an ASA group.
pam
Since: 2022.02.0
PAM.OFFLINE_DISABLED_EVENT
This event is triggered after disconnected mode is disabled for a group.
pam
Since: 2022.02.0
PAM.OFFLINE_ENABLED_EVENT
This event is triggered after disconnected mode is enabled for a group.
pam
Since: 2022.02.0
PAM.OFFLINE_GROUP.SECRETS.ROTATE
This event is triggered after disconnected mode credentials are rotated for a
group.
pam
Since: 2022.02.0
PAM.OUTGOING_FEDERATION.APPROVE
This event is triggered when an ASA team admin from this team has approved a
request to federate identities from this team to another team. Only applicable
to legacy ASA customers.
pam
Since: 2022.02.0
PAM.PASSWORD.CHANGE
This event is triggered after a user password changed. This event is only
applicable to legacy ASA customers.
pam
Since: 2022.02.0
PAM.PASSWORD.RESET
This event is triggered after a user password reset request is submitted. This
event is only applicable to legacy ASA customers.
pam
Since: 2022.02.0
PAM.PERMISSION.CHANGE
This event is triggered after group permissions are updated.
pam
Since: 2022.02.0
PAM.PREAUTHORIZATION.CREATE
This event is triggered after a preauthorization is created.
pam
Since: 2022.02.0
PAM.PREAUTHORIZATION.UPDATE
This event is triggered after a preauthorization is updated.
pam
Since: 2022.02.0
PAM.PROJECT.ADD_GROUP
This event is triggered after a group is added to a project.
pam
Since: 2022.02.0
PAM.PROJECT.CREATE
This event is triggered after a Project is created. For ASA, this event only
contains the Project name. For Okta Privileged Access, this event contains the
Project name and the associated Resource Group.
pam
Since: 2022.02.0
PAM.PROJECT.DELETE
This event is triggered after a Project is deleted. For ASA, this event only
contains the Project name. For Okta Privileged Access, this event contains the
Project name and the associated Resource Group.
pam
Since: 2022.02.0
PAM.PROJECT.REMOVE_GROUP
This event is triggered after a group is removed from a project.
pam
Since: 2022.02.0
PAM.PROJECT.UPDATE
This event is triggered after a Project is updated. Only applicable for Okta
Privileged Access. This event contains the Project name and the associated
Resource Group.
pam
Since: 2023.04.0
PAM.PROJECT_GROUP_SELECTOR.UPDATE
This event is triggered after server selectors for a group assigned to a project
are updated.
pam
Since: 2022.02.0
PAM.RESOURCE_GROUP.CREATE
This event is triggered after a Resource Group is created. Monitor this event to
be notified when new teams in your Okta org begin using Okta Privileged Access.
Only applicable for Okta Privileged Access. This event defines when a Resource
Administrator has created a new Resource Group to manage resources.
pam
Since: 2023.04.0
PAM.RESOURCE_GROUP.DELETE
This event is triggered after a Resource Group is deleted. Monitor this event to
be notified when a team in your Okta org stops managing access to a resource.
Only applicable for Okta Privileged Access. This event defines when a Resource
Administrator deleted a Resource Group.
pam
Since: 2023.04.0
PAM.RESOURCE_GROUP.UPDATE
This event is triggered after a Resource Group is updated. Monitor this event to
be notified when Resource Group settings change. Only applicable for Okta
Privileged Access. This event defines when a Resource Administrator has modified
the settings for a Resource Group.
pam
Since: 2023.04.0
PAM.SECURITY_POLICY.CREATE
This event is triggered after a Security Policy is created. Use this event to
determine when Security Administrators create new Security Policies. Only
applicable for Okta Privileged Access. This event contains the Principals
associated with the Security Policy and the number of rules in the policy.
pam
Since: 2023.04.0
PAM.SECURITY_POLICY.DELETE
This event is triggered after a Security Policy is deleted. Use this event to
indicate that a policy that was previously in place is no longer active and end
user access to resources may be changed. Only applicable for Okta Privileged
Access. This event contains the Principals associated with the Security Policy
and the number of rules in the policy.
pam
Since: 2023.04.0
PAM.SECURITY_POLICY.UPDATE
This event is triggered after a Security Policy is updated. Use this event to
determine when Security Administrators update Security Policies and to identify
important changes made to policies. Only applicable for Okta Privileged Access.
This event contains the Principals associated with the Security Policy and the
number of rules in the policy.
pam
Since: 2023.04.0
PAM.SERVER.ENROLL
This event is triggered after a server running the Okta ASA agent has enrolled
with ASA.
pam
Since: 2022.02.0
PAM.SERVER.REASSIGN
This event is triggered after a server is reassigned from one project to
another.
pam
Since: 2022.02.0
PAM.SERVER.REMOVE
This event is triggered after a server is removed from the ASA inventory.
pam
Since: 2022.02.0
PAM.SERVER.SSH_LOGIN
This event is triggered after a user performs an SSH login to a server.
pam
Since: 2022.02.0
PAM.SERVER_ACCOUNT.DISCOVERED
This event is triggered after a server account is first discovered by the Server
Agent. Only applicable for Okta Privileged Access. This event contains the name
of the discovered account and the associated server.
pam
Since: 2023.04.0
PAM.SERVER_ACCOUNT.PASSWORD_CHANGE.INITIATED
This event is triggered after a password rotation is requested for a local
server account. Use this event to verify that the password settings are being
correctly applied to your servers. This event contains the name of the local
server account being modified and the associated server.
pam
Since: 2023.04.0
PAM.SERVER_ACCOUNT.PASSWORD_CHANGE.OUT_OF_BAND
This event is triggered after a server account password is altered via a method
other than scheduled rotation. You MUST monitor this event to ensure that
unauthorized users are not attempting to reset local server account passwords in
an attempt to gain access to servers. Only applicable for Okta Privileged
Access. This event contains the modified server account and the associated
server.
pam
Since: 2023.04.0
PAM.SERVER_ACCOUNT.PASSWORD_CHANGE.UPDATE
This event is triggered after a server reports an attempt to perform a password
rotation. The outcome.result field contains either 'SUCCESS' or 'FAILURE' and
should be monitored to detect any password rotation errors. Only applicable for
Okta Privileged Access. This event contains the name of the local server
account, the associated server, and indicates if the rotation was successful.
pam
Since: 2023.04.0
PAM.SERVER_ACCOUNT.UPDATE
This event is triggered after a discovered server account is updated. Use this
event to observe how often the system updates server accounts. Only applicable
for Okta Privileged Access. This event contains the name of the updated account
and the associated server.
pam
Since: 2023.04.0
PAM.SERVER_LABELS.UPDATE
This event is triggered after server labels are updated.
pam
Since: 2022.02.0
PAM.SERVICE.CREATE
This event is triggered after a service bound to a service user is created on a
server.
pam
Since: 2022.02.0
PAM.SERVICE.REMOVE
This event is triggered after a service is removed from a server.
pam
Since: 2022.02.0
PAM.TEAM.CREATE
This event is triggered after a team is created in ASA.
pam
Since: 2022.02.0
PAM.TEAM_GROUP_ATTRIBUTE.CREATE
This event is triggered after team-level group attributes are created.
pam
Since: 2022.02.0
PAM.TEAM_GROUP_ATTRIBUTE.DELETE
This event is triggered after team-level group attributes are deleted.
pam
Since: 2022.02.0
PAM.TEAM_GROUP_ATTRIBUTE.UPDATE
This event is triggered after team-level group attributes are updated.
pam
Since: 2022.02.0
PAM.TEAM_INVITATION.CREATE
This event is triggered after an invitation to join a team is sent. This event
is only applicable to legacy ASA customers.
pam
Since: 2022.02.0
PAM.TEAM_PROJECT_GROUP_ATTRIBUTE.CREATE
This event is triggered after project-level group attribute overrides are
created.
pam
Since: 2022.02.0
PAM.TEAM_PROJECT_GROUP_ATTRIBUTE.DELETE
This event is triggered after project-level group attribute overrides are
deleted.
pam
Since: 2022.02.0
PAM.TEAM_PROJECT_GROUP_ATTRIBUTE.UPDATE
This event is triggered after project-level group attribute overrides are
updated.
pam
Since: 2022.02.0
PAM.TEAM_PROJECT_USER_ATTRIBUTE.CREATE
This event is triggered after project-level user attribute overrides are
created.
pam
Since: 2022.02.0
PAM.TEAM_PROJECT_USER_ATTRIBUTE.DELETE
This event is triggered after project-level user attribute overrides are
deleted.
pam
Since: 2022.02.0
PAM.TEAM_PROJECT_USER_ATTRIBUTE.UPDATE
This event is triggered after project-level user attribute overrides are
updated.
pam
Since: 2022.02.0
PAM.TEAM_SETTINGS.UPDATE
This event is triggered after team settings are updated.
pam
Since: 2022.02.0
PAM.TEAM_USER_ATTRIBUTE.CREATE
This event is triggered after team-level user attributes are created.
pam
Since: 2022.02.0
PAM.TEAM_USER_ATTRIBUTE.DELETE
This event is triggered after team-level user attributes are deleted.
pam
Since: 2022.02.0
PAM.TEAM_USER_ATTRIBUTE.UPDATE
This event is triggered after team-level user attributes are updated.
pam
Since: 2022.02.0
PAM.UNBOUND_CLIENT.ENROLL
This event is triggered after an ASA client is enrolled by using the 'sft fleet
enroll' command.
pam
Since: 2022.02.0
PAM.UNMANAGED_SERVER.CREATE
This event is triggered after a server is created in ASA directly through the
API and not by an ASA agent installation.
pam
Since: 2022.02.0
PAM.USER.CREATE
This event is triggered after a user is created in ASA.
pam
Since: 2022.02.0
PAM.USER.REMOVE
This event is triggered after a user is removed from ASA.
pam
Since: 2022.02.0
PAM.USER.UPDATE
This event is triggered after a user is updated in ASA.
pam
Since: 2022.02.0
PAM.USER_CREDS.ISSUE
This event is triggered after ASA credentials are issued to access servers.
pam
Since: 2022.02.0
PKI.CA.ADD
Triggered when an admin uploads a 3rd party certificate chain. You can use the
event to audit the 3rd party certificate authority status change. When
triggered, the 3rd party certificate authority will appear in the Admin Console.
device-identityoie-onlyuser
Since: 2021.07.1
PKI.CA.DELETE
Triggered when an admin deletes a 3rd party certificate chain. You can use the
event to audit the 3rd party certificate authority status change. When
triggered, the 3rd party certificate authority is no longer available to the
org.
device-identityoie-onlyuser
Since: 2021.07.1
PKI.CERT.BIND
Triggered when a certificate is bound to a device. You can use the event to
audit certificate device binding relationship. When triggered, the device
appears in the Admin Console as managed device.
device-identityoie-onlyuser
Since: 2021.09.1
PKI.CERT.CRL_DOWNLOAD_FAILURE
A failure outcome indicates that there was an issue downloading the Certificate
Revocation List (CRL) from the URL specified in the certificate and may require
action to address it. When an administrator observes a
pki.cert.lifecycle.crl_download_failure event with a failure outcome they should
ensure that the CRL endpoint is up and running properly and has not been changed
by the issuing Certificate Authority (CA). When fired, this event will include
the URL of the CRL that is having an issue along with a corresponding HTTP error
code.
device-identityoie-only
Since: 2023.07.2
PKI.CERT.ISSUE
Legacy event types: core.user_auth.pki.cert.issue
Device Trust certificate issuance.
device-trust-cert-distribution-and-binding
Since: 2017.45
PKI.CERT.LIFECYCLE.ACTIVATE
Triggered when a certificate marked as hold is removed from the CRL. You can use
the event to audit certificate lifecycle change. When an admin
activates/unsuspends a device, the certificate associated with the device is
activated when used in Okta Verify flow next time.
device-identityoie-onlyuser
Since: 2021.09.1
PKI.CERT.LIFECYCLE.DELETE
Triggered when a certificate is deleted as a result of an admin deleting the
binding device. You can use the event to audit certificate lifecycle change.
When triggered, the certificate no longer appears in the Admin Console.
device-identityoie-onlyuser
Since: 2021.09.1
PKI.CERT.LIFECYCLE.HOLD
Triggered when a certificate is temporarily on hold and appears on CRL. You can
use the event to audit certificate lifecycle change. A certificate on hold can
be activated after it is removed from CRL.
device-identityoie-onlyuser
Since: 2021.09.1
PKI.CERT.LIFECYCLE.REVOKE
Triggered when a certificate is revoked and appears on CRL. You can use the
event to audit certificate lifecycle change. Once revoked, a certificates can
not be activated.
device-identityoie-onlyuser
Since: 2021.09.1
PKI.CERT.LIFECYCLE.SUSPEND
Triggered when a certificate is suspended as a result of an admin deactivating
the binding device. You can use the event to audit certificate lifecycle change.
When triggered, the certificate can not be used to send the management hint.
device-identityoie-onlyuser
Since: 2021.09.1
PKI.CERT.RENEW
Legacy event types: core.user_auth.pki.cert.renew
Device Trust certificate renewal.
device-trust-cert-distribution-and-binding
Since: 2017.45
PKI.CERT.REVOKE
Legacy event types: core.user_auth.pki.cert.revoke
Device Trust certificate revocation.
device-trust-cert-distribution-and-binding
Since: 2017.45
PLUGIN.DOWNLOADED
Legacy event types: plugin.downloaded
Plugin downloaded.
plugin
Since: 2016.48
PLUGIN.SCRIPT_STATUS
Legacy event types: plugin.script_status
Status information from script execution.
plugin
Since: 2016.48
POLICY.CONTINUOUS_ACCESS_EVALUATE.FAIL
Continuous Access Evaluation has occurred and has resulted in a FAIL action. Can
be used to identify which user, apps, and session were involved in a CAE failure
event. Event fired when CAE evaluation results in failure.
event-hook-eligiblepolicysecuritysession
Since: 2023.03.0
POLICY.EVALUATE_SIGN_ON
No Description
policy
Since: 2017.11
POLICY.EXECUTE.USER.START
Legacy event types: policy.execute.user.start
Start execution of policy for user.
policy
Since: 2018.15
POLICY.LIFECYCLE.ACTIVATE
Legacy event types: policy.activated
Activate policy.
event-hook-eligiblepolicy
Since: 2016.14
POLICY.LIFECYCLE.CREATE
Legacy event types: policy.created
Create policy.
policy
Since: 2016.14
POLICY.LIFECYCLE.DEACTIVATE
Legacy event types: policy.deactivated
Deactivate policy.
event-hook-eligiblepolicy
Since: 2016.14
POLICY.LIFECYCLE.DELETE
Legacy event types: policy.deleted
Delete policy.
policy
Since: 2016.14
POLICY.LIFECYCLE.OVERWRITE
Legacy event types: policy.overwritten
Overwrite policy.
policy
Since: 2017.45
POLICY.LIFECYCLE.UPDATE
Legacy event types: policy.updated
Update policy.
event-hook-eligiblepolicy
Since: 2016.14
POLICY.MAPPING.CREATE
Create policy mapping. This event is used to audit when a policy is mapped to a
resource. This event is fired when a policy is mapped to a resource. The
isPreviousPolicy attribute within the Policy Targets' Details denotes whether or
not it was the previous or new policy being mapped.
policy
Since: 2021.12.0
POLICY.RULE.ACTION.EXECUTE
Legacy event types: policy.rule.action.execute
Scheduled execution of policy rule action.
policy
Since: 2018.15
POLICY.RULE.ACTIVATE
Legacy event types: policy.rule.activated
Activate policy rule.
event-hook-eligiblepolicy
Since: 2016.14
POLICY.RULE.ADD
Legacy event types: policy.rule.added
Add policy rule.
event-hook-eligiblepolicy
Since: 2016.14
POLICY.RULE.DEACTIVATE
Legacy event types: policy.rule.deactivated
Deactivate policy rule.
event-hook-eligiblepolicy
Since: 2016.14
POLICY.RULE.DELETE
Legacy event types: policy.rule.deleted
Delete policy rule.
event-hook-eligiblepolicy
Since: 2016.14
POLICY.RULE.INVALIDATE
Legacy event types: policy.rule.invalidated
Invalidate policy rule.
policy
Since: 2016.14
POLICY.RULE.UPDATE
Legacy event types: policy.rule.updated
Update policy rule.
event-hook-eligiblepolicy
Since: 2016.14
POLICY.SCHEDULED.EXECUTE
Legacy event types: policy.scheduled.execute
Scheduled execution of policy.
policy
Since: 2018.15
SCHEDULED_ACTION.USER_SUSPENSION.CANCELED
Legacy event types: cvd.scheduled_action.user_suspension.canceled
Canceled scheduled user suspension.
uncategorized
Since: 2017.32
SCHEDULED_ACTION.USER_SUSPENSION.COMPLETED
Legacy event types: cvd.scheduled_action.user_suspension.completed
Completed scheduled user suspension.
uncategorized
Since: 2017.32
SCHEDULED_ACTION.USER_SUSPENSION.SCHEDULED
Legacy event types: cvd.scheduled_action.user_suspension.scheduled
Scheduled user suspension.
uncategorized
Since: 2017.32
SCHEDULED_ACTION.USER_SUSPENSION.UPDATED
Legacy event types: cvd.scheduled_action.user_suspension.updated
Updated scheduled user suspension.
uncategorized
Since: 2017.32
SECURITY.AUTHENTICATOR.LIFECYCLE.ACTIVATE
Fired when an admin activates an authenticator for the org. This event can be
used to identify who activated an authenticator and which authenticator was
activated. When fired, this event contains information about the authenticator
type that was activated and the actor who activated the authenticator.
Authenticator activation occurs when an authenticator is added. Related events
include security.authenticator.lifecycle.deactivate.
authenticatorevent-hook-eligibleoie-only
Since: 2020.06.3
SECURITY.AUTHENTICATOR.LIFECYCLE.CREATE
Fired when an admin creates an authenticator for the org. This event can be used
to identify who created an authenticator and which authenticator was created.
The actor specifies the user that created the authenticator and the target
specifies the authenticator name and the id. This event could also contain some
authenticator specific information. Authenticator creation occurs when an
authenticator is added. Related events include
security.authenticator.lifecycle.update.
authenticatorevent-hook-eligibleoie-only
Since: 2022.06.0
SECURITY.AUTHENTICATOR.LIFECYCLE.DEACTIVATE
Fired when an admin deactivates an authenticator for the org. This event can be
used to identify who deactivated an authenticator and which authenticator was
deactivated. When fired, this event contains information about the authenticator
type that was deactivated and the actor who deactivated the authenticator.
Authenticator deactivation occurs when an authenticator is removed. Related
events include security.authenticator.lifecycle.activate.
authenticatorevent-hook-eligibleoie-only
Since: 2020.06.3
SECURITY.AUTHENTICATOR.LIFECYCLE.UPDATE
Fired when an admin updates an authenticator in the org. This event can be used
to identify who updated an authenticator and which authenticator was updated.
The actor specifies the user that updated the authenticator and the target
specifies the authenticator name and the id. This event could also contain some
authenticator specific information. Authenticator update occurs when an
authenticator is edited. Related events include
security.authenticator.lifecycle.create.
authenticatorevent-hook-eligibleoie-only
Since: 2022.06.0
SECURITY.DEVICE.ADD_REQUEST_BLACKLIST_POLICY
Legacy event types: security.device.add_request_blacklist_policy
Added request blacklist to request blacklist policies.
devicesecurity
Since: 2018.08
SECURITY.DEVICE.REMOVE_REQUEST_BLACKLIST_POLICY
Legacy event types: security.device.remove_request_blacklist_policy
Removed request blacklist from request blacklist policies.
devicesecurity
Since: 2018.08
SECURITY.DEVICE.TEMPORARILY_DISABLE_BLACKLISTING
Legacy event types: security.device.temporarily_disable_blacklisting
Temporarily disabling blacklisting.
devicesecurity
Since: 2018.05
SECURITY.REQUEST.BLOCKED
Legacy event types: security.zone.request.blocked
Security request blocked.
security
Since: 2018.32
SECURITY.SESSION.DETECT_CLIENT_ROAMING
Legacy event types: security.session.detect_client_roaming
Roaming session detected for user.
securitysession
Since: 2017.28
SECURITY.THREAT.CONFIGURATION.UPDATE
Legacy event types: security.threat.configuration.update
Fired when a ThreatInsight configuration has been updated. This can be used to
identify when an existing ThreatInsight configuration has been updated. An
update can be updating the action or the excluded zones. When fired, this event
contains information about who made the update to the configuration.
threat-insight-configuration
Since: 2019.07.0
SECURITY.THREAT.DETECTED
Legacy event types: security.threat.detected
Request from an IP identified as malicious by Okta ThreatInsight. This can be
used to monitor and act on credential based attacks (such as Brute Force,
Password Spray) on your organization. The reasons why the request was classified
as malicious can be found in the outcome.reason field. The outcome.result field
will be 'ALLOW', 'DENY' or 'RATE_LIMIT' based on whether Okta Threat Insight is
configured in log mode or log and enforce mode, where 'ALLOW' means the request
continued, 'DENY' means the request was blocked and 'RATE_LIMIT' means we
protected your org from exceeding your rate limit by not allowing suspicious
activity to count towards your rate limit.
securitythreat-insight
Since: 2019.02.2
SECURITY.VOICE.ADD_COUNTRY_BLACKLIST
Legacy event types: security.voice.add_country_blacklist
Fired when a country has been added to the voice call blacklist. This can be
used to identify when a country has been blacklisted for voice call. When fired,
this event contains information about the country that was added to the
blacklist.Related events include security.voice.remove_country_blacklist.
securityvoice
Since: 2019.03.3
SECURITY.VOICE.REMOVE_COUNTRY_BLACKLIST
Legacy event types: security.voice.remove_country_blacklist
Fired when a country has been removed from the voice call blacklist. This can be
used to identify when a country has been removed from voice call blacklist. When
fired, this event contains information about the country that was removed from
the blacklist.Related events include security.voice.add_country_blacklist.
securityvoice
Since: 2019.03.3
SECURITY.ZONE.MAKE_BLACKLIST
Legacy event types: security.zone.make_blacklist
Added IPs to blacklist zone.
network-zonesecurity
Since: 2017.06
SECURITY.ZONE.REMOVE_BLACKLIST
Legacy event types: security.zone.remove_blacklist
Removed IPs from blacklist zone.
network-zonesecurity
Since: 2017.06
SELF_SERVICE.DISABLED
Legacy event types: app.self_service.disabled
Self-service disabled for app.
self-service
Since: 2017.48
SELF_SERVICE.ENABLED
Legacy event types: app.self_service.enabled
Self-service enabled for app.
self-service
Since: 2017.48
SUPPORT.ORG.UPDATE
Okta has updated the configuration or data within the Org. This can be used to
identify modifications to an Org which are the result of an action by an Okta
staff member. Such actions are typically taken in response to a customer
request, such as request to enable an Early Access feature. In some cases, these
actions may be the result of a review initiated by Okta, such as a review in
response to a production service alert. See the supportAction object within the
debugContext.debugData objection for more information about the type of update.
support-audit
Since: 2022.06.2
SUPPORT.ORG.VIEW
Okta has viewed a page which contains customer data. This can be used to
identify an action taken by an Okta staff member in the support tool which
resulted in a view of customer data. Such actions are typically taken in
response to a customer request, such as in the process of investigating an issue
raised through a support case. In some cases, these actions may be the result of
a review initiated by Okta, such as a review in response to a production service
alert. See the supportAction object within the debugContext.debugData objection
for more information about the type of update.
support-audit
Since: 2022.06.2
SYSTEM.AGENT.AD.CONNECT
Legacy event types: app.ad.agent.disconnected, app.ad.agent.reconnected
Connect AD agent to Okta.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.CREATE
Legacy event types: app.ad.config.agent.agent_created
Create AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.DEACTIVATE
Legacy event types: app.ad.config.agent.agent_deactivated
Deactivate AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.DELETE
Legacy event types: app.ad.config.agent.agent_deleted
Delete AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.IMPORT_OU
Legacy event types:
app.ad.api.user_import.warn.skipped_ou.missing_required_attribute
Perform import OU by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.IMPORT_USER
Legacy event types: app.ad.api.user_import.warn.skipped_user.attribute_too_long,
app.ad.api.user_import.warn.skipped_user.internal_object,
app.ad.api.user_import.warn.skipped_user.internal_object.unknown_user,
app.ad.api.user_import.warn.skipped_user.invalid_user_account_control,
app.ad.api.user_import.warn.skipped_user.invalid_user_account_control.unknown_user,
app.ad.api.user_import.warn.skipped_user.invalid_user_account_control_computed,
app.ad.api.user_import.warn.skipped_user.invalid_user_account_control_computed.unknown_user,
app.ad.api.user_import.warn.skipped_user.missing_required_attribute,
app.ad.api.user_import.warn.skipped_user.missing_required_attribute.unknown_user
Perform import user by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.INVOKE_DIR
Legacy event types: app.ad.agent.dir-invoke, app.ad.agent.dir-invoke.error
Perform directory invoke command by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.REACTIVATE
Legacy event types: app.ad.config.agent.agent_reactivate_failed_missing_token,
app.ad.config.agent.agent_reactivated
Reactivate AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.READ_CONFIG
Legacy event types: app.ad.agent.read-config, app.ad.agent.read-config.error
Perform config read by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.READ_DIRSYNC
Legacy event types: app.ad.agent.read-dirsync, app.ad.agent.read-dirsync.error
Perform dirsync read by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.READ_LDAP
Legacy event types: app.ad.agent.read-ldap, app.ad.agent.read-ldap.error
Perform LDAP read by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.READ_SCHEMA
Legacy event types: app.ad.agent.read-schema, app.ad.agent.read-schema.error
Perform schema read by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.READ_TOPOLOGY
Legacy event types: app.ad.agent.read-forest-topology,
app.ad.agent.read-forest-topology.error
Directory agent performed topology import operation.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.REALTIMESYNC
Legacy event types: app.ad.agent.real-time-sync,
app.ad.agent.real-time-sync.error
Perform RealTimeSync by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.RESET_USER_PASSWORD
Legacy event types: app.ad.password.reset.failure,
app.ad.password.reset.success, app.ad.password.reset.unlock-failed
Perform user password reset by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.START
Legacy event types: app.ad.agent.start
Start AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.UNLOCK_USER_ACCOUNT
Legacy event types: app.ad.user.account.unlock.failure,
app.ad.user.account.unlock.success
Perform unlock user account by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.UPDATE
Legacy event types: app.ad.agent.config, app.ad.agent.config.error,
app.ad.agent.modify-config, app.ad.agent.modify-config.error
Update AD agent configuration.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.UPDATE_USER
Legacy event types: app.ad.agent.user-auth-and-update,
app.ad.agent.user-auth-and-update.error
User Auth and Update.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.UPGRADE
Legacy event types: app.ad.agent.upgrade, app.ad.agent.upgrade.error
Upgrade AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.UPLOAD_IWA_LOG
Legacy event types: iwa.agent.fetch-logs, iwa.agent.fetch-logs.error
Fired when an AD agent has fetched and uploaded IWA agent log file. This event
fires when the log file upload is successful or fails. This can be used to audit
that logs files are being fetched successfully, have been uploaded successfully,
and troubleshoot why an IWA log upload has failed. When fired, this event
indicates whether a log file upload has been successful or failed. This event
also indicates whether the event was initiated by the Okta system or a user.
Related events: none, all debugging context is included in this event.
ad-agent
Since: 2019.02.1
SYSTEM.AGENT.AD.UPLOAD_LOG
Legacy event types: app.ad.agent.fetch-logs, app.ad.agent.fetch-logs.error
Upload AD agent log.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AD.WRITE_LDAP
Legacy event types: app.ad.agent.write-ldap, app.ad.agent.write-ldap.error
Perform LDAP write by AD agent.
ad-agent
Since: 2016.20
SYSTEM.AGENT.AUTO_UPDATE
Fired when an individual agent auto-update succeeds or fails. Confirms a
successful agent auto-update, or provides troubleshooting information when the
agent auto-update is unsuccessful. Indicates when an agent auto-update is
successful or unsuccessful.
ad-agentagent-pool
Since: 2021.10.0
SYSTEM.AGENT.CONNECTOR.CONNECT
Legacy event types: agents.connector_agent.agent_disconnected,
agents.connector_agent.agent_reconnected
Connect connector agent to Okta.
connector-agent
Since: 2016.20
SYSTEM.AGENT.CONNECTOR.DEACTIVATE
Legacy event types: agents.connector_agent.agent_deactivated
Deactivate connector agent.
connector-agent
Since: 2016.20
SYSTEM.AGENT.CONNECTOR.DELETE
Legacy event types: agents.connector_agent.agent_deleted
Delete connector agent.
connector-agent
Since: 2016.20
SYSTEM.AGENT.CONNECTOR.REACTIVATE
Legacy event types:
agents.connector_agent.agent_reactivate_failed_missing_token,
agents.connector_agent.agent_reactivated
Reactivate connector agent.
connector-agent
Since: 2016.20
SYSTEM.AGENT.LDAP.CHANGE_USER_PASSWORD
Legacy event types: app.ldap.agent.password_change,
app.ldap.agent.password_change.timeout
Perform change user password by LDAP agent.
ldap-app
Since: 2016.20
SYSTEM.AGENT.LDAP.CREATE_USER_JIT
Legacy event types: app.ldap.jit.ambiguous
Perform create user JIT by LDAP agent.
ldap-app
Since: 2016.20
SYSTEM.AGENT.LDAP.DISCONNECT
Legacy event types: app.ldap.agent.disconnected
Disconnect LDAP agent from Okta.
ldap-app
Since: 2016.20
SYSTEM.AGENT.LDAP.REALTIMESYNC
Fired when LDAP Delegated Authentication is used to sign in and a user profile
is updated using RealTimeSync action. Can be used by admins to identify user
profile changes resulting from corresponding changes in the LDAP directory. The
previous name for this event was system.agent.ad.realtimesync.
ldap-app
Since: 2022.02.0
SYSTEM.AGENT.LDAP.RECONNECT
Legacy event types: app.ldap.agent.reconnected
Reconnect LDAP agent to Okta.
ldap-app
Since: 2016.20
SYSTEM.AGENT.LDAP.RESET_USER_PASSWORD
Legacy event types: app.ldap.agent.password_reset,
app.ldap.agent.password_reset.error, app.ldap.agent.password_reset.timeout,
app.ldap.password.reset.constraint.error, app.ldap.password.reset.failed,
app.ldap.password.reset.invalid.old.password, app.ldap.password.reset.succeeded,
app.ldap.password.reset.systemic.error, app.ldap.password_reset.attribs_not_set,
app.ldap.password_reset.new_confirm_password_empty,
app.ldap.password_reset.new_password_empty,
app.ldap.password_reset.old_new_passwords_equal,
app.ldap.password_reset.old_password_empty,
app.ldap.password_reset.passwords_do_not_match,
app.ldap.password_reset.restriction.error
LDAP agent performed a password reset.
ldap-app
Since: 2016.20
SYSTEM.AGENT.LDAP.UNLOCK_USER_ACCOUNT
Legacy event types: app.ldap.unlock.account.failed,
app.ldap.unlock.account.succeeded
LDAP agent performed account unlock for User.
ldap-app
Since: 2016.45
SYSTEM.AGENT.LDAP.UPDATE_USER
Fired when LDAP Delegated Authentication is used to sign in and a user profile
is updated. Can be used by admins to identify user profile changes resulting
from corresponding changes in the LDAP directory. The previous name for this
event was system.agent.ad.update_user.
ldap-app
Since: 2021.10.0
SYSTEM.AGENT.LDAP.UPDATE_USER_PASSWORD
Legacy event types: app.ldap.agent.password_update,
app.ldap.agent.password_update.error
Perform update user password by LDAP agent.
ldap-app
Since: 2016.20
SYSTEM.AGENT_POOLS.AUTO_UPDATE
Fired when the status of an agent pool auto-update is changed. Confirms an agent
pool auto-update status change and provides troubleshooting information.
Indicates when the status of an agent pool auto-update is changed.
ad-agentagent-pool
Since: 2021.10.0
SYSTEM.API_TOKEN.CREATE
Legacy event types: api.token.create
Create API token.
event-hook-eligibletoken
Since: 2016.12
SYSTEM.API_TOKEN.ENABLE
Legacy event types: api.token.enable
Enable API token.
token
Since: 2016.12
SYSTEM.API_TOKEN.REVOKE
Legacy event types: api.token.revoke
Revoke API token.
event-hook-eligibletoken
Since: 2016.12
SYSTEM.API_TOKEN.UPDATE
An API token has been updated. This event can be used to identify a change to an
existing API token, such as a change to the applicable rate limits for the
token. Details of the change can be found in the debugData. This event does not
change whether the token is valid for use, for actions that impact validity see
system.api_token.enable and system.api_token.revoke.
token
Since: 2022.07.0
SYSTEM.BETA.FEATURE.ENABLE
Legacy event types: core.beta.feature.enable
Fired when an admin has enabled a BETA feature. This can be used to understand
the status of the BETA Feature and identify who has enabled it for an org. When
fired, this event contains information about the enabled BETA Feature, as well
as the admin who enabled it.
adminself-service-feature-managementsystem
Since: 2019.07.1
SYSTEM.BILLING.SMS_USAGE_SENT
Legacy event types: core.billing.sms_usage_sent
Indicates that a report for SMS usage was sent to the billing system.
adminbilling
Since: 2018.36
SYSTEM.BRAND.CREATE
This event is fired when the brand resource is created. Developer and org admins
can use this event to identify when the brand resource was created. The event
contains information about the created brand.
admin
Since: 2023.01.0
SYSTEM.BRAND.DELETE
This event is fired when a brand resource is deleted. Developer and org admins
can use this event to identify when a brand resource was deleted. The event
contains information about a deleted brand.
admin
Since: 2023.01.0
SYSTEM.BRAND.UPDATE
This event is fired when the brand resource is updated. Developer and org admins
can use this event to identify when the brand resource was updated. The event
contains information regarding specific updates made to brand like
"customPrivacyPolicyUrl".
admin
Since: 2021.08.0
SYSTEM.CAPTCHA.CREATE
A captcha instance is created for Sign-in Widget. Indicates when a captcha
instance was created. This event is fired when org admin creates a captcha
instance.
captchasystem
Since: 2021.05.1
SYSTEM.CAPTCHA.DELETE
A captcha instance is deleted. Indicates when a captcha instance was deleted.
This event is fired when org admin deletes a captcha instance.
captchasystem
Since: 2021.05.1
SYSTEM.CAPTCHA.UPDATE
A captcha instance is updated. Indicates when a captcha instance was updated.
This event is fired when org admin updates a captcha instance.
captchasystem
Since: 2021.05.1
SYSTEM.CLIENT.CONCURRENCY_RATE_LIMIT.NOTIFICATION
Notify when too many requests in flight for client. This can be used to notify
whenever there are too many concurrent requests from a client without enforcing
any violation. When fired, this event contains information about the request
such as client, device and ip details.
system
Since: 2020.09.4
SYSTEM.CLIENT.CONCURRENCY_RATE_LIMIT.VIOLATION
Too many requests in flight for client. This can be used to track if there are
too many concurrent requests from a client. When fired, this event contains
information about the request such as client, device and ip details.
system
Since: 2020.06.1
SYSTEM.CLIENT.RATE_LIMIT.NOTIFICATION
Notify when client rate limits are exceeded. This can be used to notify whenever
a client is exceeding its rate limit without enforcing any violation. When
fired, this event contains information about the request such as client, device
and ip details.
system
Since: 2020.09.4
SYSTEM.CLIENT.RATE_LIMIT.VIOLATION
Client rate limit violation. This can be used to track if a client is exceeding
its rate limit. When fired, this event contains information about the request
such as client, device and ip details.
system
Since: 2020.06.1
SYSTEM.CSV.IMPORT_USER
Legacy event types: app.csv.import_user.skipped_user,
app.csv.import_user.skipped_user.unknown_user
Import of user from CSV is skipped. Informs when import of a user from CSV has
been skipped due to reasons such as missing required attributes or unknown
unique identifier. This event is logged when import of a user is skipped during
CSV directory import workflow for on-premises systems using Okta provisioning
agent.
system
Since: 2018.28
SYSTEM.CUSTOM_ERROR.DELETE
Custom error page is deleted. Can be used to identify when an admin has deleted
the custom error page. Event fired when the custom error page is deleted.
admin
Since: 2023.01.0
SYSTEM.CUSTOM_ERROR.UPDATE
Custom error page is updated. Can be used to identify when an admin has
customized the error page. Event fired when the error page is successfully
updated.
admin
Since: 2020.12.0
SYSTEM.CUSTOM_SIGNIN.DELETE
Custom sign-in page is deleted. Can be used to identify when an admin has
deleted the custom sign-in page. Event fired when custom sign-in page is
deleted.
admin
Since: 2023.01.0
SYSTEM.CUSTOM_SIGNIN.UPDATE
Custom sign-in page is updated. Can be used to identify when an admin has
customized the sign-in page. Event fired when custom sign-in page is updated.
admin
Since: 2020.12.0
SYSTEM.CUSTOM_SIGNOUT.UPDATE
Custom sign-out page is updated. Admin has updated the custom sign-out page.
Event fired when custom sign-out page is updated.
admin
Since: 2023.01.0
SYSTEM.CUSTOM_URL_DOMAIN.CERT_RENEW
Okta managed certificates for custom domain are renewed. Can be used to identify
when okta managed certificate renewal batch job has renewed certificates for
custom domain. When fired, the event contains information about the domain name
and certificate source type.
system
Since: 2021.11.0
SYSTEM.CUSTOM_URL_DOMAIN.CERT_UPLOAD
Custom domain certificates are uploaded by an admin or generated by Okta. Can be
used to identify when custom domain certificates are uploaded by an admin or
generated by Okta. When fired, the event contains information about the domain
name and certificate source type.
adminsystem
Since: 2020.12.0
SYSTEM.CUSTOM_URL_DOMAIN.DELETE
Custom domain is deleted. Can be used to identify when an admin has deleted
their custom domain. When fired, the event contains information about the domain
name that was deleted.
admin
Since: 2021.11.0
SYSTEM.CUSTOM_URL_DOMAIN.INITIATE
Custom domain setup is initiated. Admin has initiated custom domain setup by
inputting their custom domain for DNS verification. When fired, the event
contains information about the domain name, certificate source type and domain
validation status.
admin
Since: 2020.12.0
SYSTEM.CUSTOM_URL_DOMAIN.UPDATE
Custom domain brand association is updated. Admin has updated the custom domain
association with the brand. When fired, the event contains the domain name,
certificate source type, domain validation status and information about the
brand it is associated with.
admin
Since: 2023.01.0
SYSTEM.CUSTOM_URL_DOMAIN.VERIFY
Custom domain name ownership successfully verified by Okta. Identifies when an
admin has successfully verified the ownership of the domain name. When fired,
the event contains information about the domain name, certificate source type
and domain validation status.
admin
Since: 2020.12.0
SYSTEM.DIRECTORY.DEBUGGER.EXTEND
Legacy event types: platform.directory.debugger.extend
Extend Directory Debugger access for Okta support. This can be used to audit the
Directory Debugger access extension. When fired, this event contains information
about Directory Debugger access extension.
agent
Since: 2019.09.0
SYSTEM.DIRECTORY.DEBUGGER.GRANT
Legacy event types: platform.directory.debugger.grant
Grant Directory Debugger access for Okta support. This can be used to audit the
Directory Debugger access grants to Okta support. When fired, this event
contains information about Directory Debugger access grant.
agent
Since: 2019.09.0
SYSTEM.DIRECTORY.DEBUGGER.QUERY_EXECUTED
Legacy event types: platform.directory.debugger.query.executed
A read-only query executed against AD/LDAP instance by Okta support using the
Directory Debugger tool. This can be used to audit the queries executed by Okta
support using Directory Debugger. When fired, this event contains information
about Directory Debugger query.
agent
Since: 2019.09.0
SYSTEM.DIRECTORY.DEBUGGER.REVOKE
Legacy event types: platform.directory.debugger.revoke
Revoke Directory Debugger access for Okta support. This can be used to audit the
Directory Debugger access revoke. When fired, this event contains information
about Directory Debugger access revoke.
agent
Since: 2019.09.0
SYSTEM.EMAIL.ACCOUNT_UNLOCK.SENT_MESSAGE
Legacy event types: core.user.email.message_sent.self_service.account_unlock
Send self-service account unlock email.
email
Since: 2016.13
SYSTEM.EMAIL.CHALLENGE_FACTOR_REDEEMED
Legacy event types: system.email.challenge_factor_redeemed
This event indicates that a user completed an email factor challenge. This can
be used to identify when a credential sent in an email to a user has been
redeemed (the link was clicked or the code was entered). When fired, this event
contains information about the result. Success if successful or error reasons
should be present for failure cases (e.g. incorrect code, timeout, expired,
etc.). The event also contains a debugData with the action (the link was clicked
or the code was entered).
email
Since: 2019.07.0
SYSTEM.EMAIL.DELIVERY
An email's delivery status was updated. Used to notify admins of a bounced or
dropped email. For certain bounce events, the context information may be lost by
the email provider(s) due to email server communication delays. Such delayed
bounce events will not appear in syslog. As of the 2022.08.0 release, this is
also used to identify other email events e.g. delivered, deferred. See the event
debugData for help identifying a remediation, such as updating an incorrect
email address.
emailevent-hook-eligible
Since: 2022.05.0
SYSTEM.EMAIL.MFA_ENROLL_NOTIFICATION.SENT_MESSAGE
Legacy event types: core.user.email.message_sent.mfa_enroll_notification
MFA enrollment notification email sent. Used to notify admins MFA enrollment
notification email has been sent.
email
Since: 2019.01.1
SYSTEM.EMAIL.MFA_RESET_NOTIFICATION.SENT_MESSAGE
Legacy event types: core.user.email.message_sent.mfa_reset_notification
MFA reset notification email sent. Used to notify admins MFA reset notification
email has been sent.
email
Since: 2019.01.1
SYSTEM.EMAIL.NEW_DEVICE_NOTIFICATION.SENT_MESSAGE
Legacy event types: core.user.email.message_sent.new_device_notification
New device signin notification email sent.
email
Since: 2016.13
SYSTEM.EMAIL.PASSWORD_RESET.SENT_MESSAGE
Legacy event types: core.user.email.message_sent.self_service.password_reset
Send self-service password reset email.
email
Since: 2016.13
SYSTEM.EMAIL.SEND_FACTOR_VERIFY_MESSAGE
Legacy event types: system.email.send_factor_verify_message
An email was sent to a user for verification. Used to notify admins that an
email was sent to a user for verification. When fired, this event contains
information about the token lifetime in the debugData.
email
Since: 2019.07.0
SYSTEM.EMAIL.TEMPLATE.CREATE
This event is fired when a custom email template is created. Developers and Org
Admins can use this to identify when a default email template has been
overridden with a new template. The event details can be used to identify the
template type and template engine. Usually this event will precede
"system.email.template.update" or "system.email.template.delete" events.
adminemail
Since: 2021.07.0
SYSTEM.EMAIL.TEMPLATE.DELETE
This event is fired when a custom email template is deleted. Developers and Org
Admins can use this to identify when a custom email template has been deleted to
fall back to default template. The event details can be used to identify the
template type and template engine. Usually this event will follow
"system.email.template.create" or "system.email.template.update" events.
adminemail
Since: 2021.07.0
SYSTEM.EMAIL.TEMPLATE.SETTINGS_CHANGED
This event is fired when the settings for an email template is changed.
Developers and Org Admins can use this to identify when an email template
setting has been changed. When fired, this event contains information about the
email template and settings that were changed.
adminemail
Since: 2022.05.0
SYSTEM.EMAIL.TEMPLATE.UPDATE
Legacy event types: system.email.template.update
This event is fired when a custom email template has been updated. Developers
and Org Admins can use this to identify when a custom email template has been
updated. The event details can be used to identify the template type and
template engine. Usually this event will follow "system.email.template.create"
and precede "system.email.template.delete" events.
adminemail
Since: 2020.03.0
SYSTEM.EMAIL_DOMAIN.CREATE
Email domain is created. Admin has initiated email domain setup by inputting
their domain details for DNS verification. When fired, the event contains
information about the domain name, display name, user name, brand id and
validation status.
admin
Since: 2023.01.0
SYSTEM.EMAIL_DOMAIN.DELETE
Email domain is deleted. Can be used to identify when an admin has deleted their
email domain. When fired, the event contains information about the email domain
that was deleted.
admin
Since: 2023.01.0
SYSTEM.EMAIL_DOMAIN.UPDATE
Email domain is updated. Admin has updated the email domain. When fired, the
event contains information about the email domain that was updated.
admin
Since: 2023.01.0
SYSTEM.EMAIL_DOMAIN.VERIFY
Email domain is successfully verified by Okta. Identifies when an admin has
successfully verified the email domain. When fired, the event contains
information about the email domain that was verified.
admin
Since: 2023.01.0
SYSTEM.FEATURE.DISABLE
Legacy event types: core.feature.disable
Fired when self service features are requested to be disabled by admins. Use to
determine who enabled the features and any limitations the features have. When
fired, this event contains information about the requested features, their names
and lifecycle state, the admin who made the change, and any possible limitations
associated with the features. Related events include 'system.feature.enable'.
adminself-service-feature-managementsystem
Since: 2019.05.0
SYSTEM.FEATURE.EA_AUTO_ENROLL
Legacy event types: core.feature.auto_enroll
Fired when an org has subscribed to or unsubscribed from EA Feature Auto Enroll.
This can be used to understand the status of EA Feature Auto Enroll subscription
and identify who has made changes to the subscription. When fired, this event
contains information about the status of EA Feature Auto enroll subscription, as
well as the admin who made any subscription changes.
adminself-service-feature-managementsystem
Since: 2019.03.1
SYSTEM.FEATURE.ENABLE
Legacy event types: core.feature.enable
Fired when self service features are requested to be enabled by admins. Use to
determine who enabled the features and any limitations the features have. When
fired, this event contains information about the requested features, their names
and lifecycle state, the admin who made the change, and any possible limitations
associated with the features. Related events include 'system.feature.disable'.
adminself-service-feature-managementsystem
Since: 2019.05.0
SYSTEM.HOOK.KEY.CREATED
Create a new hook key. This event can be used to identify when an admin created
a new hook key. When triggered, this events contains information about the
created hook key.
hook-key
Since: 2022.10.2
SYSTEM.HOOK.KEY.DELETED
Delete a hook key. This event can be used to identify when an admin deleted a
hook key. When triggered, this events contains information about the deleted
hook key.
hook-key
Since: 2022.10.2
SYSTEM.HOOK.KEY.UPDATED
Update a hook key. This event can be used to identify when an admin updated a
hook key. When triggered, this events contains information about the updated
hook key.
hook-key
Since: 2022.10.2
SYSTEM.IDP.LIFECYCLE.ACTIVATE
Fired when an Identity provider is activated. This can be used to audit that an
identity provider has been activated. When fired, this event indicates an
Identity provider was activated. This event also indicates the type of the
identity provider that was activated.
idp
Since: 2020.09.1
SYSTEM.IDP.LIFECYCLE.CREATE
Fired when a new Identity provider is created. This can be used to audit that a
new identity provider has been created. When fired, this event indicates an
Identity provider was successfully created. This event also indicates the type
of the identity provider that was created.
idp
Since: 2020.09.1
SYSTEM.IDP.LIFECYCLE.DEACTIVATE
Fired when an Identity provider is deactivated. This can be used to audit that
an identity provider has been deactivated. When fired, this event indicates an
Identity provider has been deactivated. This event also indicates the type of
the identity provider that was deactivated.
idp
Since: 2020.09.1
SYSTEM.IDP.LIFECYCLE.DELETE
Fired when an Identity provider is deleted. This can be used to audit that an
identity provider has been deleted. When fired, this event indicates an Identity
provider was deleted. This event also indicates the type of the identity
provider that was deleted.
idp
Since: 2020.09.1
SYSTEM.IDP.LIFECYCLE.UPDATE
Fired when an Identity provider is updated. This can be used to audit that an
identity provider configuration has been updated. When fired, this event
indicates an Identity provider configuration was updated. This event also
indicates the type of the identity provider that was updated.
idp
Since: 2020.09.1
SYSTEM.IMPORT.CLEAR.UNCONFIRMED.USERS.SUMMARY
Legacy event types: system.import.clear.unconfirmed.users.summary
Clear Unconfirmed Imported Users. Can be used for clearing unconfirmed imported
users from last import result. Note that a single event is fired for clearing
unconfirmed imported users instead of fire delete event on each user.
app
Since: 2019.01.1
SYSTEM.IMPORT.COMPLETE
Legacy event types: app.generic.import.complete
Import process complete.
event-hook-eligibleimportsystem
Since: 2016.14
SYSTEM.IMPORT.COMPLETE_BATCH
Legacy event types: app.generic.import.batch.complete
Batch import process complete.
importsystem
Since: 2016.14
SYSTEM.IMPORT.CUSTOM_OBJECT.COMPLETE
Legacy event types: app.generic.import.summary.custom_object
Import of custom objects completed.
importsystem
Since: 2016.14
SYSTEM.IMPORT.CUSTOM_OBJECT.CREATE
Legacy event types: app.generic.import.details.add_custom_object
Create custom object triggered by import process.
importsystem
Since: 2016.14
SYSTEM.IMPORT.CUSTOM_OBJECT.DELETE
Legacy event types: app.generic.import.details.update_custom_object
Delete custom object triggered by import process.
importsystem
Since: 2016.14
SYSTEM.IMPORT.CUSTOM_OBJECT.UPDATE
Legacy event types: app.generic.import.details.delete_custom_object
Update custom object triggered by import process.
importsystem
Since: 2016.14
SYSTEM.IMPORT.DOWNLOAD.COMPLETE
Legacy event types: system.import.download.complete
Fired at the completion of the download objects phase, when the objects (users,
groups, devices) to be imported have been downloaded from the system of record.
This can be used to determine the progress of an import, as well as to monitor
to trigger processes that should run concurrently with the import. Fired at the
completion of the download objects phase, when the objects (users, groups,
devices) to be imported have been downloaded from the system of record.
importsystem
Since: 2020.01.0
SYSTEM.IMPORT.DOWNLOAD.START
Legacy event types: system.import.download.start
Fired at the start of the download objects phase, when the objects (users,
groups, devices) to be imported are being downloaded from the system of record.
This can be used to determine when an import has started, as well as to monitor
to trigger processes that should run concurrently with the import. Fired at the
start of the download objects phase, when the objects (users, groups, devices)
to be imported are being downloaded from the system of record.
importsystem
Since: 2020.01.0
SYSTEM.IMPORT.GROUP.COMPLETE
Legacy event types: app.generic.import.summary.group
Import of groups completed.
importsystem
Since: 2016.14
SYSTEM.IMPORT.GROUP.CREATE
Legacy event types: app.generic.import.details.add_group
Create group triggered by import process.
event-hook-eligibleimportsystem
Since: 2016.14
SYSTEM.IMPORT.GROUP.DELETE
Legacy event types: app.generic.import.details.delete_group
Remove group triggered by import process.
event-hook-eligibleimportsystem
Since: 2016.14
SYSTEM.IMPORT.GROUP.START
Legacy event types: app.generic.import.import_groups
Start importing groups from refreshing AppGroups.
importsystem
Since: 2016.14
SYSTEM.IMPORT.GROUP.UPDATE
Legacy event types: app.generic.import.details.update_group
Update group triggered from import process.
importsystem
Since: 2016.14
SYSTEM.IMPORT.GROUP_MEMBERSHIP.COMPLETE
Legacy event types: app.generic.import.summary.group_membership
Import of application group members completed.
importsystem
Since: 2016.14
SYSTEM.IMPORT.IMPLICIT_DELETION.COMPLETE
Legacy event types: system.import.implicit_deletion.complete
Fired upon completion of the implicit deletion phase, when Okta checks for the
deletion of users, groups, and custom objects. This can be used to determine the
progress of an import, as well as to monitor to trigger processes that should
run concurrently with the import. Fired upon completion of the implicit deletion
phase, when Okta checks for the deletion of users, groups, and custom objects.
importsystem
Since: 2020.01.0
SYSTEM.IMPORT.IMPLICIT_DELETION.START
Legacy event types: system.import.implicit_deletion.start
Fired at the start of the implicit deletion phase, when Okta checks for the
deletion of users, groups, and custom objects. This can be used to determine the
progress of an import, as well as to monitor to trigger processes that should
run concurrently with the import. Fired at the start of the implicit deletion
phase, when Okta checks for the deletion of users, groups, and custom objects.
importsystem
Since: 2020.01.0
SYSTEM.IMPORT.IMPORT_PROFILE
Legacy event types: app.user_management.importing_profile,
app.user_management.importing_profile_failed.email_length,
app.user_management.importing_profile_failed.missing_externalid,
app.user_management.importing_profile_failed.precomputed_login_length
Import user profile triggered by import process.
importsystem
Since: 2016.14
SYSTEM.IMPORT.IMPORT_PROVISIONING_INFO
Legacy event types: app.generic.import.provisioning_data
Import provisioning info triggered by import process.
importsystem
Since: 2016.14
SYSTEM.IMPORT.MEMBERSHIP_PROCESSING.COMPLETE
Legacy event types: system.import.membership_processing.complete
Fired upon completion of the membership processing phase, when Okta checks which
groups users being imported into Okta should be added to/removed from. This can
be used to determine the progress of an import, as well as to monitor to trigger
processes that should run concurrently with the import. Fired upon completion of
the membership processing phase, when Okta checks which groups users being
imported into Okta should be added to/removed from.
importsystem
Since: 2020.01.0
SYSTEM.IMPORT.MEMBERSHIP_PROCESSING.START
Legacy event types: system.import.membership_processing.start
Fired at the start of the membership processing phase, when Okta checks which
groups users being imported into Okta should be added to/removed from. This can
be used to determine the progress of an import, as well as to monitor to trigger
processes that should run concurrently with the import. Fired at the start of
the membership processing phase, when Okta checks which groups users being
imported into Okta should be added to/removed from.
importsystem
Since: 2020.01.0
SYSTEM.IMPORT.OBJECT_CREATION.COMPLETE
Legacy event types: system.import.object_creation.complete
Fired upon completion of the object creation phase, when the first batch of
objects is created/updated. This can be used to determine the progress of an
import, as well as to monitor to trigger processes that should run concurrently
with the import. Fired upon completion of the object creation phase, when the
first batch of objects is created/updated.
importsystem
Since: 2020.01.0
SYSTEM.IMPORT.OBJECT_CREATION.START
Legacy event types: system.import.object_creation.start
Fired at the completion of the download objects phase, when the objects (users,
groups, devices) to be imported have been downloaded from the system of record.
This can be used to determine the progress of an import, as well as to monitor
to trigger processes that should run concurrently with the import. Fired at the
completion of the download objects phase, when the objects (users, groups,
devices) to be imported have been downloaded from the system of record.
importsystem
Since: 2020.01.0
SYSTEM.IMPORT.ROADBLOCK
Legacy event types: app.generic.import.fail.roadblock
Import roadblock triggered due to exceeded threshold.
event-hook-eligibleimportsystem
Since: 2016.14
SYSTEM.IMPORT.ROADBLOCK.RESCHEDULE_AND_RESUME
Legacy event types: app.generic.import.fail.roadblock.reschedule_and_resume
The affected import from AppInstance has been rescheduled. All other imports
will resume.
importsystem
Since: 2017.19
SYSTEM.IMPORT.ROADBLOCK.RESUME
Legacy event types: app.generic.import.fail.roadblock.resume
The affected import from AppInstance has been canceled. All other imports will
resume.
importsystem
Since: 2017.19
SYSTEM.IMPORT.ROADBLOCK.UPDATED
Legacy event types: system.import.roadblock.updated
Fired when an import roadblock (aka, Import Safeguard) has been updated. This
event can be used to identify when an admin updated the Max Import Unassignment
roadblock setting, and what the setting was updated to. This event includes
details on what the roadblock was updated to and who made the change.
importsystem
Since: 2019.11.0
SYSTEM.IMPORT.SESSION.CANCELLED
Cancel an import session. This event can be used to identify when an admin
cancel import session. This event includes details when the import session be
canceled.
importsystem
Since: 2022.10.0
SYSTEM.IMPORT.SESSION.CREATED
Create a new import session. This event can be used to identify when an admin
start new import session. This event includes details when the import process be
created.
importsystem
Since: 2022.10.0
SYSTEM.IMPORT.SESSION.EXPIRED
Expired an import session. This event can be used to identify when the session
is expired. This event includes details when the session is expired.
importsystem
Since: 2022.10.0
SYSTEM.IMPORT.SESSION.TRIGGERED
Triggered an import session to start importing. This event can be used to
identify when an admin trigger the import job from an open session. This event
includes details when the import process be triggered.
importsystem
Since: 2022.10.0
SYSTEM.IMPORT.START
Legacy event types: app.generic.import.started
import started.
event-hook-eligibleimportsystem
Since: 2016.14
SYSTEM.IMPORT.USER.COMPLETE
Legacy event types: app.generic.import.summary.user
Import of user completed.
importsystem
Since: 2016.14
SYSTEM.IMPORT.USER.CREATE
Legacy event types: app.generic.import.details.add_user
Create user triggered by import process.
importsystem
Since: 2016.14
SYSTEM.IMPORT.USER.DELETE
Legacy event types: app.generic.import.details.delete_user
Delete user triggered by import process.
importsystem
Since: 2016.14
SYSTEM.IMPORT.USER.MATCH
Legacy event types: app.generic.import.details.match_user
Assign user triggered by import process with callback. This event can be used to
alter the matching result for a given imported user. This event is fired when
the matching result is altered by the synchronous callback.
importsystem
Since: 2018.43
SYSTEM.IMPORT.USER.START
Legacy event types: app.generic.import.import_user
Start importing users triggered import process.
importsystem
Since: 2016.14
SYSTEM.IMPORT.USER.SUSPEND
Legacy event types: app.generic.import.details.suspend_user
Suspend user triggered by import process.
importsystem
Since: 2016.24
SYSTEM.IMPORT.USER.UNSUSPEND
Legacy event types: app.generic.import.details.unsuspend_user
Unsuspend user triggered by import process.
importsystem
Since: 2016.24
SYSTEM.IMPORT.USER.UNSUSPEND_AFTER_CONFIRM
Legacy event types: app.generic.import.user_match.unsuspend_after_confirm,
app.user_management.unsuspend_user_after_confirm_failed
No Description
importsystem
Since: 2016.24
SYSTEM.IMPORT.USER.UPDATE
Legacy event types: app.generic.import.details.update_user
Update user triggered by import process.
importsystem
Since: 2016.14
SYSTEM.IMPORT.USER.UPDATE_USER_LIFECYCLE_FROM_MASTER
Legacy event types: app.user_management.update_user_lifecycle_from_master_failed
Update user status triggered by import process.
importsystem
Since: 2016.24
SYSTEM.IMPORT.USER_CSV.COMPLETE
Bulk Import users from CSV is completed. Informs when bulk user import from CSV
has been completed. This event is logged when bulk user import from CSV has
completed with the outcome as success or failure. When fired, this event also
contains debug context about the number of users added/updated/unchanged or with
errors.
admincsv-uploaduser-import
Since: 2021.01.2
SYSTEM.IMPORT.USER_CSV.START
Bulk Import of users from CSV is started. Informs when bulk import of users from
CSV has been attempted to be uploaded. This event is logged when bulk user
import from CSV has started and is a precursor to user.lifecycle.create;
user.lifecycle.activate events.
admincsv-uploaduser-import
Since: 2021.01.2
SYSTEM.IMPORT.USER_MATCHING.COMPLETE
Legacy event types: system.import.user_matching.complete
Fired upon completion of the user matching phase, when Okta attempts to match
imported users to existing Okta users. This can be used to determine the
progress of an import, as well as to monitor to trigger processes that should
run concurrently with the import. Fired upon completion of the user matching
phase, when Okta attempts to match imported users to existing Okta users.
importsystem
Since: 2020.01.0
SYSTEM.IMPORT.USER_MATCHING.START
Legacy event types: system.import.user_matching.start
Fired at the start of the user matching phase, when Okta attempts to match
imported users to existing Okta users. This can be used to determine the
progress of an import, as well as to monitor to trigger processes that should
run concurrently with the import. Fired at the start of the user matching phase,
when Okta attempts to match imported users to existing Okta users.
importsystem
Since: 2020.01.0
SYSTEM.IWA.CREATE
Legacy event types: iwa.created_successfully, iwa.creating_failed
Create IWA agent.
iwasystem
Since: 2016.13
SYSTEM.IWA.GO_OFFLINE
Legacy event types: iwa.ad_agents_went_offline
IWA going offline.
iwasystem
Since: 2016.13
SYSTEM.IWA.GO_ONLINE
Legacy event types: iwa.went_online
IWA going online.
iwasystem
Since: 2016.13
SYSTEM.IWA.PROMOTE_PRIMARY
Legacy event types: iwa.no_agents_promoted_to_primary, iwa.promoted_to_primary
Promote IWA agent to primary.
iwasystem
Since: 2016.13
SYSTEM.IWA.REMOVE
Legacy event types: iwa.removed
Remove IWA agent.
iwasystem
Since: 2016.13
SYSTEM.IWA.UPDATE
Legacy event types: iwa.updated_successfully, iwa.updating_failed
Update IWA agent.
iwasystem
Since: 2016.13
SYSTEM.IWA.USE_DEFAULT
Legacy event types: iwa.primary_not_found
No primary IWA app found. Using default login.
iwasystem
Since: 2016.13
SYSTEM.IWA_AGENTLESS.AUTH
Legacy event types: iwa.agentless.auth.failure, iwa.agentless.auth.success
Agentless IWA authentication.
iwasystem
Since: 2018.22
SYSTEM.IWA_AGENTLESS.AUTH_AFTER_REDIRECT
Fired after redirection from Agentless DSSO failure. This can be used to track
the start of a subsequent authentication request after Agentless DSSO fails.
This can also be used for end-to-end tracking of an ADSSO failure to the
subsequent authentication it is redirected to by searching for the common
stateTokenHash. When fired, this event contains the stateTokenHash which will be
common before and after the redirection occurs.
iwasystem
Since: 2022.11.2
SYSTEM.IWA_AGENTLESS.REDIRECT
Legacy event types: iwa.agentless.auth.redirect.defaultloginpage,
iwa.agentless.auth.redirect.onpremiwa
Fired when an Agentless DSSO authentication request is redirected to an onprem
IWA authentication or the default login page. This can be used to identify when
an agentless authentication request resulted in a redirect to an onprem IWA or
default login page. This can also be used to identify the potential cause of the
redirect. When fired, this event identifies the cause of the redirection. When a
custom error page is defined, a redirect event is not always generated when a
redirection occurs.
iwasystem
Since: 2019.05.4
SYSTEM.IWA_AGENTLESS.UPDATE
Legacy event types: iwa.agentless.update.failure, iwa.agentless.update.success
Update to agentless IWA.
iwasystem
Since: 2018.22
SYSTEM.IWA_AGENTLESS.USER.NOT_FOUND
Legacy event types: iwa.agentless.auth.failed.client_principal_id.invalid,
iwa.agentless.auth.failed.user.multiple_user_found,
iwa.agentless.auth.failed.user.not_found
Fired when a user could not be found during Agentless DSSO authentication,
resulting in an authentication failure. This can be used to identify when an
agentless authentication request resulted in a failure. The failure could be due
to the user not being found in Okta, Okta not being able to connect to AD, or
the user not being found in AD. This can also be used to identify the potential
cause of the failure. When fired, this event contains information about the
potential cause of the failure.
iwasystem
Since: 2019.08.0
SYSTEM.IWA_AGENTLESS_KERBEROS.UPDATE
Legacy event types: iwa.agentless.kerberos.update.failure,
iwa.agentless.kerberos.update.success
Fires when a Kerberos realm settings is updated by an admin. This event fires
when the update is successful or fails. This can be used to audit Kerberos realm
setting, and troubleshoot why Kerberos authentication failed. When fired, this
event indicates whether Kerberos realm setting update has been successful or
failed. This event also indicates the initiator of the event and the current
setting for Kerberos Realm. Related events: none, all debugging context is
included in this event.
iwasystem
Since: 2019.05.4
SYSTEM.LDAPI.ADMIN_LIMIT_EXCEEDED
This event indicates that an administrative limit was exceeded when processing
an LDAP interface operation. It can be used to audit and debug failures caused
by exceeding an administrative limit. This event may occur periodically when an
LDAP operation results in a large number of corresponding actions in the Okta
directory. These errors are often temporary and will subside when Okta has
processed the actions. Contact Okta support if you see such errors consistently
over the course of a day or more.
ldapi
Since: 2023.03.0
SYSTEM.LDAPI.BIND
Legacy event types: system.ldapi.bind
Fired when a user performs a BIND to LDAP Interface. Can be used to identify
when a user attempted to perform an LDAP authentication for audit or debugging
purposes. Note that the firing of this event is subject to LDAPi event filtering
rules.
ldapi
Since: 2018.10
SYSTEM.LDAPI.SEARCH
Legacy event types: system.ldapi.search
Fired when a user performs a SEARCH to LDAP Interface. Can be used to identify
when a user attempted to perform a search on LDAP Interface for audit or
debugging purposes. Note that the firing of this event is subject to LDAPi event
filtering rules.
ldapi
Since: 2018.10
SYSTEM.LDAPI.UNBIND
Legacy event types: system.ldapi.unbind
Fired when a user performs an UNBIND to LDAP Interface. Can be used to identify
when a user attempted to end an LDAP Interface session for audit or debugging
purposes. Note that the firing of this event is subject to LDAPi event filtering
rules.
ldapi
Since: 2018.10
SYSTEM.LOG_STREAM.LIFECYCLE.ACTIVATE
Log stream activated. This event can be used to track and audit when a user
activates a log stream. When fired, this event indicates that a user activated a
log stream configuration.
event-hook-eligiblelog-stream
Since: 2021.09.1
SYSTEM.LOG_STREAM.LIFECYCLE.CREATE
Log stream created. This event can be used to track and audit when a user
creates a log stream. When fired, this event indicates that a user created a log
stream configuration.
event-hook-eligiblelog-stream
Since: 2021.09.1
SYSTEM.LOG_STREAM.LIFECYCLE.DEACTIVATE
Log stream deactivated. This event can be used to track and audit when a user or
Okta deactivates a log stream. When fired, this event indicates that a user or
Okta deactivated a log stream configuration.
event-hook-eligiblelog-stream
Since: 2021.09.1
SYSTEM.LOG_STREAM.LIFECYCLE.DELETE
Log stream deleted. This event can be used to track and audit when a user
deletes a log stream. When fired, this event indicates that a user deleted a log
stream configuration.
event-hook-eligiblelog-stream
Since: 2021.09.1
SYSTEM.LOG_STREAM.LIFECYCLE.UPDATE
Log stream updated. This event can be used to track and audit when a user
updates a log stream. When fired, this event indicates that a user updated a log
stream configuration.
event-hook-eligiblelog-stream
Since: 2021.09.1
SYSTEM.MFA.FACTOR.ACTIVATE
Activate a new authentication factor. Can be used to identify when an admin has
enabled a new factor for authentication. When fired the event will contain
details of which factor is enabled.
adminmfa
Since: 2021.01.1
SYSTEM.MFA.FACTOR.DEACTIVATE
Deactivate MFA factor. Can be used to identify when an admin has disabled a
factor for MFA. When fired the event will contain details of which factor is
disabled.
adminmfa
Since: 2021.01.1
SYSTEM.OPERATION.CONCURRENCY_LIMIT.VIOLATION
Operation concurrency limit violation. This can be used to track if there are
too many concurrent operations of the given type. The operation type information
is available in debugData. When fired, this event contains information about the
operation such as its actor, type, scope and threshold details.
OperationRateLimitType in debugData will indicate the category to which the
concurrency limit is being applied (e.g. web_request), OperationRateLimitSubtype
defines specific subtypes (e.g. ssws_token) and OperationRateLimitScope will
indicate the scope of the rate limit (e.g. token).
system
Since: 2022.07.0
SYSTEM.OPERATION.RATE_LIMIT.VIOLATION
Operation rate limit violation. This can be used to track if an operation is
exceeding its rate limit. When fired, this event contains information about the
operation such as actor, type, scope and threshold details.
OperationRateLimitType in debugData will indicate the category to which the rate
limit is being applied (e.g. authenticator_otp_verification),
OperationRateLimitSubtype defines specific subtypes (e.g. Email Factor for
authenticator_otp_verification) and OperationRateLimitScope will indicate the
scope of the rate limit (e.g. user or org level). Formerly, this event was used
to indicate blocked SMS/Call transactions, please see
system.sms.send*/system.voice.send* for blocked transactions.
system
Since: 2020.12.0
SYSTEM.OPERATION.RATE_LIMIT.WARNING
Operation rate limit warning. This can be used to track if an operation is
approaching its rate limit. When fired, this event contains information about
the operation such as actor, type, scope and threshold details.
OperationRateLimitType in debugData will indicate the category to which the rate
limit is being applied (e.g. authenticator_otp_verification),
OperationRateLimitSubtype defines specific subtypes (e.g. Email, SMS or Voice
call for authenticator_otp_verification type) and OperationRateLimitScope will
indicate the scope of the rate limit (e.g. user or org level).
system
Since: 2021.01.2
SYSTEM.ORG.CAPTCHA.ACTIVATE
Enable org-wide captcha support. Indicates when org-wide captcha support is
enabled, for which pages and using which captcha instance. This event is fired
when org admin enables org-wide captcha for any supported pages.
captchasystem
Since: 2021.05.1
SYSTEM.ORG.CAPTCHA.DEACTIVATE
Disable org-wide captcha support. Indicates when org-wide captcha support is
disabled. This event is fired when org admin disables org-wide captcha support
for all pages.
captchasystem
Since: 2021.05.1
SYSTEM.ORG.LIFECYCLE.CREATE
Legacy event types: core.org.config.org_creation.failure,
core.org.config.org_creation.success
Org creation.
system
Since: 2016.51
SYSTEM.ORG.RATE_LIMIT.BURST
Fired when burst rate limit capacity is activated. This can be used to identify
when an API in the Org exceeds standard rate limits and the frequency with which
the activities occur. This event is fired after a corresponding warning event.
If usage continues on this API the risk is hitting a rate limit violation which
will fire a corresponding violation event. The event contains a burst rate limit
threshold which informs how much capacity is remaining before a violation
occurs.
system
Since: 2022.02.0
SYSTEM.ORG.RATE_LIMIT.EXPIRATION.WARNING
Legacy event types: core.framework.ratelimit.expiration.warning
Rate limit approaching expiration date.
system
Since: 2018.35
SYSTEM.ORG.RATE_LIMIT.VIOLATION
Legacy event types: core.framework.ratelimit.exceeded
Rate limit violation.
event-hook-eligiblesystem
Since: 2017.02
SYSTEM.ORG.RATE_LIMIT.WARNING
Legacy event types: core.framework.ratelimit.warning
Rate limit warning.
event-hook-eligiblesystem
Since: 2017.02
SYSTEM.ORG.TASK.REMOVE
Legacy event types: core.org.task.remove
Tasks removed.
system
Since: 2017.33
SYSTEM.PUSH.SEND_FACTOR_VERIFY_PUSH
Fired when a Push notification is sent to a device. Used to notify admins when a
push was sent to a user for verification. Note that this event is fired whenever
a Push is sent.
push
Since: 2020.06.3
SYSTEM.SMS.RECEIVE_STATUS
Fired when receiving a status update on SMS message from provider. This event
can be used by Org Admins to identify users that are/aren't getting one-time
passcodes delivered successfully via SMS, provider status can be obtained from
status field in debug data. For any system.sms.send_* event, there should be
exactly one of this event.
sms
Since: 2020.08.4
SYSTEM.SMS.SEND_ACCOUNT_UNLOCK_MESSAGE
Legacy event types: core.user.sms.message_sent.self_service.account_unlock
Send self-service account unlock SMS message. As of the 2022.06.0 release this
event is also used to identify transactions blocked by Okta, which is indicated
by a "deny" outcome. Previously, the system.operation.rate_limit.violation was
used to identify blocked transactions. Additionally, the method of generating
the MobilePhone ID in the event has changed for Okta Classic. It has not changed
for Okta Identity Engine.
smssystem
Since: 2016.12
SYSTEM.SMS.SEND_FACTOR_VERIFY_MESSAGE
Legacy event types: core.user.sms.message_sent.factor
Send second factor auth SMS. As of the 2022.06.0 release this event is also used
to identify transactions blocked by Okta, which is indicated by a "deny"
outcome. Previously, the system.operation.rate_limit.violation was used to
identify blocked transactions. Additionally, the method of generating the
MobilePhone ID in the event has changed for Okta Classic. It has not changed for
Okta Identity Engine.
smssystem
Since: 2016.12
SYSTEM.SMS.SEND_OKTA_PUSH_VERIFY_MESSAGE
Legacy event types: core.user.sms.message_sent.push_verify.activation
Send activate Okta Verify Push for mobile SMS. As of the 2022.06.0 release this
event is also used to identify transactions blocked by Okta, which is indicated
by a "deny" outcome. Previously, the system.operation.rate_limit.violation was
used to identify blocked transactions. Additionally, the method of generating
the MobilePhone ID in the event has changed for Okta Classic. It has not changed
for Okta Identity Engine.
smssystem
Since: 2016.12
SYSTEM.SMS.SEND_PASSWORD_RESET_MESSAGE
Legacy event types: core.user.sms.message_sent.self_service.password_reset
Send self-service password reset SMS message. As of the 2022.06.0 release this
event is also used to identify transactions blocked by Okta, which is indicated
by a "deny" outcome. Previously, the system.operation.rate_limit.violation was
used to identify blocked transactions. Additionally, the method of generating
the MobilePhone ID in the event has changed for Okta Classic. It has not changed
for Okta Identity Engine.
smssystem
Since: 2016.12
SYSTEM.SMS.SEND_PHONE_VERIFICATION_MESSAGE
Legacy event types: core.user.sms.message_sent.verify
Send phone verification SMS message. As of the 2022.06.0 release this event is
also used to identify transactions blocked by Okta, which is indicated by a
"deny" outcome. Previously, the system.operation.rate_limit.violation was used
to identify blocked transactions. Additionally, the method of generating the
MobilePhone ID in the event has changed for Okta Classic. It has not changed for
Okta Identity Engine.
event-hook-eligiblesmssystem
Since: 2016.12
SYSTEM.THEME.UPDATE
This event is fired when the theme resource is updated. Developer and org admins
can use this event to identify when and how the theme resource was updated.
Event details can be used to identify changes made to theme assets including
updates to theme hex codes, logo, background image, and favicon. This event also
tracks which combination of theme assets was applied to end users pages such as
the sign-in page, error pages, and email templates.
admin
Since: 2021.08.0
SYSTEM.VOICE.RECEIVE_STATUS
Fired when receiving a status update on voice call from provider. This event can
be used by Org Admins to identify users that are/aren't getting one-time
passcodes delivered successfully via voice call, provider status can be obtained
from status field in debug data. For any system.voice.send_* event, there should
be exactly one of this event.
voice
Since: 2020.08.4
SYSTEM.VOICE.SEND_ACCOUNT_UNLOCK_CALL
Legacy event types:
core.user.call_to_send_otp.message_sent.self_service.account_unlock
Send self-service account unlock call. As of the 2022.06.0 release this event is
also used to identify transactions blocked by Okta, which is indicated by a
"deny" outcome. Previously, the system.operation.rate_limit.violation was used
to identify blocked transactions. Additionally, the method of generating the
MobilePhone ID in the event has changed for Okta Classic. It has not changed for
Okta Identity Engine.
voice
Since: 2017.44
SYSTEM.VOICE.SEND_CALL
Legacy event types: core.user.call_made.factor
Send phone call.
voice
Since: 2017.44
SYSTEM.VOICE.SEND_MFA_CHALLENGE_CALL
Legacy event types: core.user.call_to_send_otp.message_sent.mfa.challenge
Send second factor auth call. As of the 2022.06.0 release this event is also
used to identify transactions blocked by Okta, which is indicated by a "deny"
outcome. Previously, the system.operation.rate_limit.violation was used to
identify blocked transactions. Additionally, the method of generating the
MobilePhone ID in the event has changed for Okta Classic. It has not changed for
Okta Identity Engine.
voice
Since: 2017.44
SYSTEM.VOICE.SEND_PASSWORD_RESET_CALL
Legacy event types:
core.user.call_to_send_otp.message_sent.self_service.password_reset
Send self-service password reset call. As of the 2022.06.0 release this event is
also used to identify transactions blocked by Okta, which is indicated by a
"deny" outcome. Previously, the system.operation.rate_limit.violation was used
to identify blocked transactions. Additionally, the method of generating the
MobilePhone ID in the event has changed for Okta Classic. It has not changed for
Okta Identity Engine.
voice
Since: 2017.44
SYSTEM.VOICE.SEND_PHONE_VERIFICATION_CALL
Legacy event types: core.user.call_to_send_otp.message_sent.verify
Send phone verification call. As of the 2022.06.0 release this event is also
used to identify transactions blocked by Okta, which is indicated by a "deny"
outcome. Previously, the system.operation.rate_limit.violation was used to
identify blocked transactions. Additionally, the method of generating the
MobilePhone ID in the event has changed for Okta Classic. It has not changed for
Okta Identity Engine.
event-hook-eligiblevoice
Since: 2017.44
TASK.LIFECYCLE.ACTIVATE
Legacy event types: platform.task.lifecycle.activate
Activated system task.
task
Since: 2018.15
TASK.LIFECYCLE.CREATE
Legacy event types: platform.task.lifecycle.create
Created system task.
task
Since: 2018.15
TASK.LIFECYCLE.DEACTIVATE
Legacy event types: platform.task.lifecycle.deactivate
Deactivated system task.
task
Since: 2018.15
TASK.LIFECYCLE.DELETE
Legacy event types: platform.task.lifecycle.delete
Deleted system task.
task
Since: 2018.15
TASK.LIFECYCLE.UPDATE
Legacy event types: platform.task.lifecycle.update
Updated system task.
task
Since: 2018.15
USER.ACCOUNT.LOCK
Legacy event types: core.user_auth.account_locked
Auto-lock user account for Okta.
accountevent-hook-eligibleuser
Since: 2016.02
USER.ACCOUNT.LOCK.LIMIT
Legacy event types: user.account.lock.limit
This event is fired when a user account has reached the lockout limit. The
account will not auto-unlock and a user or client cannot gain access to the
account. This event indicates an account that will not be able to log in until
remedial action is taken by the account admin. This event can be used to
understand the specifics of an account lockout. Often this indicates a client
application that is repeatedly attempting to authenticate with invalid
credentials such as an old password.
accountuser
Since: 2019.05.0
USER.ACCOUNT.PRIVILEGE.GRANT
Legacy event types: core.user.admin_privilege.granted
A User's admin privileges changed. This can be used to audit the provisioning of
admin privileges for users. When fired, this event contains information about
the type of admin privileges the user currently has. The list of current
privileges contain both individually assigned roles as well as the ones granted
to the user through their group membership. Related events include:
USER_ACCOUNT_PRIVILEGE_REVOKE.
event-hook-eligibleuser
Since: 2016.15
USER.ACCOUNT.PRIVILEGE.REVOKE
Legacy event types: core.user.admin_privilege.revoked
All of user's admin privilege revoked. This can be used to audit the
deprovisioning of admin privileges from users. When fired, this event indicates
the user has no more admin privileges. All of user's privileges were revoked
including individually assigned roles as well as the ones granted to the user
through their group membership. Related events include:
USER_ACCOUNT_PRIVILEGE_GRANT.
event-hook-eligibleuser
Since: 2016.15
USER.ACCOUNT.REPORT_SUSPICIOUS_ACTIVITY_BY_ENDUSER
Legacy event types: core.user.account.report_suspicious_activity_by_enduser
User reported suspicious activity. This event is used to identify user account
suspicious activity.
event-based-trigger-eligibleevent-hook-eligibleuser
Since: 2019.01.1
USER.ACCOUNT.RESET_PASSWORD
Legacy event types: core.user.config.user_status.password_reset,
core.user_auth.self_service.password_reset,
core.user_auth.self_service.password_reset.invalid_recovery_token,
core.user_auth.self_service.password_reset.invalid_security_answer,
core.user_auth.self_service.password_reset.invalid_sms_code,
core.user_auth.self_service.password_reset.invalid_user_state,
core.user_auth.self_service.password_reset.issued_recovery_token,
core.user_auth.self_service.password_reset.shared_email,
core.user_auth.self_service.password_reset.suspended_user,
core.user_auth.self_service.password_reset.unknown_user
Fired when the user's Okta password is reset.
accountevent-hook-eligibleuser
Since: 2016.15
USER.ACCOUNT.UNLOCK
Legacy event types: core.user_auth.account_auto_unlocked,
core.user_auth.self_service.account_unlock,
core.user_auth.self_service.account_unlock.already_unlocked,
core.user_auth.self_service.account_unlock.invalid_recovery_token,
core.user_auth.self_service.account_unlock.invalid_security_answer,
core.user_auth.self_service.account_unlock.invalid_sms_code,
core.user_auth.self_service.account_unlock.shared_email,
core.user_auth.self_service.account_unlock.unknown_user
Auto-unlock user account for Okta.
accountevent-hook-eligibleuser
Since: 2016.15
USER.ACCOUNT.UNLOCK_BY_ADMIN
Legacy event types: core.user_auth.account_unlocked_by_admin
User account unlock by admin.
accountuser
Since: 2016.15
USER.ACCOUNT.UNLOCK_FAILURE
Legacy event types: core.user_auth.user.account.unlock_failure
Failed to schedule unlock job for user.
accountuser
Since: 2018.23
USER.ACCOUNT.UNLOCK_TOKEN
Legacy event types:
core.user_auth.self_service.account_unlock.issued_recovery_token
Issued recovery token for self-service account unlock.
accountuser
Since: 2017.47
USER.ACCOUNT.UPDATE_PASSWORD
Legacy event types: core.user.config.password_update.failure,
core.user.config.password_update.success
User update password for Okta.
accountend-user-visibleevent-hook-eligibleuser
Since: 2016.15
USER.ACCOUNT.UPDATE_PRIMARY_EMAIL
Legacy event types: core.user.config.update_primary_email
User primary email updated.
accountend-user-visibleuseruser-config
Since: 2018.05
USER.ACCOUNT.UPDATE_PROFILE
Legacy event types: core.user.config.profile_update.success
Update user profile for Okta.
accountevent-hook-eligibleuseruser-config
Since: 2016.02
USER.ACCOUNT.UPDATE_SECONDARY_EMAIL
Legacy event types: core.user.config.update_secondary_email
User secondary email updated.
accountend-user-visibleuseruser-config
Since: 2018.25
USER.ACCOUNT.UPDATE_USER_TYPE
Fires when a user changes from one type to another. Can be used to audit when a
user gets converted from a contractor to a full-time employee, for example. Data
includes the old and new type ids. There may be an accompanying update_profile
event if values were changed.
accountuseruser-config
Since: 2020.02.0
USER.ACCOUNT.USE_TOKEN
Legacy event types: core.user_auth.self_service.invalid_recovery_token
Invalid self service recovery token used by user.
accountuser
Since: 2016.15
USER.AUTHENTICATION.AUTH
Legacy event types: core.user_auth.invalid_certificate,
core.user_auth.login_failed, core.user_auth.login_success
Authenticate user.
user
Since: 2016.02
USER.AUTHENTICATION.AUTH_UNCONFIGURED_IDENTIFIER
Fired after a user authenticates via a directory instance that is not the
highest priority profile source for the user. This can be used to track users
that are using an identifier to login which is different from the admin
configured identifier for that user which might result in unexpected login
results. When fired, this event will contain useful information about the user,
the directory instance that was used to login the user, and the directory
instance that should have been used instead.
directoryuser
Since: 2023.01.2
USER.AUTHENTICATION.AUTH_VIA_AD_AGENT
Legacy event types: app.ad.agent.user_auth, app.ad.agent.user_auth.error,
app.ad.login.bad_password, app.ad.login.expired_password,
app.ad.login.locked_account, app.ad.login.success, app.ad.login.unknown_failure,
app.ad.outbound.delauth.no_connected_agent, app.ad.outbound.delauth.timeout
Authenticate user with AD agent.
directoryuser
Since: 2016.18
USER.AUTHENTICATION.AUTH_VIA_IDP
Legacy event types: core.user_auth.idp.cannot_update_user_profile_or_groups,
core.user_auth.idp.cannot_update_user_profile_or_groups.server_read_only,
core.user_auth.idp.general_schema_warning,
core.user_auth.idp.invalid_user_status,
core.user_auth.idp.link_denied_for_groups, core.user_auth.idp.login_failed,
core.user_auth.idp.multiple_matching_users,
core.user_auth.idp.no_matching_users,
core.user_auth.idp.saml.assertion_received_same_assertion_id,
core.user_auth.idp.saml.login_success,
core.user_auth.idp.saml.response_received_in_response_to_no_matching_key,
core.user_auth.idp.saml.saml_validation_failed,
core.user_auth.idp.saml.unknown_endpoint,
core.user_auth.idp.saml.unknown_profile_attribute,
core.user_auth.idp.username_filtered,
core.user_auth.idp.username_transform_failed,
core.user_auth.idp.x509.login_success
Authenticate user via IDP.
user
Since: 2016.18
USER.AUTHENTICATION.AUTH_VIA_LDAP_AGENT
Legacy event types: app.ldap.login.bad_password,
app.ldap.login.disabled_account, app.ldap.login.expired_password,
app.ldap.login.locked_account, app.ldap.login.success,
app.ldap.login.unknown_failure, app.ldap.outbound.delauth.no_connected_agent,
app.ldap.outbound.delauth.timeout
Authenticate user via LDAP agent.
directoryuser
Since: 2016.18
USER.AUTHENTICATION.AUTH_VIA_INBOUND_SAML
Legacy event types: core.user_auth.saml2.inbound_saml_login_failed
Authenticate user via inbound SAML.
user
Since: 2016.27
USER.AUTHENTICATION.AUTH_VIA_INBOUND_DELAUTH
Legacy event types: app.inbound_del_auth.failure.account_not_found,
app.inbound_del_auth.failure.duplicate_accounts_found,
app.inbound_del_auth.failure.instance_not_found,
app.inbound_del_auth.failure.invalid_login_credentials,
app.inbound_del_auth.failure.invalid_request.could_not_parse_credentials,
app.inbound_del_auth.failure.not_supported
Authenticate user via inbound delauth.
user
Since: 2016.02
USER.AUTHENTICATION.AUTH_VIA_IWA
Legacy event types: iwa.auth, iwa.invalid_certificate, iwa.invalid_token,
iwa.invalid_xml_signature, iwa.no_certificate
Authenticate user via IWA.
user
Since: 2016.02
USER.AUTHENTICATION.AUTH_VIA_MFA
Legacy event types: core.user.factor.attempt_fail,
core.user.factor.attempt_success, core.user_auth.duo.disabled_lockout,
core.user_auth.duo.duo_down, core.user_auth.duo.invalid_integration
Authentication of user via MFA. For Okta Classic orgs, this event will only fire
for second factor verifications, whereas for Identity Engine orgs, this event
will fire for both primary and second factor verifications.
event-hook-eligiblemfa
Since: 2016.02
USER.AUTHENTICATION.AUTH_VIA_RADIUS
Legacy event types: core.user_auth.radius.login.failed,
core.user_auth.radius.login.succeeded
Authentication of user via Radius.
appradius
Since: 2016.18
USER.AUTHENTICATION.AUTH_VIA_RICHCLIENT
Legacy event types: app.rich_client.account_not_found,
app.rich_client.instance_not_found, app.rich_client.login_failure,
app.rich_client.login_success, app.rich_client.multiple_accounts_found
Authentication of a user via Rich Client.
user
Since: 2016.18
USER.AUTHENTICATION.AUTH_VIA_SOCIAL
Legacy event types: core.user_auth.idp.social.cannot_acquire_access_token,
core.user_auth.idp.social.cannot_acquire_profile,
core.user_auth.idp.social.invalid_userinfo_response,
core.user_auth.idp.social.jit_callout_denied_by_callout,
core.user_auth.idp.social.jit_callout_redirect,
core.user_auth.idp.social.jit_callout_response_invalid,
core.user_auth.idp.social.jit_callout_success,
core.user_auth.idp.social.jit_error,
core.user_auth.idp.social.link_callout_denied_by_callout,
core.user_auth.idp.social.link_callout_redirect,
core.user_auth.idp.social.link_callout_response_invalid,
core.user_auth.idp.social.link_callout_success,
core.user_auth.idp.social.link_denied_for_groups,
core.user_auth.idp.social.login_success
Authenticate user with social login.
user
Since: 2016.18
USER.AUTHENTICATION.AUTHENTICATE
Legacy event types: core.user_auth.authentication.auth_via_3rd_party_failure,
core.user_auth.authentication.auth_via_3rd_party_success,
core.user_auth.authentication.auth_via_okta_mobile_failure,
core.user_auth.authentication.auth_via_okta_mobile_success,
core.user_auth.authentication.auth_via_omm_failure,
core.user_auth.authentication.auth_via_omm_success,
core.user_auth.authentication.auth_via_saml_idp_failure,
core.user_auth.authentication.auth_via_saml_idp_success,
core.user_auth.authentication.authenticate
Authentication via device trust certificate.
device-trust-authenticationevent-hook-eligibleuser
Since: 2017.44
USER.AUTHENTICATION.SLO
Legacy event types: app.auth.slo, app.auth.slo.saml.invalid_issuer,
app.auth.slo.saml.invalid_nameid, app.auth.slo.saml.invalid_signature,
app.auth.slo.saml.malformed_request,
app.auth.slo.saml.malformed_request.invalid_type, app.auth.slo.with_reason
User single logout out (SLO) from app.
user
Since: 2016.11
USER.AUTHENTICATION.SSO
Legacy event types: app.auth.sso
Fired when a user performs a single sign-on (SSO) to an app instance and
contains the client details of the user. Can be used to identify when a user
attempted to sign into an application for audit or debugging purposes. Note that
the event is fired even when the sign-on is unsuccessful.
event-hook-eligibleuser
Since: 2016.11
USER.AUTHENTICATION.VERIFY
Legacy event types: user.authentication.verify
Verify user identity.
end-user-visibleuser
Since: 2017.27
USER.CREDENTIAL.ENROLL
Legacy event types: core.user_auth.credential.enroll
Device Trust certificate enrollment.
device-trust-cert-distribution-and-bindingevent-hook-eligibleuser
Since: 2017.45
USER.IDENTITY_SNAPSHOT.ATTESTATION.CREATE
Create identity snapshot attestation for a user. This event can be used by
administrators to audit identity snapshot attestations minted for a user. The
user and the application are in the event, signifying which user the attestation
token is being minted for, and which application is requesting it.
attestationuser
Since: 2020.09.3
USER.IMPORT.PASSWORD
Fired when a user has successfully logged in to Okta and an attempt to import
their Password has been made. This can be used to understand if a user password
import attempt was successful or if it failed. If the attempt failed, the
password import will be tried again on a subsequent successful login. When
fired, this event contains information about the import type, and whether or not
the password import was successful. If the import is successful, it is safe to
"clean up" that user from an external system. If the import failed, Okta will
continue retrying the import during every successful authentication attempt
until the password is successfully imported. Check the failure reason for
details about whether any action is needed for the import to succeed.
credentialevent-hook-eligibleimportuser
Since: 2020.05.1
USER.LIFECYCLE.ACTIVATE
Legacy event types: core.user.config.user_activated
Activate Okta user.
event-hook-eligibleuser
Since: 2016.13
USER.LIFECYCLE.CREATE
Legacy event types: core.user.config.user_creation.failure,
core.user.config.user_creation.success
Create Okta user.
event-hook-eligibleuser
Since: 2016.02
USER.LIFECYCLE.DEACTIVATE
Legacy event types: core.user.config.user_deactivated
Deactivate Okta user.
event-hook-eligibleuser
Since: 2016.02
USER.LIFECYCLE.DELETE.COMPLETED
Legacy event types: core.user.config.user_status.delete.completed
Delete Okta user completed.
user
Since: 2016.29
USER.LIFECYCLE.DELETE.INITIATED
Legacy event types: core.user.config.user_status.delete.initiated
Delete Okta user initiated.
event-hook-eligibleuser
Since: 2016.29
USER.LIFECYCLE.JIT.ERROR.READ_ONLY
Legacy event types: core.user.jit.error.read_only
Failed to JIT create user.
user
Since: 2018.06
USER.LIFECYCLE.PASSWORD_MASS_EXPIRY
Legacy event types: core.user.config.user_status.password_mass_expiry
Mass expire all users' passwords initiated.
user
Since: 2018.04
USER.LIFECYCLE.REACTIVATE
Legacy event types: core.user.config.user_reactivation.success
Reactivate Okta user.
event-hook-eligibleuser
Since: 2016.13
USER.LIFECYCLE.SUSPEND
Legacy event types: core.user.config.user_status.suspended
Suspend Okta user.
event-hook-eligibleuser
Since: 2016.13
USER.LIFECYCLE.UNSUSPEND
Legacy event types: core.user.config.user_status.unsuspended
Unsuspend Okta user.
event-hook-eligibleuser
Since: 2016.13
USER.MFA.ATTEMPT_BYPASS
Legacy event types: core.user_auth.mfa_bypass_attempted
Attempt bypass of factor.
mfa
Since: 2016.11
USER.MFA.FACTOR.ACTIVATE
Legacy event types: core.user.factor.activate
Activate factor or authenticator enrollment method for user. Provides org admins
with audit log and oversight utility for an MFA factor when it is activated.
When fired, the event contains information about the MFA factor that has been
activated, as well as the target user and the user activating the factor. For
Identity Engine orgs, this event will fire when an authentication method is
enrolled.
end-user-visibleevent-hook-eligiblemfa
Since: 2016.11
USER.MFA.FACTOR.DEACTIVATE
Legacy event types: core.user.factor.deactivate
Reset factor or authenticator enrollment method for user. Provides org admins
with audit log and oversight utility for the change in MFA factor lifecycle
status when a specific factor is permanently deactivated. When fired, the event
contains information about the MFA factor that has been deactivated, as well as
the target user and the user deactivating the factor. For Identity Engine orgs,
this event will fire when an authentication method is unenrolled.
end-user-visibleevent-hook-eligiblemfa
Since: 2016.11
USER.MFA.FACTOR.RESET_ALL
Legacy event types: core.user.factor.reset_all
Reset all factors or authenticator enrollments for user. Provides org admins
with audit log and oversight utility for the change in MFA factor lifecycle
statuses when all MFA factors for a user are permanently deactivated. When
fired, the event contains information about the target user for whom all factors
have been deactivated, as well as the user resetting the factors. For Identity
Engine orgs, this event contains information about a target user for whom all
authenticator enrollments have been reset.
event-hook-eligiblemfa
Since: 2016.11
USER.MFA.FACTOR.SUSPEND
Suspend factor or authenticator enrollment method for user. Provides org admins
with audit log and oversight utility for the change in MFA factor lifecycle
status when a factor is suspended, usually as a result of suspected compromise.
When fired, the event contains information about the MFA factor that has been
suspended, as well as the target user and the user suspending the factor. When
unsuspended, related event user.mfa.factor.unsuspend will be fired.
event-hook-eligiblemfaoie-only
Since: 2020.09.4
USER.MFA.FACTOR.UNSUSPEND
Unsuspend factor or authenticator enrollment method for user. Provides org
admins with audit log and oversight utility for the change in MFA factor
lifecycle status when a factor is reactivated from a state of suspension, after
it has been determined that the authenticator is secure. When fired, the event
contains information about the MFA factor that has been unsuspended, as well as
the target user and the user reactivating the suspended factor. Before
suspension, related event user.mfa.factor.suspend would have been fired.
event-hook-eligiblemfaoie-only
Since: 2020.09.4
USER.MFA.FACTOR.UPDATE
Legacy event types: core.user.factor.update
Update factor for user.
event-hook-eligiblemfa
Since: 2016.11
USER.MFA.OKTA_VERIFY
Legacy event types: core.user_auth.mfa_okta_verify_response
Verify user with Okta verify.
mfa
Since: 2016.11
USER.MFA.OKTA_VERIFY.DENY_PUSH
Legacy event types: core.user.factor.push_rejected
User rejected Okta push verify. This event is triggered in classic V1 API calls.
In OIE we use a generic event for factor verification failure:
user.authentication.auth_via_mfa with reason INVALID_CREDENTIALS.
mfa
Since: 2018.03
USER.MFA.OKTA_VERIFY.DENY_PUSH_UPGRADE_NEEDED
Legacy event types: core.user.factor.push_rejected.upgrade_needed
Rejected Okta push verify as Upgrade Needed. This can be used to audit events
where Okta push verify was rejected as the app needed upgrade. Note that the
event is fired when Okta Verify push is rejected. It is possible that the user
might have chosen another factor and made successful login as well.
mfa
Since: 2020.05.0
USER.SESSION.ACCESS_ADMIN_APP
Legacy event types: app.admin.sso.bad_response, app.admin.sso.login.success,
app.admin.sso.no_response
User accessing Okta admin app.
adminappsessionuser
Since: 2016.14
USER.SESSION.CLEAR
Legacy event types: core.user_auth.session_clear
Clear user session.
event-hook-eligiblesessionuser
Since: 2016.15
USER.SESSION.END
Legacy event types: core.user_auth.logout_success
User logout from Okta.
event-hook-eligiblesessionuser
Since: 2016.02
USER.SESSION.EXPIRE
Legacy event types: core.user_auth.session_expired
Expire user session.
sessionuser
Since: 2016.15
USER.SESSION.IMPERSONATION.END
Legacy event types: core.user.impersonation.session.ended
End impersonation session.
sessionuser
Since: 2016.09
USER.SESSION.IMPERSONATION.EXTEND
Legacy event types: core.user.impersonation.grant.extended
Extend impersonation session.
sessionuser
Since: 2016.09
USER.SESSION.IMPERSONATION.GRANT
Legacy event types: core.user.impersonation.grant.enabled
Enable impersonation grant.
sessionuser
Since: 2016.09
USER.SESSION.IMPERSONATION.INITIATE
Legacy event types: core.user.impersonation.session.initiated
Initiate impersonation session.
sessionuser
Since: 2016.09
USER.SESSION.IMPERSONATION.REVOKE
Legacy event types: core.user.impersonation.grant.revoked
Revoke impersonation grant.
sessionuser
Since: 2016.09
USER.SESSION.START
Legacy event types: core.user_auth.invalid_certificate,
core.user_auth.login_denied, core.user_auth.login_failed,
core.user_auth.login_failed.policy_denied, core.user_auth.login_success,
core.user_auth.session_created_using_api_token,
core.user_auth.session_created_using_token
User login to Okta.
end-user-visibleevent-hook-eligiblesessionuser
Since: 2016.02
WORKFLOWS.USER.CONNECTION.CREATE
This event can be used by any admin or security team member to monitor the
creation of new connections for Workflows connectors. The target fields provide
information on the user that created the connection, the application for which
the connection was created, and the display name the user provided for the
connection. Other connection lifecycle events include:
workflows.user.connection.revoke, workflows.user.connection.reauthorize, and
workflows.user.connection.delete. Note that this event only indicates if a
connection was successfully added to the database, and does not distinguish
whether or not that connection is valid.
workflows
Since: 2021.02.1
WORKFLOWS.USER.CONNECTION.DELETE
This event can be used by any admin or security team member to monitor the
deletion of existing Workflows connections. The target fields provide
information on the user that deleted the connection, the application for which
the connection was deleted, and the display name originally provided for the
connection. Other connection lifecycle events include:
workflows.user.connection.create, workflows.user.connection.reauthorize, and
workflows.user.connection.revoke. Note that for OAuth connections this will
often fire with the workflows.user.connection.revoke event.
workflows
Since: 2021.02.1
WORKFLOWS.USER.CONNECTION.REAUTHORIZE
This event can be used by any admin or security team member to monitor the
reauthorization of existing connections for Workflows connectors.
Reauthorization can be used to retrieve a new access token or to change the
credentials used by a connection. The target fields provide information on the
user that reauthorized the connection, the application for which the connection
was reauthorized, and the display name originally provided for the connection.
Other connection lifecycle events include: workflows.user.connection.create,
workflows.user.connection.revoke, and workflows.user.connection.delete. Note
that this event only indicates if a user attempted to reauthorize a connection,
and does not distinguish whether or not that reauthorization was successful.
workflows
Since: 2021.02.1
WORKFLOWS.USER.CONNECTION.REVOKE
This event can be used by any admin or security team member to monitor when a
token for a Workflows connection has been revoked in a third party service., and
the event usually fires along with workflows.user.connection.delete. The target
fields provide information on the user that revoked the connection, the
application for which the connection was revoked, and the display name
originally provided for the connection. Other connection lifecycle events
include: workflows.user.connection.create,
workflows.user.connection.reauthorize, and workflows.user.connection.delete.
Note that this event only fires for connections where the service supplies an
API endpoint for revoking tokens. Tokens that cannot be revoked via API must be
managed manually in the third party application.
workflows
Since: 2021.02.1
WORKFLOWS.USER.DELEGATEDFLOW.RUN
This event can be used by admins or security team members to monitor the
execution of delegated flows in the Workflows platform from the Admin
application. The actor field provides the Okta User ID of the user that ran the
flow. The target fields provide context on the Workflows instance as well as the
name and flow id of the executed flow. This event only indicates if the flow was
successfully triggered and does not provide information about whether the flow
encountered an error.
workflows
Since: 2022.06.0
WORKFLOWS.USER.FLOW.ACTIVATE
Triggered when a user activates a flow in Workflows. Can be used to audit user
activity in Workflows. Event is fired when a user toggles a flow on.
workflows
Since: 2021.02.1
WORKFLOWS.USER.FLOW.CREATE
Triggered when a user creates a new flow in Workflows. Can be used to audit user
activity in Workflows. Event is fired when a user creates and saves a new flow.
workflows
Since: 2021.02.1
WORKFLOWS.USER.FLOW.DEACTIVATE
Triggered when a user deactivates a flow in Workflows. Can be used to audit user
activity in Workflows. This is triggered by deactivating a flow.
workflows
Since: 2021.02.1
WORKFLOWS.USER.FLOW.DELETE
Triggered when a user deletes a flow in Workflows. Can be used to audit user
activity in Workflows. Event is fired when a user toggles a flow off.
workflows
Since: 2021.02.1
WORKFLOWS.USER.FLOW.EXPORT
Triggered when a user exports a flow from Workflows. Can be used to audit user
activity in Workflows. Event is fired when a user exports one or more flows as a
flowpack.
workflows
Since: 2021.02.1
WORKFLOWS.USER.FLOW.IMPORT
Triggered when a user imports a flow into Workflows. Can be used to audit user
activity in Workflows. Event is fired when a user imports one or more flows as a
flowpack.
workflows
Since: 2021.02.1
WORKFLOWS.USER.FLOW.SAVE
Triggered when a user saves a flow in Workflows. Can be used to audit user
activity in Workflows. Event is fired when a user saves a flow.
workflows
Since: 2021.02.1
WORKFLOWS.USER.FOLDER.CREATE
This event can be used by any admin or security team member to monitor the
creation of new folders in the Workflows platform. The payload provides
information about the user that created the folder and the folder that was
created. Other folder lifecycle events include: workflows.user.folder.delete,
workflows.user.folder.import, workflows.user.folder.export, and
workflows.user.folder.rename. Note that this event doesn't fire when a folder is
imported. For that, users can reference workflows.user.folder.import.
workflows
Since: 2023.06.1
WORKFLOWS.USER.FOLDER.DELETE
This event can be used by any admin or security team member to monitor the
deletion of folders in the Workflows platform. The payload provides information
on the user that deleted the folder and which folder was deleted. Other folder
lifecycle events include: workflows.user.folder.create,
workflows.user.folder.import, workflows.user.folder.export, and
workflows.user.folder.rename. Note that this event fires when a user manually
deletes a folder and recursively for each subfolder contained within the deleted
folder. Subsequent workflows.user.flow.delete and workflows.user.table.delete
events will fire for each flow and table deleted within each folder.
workflows
Since: 2022.11.1
WORKFLOWS.USER.FOLDER.EXPORT
This event can be used by any admin or security team member to monitor when a
user exports a folder from the Workflows platform. The payload provides
information on the user that exported the folder and the folder that was
exported. Other folder lifecycle events include: workflows.user.folder.create,
workflows.user.folder.delete, workflows.user.folder.import, and
workflows.user.folder.rename. Note that this event fires for the exported folder
and recursively for each subfolder contained within the exported folder
depending on the user's selection. Subsequent workflows.user.flow.export and
workflows.user.table.schema.export events will fire for each flow and table
exported within each exported folder. Additional folder information can be found
in the debug context field.
workflows
Since: 2023.06.1
WORKFLOWS.USER.FOLDER.IMPORT
This event can be used by any admin or security team member to monitor when a
user imports a folder to the Workflows platform. The payload provides
information on the user that imported the folder and the folder that was
imported. Other folder lifecycle events include: workflows.user.folder.create,
workflows.user.folder.delete, workflows.user.folder.export, and
workflows.user.folder.rename. Note that this event fires for the imported folder
and recursively for each subfolder contained within the imported folder.
Subsequent workflows.user.flow.import and workflows.user.table.schema.import
events will fire for each flow and table imported within each imported folder.
Additional folder information can be found in the debug context field.
workflows
Since: 2023.06.1
WORKFLOWS.USER.FOLDER.RENAME
This event can be used by any admin or security team member to monitor when a
user renames a folder in the Workflows platform. The payload provides
information on the user that renamed the folder and the new name of the folder.
Other folder lifecycle events include: workflows.user.folder.create,
workflows.user.folder.delete, workflows.user.folder.import, and
workflows.user.folder.export. Additional information including old and new
folder names can be found in the debug context field.
workflows
Since: 2023.06.1
WORKFLOWS.USER.TABLE.CREATE
This event can be used by any admin or security team member to monitor the
creation of new tables in the Workflows platform. The target fields provide
information on the user that created the table and the new table. Other table
lifecycle events include: workflows.user.table.view,
workflows.user.table.update, and workflows.user.table.delete. Note that this
event doesn't fire when a table is imported. For that, users can reference
workflows.user.table.import or workflows.user.folder.import.
workflows
Since: 2021.02.1
WORKFLOWS.USER.TABLE.DELETE
This event can be used by any admin or security team member to monitor when a
user deletes a table from the Workflows platform. The target fields provide
information on the user that deleted the table and the table itself. Other table
lifecycle events include: workflows.user.table.view,
workflows.user.table.update, and workflows.user.table.create.
workflows
Since: 2021.02.1
WORKFLOWS.USER.TABLE.EXPORT
This event can be used by any admin or security team member to monitor when a
user exports table data from the Workflows platform using the Tables interface.
The target fields provide information on the user that exported the table and
the table itself. Related events include: workflows.user.table.import,
workflows.user.folder.import, and workflows.user.folder.export. Note that
exports through the table interface include table data, while exporting tables
as part of folder export does not.
workflows
Since: 2021.02.1
WORKFLOWS.USER.TABLE.IMPORT
This event can be used by any admin or security team member to monitor when a
user imports table data into the Workflows platform using the Tables interface.
The target fields provide information on the user that imported the table and
the table itself. Related events include: workflows.user.table.export,
workflows.user.folder.export, and workflows.user.folder.import. Note that
importing through the table interface requires an existing schema and is used to
import the data from a .csv file. This event does not fire as part of
workflows.user.folder.import.
workflows
Since: 2021.02.1
WORKFLOWS.USER.TABLE.SCHEMA.EXPORT
This event can be used by any admin or security team member to monitor when a
user exported a table schema from the Workflows platform. The payload provides
information on the user that exported the table schema and the table that was
exported. Other related table events include: workflows.user.table.create,
workflows.user.table.delete, workflows.user.table.update,
workflows.user.table.view, workflows.user.table.import,
workflows.user.table.export, and workflows.user.table.schema.import. This event
fires when a user exports a folder that contains a table.
workflows
Since: 2023.06.1
WORKFLOWS.USER.TABLE.SCHEMA.IMPORT
This event can be used by any admin or security team member to monitor when a
user has imported a table schema into the Workflows platform. The payload
provides information on the user that imported the schema and the table that was
created from that schema. Other related table events include:
workflows.user.table.create, workflows.user.table.delete,
workflows.user.table.update, workflows.user.table.view,
workflows.user.table.import, workflows.user.table.export, and
workflows.user.table.schema.export. This event fires when a user imports a
folder that contains a table.
workflows
Since: 2023.06.1
WORKFLOWS.USER.TABLE.UPDATE
This event can be used by any admin or security team member to monitor when a
user updates a table's schema on the Workflows platform. The target fields
provide information on the user that updated the table and the table itself.
Other table lifecycle events include workflows.user.table.view,
workflows.user.table.create, and workflows.user.table.delete. Note that this
event does not include information about what was updated, only that the table
name or columns were modified. It does not fire when the table data itself is
updated.
workflows
Since: 2021.02.1
WORKFLOWS.USER.TABLE.VIEW
This event can be used by any admin or security team member to monitor the
viewing of table data in the Workflows platform. The target fields provide
information on the user that viewed the table and which table was viewed. Other
table lifecycle events include: workflows.user.table.create,
workflows.user.table.update, and workflows.user.table.delete. Note that this
event only fires when a user manually accesses a table. It does not fire when
table data is accessed using the Workflows Table functions.
workflows
Since: 2021.02.1
ZONE.ACTIVATE
Legacy event types: zone.activate
Network zone activate.
network-zone
Since: 2017.49
ZONE.CREATE
Legacy event types: zone.create
Network zone create.
network-zone
Since: 2017.49
ZONE.DEACTIVATE
Legacy event types: zone.deactivate
Network zone deactivate.
network-zone
Since: 2017.49
ZONE.DELETE
Legacy event types: zone.delete
Network zone delete.
network-zone
Since: 2017.49
ZONE.MAKE_BLACKLIST
Legacy event types: zone.make_blacklist
Network zone mark as blacklist.
network-zone
Since: 2017.49
ZONE.REMOVE_BLACKLIST
Legacy event types: zone.remove_blacklist
Network zone unmark as blacklist.
network-zone
Since: 2017.49
ZONE.UPDATE
Legacy event types: zone.update
Network zone update.
network-zone
Since: 2017.49
Edit This Page On GitHub
On this page
* Catalog
ADDITIONAL LINKS
Questions? Ask us on the forum.
*
*
*
*
CONTACT & LEGAL
* Contact our team
* Contact sales
* Developer Service terms
* Site terms
* Privacy policy
* Copyright & trademarks
MORE INFORMATION
* Integrate with Okta
* Pricing
* 3rd-party notes
* Customer Identity Cloud
OKTA.COM Products, case studies, resources
HELP CENTER Knowledgebase, roadmaps, and more
TRUST System status, security, compliance
Copyright © 2023 Okta. All rights reserved.
Feedback
We use cookies to ensure you get the best experience on our website, to help us
understand our marketing efforts, and to reach potential customers across the
web. You can learn more by viewing our privacy policy.
Cookies Settings Reject All Cookies Accept All Cookies
PRIVACY PREFERENCE CENTER
YOUR PRIVACY
YOUR PRIVACY
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
* STRICTLY NECESSARY COOKIES
STRICTLY NECESSARY COOKIES
Always Active
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be
switched off in our systems. They are usually only set in response to actions
made by you which amount to a request for services, such as setting your
privacy preferences, logging in or filling in forms. You can set your
browser to block or alert you about these cookies, but some parts of the site
will not then work. These cookies do not store any personally identifiable
information.
* PERFORMANCE COOKIES
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure
and improve the performance of our site. They help us to know which pages are
the most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If
you do not allow these cookies we will not know when you have visited our
site, and will not be able to monitor its performance.
* FUNCTIONAL COOKIES
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies
then some or all of these services may not function properly.
* TARGETING COOKIES
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They
may be used by those companies to build a profile of your interests and show
you relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Back Button
ADVERTISING COOKIES
Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts
Select All
Clear Filters
Information storage and access
Apply
Confirm My Choices Allow All Cookies