SSF Receiver

This is a feature of Identity Threat Protection with Okta AI. It's also offered with limited support to orgs with Adaptive MFA enabled, where you must be directly assigned the super admin role to perform tasks.

Okta uses the Shared Signals Framework (SSF) to receive security-related events and other data-subject signals from third-party security vendors. In this scenario, commonly used terms for third-party vendors that send signals are "transmitters", Okta is the "receiver", and the connection between the two entities is referred to as a "stream."

The SSF Receiver API allows you to manage SSF vendor stream configurations between the transmitter and Okta. A stream is configured by creating a Security Events Provider object in your Okta org. You can create a Security Events Provider object in Okta with a published well-known URL or an issuer-and-JWKS combination.

After the Security Events Provider object is created for a transmitter, the provider can use the SSF Security Event Tokens API to publish events to Okta. While the SSF allows ingestion through push and poll-based operations, Okta currently supports only push-based operations.

List all security events providers
Identity Engine
OAuth 2.0: okta.securityEventsProviders.read

Lists all Security Events Provider instances

Responses
200

OK

401

Unauthorized

403

Forbidden

429

Too Many Requests

get/api/v1/security-events-providers
Request samples 
Response samples 
application/json
[]
Create a security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.manage
Creates a Security Events Provider instance


Request 
Request Body schema: application/json
required
name
required
string  <= 100 characters 
The name of the Security Events Provider instance


 
required
Provider with well-known URL setting (object) or Provider with issuer and JWKS settings (object)
Information about the Security Events Provider for signal ingestion


 
One of:
Security Events Provider with well-known URL setting


well_known_url
required
string <url>   <= 1000 characters 
The published well-known URL of the Security Events Provider (the SSF transmitter)


 
type
required
string  <= 255 characters 
The application type of the Security Events Provider


 
Responses 
200
OK


400
Bad Request


401
Unauthorized


403
Forbidden


429
Too Many Requests


post/api/v1/security-events-providers
Request samples 
application/json
{}
Response samples 
application/json
{}
Retrieve the security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.read
Retrieves the Security Events Provider instance specified by id


Request 
path Parameters
securityEventProviderId
required
string
id of the Security Events Provider instance


 
 Example:  sse1qg25RpusjUP6m0g5
Responses 
200
OK


401
Unauthorized


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/security-events-providers/{securityEventProviderId}
Request samples 
Response samples 
application/json
{}
Replace a security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.manage
Replaces a Security Events Provider instance specified by id


Request 
path Parameters
securityEventProviderId
required
string
id of the Security Events Provider instance


 
 Example:  sse1qg25RpusjUP6m0g5
Request Body schema: application/json
required
name
required
string  <= 100 characters 
The name of the Security Events Provider instance


 
required
Provider with well-known URL setting (object) or Provider with issuer and JWKS settings (object)
Information about the Security Events Provider for signal ingestion


 
One of:
Security Events Provider with well-known URL setting


well_known_url
required
string <url>   <= 1000 characters 
The published well-known URL of the Security Events Provider (the SSF transmitter)


 
type
required
string  <= 255 characters 
The application type of the Security Events Provider


 
Responses 
200
OK


400
Bad Request


401
Unauthorized


403
Forbidden


404
Not Found


429
Too Many Requests


put/api/v1/security-events-providers/{securityEventProviderId}
Request samples 
application/json
{}
Response samples 
application/json
{}
Delete a security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.manage
Deletes a Security Events Provider instance specified by id


Request 
path Parameters
securityEventProviderId
required
string
id of the Security Events Provider instance


 
 Example:  sse1qg25RpusjUP6m0g5
Responses 
204
No Content


401
Unauthorized


403
Forbidden


404
Not Found


429
Too Many Requests


delete/api/v1/security-events-providers/{securityEventProviderId}
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000011",
  • "errorSummary": "Invalid token provided",
  • "errorLink": "E0000011",
  • "errorId": "sampleQPivGUj_ND5v78vbYWW",
  • "errorCauses": [ ]
}
Activate a security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.manage
Activates a Security Events Provider instance by setting its status to ACTIVE.
This operation resumes the flow of events from the Security Events Provider to Okta.


Request 
path Parameters
securityEventProviderId
required
string
id of the Security Events Provider instance


 
 Example:  sse1qg25RpusjUP6m0g5
Responses 
200
OK


401
Unauthorized


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/security-events-providers/{securityEventProviderId}/lifecycle/activate
Request samples 
Response samples 
application/json
{}
Deactivate a security events provider
Identity Engine
OAuth 2.0: okta.securityEventsProviders.manage
Deactivates a Security Events Provider instance by setting its status to INACTIVE.
This operation stops the flow of events from the Security Events Provider to Okta.


Request 
path Parameters
securityEventProviderId
required
string
id of the Security Events Provider instance


 
 Example:  sse1qg25RpusjUP6m0g5
Responses 
200
OK


401
Unauthorized


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/security-events-providers/{securityEventProviderId}/lifecycle/deactivate
Request samples 
Response samples 
application/json
{}