SSF Security Event Tokens

Note: This is an EA release feature that's currently available to a selected audience. This feature is only available as a part of Okta Identity Engine. Your Okta org needs to have the SSF Security Event Tokens API feature enabled. Contact your Okta account team to enable this feature.

The Shared Signals Framework (SSF) Security Event Tokens API allows third-party security event providers to send Security Event Tokens (SETs) to Okta. The provider must be configured in Okta as a Security Events Provider instance before transmitting a SET to Okta. See Create a Security Events Provider. After the token is verified, any appropriate action is performed upon ingestion.

Okta uses the Shared Signals Framework (SSF) defined by the OpenID Shared Signals and Events Framework specification. A risk signal is ingested as a Security Event Token (SET), a type of JSON Web Token (JWT) that must comply with the SET standard: RFC 8417 - Security Event Token(SET). The System Log event is created when a SET is published to Okta successfully.

Publish a Security Event Token

Publishes a Security Event Token (SET) sent by a Security Events Provider. After the token is verified, Okta ingests the event and performs any appropriate action.

Request Body schema: application/secevent+jwt

The request body is a signed SET, which is a type of JSON Web Token (JWT).

For SET JWT header and body descriptions, see SET JWT header and SET JWT body payload.




Bad Request

Request samples
eyJraWQiOiJzYW1wbGVfa2lkIiwidHlwIjoic2ZXZlbnQra ... mrtmw
Response samples
  • "description": "Invalid payload in security event token, cannot convert to json",
  • "err": "authentication_failed"