SSF Receiver

This feature is only available with Identity Threat Protection in Identity Engine.

Okta uses the Shared Signals Framework (SSF) to receive security-related events and other data-subject signals from third-party security vendors. In this scenario, commonly used terms for third-party vendors that send signals are "transmitters", Okta is the "receiver", and the connection between the two entities is referred to as a "stream."

The SSF Receiver API allows you to manage SSF vendor stream configurations between the transmitter and Okta. A stream is configured by creating a Security Events Provider object in your Okta org. You can create a Security Events Provider object in Okta with a published well-known URL or an issuer-and-JWKS combination.

After the Security Events Provider object is created for a transmitter, the provider can use the SSF Security Event Tokens API to publish events to Okta. While the SSF allows ingestion through push and poll-based operations, Okta currently supports only push-based operations.

List all security events providers
Identity Engine
OAuth 2.0: okta.securityEventsProviders.read

Lists all Security Events Provider instances

Responses
200

OK

401

Unauthorized

403

Forbidden

429

Too Many Requests

get/api/v1/security-events-providers
Request samples
Response samples
application/json
[]

Create a security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.manage

Creates a Security Events Provider instance

Request
Request Body schema: application/json
required
name
required
string <= 100 characters

The name of the Security Events Provider instance

required
Provider with well-known URL setting (object) or Provider with issuer and JWKS settings (object)

Information about the Security Events Provider for signal ingestion

One of:

Security Events Provider with well-known URL setting

well_known_url
required
string <url> <= 1000 characters

The published well-known URL of the Security Events Provider (the SSF transmitter)

type
required
string <= 255 characters

The application type of the Security Events Provider

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

429

Too Many Requests

post/api/v1/security-events-providers
Request samples
application/json
{}
Response samples
application/json
{}

Retrieve the security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.read

Retrieves the Security Events Provider instance specified by id

Request
path Parameters
securityEventProviderId
required
string

id of the Security Events Provider instance

Example: sse1qg25RpusjUP6m0g5
Responses
200

OK

401

Unauthorized

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/security-events-providers/{securityEventProviderId}
Request samples
Response samples
application/json
{}

Replace a security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.manage

Replaces a Security Events Provider instance specified by id

Request
path Parameters
securityEventProviderId
required
string

id of the Security Events Provider instance

Example: sse1qg25RpusjUP6m0g5
Request Body schema: application/json
required
name
required
string <= 100 characters

The name of the Security Events Provider instance

required
Provider with well-known URL setting (object) or Provider with issuer and JWKS settings (object)

Information about the Security Events Provider for signal ingestion

One of:

Security Events Provider with well-known URL setting

well_known_url
required
string <url> <= 1000 characters

The published well-known URL of the Security Events Provider (the SSF transmitter)

type
required
string <= 255 characters

The application type of the Security Events Provider

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/security-events-providers/{securityEventProviderId}
Request samples
application/json
{}
Response samples
application/json
{}

Delete a security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.manage

Deletes a Security Events Provider instance specified by id

Request
path Parameters
securityEventProviderId
required
string

id of the Security Events Provider instance

Example: sse1qg25RpusjUP6m0g5
Responses
204

No Content

401

Unauthorized

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/security-events-providers/{securityEventProviderId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000011",
  • "errorSummary": "Invalid token provided",
  • "errorLink": "E0000011",
  • "errorId": "sampleQPivGUj_ND5v78vbYWW",
  • "errorCauses": [ ]
}

Activate a security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.manage

Activates a Security Events Provider instance by setting its status to ACTIVE. This operation resumes the flow of events from the Security Events Provider to Okta.

Request
path Parameters
securityEventProviderId
required
string

id of the Security Events Provider instance

Example: sse1qg25RpusjUP6m0g5
Responses
200

OK

401

Unauthorized

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/security-events-providers/{securityEventProviderId}/lifecycle/activate
Request samples
Response samples
application/json
{}

Deactivate a security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.manage

Deactivates a Security Events Provider instance by setting its status to INACTIVE. This operation stops the flow of events from the Security Events Provider to Okta.

Request
path Parameters
securityEventProviderId
required
string

id of the Security Events Provider instance

Example: sse1qg25RpusjUP6m0g5
Responses
200

OK

401

Unauthorized

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/security-events-providers/{securityEventProviderId}/lifecycle/deactivate
Request samples
Response samples
application/json
{}