Edit Page

Event Types

Event types are the primary method of categorization within the Okta eventing platform. They allow consumers to easily group notable system occurrences based on behavior. This resource contains the complete event type catalog of this platform.

Catalog

The following is a full listing of event types used in the System Log API with associated description and related metadata. For migration purposes it also includes a mapping to the equivalent event type in the legacy Events API. The relationship between System Log API and Events API event types is generally one-to-many. Note that there are currently some System Log API event types which do not have an Events API equivalent.

Important: In the future the Events API will not be tracking new event types added to the System Log API. For this reason we highly recommend migrating to the System Log API.

Found 592 matches

app.access_request.approver.approve

Legacy event types: app.access_request.approver.approve

Request to access an app was approved by a administrator defined approver.

app-instance-request
Since: 2017.43

app.access_request.approver.deny

Legacy event types: app.access_request.approver.deny

Request to access an app was denied by a administrator defined approver.

app-instance-request
Since: 2017.43

app.access_request.delete

Legacy event types: app.access_request.delete

Request to access an app was deleted by an administrator.

app-instance-request
Since: 2017.43

app.access_request.deny

Legacy event types: app.access_request.deny

Request to access an app was denied after at least one approver denied the request.

app-instance-request
Since: 2017.43

app.access_request.expire

Legacy event types: app.access_request.expire

Request to access an app expired by the system due to lack of approver action.

app-instance-request
Since: 2017.43

app.access_request.grant

Legacy event types: app.access_request.grant

Request to access an app was granted after all approvers approved the request.

app-instance-request
Since: 2017.43

app.access_request.request

Legacy event types: app.access_request.request

Request to access an app was performed by a user.

app-instance-request
Since: 2017.43

app.ad.api.user_import.account_locked

Legacy event types: app.ad.api.user_import.account_locked

Active Directory user account set to locked following profile update: user is locked in active directory.

ad-app
Since: 2016.10

app.ad.api.user_import.warn.skipped_contact.attribute_invalid_value

Legacy event types: app.ad.api.user_import.warn.skipped_contact.attribute_invalid_value

Skipping import of contact due to invalid attribute. Please consult with your Active Directory admin if you believe this contact should be imported.

ad-app
Since: 2015.47

app.ad.api.user_import.warn.skipped_user.attribute_invalid_value

Legacy event types: app.ad.api.user_import.warn.skipped_user.attribute_invalid_value

Skipping import of user due to an invalid AD attribute.

ad-app
Since: 2015.47

app.ad.api.user_import.warn.skipped_user.missing_required_attribute

Skipping import of user due to a required AD attribute being null.

ad-app
Since: 2011.01

app.app_instance.csr.generate

Legacy event types: app.app_instance.csr.generate

Certificate signing request (CSR) generated.

app
Since: 2017.15

app.app_instance.csr.publish

Legacy event types: app.app_instance.csr.publish

Certificate signing request (CSR) published.

app
Since: 2017.15

app.app_instance.csr.revoke

Legacy event types: app.app_instance.csr.revoke

Certificate signing request (CSR) revoked.

app
Since: 2017.15

app.audit_report.download

Legacy event types: app.audit_report.download

Application access report downloaded.

app
Since: 2017.52

app.audit_report.download.local.active

Legacy event types: app.audit_report.download.local.active

Application access report downloaded.

app
Since: 2017.52

app.audit_report.download.local.deprov

Legacy event types: app.audit_report.download.local.deprov

Recent unassignments report downloaded.

app
Since: 2017.52

app.audit_report.download.rogue.report

Legacy event types: app.audit_report.download.rogue.report

Rogue report downloaded.

app
Since: 2017.52

app.generic.unauth_app_access_attempt

Legacy event types: app.generic.unauth_app_access_attempt

User attempted unauthorized access to app.

app
Since: 2016.06

app.inbound_del_auth.login_success

Legacy event types: app.inbound_del_auth.login_success

Successful inbound delegated authentication request for user.

delegated-auth
Since: 2016.18

app.kerberos_rich_client.account_not_found

Legacy event types: app.kerberos_rich_client.account_not_found

Kerberos based rich client authentication failed: Could not find Office 365 app user for the AD user with principal id.

appkerberos-rich-client
Since: 2017.50

app.kerberos_rich_client.instance_not_found

Legacy event types: app.kerberos_rich_client.instance_not_found

Kerberos based rich client authentication failed: Unknown app instance id.

appkerberos-rich-client
Since: 2017.50

app.kerberos_rich_client.invalid_org

Legacy event types: app.kerberos_rich_client.invalid_org

Kerberos based rich client authentication failed: Invalid org for app instance id.

appkerberos-rich-client
Since: 2017.50

app.kerberos_rich_client.multiple_accounts_found

Legacy event types: app.kerberos_rich_client.multiple_accounts_found

Kerberos based rich client authentication failed: Multiple users with username found.

appkerberos-rich-client
Since: 2017.50

app.kerberos_rich_client.user_authentication_successful

Legacy event types: app.kerberos_rich_client.user_authentication_successful

Kerberos based rich client authentication successful for Office 365 user.

appkerberos-rich-client
Since: 2017.52

app.keys.clone

Legacy event types: app.keys.clone_legacy

Application signing key cloned.

app
Since: 2017.25

app.keys.generate

Legacy event types: app.keys.generate_legacy

New signing key generated.

app
Since: 2017.25

app.keys.rotate

Legacy event types: app.keys.rotate_legacy

Application signing key rotated.

app
Since: 2017.25

app.ldap.password.change.failed

Legacy event types: app.ldap.password.change.failed

Password change failed.

ldap-app
Since: 2014.18

app.oauth2.as.authorize

Legacy event types: app.oauth2.as.authorize_failure

OAuth2 authorization request.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.authorize.code

Legacy event types: app.oauth2.as.authorize.code_success

OAuth2 authorization code request.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.authorize.implicit.access_token

Legacy event types: app.oauth2.as.authorize.implicit.access_token_success

OAuth2 authorization implicit access token request.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.authorize.implicit.id_token

Legacy event types: app.oauth2.as.authorize.implicit.id_token_success

OAuth2 authorization implicit ID token request.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.authorize.scope_denied

Legacy event types: app.oauth2.as.authorize.scope_denied_failure

Some of the requested scopes were denied by the policy.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.consent.grant

Legacy event types: app.oauth2.as.consent.grant_failure, app.oauth2.as.consent.grant_success

Consent granted.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.consent.revoke

Legacy event types: app.oauth2.as.consent.revoke_failure, app.oauth2.as.consent.revoke_success

Consent revoked.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.consent.revoke.implicit.as

Legacy event types: app.oauth2.as.consent.revoke.implicit.as_success

All consent revoked for authorization server.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.consent.revoke.implicit.client

Legacy event types: app.oauth2.as.consent.revoke.implicit.client_success

All consent revoked for client.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.consent.revoke.implicit.scope

Legacy event types: app.oauth2.as.consent.revoke.implicit.scope_success

All consent revoked for scope.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.consent.revoke.implicit.user

Legacy event types: app.oauth2.as.consent.revoke.implicit.user_success

Consent for all scopes revoked for user.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.consent.revoke.user

Legacy event types: app.oauth2.as.consent.revoke.user_failure, app.oauth2.as.consent.revoke.user_success

All consent revoked for user.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.consent.revoke.user.client

Legacy event types: app.oauth2.as.consent.revoke.user.client_failure, app.oauth2.as.consent.revoke.user.client_success

User consent revoked for client.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.evaluate.claim

Legacy event types: app.oauth2.as.evaluate.claim_failure

Claim evaluation for OAuth2 token.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.key.rollover

Legacy event types: app.oauth2.as.key.rollover.legacy

Custom Authorization Server token signing key rolled over.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.token.grant

Legacy event types: app.oauth2.as.token.grant_failure

OAuth2 token request.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.token.grant.access_token

Legacy event types: app.oauth2.as.token.grant.access_token_success

OAuth2 access token is granted.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.token.grant.id_token

Legacy event types: app.oauth2.as.token.grant.id_token_success

OAuth2 id token is granted.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.token.grant.refresh_token

Legacy event types: app.oauth2.as.token.grant.refresh_token_success

OAuth2 refresh token is granted.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.as.token.revoke

Legacy event types: app.oauth2.as.token.revoke_failure, app.oauth2.as.token.revoke_success

OAuth2 token revocation request.

oauth2oauth2-as-runtimeoauth2-custom-as
Since: 2016.14

app.oauth2.authorize

Legacy event types: app.oauth2.authorize_failure

OIDC authorization request.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.authorize.code

Legacy event types: app.oauth2.authorize.code_success

OIDC authorization code request.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.authorize.implicit.access_token

Legacy event types: app.oauth2.authorize.implicit.access_token_success

OIDC authorization implicit access token request.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.authorize.implicit.id_token

Legacy event types: app.oauth2.authorize.implicit.id_token_success

OIDC authorization implicit ID token request.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.client.lifecycle.activate

Legacy event types: app.oauth2.client.lifecycle.activate

Activate OAuth client.

oauth2oauth2-clientoauth2-client-lifecycle
Since: 2017.24

app.oauth2.client.lifecycle.create

Legacy event types: app.oauth2.client.lifecycle.create

Create OAuth client.

oauth2oauth2-clientoauth2-client-lifecycle
Since: 2017.24

app.oauth2.client.lifecycle.deactivate

Legacy event types: app.oauth2.client.lifecycle.deactivate

Deactivate OAuth client.

oauth2oauth2-clientoauth2-client-lifecycle
Since: 2017.24

app.oauth2.client.lifecycle.delete

Legacy event types: app.oauth2.client.lifecycle.delete

Delete OAuth client.

oauth2oauth2-clientoauth2-client-lifecycle
Since: 2017.24

app.oauth2.client.lifecycle.update

Legacy event types: app.oauth2.client.lifecycle.update

Update OAuth client.

oauth2oauth2-clientoauth2-client-lifecycle
Since: 2017.24

app.oauth2.client_id_rate_limit_warning

Legacy event types: app.oauth2.client_id_rate_limit_warning

Fired when requests from a single client id has consumed majority of an org's rate limit on the OAuth2 endpoint. This event can be used by admins to discover and deactivate a rogue client. The admin is able to manage the client via the Syslog UI. When fired, this event contains information about the responsible client id. As of release, this event is fired when a single client id consumes 90% of an org's OAuth2 rate limit; this threshold is subject to change.

oauth2oauth2-client
Since: 2019.04.2

app.oauth2.invalid_client_credentials

Legacy event types: app.oauth2.invalid_client_credentials_failure

Multiple requests with invalid client credentials for client id.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.invalid_client_ids

Legacy event types: app.oauth2.invalid_client_ids_failure

Multiple requests with invalid client ids.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.key.rollover

Legacy event types: app.oauth2.key.rollover.legacy

Org Authorization Server token signing key rolled over.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.signon

Legacy event types: app.oauth2.signon_failure, app.oauth2.signon_success

User performed OIDC single sign on to app.

oauth2oauth2-client
Since: 2016.14

app.oauth2.token.grant

Legacy event types: app.oauth2.token.grant_failure

OIDC token request.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.token.grant.access_token

Legacy event types: app.oauth2.token.grant.access_token_success

OIDC access token is granted.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.token.grant.id_token

Legacy event types: app.oauth2.token.grant.id_token_success

OIDC id token is granted.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.token.grant.refresh_token

Legacy event types: app.oauth2.token.grant.refresh_token_success

OIDC refresh token is granted.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.token.revoke

Legacy event types: app.oauth2.token.revoke_failure, app.oauth2.token.revoke_success

OIDC token revocation request.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.token.revoke.implicit.as

Legacy event types: app.oauth2.token.revoke.implicit.as_success

Tokens revoked for authorization server.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.token.revoke.implicit.client

Legacy event types: app.oauth2.token.revoke.implicit.client_success

Tokens revoked for client.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.oauth2.token.revoke.implicit.user

Legacy event types: app.oauth2.token.revoke.implicit.user_success

Tokens revoked for user.

oauth2oauth2-as-runtimeoauth2-org-as
Since: 2016.14

app.office365.api.change.domain.federation.success

Legacy event types: app.office365.api.change.domain.federation.success

Successfully updated the domain federation from old settings to new settings.

appoffice365-app
Since: 2017.01

app.office365.api.error.ad.user

Legacy event types: app.office365.api.error.ad.user

User is assigned to more than one instance of Active Directory, could not set Immutable ID.

appoffice365-app
Since: 2017.01

app.office365.api.error.check.user.exists

Legacy event types: app.office365.api.error.check.user.exists

Could not determine status of Office 365 user, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.create.user

Legacy event types: app.office365.api.error.create.user

Could not create user in Office 365, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.deactivate.user

Legacy event types: app.office365.api.error.deactivate.user

Could not deactivate Office 365 user, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.download.custom.objects

Legacy event types: app.office365.api.error.download.custom.objects

Could not download group/role/license data for your Office 365 instance, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.download.groups

Legacy event types: app.office365.api.error.download.groups

Could not download all groups from your Office 365 instance, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.download.users

Legacy event types: app.office365.api.error.download.users

Could not download all users from your Office 365 instance, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.endpoint.unavailable

Legacy event types: app.office365.api.error.endpoint.unavailable

Unable to reach the Office 365 endpoint.

appoffice365-app
Since: 2017.01

app.office365.api.error.get.company.dirsync.failure

Legacy event types: app.office365.api.error.get.company.dirsync.failure

Unable to read Office 365 directory sync for the company, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.get.company.dirsync.status.failure

Legacy event types: app.office365.api.error.get.company.dirsync.status.failure

Unable to provision user to Office 365, because 'Directory Sync' value in Azure Active Directory is unsupported. Please visit the Azure Active Directory portal and set 'Directory Sync' state to Activated and retry.

appoffice365-app
Since: 2017.01

app.office365.api.error.get.company.dirsync.status.pending

Legacy event types: app.office365.api.error.get.company.dirsync.status.pending

Unable to provision user to Office 365, because 'Directory Sync' value in Azure Active Directory not yet in Activated state. This may take up to 72 hours. Please visit the Azure Active Directory portal and retry when in Activated state.

appoffice365-app
Since: 2017.01

app.office365.api.error.get.object.ids.by.group.id

Legacy event types: app.office365.api.error.get.object.ids.by.group.id

Could not get users by group id from your Office 365 instance, received error.

office365-app
Since: 2018.37

app.office365.api.error.group.create.failure

Legacy event types: app.office365.api.error.group.create.failure

Could not create Office 365 group, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.group.create.failure.name.in.use

Legacy event types: app.office365.api.error.group.create.failure.name.in.use

Could not create Office 365 group because the name is already in use, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.group.delete.failure

Legacy event types: app.office365.api.error.group.delete.failure

Could not delete Office 365 group, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.group.membership.update.assignment.failure

Legacy event types: app.office365.api.error.group.membership.update.assignment.failure

Could not update the Office 365 group membership because of an error assigning a user to the group, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.group.membership.update.failure

Legacy event types: app.office365.api.error.group.membership.update.failure

Could not update the Office 365 group membership, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.group.membership.update.group.not.found.failure

Legacy event types: app.office365.api.error.group.membership.update.group.not.found.failure

Could not update the Office 365 group membership because the group could not be found, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.group.membership.update.removal.failure

Legacy event types: app.office365.api.error.group.membership.update.removal.failure

Could not update the Office 365 group membership because of an error removing a user from the group, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.group.update.failure

Legacy event types: app.office365.api.error.group.update.failure

Could not update Office 365 group, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.group.update.failure.not.found

Legacy event types: app.office365.api.error.group.update.failure.not.found

Could not update Office 365 group because it was not found, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.import.profile

Legacy event types: app.office365.api.error.import.profile

Could not import profile for Office 365 user, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.import.profile.photo

Legacy event types: app.office365.api.error.import.profile.photo

Could not import profile photo for Office 365 user, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.no.endpoints.found

Legacy event types: app.office365.api.error.no.endpoints.found

No Office 365 endpoint found to send our request.

appoffice365-app
Since: 2017.01

app.office365.api.error.push.password

Legacy event types: app.office365.api.error.push.password

Could not push password for Office 365 user, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.push.profile

Legacy event types: app.office365.api.error.push.profile

Could not push profile for Office 365 user, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.push.profile.object

Legacy event types: app.office365.api.error.push.profile.object

Could not sync object for Office 365 user, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.reactivate.user

Legacy event types: app.office365.api.error.reactivate.user

Could not reactivate Office 365 user, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.remove.domain.federation.failure

Legacy event types: app.office365.api.error.remove.domain.federation.failure

Unable to remove the domain federation, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.remove.domain.federation.failure.access.denied

Legacy event types: app.office365.api.error.remove.domain.federation.failure.access.denied

Unable to remove the domain federation because the admin user is not authorized to perform the task.

appoffice365-app
Since: 2017.01

app.office365.api.error.remove.domain.federation.failure.domain.not.found

Legacy event types: app.office365.api.error.remove.domain.federation.failure.domain.not.found

Unable to remove the domain federation because the specified domain was not found.

appoffice365-app
Since: 2017.01

app.office365.api.error.revoke.refresh.token

Legacy event types: app.office365.api.error.revoke.refresh.token

Failed to revoke refresh tokens for user.

appoffice365-app
Since: 2017.01

app.office365.api.error.set.company.dirsync.failure

Legacy event types: app.office365.api.error.set.company.dirsync.failure

Unable to enable Office 365 directory sync for the company, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.set.company.dirsync.status.failure

Legacy event types: app.office365.api.error.set.company.dirsync.status.failure

Unable to enable Office 365 directory sync for the company, because 'Directory Sync' value in Azure Active Directory is unsupported. Please visit the Azure Active Directory portal and set 'Directory Sync' state to Activated.

appoffice365-app
Since: 2017.01

app.office365.api.error.set.domain.federation.failure

Legacy event types: app.office365.api.error.set.domain.federation.failure

Unable to setup the domain federation, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.set.domain.federation.failure.access.denied

Legacy event types: app.office365.api.error.set.domain.federation.failure.access.denied

Unable to setup the domain federation because the admin user is not authorized to perform the task.

appoffice365-app
Since: 2017.01

app.office365.api.error.set.domain.federation.failure.domain.default

Legacy event types: app.office365.api.error.set.domain.federation.failure.domain.default

Unable to setup the domain federation because the specified domain is the default domain.

appoffice365-app
Since: 2017.01

app.office365.api.error.set.domain.federation.failure.domain.not.found

Legacy event types: app.office365.api.error.set.domain.federation.failure.domain.not.found

Unable to setup the domain federation because the specified domain was not found.

appoffice365-app
Since: 2017.01

app.office365.api.error.sync.contact

Legacy event types: app.office365.api.error.sync.contact

Failed to sync contact, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.sync.finalize

Legacy event types: app.office365.api.error.sync.finalize

Failed to finalize export to Office 365, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.sync.group

Legacy event types: app.office365.api.error.sync.group

Failed to sync group, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.sync.not.activated

Legacy event types: app.office365.api.error.sync.not.activated

Sync could not execute because Office 365 directory sync for the company not yet Activated. Sync will retry after a period of time.

appoffice365-app
Since: 2017.01

app.office365.api.error.sync.set.attribute

Legacy event types: app.office365.api.error.sync.set.attribute

Failed to set attribute, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.sync.user

Legacy event types: app.office365.api.error.sync.user

Failed to sync user, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.unable.to.create.graph.client

Legacy event types: app.office365.api.error.unable.to.create.graph.client

An error occurred while creating the Azure Active Directory Graph API client. Please try the last operation again. If this error persists, please contact Okta support.

appoffice365-app
Since: 2017.01

app.office365.api.error.validate.admin.creds

Legacy event types: app.office365.api.error.validate.admin.creds

User does not have the Company Administrator role. Please try again with a user which has this role.

appoffice365-app
Since: 2017.01

app.office365.api.error.validate.creds

Legacy event types: app.office365.api.error.validate.creds

Could not validate your Office 365 credentials, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.validate.creds.unknown.exception

Legacy event types: app.office365.api.error.validate.creds.unknown.exception

Could not communicate with Office 365 to validate your credentials, received error.

appoffice365-app
Since: 2017.01

app.office365.api.error.x-ms-forwarded-client-ip-header.absent

Legacy event types: app.office365.api.error.x-ms-forwarded-client-ip-header.absent

X-MS-Forwarded-Client-IP header either empty or not found in the request.

appoffice365-app
Since: 2017.01

app.office365.api.remove.domain.federation.success

Legacy event types: app.office365.api.remove.domain.federation.success

Successfully removed the domain federation.

appoffice365-app
Since: 2017.01

app.office365.api.set.domain.federation.success

Legacy event types: app.office365.api.set.domain.federation.success

Successfully set up the domain federation with new settings.

appoffice365-app
Since: 2017.01

app.office365.api.set.wsfed.configure.type.success

Legacy event types: app.office365.api.set.wsfed.configure.type.success

Successfully updated the domain WS-Federation configuration type.

appoffice365-app
Since: 2017.01

app.office365.api.sync.complete

Legacy event types: app.office365.api.sync.complete

User sync completed.

appoffice365-app
Since: 2017.01

app.office365.api.sync.heartbeat.sent

Legacy event types: app.office365.api.sync.heartbeat.sent

Heartbeat sent to Microsoft Azure Active Directory.

appoffice365-app
Since: 2017.01

app.office365.api.sync.job.complete

Legacy event types: app.office365.api.sync.job.complete

Sync job completed.

appoffice365-app
Since: 2017.01

app.office365.api.sync.job.complete.contact

Legacy event types: app.office365.api.sync.job.complete.contact

Sync job completed.

appoffice365-app
Since: 2017.01

app.office365.api.sync.job.complete.group

Legacy event types: app.office365.api.sync.job.complete.group

Sync job completed.

appoffice365-app
Since: 2017.01

app.office365.api.sync.job.complete.user

Legacy event types: app.office365.api.sync.job.complete.user

Sync job completed.

appoffice365-app
Since: 2017.01

app.office365.clientplatform.conversion.job.processing.app.instance

Legacy event types: app.office365.clientplatform.conversion.job.processing.app.instance

Begin processing client access conversion for app instance.

appoffice365-app
Since: 2017.01

app.office365.clientplatform.conversion.job.skipping.migration

Legacy event types: app.office365.clientplatform.conversion.job.skipping.migration

Skipping migration of client access rules for app instance.

appoffice365-app
Since: 2017.01

app.office365.dirsync.skipping.conflict-object

Legacy event types: app.office365.dirsync.skipping.conflict-object

Skipping sync of conflict object.

appoffice365-app
Since: 2017.01

app.office365.dirsync.skipping.critical-system-object

Legacy event types: app.office365.dirsync.skipping.critical-system-object

Skipping sync of critical system object.

appoffice365-app
Since: 2017.01

app.office365.dirsync.skipping.non-security-group-invalid-mail

Legacy event types: app.office365.dirsync.skipping.non-security-group-invalid-mail

Skipping sync of non security object with invalid mail.

appoffice365-app
Since: 2017.01

app.office365.dirsync.skipping.reserved-attribute-value

Legacy event types: app.office365.dirsync.skipping.reserved-attribute-value

Skipping sync of object with reserved attribute value.

appoffice365-app
Since: 2017.01

app.office365.dirsync.skipping.systemmailbox

Legacy event types: app.office365.dirsync.skipping.systemmailbox

Skipping sync of system mailbox object.

appoffice365-app
Since: 2017.01

app.office365.dirsync.skipping.without-name-and-displayname

Legacy event types: app.office365.dirsync.skipping.without-name-and-displayname

Skipping sync of non security object without name and display name.

appoffice365-app
Since: 2017.01

app.office365.error.importing.user

Legacy event types: app.office365.error.importing.user

An error occurred while importing user.

appoffice365-app
Since: 2017.01

app.office365.graph.api.error.no.mailbox.found

Legacy event types: app.office365.graph.api.error.no.mailbox.found

No MailBox found for Office 365 user.

appoffice365-app
Since: 2017.01

app.office365.graph.api.error.rate-limit.exceeded

Legacy event types: app.office365.graph.api.error.rate-limit.exceeded

Rate limit exceeded for Microsoft Graph.

appoffice365-app
Since: 2017.01

app.office365.graph.api.error.service.principal.creation.failed

Legacy event types: app.office365.graph.api.error.service.principal.creation.failed

Failure while trying to create service principal.

office365-app
Since: 2017.01

app.office365.graph.api.error.service.principal.msgraph.authentication.failure

Legacy event types: app.office365.graph.api.error.service.principal.msgraph.authentication.failure

Failure while trying to create service principal due to a Mircrosoft Graph authentication issue.

office365-app
Since: 2017.01

app.office365.license.conversion.jo.begin.migration.gaas.v1.to.v0

Legacy event types: app.office365.license.conversion.jo.begin.migration.gaas.v1.to.v0

Begin migrating licenses from v1 to v0 for group app assignments during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.begin.downloading.custom.objects

Legacy event types: app.office365.license.conversion.job.begin.downloading.custom.objects

Begin downloading licenses during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.begin.migration.gaas.v0.to.v1

Legacy event types: app.office365.license.conversion.job.begin.migration.gaas.v0.to.v1

Begin migrating licenses from v0 to v1 for group app assignments during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.begin.migration.users.v0.to.v1

Legacy event types: app.office365.license.conversion.job.begin.migration.users.v0.to.v1

Begin migrating licenses from v0 to v1 for app users during Office 365 license conversion. Total App users to be migrated.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.begin.migration.users.v1.to.v0

Legacy event types: app.office365.license.conversion.job.begin.migration.users.v1.to.v0

Begin migrating licenses from v1 to v0 for app users during Office 365 license conversion. Total App users to be migrated.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.download.or.migration.failed

Legacy event types: app.office365.license.conversion.job.download.or.migration.failed

Download of new or migration of existing licenses failed during Office 365 license conversion, received error.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.end.count.migration.gaas.v0.to.v1

Legacy event types: app.office365.license.conversion.job.end.count.migration.gaas.v0.to.v1

End migrating licenses from v0 to v1 for group app assignments during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.end.count.migration.gaas.v1.to.v0

Legacy event types: app.office365.license.conversion.job.end.count.migration.gaas.v1.to.v0

End migrating licenses from v1 to v0 for group app assignments during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.end.count.migration.users.v0.to.v1

Legacy event types: app.office365.license.conversion.job.end.count.migration.users.v0.to.v1

End migrating licenses from v0 to v1 for app users during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.end.count.migration.users.v1.to.v0

Legacy event types: app.office365.license.conversion.job.end.count.migration.users.v1.to.v0

End migrating licenses from v1 to v0 for app users during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.end.downloading.custom.objects

Legacy event types: app.office365.license.conversion.job.end.downloading.custom.objects

End downloading licenses during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.end.migration.gaas.v0.to.v1

Legacy event types: app.office365.license.conversion.job.end.migration.gaas.v0.to.v1

End migrating licenses from v0 to v1 for all group app assignments during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.end.migration.gaas.v1.to.v0

Legacy event types: app.office365.license.conversion.job.end.migration.gaas.v1.to.v0

End migrating licenses from v1 to v0 for all group app assignments during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.end.migration.users.v0.to.v1

Legacy event types: app.office365.license.conversion.job.end.migration.users.v0.to.v1

End migrating licenses from v0 to v1 for all app users during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.end.migration.users.v1.to.v0

Legacy event types: app.office365.license.conversion.job.end.migration.users.v1.to.v0

End migrating licenses from v1 to v0 for all app users during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.migration.gaas.v0.to.v1.failed

Legacy event types: app.office365.license.conversion.job.migration.gaas.v0.to.v1.failed

Migration of licenses from v0 to v1 for group app assignments failed during Office 365 license conversion, received error.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.migration.gaas.v1.to.v0.failed

Legacy event types: app.office365.license.conversion.job.migration.gaas.v1.to.v0.failed

Migration of licenses from v1 to v0 for group app assignments failed during Office 365 license conversion, received error.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.migration.users.v0.to.v1.failed

Legacy event types: app.office365.license.conversion.job.migration.users.v0.to.v1.failed

Migration of licenses from v0 to v1 for app users failed during Office 365 license conversion, received error.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.migration.users.v1.to.v0.failed

Legacy event types: app.office365.license.conversion.job.migration.users.v1.to.v0.failed

Migration of licenses from v1 to v0 for app users failed during Office 365 license conversion, received error.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.no.custom.objects.downloaded

Legacy event types: app.office365.license.conversion.job.no.custom.objects.downloaded

Skipping app during Office 365 license conversion as no custom objects were downloaded.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.processing.app.instance

Legacy event types: app.office365.license.conversion.job.processing.app.instance

Begin processing license conversion for app instance.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.skipping.inactive.app.instance

Legacy event types: app.office365.license.conversion.job.skipping.inactive.app.instance

Skipping app during Office 365 license conversion because of inactive app instance status.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.skipping.migration.gaa.v0.to.v1

Legacy event types: app.office365.license.conversion.job.skipping.migration.gaa.v0.to.v1

Skipping migration of licenses from v0 to v1 for group app assignment during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.skipping.migration.gaa.v1.to.v0

Legacy event types: app.office365.license.conversion.job.skipping.migration.gaa.v1.to.v0

Skipping migration of licenses from v1 to v0 for group app assignment during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.skipping.migration.user.v0.to.v1

Legacy event types: app.office365.license.conversion.job.skipping.migration.user.v0.to.v1

Skipping migration of licenses from v0 to v1 for app user during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.skipping.migration.user.v1.to.v0

Legacy event types: app.office365.license.conversion.job.skipping.migration.user.v1.to.v0

Skipping migration of licenses from v1 to v0 for app user during Office 365 license conversion.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.skipping.missing.creds.app.instance

Legacy event types: app.office365.license.conversion.job.skipping.missing.creds.app.instance

Skipping app during Office 365 license conversion as it does not contain Office 365 admin user credentials.

appoffice365-app
Since: 2017.01

app.office365.license.conversion.job.skipping.no.change.licenses.app.instance

Legacy event types: app.office365.license.conversion.job.skipping.no.change.licenses.app.instance

Skipping app during Office 365 license conversion as it seem to have equivalent licenses, no migration is required.

appoffice365-app
Since: 2017.01

app.office365.service.principal.cleanup.job.complete

Legacy event types: app.office365.service.principal.cleanup.job.complete

End processing Office 365 service principal cleanup.

appoffice365-app
Since: 2017.01

app.office365.service.principal.cleanup.job.invalid.credentials

Legacy event types: app.office365.service.principal.cleanup.job.invalid.credentials

The admin username or password is invalid. Please use the Azure Active Directory cmdlets to execute the command 'Remove-MsolServicePrincipal -AppPrincipalId' to manually cleanup the service principal.

appoffice365-app
Since: 2017.01

app.office365.service.principal.cleanup.job.processing

Legacy event types: app.office365.service.principal.cleanup.job.processing

Begin performing Office 365 service principal cleanup.

appoffice365-app
Since: 2017.01

app.office365.service.principal.cleanup.job.skipping.missing.creds

Legacy event types: app.office365.service.principal.cleanup.job.skipping.missing.creds

Skipping app instance during Office 365 service principal cleanup as it does not contain Office 365 admin user credentials. Please use the Azure Active Directory cmdlets to execute the command 'Remove-MsolServicePrincipal -AppPrincipalId' to manually cleanup the service principal.

appoffice365-app
Since: 2017.01

app.office365.service.principal.cleanup.job.skipping.no.service.principal

Legacy event types: app.office365.service.principal.cleanup.job.skipping.no.service.principal

Skipping app instance during Office 365 service principal cleanup as it does not have a service principal.

appoffice365-app
Since: 2017.01

app.office365.service.principal.cleanup.job.unable.to.delete.service.principal

Legacy event types: app.office365.service.principal.cleanup.job.unable.to.delete.service.principal

Unable to automatically delete the Office 365 service principal. Please use the Azure Active Directory cmdlets to execute the command 'Remove-MsolServicePrincipal -AppPrincipalId' to manually cleanup the service principal.

appoffice365-app
Since: 2017.01

app.office365.user.delete.success

Legacy event types: app.office365.user.delete.success

Successfully deleted the Office 365 user.

appoffice365-app
Since: 2017.01

app.office365.user.lifecycle.action.failed

Legacy event types: app.office365.user.lifecycle.action.failed

Unable to complete app user lifecycle action for AppUser.

appoffice365-app
Since: 2017.01

app.office365.user.remove.licenses.success

Legacy event types: app.office365.user.remove.licenses.success

Successfully removed all the licenses for the Office 365 user.

appoffice365-app
Since: 2017.01

app.radius.agent.listener.failed

Radius agent listener failed.

appradius
Since: 2018.13

app.radius.agent.listener.succeeded

Radius agent listener succeeded.

appradius
Since: 2018.13

app.radius.agent.port_inaccessible

Legacy event types: app.radius.agent.port_inaccessible

Radius agent failed to listen on port.

appradius
Since: 2018.13

app.radius.agent.port_reaccessible

Legacy event types: app.radius.agent.port_reaccessible

Radius agent was able to listen on port again.

appradius
Since: 2018.13

app.realtimesync.import.details.add_user

Legacy event types: app.realtimesync.import.details.add_user

Real time sync added new User.

app
Since: 2014.25

app.realtimesync.import.details.delete_user

Legacy event types: app.realtimesync.import.details.delete_user

Real time sync removed existing User.

app
Since: 2014.25

app.realtimesync.import.details.update_user

Legacy event types: app.realtimesync.import.details.suspend_user, app.realtimesync.import.details.unsuspend_user, app.realtimesync.import.details.update_user

Fired when a real time import includes an update to an existing user. This can be used to see details about the user updates included in a real time sync import. When fired, this event contains information about the type of update made, including whether or not a user was suspend or unsuspended. Related events include: app.realtimesync.import.details_add_user and app.realtimesync.import.details_delete_user.

app
Since: 2014.25

app.rum.config.validation.error

Legacy event types: app.rum.config.validation.error

Error validating instance configuration. Can be used to identify configuration issues with remote user management.

rum
Since: 2018.42

app.rum.is.api.account.error

Legacy event types: app.rum.is.api.account.error

RUM API account is not configured or empty. Can be used to identify RUM API account configuration issues.

rum
Since: 2018.42

app.rum.package.thrown.error

Legacy event types: app.rum.package.thrown.error

Errors during execution. Can be used to identify any errors during execution of remote user management.

rum
Since: 2018.42

app.rum.validation.error

Legacy event types: app.rum.validation.error

Error during package validation. Can be used to identify validation issues with remote user management packages.

rum
Since: 2018.42

app.saml.sensitive.attribute.update

Legacy event types: app.saml.sensitive.attribute.update

Fired when a SAML assertion contains a sensitive attribute, and that sensitive attribute has been updated (modified/added/deleted). This event does not fire when non-sensitive SAML attributes are updated. This can be used to audit that a sensitive attribute attached to an outbound SAML assertion has been correctly modified, added, or deleted. When fired, this event contains the specific attributes that have been modified, added, or deleted to/from the SAML assertion. Related events include: application.lifecycle.update.

appcvd
Since: 2019.01.1

app.user_management

Legacy event types: app.user_management.app_group_member_import.delete_failure, app.user_management.app_group_member_import.delete_success, app.user_management.app_group_member_import.insert_failure, app.user_management.app_group_member_import.insert_success

Imported new or deleted existing member of an application group.

app-user-management
Since: 2016.04

app.user_management.grouppush.mapping.created.from.rule

Legacy event types: app.user_management.grouppush.mapping.created.from.rule

A Group Push mapping to the group has been created from the rule.

app
Since: 2017.51

app.user_management.grouppush.mapping.created.from.rule.error.duplicate

Legacy event types: app.user_management.grouppush.mapping.created.from.rule.error.duplicate

A Group Push mapping to the group did not get created from rule because an existing mapping already existed.

app
Since: 2017.51

app.user_management.grouppush.mapping.created.from.rule.error.validation

Legacy event types: app.user_management.grouppush.mapping.created.from.rule.error.validation

A Group Push mapping to the group did not get created from rule because of the validation error.

app
Since: 2017.51

app.user_management.grouppush.mapping.created.from.rule.errors

Legacy event types: app.user_management.grouppush.mapping.created.from.rule.errors

A Group Push mapping to the group did not get created from rule.

app
Since: 2017.51

app.user_management.grouppush.mapping.okta.users.ignored

Legacy event types: app.user_management.grouppush.mapping.okta.users.ignored

Okta users ignored while pushing group to AppInstance.

appapp-user-management
Since: 2018.03

app.user_management.import.csv.line.error

Legacy event types: app.user_management.import.csv.line.error

Error reading line from CSV.

app
Since: 2017.51

app.user_management.push_new_user_success

Legacy event types: app.user_management.push_new_user_success

Successfully pushed new user account to app.

app
Since: 2017.51

app.user_management.update_from_master_failed

Legacy event types: app.user_management.update_from_master_failed

Could not apply import.

app
Since: 2017.51

app.user_management.user_group_import.create_failure

Legacy event types: app.user_management.user_group_import.create_failure

Failed to create group from app.

appapp-user-management
Since: 2018.03

app.user_management.user_group_import.delete_success

Legacy event types: app.user_management.user_group_import.delete_success

Deleted the group from app.

appapp-user-management
Since: 2018.03

app.user_management.user_group_import.update_failure

Legacy event types: app.user_management.user_group_import.update_failure

Failed to update group from app.

appapp-user-management
Since: 2018.03

app.user_management.user_group_import.upsert_success

Legacy event types: app.user_management.user_group_import.upsert_success

Imported the group from app.

appapp-user-management
Since: 2018.03

application.appuser.mapping.invalid.expression

Legacy event types: application.appuser.mapping.invalid.expression

App user property mapping has invalid expressions. Can be used to identify invalid expressions. Note that a single event is fired for all invalid expressions.

app
Since: 2018.47

application.cache.invalidate

Legacy event types: invalidate_app_list.app.created, invalidate_app_list.app.updated, invalidate_app_list.app_details.updated, invalidate_app_list.metadata.changed

Event fired when a app list cache is invalidated because a new app is created. Can be used to make sure App List cache is invalidated after a new app is created.

invalidate-app-list-cache
Since: 2018.42

application.configuration.detect_error

Legacy event types: app.app_instance.config-error

Application configuration error detected.

app
Since: 2016.13

application.configuration.disable_delauth_outbound

Legacy event types: app.app_instance.outbound_delauth_disabled

Disable delegated authentication for app.

app
Since: 2016.13

application.configuration.disable_fed_broker_mode

Legacy event types: app.generic.config.fed_broker_mode_disabled

Disable Federation Broker Mode for app.

app
Since: 2017.24

application.configuration.enable_delauth_outbound

Legacy event types: app.app_instance.outbound_delauth_enabled

Enable delegated authentication for app.

app
Since: 2016.13

application.configuration.enable_fed_broker_mode

Legacy event types: app.generic.config.fed_broker_mode_enabled

Enable Federation Broker Mode for app.

app
Since: 2017.24

application.configuration.import_schema

Legacy event types: app.api.error.download_app_schema, app.google.user_management.error.download_app_schema, app.jira.api.error.download.server.set.values, app.okta_org2org.user_management.error.download_app_schema, app.okta_org2org.user_management.error.download_user_type, app.okta_org2org.user_management.error.parse_schema, app.okta_org2org.user_management.error.schema.property.not.exist, app.salesforce.user_management.failure.download_user_schema, app.servicenow.api.error.get.costcenters, app.servicenow.api.error.get.departments, app.servicenow.api.error.get.locations, app.servicenow_app2.api.error.get.costcenters, app.servicenow_app2.api.error.get.departments, app.servicenow_app2.api.error.get.locations, app.veeva_vault.api.error.download.custom.objects, app.workday.api.error.user-management-error-download-app-schema

Okta couldn't download application configuration. Can be used to identify when an app schema couldn't be downloaded from a remote application. Event fired when Okta couldn't download application-specific data from a remote app. This may happen when admin updates provisioning details.

app-api
Since: 2017.33
Legacy event types: app.app_instance.logo_reset

Reset app logo.

app
Since: 2016.13

application.configuration.update

Legacy event types: app.api.error.api.validation, app.api.error.download_custom_objects, app.api.error.download_schema_enum_values, app.boxnet.api.error.validate_parent_folder, app.google.user_management.error.download_custom_objects, app.hipchat.api.error.validation, app.jira.api.error.binding, app.jira.api.error.login, app.jira.api.error.logout, app.netsuite.api.error.download_custom_objects, app.rightscale.api.error.validate, app.sendwordnow.api.error.auth, app.workday.api.error.validate, app.zendesk.api.error.role.restriction, verificationFailed

Okta couldn't verify api credentials. Can be used when Okta couldn't check the credentials by execution some custom, application dependent, set of requests. Okta fires this event to notify issues with credentials validation. Could be issues with proper permissions as well.

app-api
Since: 2017.33

application.configuration.update_api_credentials_for_pass_change

Legacy event types: app.user_management.updating_api_credentials_for_password_change

Update API credentials due to user updating password.

app
Since: 2016.13
Legacy event types: app.app_instance.logo_update

Change app logo.

app
Since: 2016.13

application.integration.api_query

Legacy event types: app.hipchat.api.error.query

Unable to query remote API. Can be used to determine when okta fails to query remote application. Okta fires this event for unspecified events which include remote api response processing.

app-api
Since: 2017.33

application.integration.authentication_failure

Legacy event types: app.api.error.auth, app.api.error.oauth.get.token, app.api.error.oauth.refresh.token, app.auth_error.INVALID_CREDENTIALS, app.bigmachines.api.error.connection, app.bigmachines.api.error.login, app.bigmachines.api.error.logout, app.bloomfire.api.error.api.validation, app.bloomfire.sso.error.api_key_empty, app.bloomfire.sso.error.api_key_invalid, app.bloomfire.sso.error.user_not_extracted, app.confluence.api.error.login, app.confluence.api.error.logout, app.cornerstone.api.error.api.validation, app.cornerstone.api.error.init, app.coupa.api.connection.error, app.crashplanpro.api.auth.invalid_login_url, app.crashplanpro.api.invalid_set_of_roles, app.docusign.api.error.no.accounts, app.docusign.api.error.not.account.member, app.dropbox.api.error.validation, app.echosign.api.error.connection, app.egnyte.auth.type.validation.failure, app.egnyte.username.validation.failure, app.evernote_business.api.error.validation, app.gotomeeting.user_management.config.failure.api_login_failure, app.gotomeeting_rest.user_management.config.failure.api_auth_failed, app.netsuite.api.error.auth, app.pagerduty.api.auth.error.invalid.admin.role, app.pagerduty.api.auth.error.invalid.admin.username, app.pagerduty.api.auth.error.invalid.api.key, app.postini.user_management.config.failure.api_login_failed, app.rightscale.api.error.login, app.salesforce.user_management.failure.api_service_not_available, app.salesforce.user_management.failure.general_api_login_failure, app.salesforce.user_management.failure.invalid_api_credentials, app.salesforce.user_management.failure.password_expired, app.servicenow.api.error.validation, app.servicenow_app2.api.error.validation, app.sugarcrm.api.error.login, app.sugarcrm.api.error.logout, app.veeva_vault.api.error.validation, app.yammer.api.error.validation, app.zendesk.api.error.validation.error, github.api.error.empty_oauth_token, github.api.error.not_a_member_of_the_org, github.api.error.not_admin_user

Error authenticating. Can be used when Okta couldn't authenticate with the provided credentials to a remote api. Okta fires this event when it couldn't access a remote api with provided credentials.

app-api
Since: 2017.33

application.integration.general_failure

Legacy event types: app.api.error.generic, app.bloomfire.api.error.generic, app.coupa.api.error, app.crashplanpro.api.rest.unexpected_response_status, app.eqanalyzer.url.encoding, app.exacttarget.api.error.init, app.google.sso.failure.domain_not_found, app.google.sso.failure.invalid_continue_url, app.google.sso.failure.invalid_domain, app.google.sso.failure.relay_state_not_found, app.gotomeeting.user_management.config.failure.api_not_available, app.gotomeeting.user_management.config.failure.api_url_is_malformed, app.gotomeeting_rest.user_management.config.failure.api_not_available, app.rightscale.api.error.idp, app.scim.is.api.account.error, app.sugarcrm.api.error.get.entry.list, app.sugarcrm.api.error.hash.password, app.sugarcrm.api.error.set.entry, app.workday.api.error.bind, huddle.company_id.validation.failure, roambi.api.error.auth.empty.account.response, roambi.api.error.auth.empty.code, roambi.api.error.auth.unexpected.response

Generic error occured. Can be used when there is some uncategorized error occurs. Okta fires this event for different unhandled exceptions.

app-api
Since: 2017.33

application.integration.rate_limit_exceeded

Legacy event types: app.api.error.rate.limit.exceeded, app.boxnet.api.error.rate_limit_exceeded, app.clarizen.api.error.rate_limit.exceeded, app.dropbox.api.error.rateLimit.exceeded, app.egnyte.rate.limiting.exceeded, app.google.user_management.error.rateLimit, app.hipchat.rateLimit.exceeded, app.litmos.import.rate_limit_exceeded, github.api.error.rate_limit.remaining, github.api.error.rate_limit.reset_date, huddle.rate.limit.exceeded

API rate limit exceeded. Can be used when Okta reaches api calls/minute rate limit. Okta fires this event when there are too many requests for a specific customer.

app-api
Since: 2017.33

application.integration.transfer_files

Legacy event types: app.boxnet.api.error.transfer.files

Unable to transfer files. Can be used when Okta fails to transfer files from one user to another. Okta fires this event when it fails to process user-to-user file transfers.

app-api
Since: 2017.33

application.lifecycle.activate

Legacy event types: app.generic.config.app_activated

Activate application.

app
Since: 2016.13

application.lifecycle.create

Legacy event types: app.app_editor.app.create

Create application.

app
Since: 2016.13

application.lifecycle.deactivate

Legacy event types: app.generic.config.app_deactivated

Deactivate application.

app
Since: 2016.13

application.lifecycle.delete

Legacy event types: app.generic.config.app_deleted

Delete application.

app
Since: 2016.13

application.lifecycle.update

Legacy event types: app.app_editor.app.update, app.generic.config.app_updated

Update application.

app
Since: 2016.13

application.policy.sign_on.deny_access

Legacy event types: app.app_instance.sign_on_policy.access_denied

Deny user access due to app sign on policy.

app
Since: 2016.13

application.policy.sign_on.rule.create

Legacy event types: app.app_instance.sign_on_policy.new_rule

Create rule for app sign on policy.

app
Since: 2016.13

application.policy.sign_on.rule.delete

Legacy event types: app.app_instance.sign_on_policy.delete_rule

Delete rule from app sign on policy.

app
Since: 2016.13

application.policy.sign_on.update

Legacy event types: app.app_instance.sign_on_policy.change

Update app sign on policy.

app
Since: 2016.13

application.provision.field_mapping_rule.change

Legacy event types: platform.field_mapping_rule.assign.change, platform.field_mapping_rule.import.change

Event fired when field mapping rules modified. Can be used to make sure when custom mapping rules are modified.

field-mapping-rule-modification
Since: 2018.42

application.provision.group.add

Legacy event types: app.api.error.create.group, app.api.error.upsert_group, app.api.error.upsert_group_duplicate, app.boxnet.api.error.create.group, app.confluence.api.error.create.new.group, app.google.user_management.error.create_group, app.google.user_management.error.create_group_duplicate, app.jira.api.error.create.group, app.jira.api.error.upsert.group, app.samanage.api.error.long_group_name, app.servicenow_app2.api.error.upsert.group

Fired when Okta provisions a new group on a remote application. Can be used to identify when Okta provisions a group on a remote application. Event fired when the group provisioning failed for any reason.

app-api
Since: 2017.33

application.provision.group.import

Legacy event types: app.api.error.download_groups, app.api.error.get_group_by_id, app.boxnet.api.error.download.groups, app.confluence.api.error.parse.groups, app.google.user_management.error.download_groups, app.jira.api.error.download.groups, app.rightscale.api.error.download.groups, app.servicenow_app2.api.error.download.groups, app.workday.api.error.get-groups, app.workday.api.error.parse-groups

Fired when Okta downloads a remote group. Can be used to identify when Okta tries to download remote group details. Event fired when Okta fails to reach the group detail from a remote application.

app-api
Since: 2017.33

application.provision.group.remove

Legacy event types: app.api.error.delete_group, app.boxnet.api.error.delete.group, app.confluence.api.error.remove.group, app.google.user_management.error.delete_group, app.jira.api.error.delete.group, app.servicenow_app2.api.error.delete.group

Fired when Okta removes a remote group. Can be used to identify when a group has been unassigned. Event fired when Okta failed to delete group from remote application.

app-api
Since: 2017.33

application.provision.group.update

Legacy event types: app.api.error.group_name_long_length, app.api.error.update.group, app.boxnet.api.error.update.group, app.clarizen.api.error.update_group, app.google.user_management.error.update_group, app.jira.api.error.update.group

Fired when Okta updates the user group. Can be used to identify when a group has been updated. Event fired when Okta fails to update a remote group for any reason.

app-api
Since: 2017.33

application.provision.group.verify_exists

Legacy event types: app.api.error.check_group_exists, app.api.error.group.more_than_one_with_same_id, app.api.error.group.not_found, app.boxnet.api.error.check_group_exists, app.confluence.api.error.check.group.exists, app.google.user_management.error.check_group_exists, app.google.user_management.error.check_group_exists.invalid_domain, app.jira.api.error.check.group.exists, app.servicenow_app2.api.warn.upsert.group

Fired when group no longer exists on a remote application. Can be used to identify when a group no longer exists on a remote application. Event fired when group push enhancement enabled and there is no group found on update or delete.

app-api
Since: 2017.33

application.provision.group_membership.add

Legacy event types: app.api.error.add_group_membership, app.boxnet.api.error.push.groups_set, app.confluence.api.error.add.user.to.group, app.google.user_management.error.add_member_to_group, app.servicenow_app2.api.error.add.group.memberships

Failed to assign a user to a group. Can be used when Okta failed to assign user to a group on remote application. Okta fires this event if there are any issues while provision a membership to a remote application.

app-api
Since: 2017.33

application.provision.group_membership.import

Legacy event types: app.api.error.download_memberships, app.boxnet.api.error.download.group_users, app.google.user_management.error.download_group_members, app.servicenow_app2.api.error.download.group.memberships, app.workday.api.error.get-group-assignments, app.workday.api.error.parse-group-assignments

Error while downloading memberships. Can be used when Okta failed to download users and groups relationships. Okta fires this event if there are any issues while importing a membership from a remote application.

app-api
Since: 2017.33

application.provision.group_membership.remove

Legacy event types: app.api.error.remove_group_membership, app.boxnet.api.error.push.remove_from_groups, app.confluence.api.error.remove.user.to.group, app.google.user_management.error.remove_member_from_group, app.servicenow_app2.api.error.delete.group.memberships

Fired when there is an error while removing user(s) from group. Can be used when Okta failed to unassign user from a group on remote application. Okta fires this event when there are any issues while provision a membership to a remote application.

app-api
Since: 2017.33

application.provision.group_membership.update

Legacy event types: app.api.error.update_group_membership, app.jira.api.error.update.group.membership, app.salesforce.user_management.failure.add_user_to_public_group, app.salesforce.user_management.failure.remove_user_from_public_group

Fired when there is an error while updating user group membership for group. Can be used when Okta failed to push updated memberships to a remote application. Okta fires this event when couldn't update memberships on a remote application. Could be user removal/addition.

app-api
Since: 2017.33

application.provision.group_membership.verify_exists

Verify group membership exists in a external application. Can be used when Okta failed to verify membership exists on a remote application. There is no actual implementations yet.

app-api
Since: 2017.33

application.provision.group_push.activate_mapping

Legacy event types: platform.group_push.activate_mapping

Group push activated mappings.

app
Since: 2017.29

application.provision.group_push.delete_appgroup

Legacy event types: platform.group_push.delete_appgroup

Group push deleted application group.

app
Since: 2017.29

application.provision.group_push.mapping.and.groups.deleted.rule.deleted

Legacy event types: app.user_management.grouppush.mapping.and.groups.deleted.rule.deleted

An existing mapping and its target groups have been deleted because a mapping rule was deleted.

app
Since: 2017.29

application.provision.group_push.mapping.app.group.renamed

Legacy event types: app.user_management.grouppush.mapping.app.group.renamed

A mapped app group has been renamed because the source group was renamed.

app
Since: 2017.29

application.provision.group_push.mapping.app.group.renamed.failed

Legacy event types: app.user_management.grouppush.mapping.app.group.renamed.failed

A mapped app group couldn't be renamed when the source group was renamed.

app
Since: 2017.29

application.provision.group_push.mapping.created

Legacy event types: app.user_management.grouppush.mapping.created

A new mapping has been created.

app
Since: 2017.29

application.provision.group_push.mapping.created.from.rule.warning.duplicate.name

Legacy event types: app.user_management.grouppush.mapping.created.from.rule.warning.duplicate.name

A new mapping from a rule was not created due to a duplicate group name.

app
Since: 2017.29

application.provision.group_push.mapping.created.from.rule.warning.duplicate.name.tobecreated

Legacy event types: app.user_management.grouppush.mapping.created.from.rule.warning.duplicate.name.tobecreated

A new mapping from a rule was not created due to another mapping will be created that has the same user group name.

app
Since: 2017.29

application.provision.group_push.mapping.created.from.rule.warning.upsertGroup.duplicate.name

Legacy event types: app.user_management.grouppush.mapping.created.from.rule.warning.upsertGroup.duplicate.name

An upsert to a group caused group push rule re-evaluation. A new mapping from a rule was not created due to a duplicate group name.

app
Since: 2017.29

application.provision.group_push.mapping.deactivated.source.group.renamed

Legacy event types: app.user_management.grouppush.mapping.deactivated.source.group.renamed

An existing mapping has been deactivated because the source group was renamed.

app
Since: 2017.29

application.provision.group_push.mapping.deactivated.source.group.renamed.failed

Legacy event types: app.user_management.grouppush.mapping.deactivated.source.group.renamed.failed

An existing mapping couldn't be deactivated when the source group was renamed.

app
Since: 2017.29

application.provision.group_push.mapping.update.or.delete.failed

Legacy event types: app.user_management.grouppush.mapping.update.or.delete.failed

Failed to push mapping changes due to an exception.

app
Since: 2017.29

application.provision.group_push.mapping.update.or.delete.failed.with.error

Legacy event types: app.user_management.grouppush.mapping.update.or.delete.failed.with.error

Failed to push mapping changes due to user exception.

app
Since: 2017.29

application.provision.group_push.push_memberships

Legacy event types: platform.group_push.push_memberships

Group push pushed memberships.

app
Since: 2017.29

application.provision.group_push.pushed

Legacy event types: app.user_management.grouppush.pushed

A group was pushed to an app.

app
Since: 2017.29

application.provision.group_push.removed

Legacy event types: app.user_management.grouppush.removed

A group was removed from an app.

app
Since: 2017.29

application.provision.group_push.updated

Legacy event types: app.user_management.grouppush.updated

A group was updated in an app.

app
Since: 2017.29

application.provision.integration.call_api

Legacy event types: app.amazon_aws.api.error.get.roles, app.rum.execution.security.exception, app.rum.execution.standard.attributes.exception, app.rum.failure.timeout.reschedule

Application integration API called.

app-api
Since: 2016.15

application.provision.user.activate

Legacy event types: app.api.error.activate_user, app.user_management.activate_user

Activate user's application membership.

app-api
Since: 2016.14

application.provision.user.deactivate

Legacy event types: app.api.error.deactivate_user, app.bigmachines.api.error.deactivate, app.boxnet.api.error.deactivate_user, app.clarizen.api.error.entity.not_found, app.confluence.api.error.deactivate.user, app.confluence.api.error.remove.user, app.cornerstone.api.error.api.deactivate_user, app.dropbox.api.error.deactivation, app.evernote_business.api.error.deactivation, app.exacttarget.api.error.deactivate_user, app.google.user_management.error.deactivate_user, app.hipchat.api.error.deactivation, app.netsuite.api.error.deactivate_user, app.pagerduty.api.deactivate.user.unexpected.status, app.servicenow.api.error.deactivate.user, app.servicenow_app2.api.error.deactivate.user, app.sugarcrm.api.error.deactivate.user, app.user_management.deactivate_user, app.user_management.deactivate_user.api_account, app.veeva_vault.api.error.deactivate.user, app.yammer.api.error.deactivation, roambi.api.error.deactivate_user.confirmation

Push user deactivation to external application.

app-api
Since: 2016.14

application.provision.user.deprovision

Legacy event types: app.user_management.deprovision_task_complete

Deprovision user from external application.

app
Since: 2016.14

application.provision.user.import

Legacy event types: app.api.error.download_users, app.bloomfire.api.error.download_users, app.boxnet.api.error.download.users, app.confluence.api.error.download.users, app.dropbox.api.error.download.users, app.echosign.api.error.download.users, app.exacttarget.api.error.download_users, app.google.user_management.error.download_org_units, app.google.user_management.error.download_users, app.gotomeeting.user_management.config.failure.user_import, app.gotomeeting_rest.user_management.config.failure.user_import, app.hipchat.api.error.download.users, app.jira.api.error.download.users, app.netsuite.api.error.download_users, app.postini.user_management.failure.download_users, app.rightscale.api.error.download.users, app.salesforce.user_management.failure.user_import, app.sendwordnow.api.error.service, app.servicenow.api.error.download.users, app.servicenow_app2.api.error.download.users, app.sugarcrm.api.error.download.users, app.veeva_vault.api.error.download.users, app.workday.api.error.connect-custom-report, app.workday.api.error.custom-report-unknown-failure, app.workday.api.error.get-locations, app.workday.api.error.get-tx-logs, app.workday.api.error.get-worker-by-username, app.workday.api.error.get-workers, app.workday.api.error.parse-custom-report, app.workday.api.error.parse-workers, app.workday.api.error.timezone-deactivations-processing-errors, app.workday.api.error.universal-directory-setup-error, app.workday.api.get-custom-report-data-empty, app.yammer.api.error.download.users, gooddata.api.error.project.access.forbidden

Deactivate user from external application.

app-api
Since: 2017.33

application.provision.user.import_profile

Legacy event types: app.api.error.import_user_by_id, app.api.error.import_user_profile, app.bigmachines.api.error.import, app.boxnet.api.error.import.user.profile, app.confluence.api.error.convert.remote.user.to.app.user, app.confluence.api.error.get.user, app.confluence.api.error.get.user.groups, app.confluence.api.error.import.user.profile, app.cornerstone.api.error.api.import_profile, app.crashplanpro.api.user_not_found, app.docusign.api.error.import.inactive.user, app.docusign.api.error.import.permission.profile, app.dropbox.api.error.import.profile, app.dropbox.api.error.query, app.echosign.api.error.import.profile, app.exacttarget.api.error.import_user_profile, app.google.user_management.error.import_user_profile, app.hipchat.api.error.import.profile, app.jira.api.error.check.get.user, app.jira.api.error.convert.remote.user.to.app.user, app.jira.api.error.import.user.profile, app.netsuite.api.error.import_user_profile, app.rightscale.api.error.get.users, app.sendwordnow.api.error.get_user, app.sendwordnow.api.error.import_user_profile, app.servicenow.api.error.import.user.profile, app.servicenow_app2.api.error.import.manager.profile, app.servicenow_app2.api.error.import.user.profile, app.sugarcrm.api.error.import.user.profile, app.veeva_vault.api.error.import.user.profile, app.workday.api.error.get-worker-by-id, app.yammer.api.error.import.profile

Import profile from external application.

app-api
Since: 2017.33

application.provision.user.password

Legacy event types: app.api.error.empty_password, app.api.error.push_password_update, app.confluence.api.error.push.password.update, app.cornerstone.api.error.api.password_push, app.dropbox.api.error.push.password.update, app.exacttarget.api.error.push_password_update, app.google.user_management.error.push_password_update, app.hipchat.api.error.push.password, app.jira.api.error.push.password.update, app.netsuite.api.error.push_password_update, app.salesforce.user_management.failure.cant.push.password, app.salesforce.user_management.sso.only.user.password.rejected, app.servicenow.api.error.push.password.update, app.servicenow_app2.api.error.push.password.update, app.sugarcrm.api.error.push.password.update

Issue pushing user password to external application.

app-api
Since: 2017.33

application.provision.user.push

Legacy event types: app.api.error.create_pending_user, app.api.error.create_user, app.api.error.user.not_found, app.api.error.user.not_found_or_deleted, app.bigmachines.api.error.create, app.bloomfire.api.error.create_user, app.boxnet.api.error.assign_folder_permissions, app.boxnet.api.error.create_new_user, app.boxnet.api.error.create_personal_folder, app.boxnet.api.error.create_personal_folder.conflict, app.boxnet.api.error.invalid_user_login, app.boxnet.api.error.personal_folder_name, app.boxnet.api.error.personal_folder_sync_state, app.confluence.api.error.create.new.user, app.cornerstone.api.error.api.create_user, app.dropbox.api.error.create.user, app.echosign.api.error.create, app.evernote_business.api.error.create.user, app.evernote_business.api.error.create.user.limit.reached, app.exacttarget.api.error.create_user, app.google.user_management.error.create_new_user, app.google.user_management.error.invalid_manager, app.google.user_management.error.invalid_orgunit_id, app.gotomeeting.user_management.config.failure.user_provisioning, app.gotomeeting_rest.user_management.config.failure.user_provisioning, app.hipchat.api.error.create.user, app.jira.api.error.create.new.user, app.netsuite.api.error.create_user, app.postini.user_management.config.failure.provisioning, app.rightscale.api.error.create.user, app.salesforce.user_management.failure.provisioning, app.samanage.api.error.incorrect.attribute, app.sendwordnow.api.error.create_user, app.servicenow.api.error.create.new.user, app.servicenow_app2.api.error.create.new.user, app.sugarcrm.api.error.create.new.user, app.user_management.push_new_user, app.user_management.push_pending_user, app.veeva_vault.api.error.create.new.user, app.yammer.api.error.create.user, app.yammer.api.warn.send.invite, gooddata.api.error.incorrect.roles.count, gooddata.api.error.project.assignment.failed, gooddata.api.error.project.not.found

Push new user to external application.

app-api
Since: 2016.14

application.provision.user.push_okta_password

Legacy event types: app.user_management.push_okta_password_update

Push user's Okta password to application.

app
Since: 2016.14

application.provision.user.push_password

Legacy event types: app.user_management.push_unique_password_update

Push user's password to application.

app
Since: 2016.14

application.provision.user.push_profile

Legacy event types: app.api.error.manager.not_found_for_user, app.api.error.push_profile_update, app.bigmachines.api.error.profile.update, app.boxnet.api.error.add.email.alias, app.boxnet.api.error.push.profile.update, app.boxnet.api.error.user.push.conflict_in_group, app.confluence.api.error.convert.app.user.to.remote.user, app.confluence.api.error.push.profile.update, app.cornerstone.api.error.api.push_profile, app.crashplanpro.api.user_has_invalid_fields, app.docusign.api.error.update.inactive.user, app.docusign.api.error.update.permission.profile, app.dropbox.api.error.push.profile, app.dropbox.api.error.set.user.permissions, app.exacttarget.api.error.push_profile_update, app.generic.user_management.error.add_manager_to_user, app.google.api.error.InsufficientPermission, app.google.license_management.error.assign_license, app.google.license_management.error.remove_license, app.google.user_management.error.push_profile_update, app.google.user_management.error.reconcile_email_aliases, app.hipchat.api.error.push.profile, app.jira.api.error.convert.app.user.to.remote.user, app.jira.api.error.push.profile.update, app.netsuite.api.error.push_profile_update, app.pagerduty.api.push.profile.update.unexpected.status, app.rightscale.api.error.push.profile, app.sendwordnow.api.error.update_user_profile, app.servicenow.api.error.import.manager.profile, app.servicenow.api.error.push.profile.update, app.servicenow_app2.api.error.push.profile.update, app.sugarcrm.api.error.push.profile.update, app.user_management.provision_user.user_inactive, app.user_management.push_profile_failure, app.user_management.push_profile_success, app.user_management.push_profile_update, app.veeva_vault.api.error.push.profile.update, app.workday.api.error.get-employee-personal-info, app.workday.api.error.update-employee-personal-info, app.workday.api.error.user-management-error-push-profile-update, app.yammer.api.error.push.profile, moveit_dmz.error.too.long.username.or.email

Push user's profile to external application.

app-api
Since: 2016.14

application.provision.user.reactivate

Legacy event types: app.api.error.reactivate_user, app.bigmachines.api.error.activate, app.boxnet.api.error.reactivate_user, app.confluence.api.error.reactivate.user, app.cornerstone.api.error.api.reactivate_user, app.exacttarget.api.error.reactivate_user, app.google.user_management.error.reactivate_user, app.hipchat.api.error.reactivation, app.netsuite.api.error.reactivate_user, app.servicenow.api.error.reactivate.user, app.servicenow_app2.api.error.reactivate.user, app.sugarcrm.api.error.reactivate.user, app.user_management.reactivate_user, app.veeva_vault.api.error.reactivate.user, roambi.api.error.reactivate_user.confirmation

Push user reactivation in external application.

app-api
Since: 2016.14

application.provision.user.sync

Legacy event types: app.user_management.provision_user, app.user_management.provision_user_failed

Sync user in external application.

appevent-hook-eligible
Since: 2016.14

application.provision.user.verify_exists

Legacy event types: app.api.error.check_user_exists, app.api.error.user.more_than_one_with_same_id, app.bigmachines.api.error.check.user.exists, app.bloomfire.api.error.check_user_exists, app.boxnet.api.error.check_user_exists, app.confluence.api.error.check.user.exists, app.cornerstone.api.error.api.check_user_exists, app.crashplanpro.api.ambiguous_search_results_by_user, app.dropbox.api.error.check.user, app.echosign.api.error.search.by.id, app.echosign.api.error.search.by.login, app.exacttarget.api.error.check_user_exists, app.google.user_management.error.check_user_exists, app.google.user_management.error.check_user_exists.invalid_domain, app.hipchat.api.error.check.user, app.jira.api.error.check.user.exists, app.netsuite.api.error.check_user_exists, app.sendwordnow.api.error.user_exists, app.servicenow.api.error.check.user.exists, app.servicenow_app2.api.error.check.user.exists, app.sugarcrm.api.error.check.user.exists, app.user_management.verified_user_with_thirdparty, app.veeva_vault.api.error.check.user.exists, app.yammer.api.error.check.user, github.api.error.user_not_found

Verify user exists in external application.

app-api
Since: 2016.14

application.registration_policy.lifecycle.create

Legacy event types: app.registration_policy.lifecycle.create

Create registration policy.

app
Since: 2017.52

application.registration_policy.lifecycle.update

Legacy event types: app.registration_policy.lifecycle.update

Update registration policy.

app
Since: 2017.52

application.user_membership.add

Legacy event types: app.generic.provision.assign_user_to_app

Add user to application membership.

event-hook-eligibleuser-provision
Since: 2016.02

application.user_membership.approve

Legacy event types: app.generic.provision.approve_user_for_app

User approved for application (assigned by not provisioned).

user-provision
Since: 2016.33

application.user_membership.change_password

Legacy event types: app.generic.config.app_password_update

Change application password for user.

appevent-hook-eligible
Since: 2016.11

application.user_membership.change_username

Legacy event types: app.generic.config.app_username_update

Change user's application username.

app
Since: 2016.02

application.user_membership.deprovision

Legacy event types: app.generic.provision.deprovision_user_from_app

User deprovisioned from application (was previously revoked).

user-provision
Since: 2016.33

application.user_membership.provision

Legacy event types: app.generic.provision.provision_user_for_app

User provisioned to application (was previously approved).

user-provision
Since: 2016.33

application.user_membership.remove

Legacy event types: app.generic.provision.deactivate_user_from_app

Remove user's application membership.

event-hook-eligibleuser-provision
Since: 2016.02

application.user_membership.restore

Legacy event types: app.generic.reversibility.individual.app.recovery, app.generic.reversibility.personal.app.recovery

Restore user assignment to an application.

app
Since: 2016.02

application.user_membership.restore_password

Legacy event types: app.generic.reversibility.credentials.recovery

Restore user's password for an application.

app
Since: 2016.02

application.user_membership.revoke

Legacy event types: app.generic.provision.revoke_user_from_app

User revoked from application (unassigned but not yet deprovisioned).

user-provision
Since: 2016.33

application.user_membership.show_password

Legacy event types: app.generic.show.password

Show user's password for application.

app
Since: 2016.02

application.user_membership.update

Legacy event types: app.generic.config.app_user_property_update

Updated user application property.

app
Since: 2016.02

core.concurrency.org.limit.violation

Legacy event types: core.concurrency.org.limit.violation

Too many requests in flight.

concurrency-limit
Since: 2017.39

core.el.evaluate

Legacy event types: core.el.evaluate_failure

Evaluate Expression Language.

okta-el
Since: 2017.20

core.user_auth.idp.x509.crl_download_failure

Legacy event types: core.user_auth.idp.x509.crl_download_failure

Failed to download CRL from the endpoint.

x509-idp-auth
Since: 2017.52

credential.register

Legacy event types: credential.register

Fired when a credential is registered. This event fires when the registration of a credential is successful or fails. This can be used to audit that a credential has been successfully registered, and troubleshoot why a credential registration attempt has failed.

user-factor
Since: 2019.02.3

credential.revoke

Legacy event types: credential.revoke

Fired when a credential is revoked. This event fires when the revocation of a credential is successful or fails. This can be used to audit that a credential has been successfully revoked, and troubleshoot why a credential revocation attempt has failed.

user-factor
Since: 2019.02.3

directory.app_user_profile.bootstrap

Legacy event types: cvd.appuser_profile_bootstrapped

Bootstrap application user profile.

cvddirectory
Since: 2016.12

directory.app_user_profile.update

Legacy event types: cvd.appuser_profile_updated

Update application user profile.

cvddirectory
Since: 2016.12

directory.mapping.update

Legacy event types: cvd.mappings_updated

Update universal directory mappings.

cvddirectory
Since: 2016.12

directory.non_default_user_profile.create

Create non-default universal directory user profile. This can be used to audit that a new non-default universal directory user profile has been created. When fired, this event contains the name and id of the newly created user profile.

cvddirectory
Since: 2019.04.2

directory.user_profile.bootstrap

Legacy event types: cvd.user_profile_bootstrapped

Bootstrap universal directory user profile.

cvddirectory
Since: 2016.12

directory.user_profile.update

Legacy event types: cvd.user_profile_updated

Update universal directory user profile directory.user_profile.update.

cvddirectory
Since: 2016.12

event_hook.activated

Triggered when an event hook has been activated. Used to notify admins that an event hook has been activated. When triggered, this events contains information about the activated event hook.

event-hook
Since: 2019.03.4

event_hook.created

Legacy event types: platform.event_hook.created

Triggered when an event hook has been created. Used to notify admins that an event hook has been created. When triggered, this events contains information about the created event hook.

event-hook
Since: 2019.03.4

event_hook.deactivated

Triggered when an event hook has been deactivated. Used to notify admins that an event hook has been deactivated. When triggered, this events contains information about the deactivated event hook.

event-hook
Since: 2019.03.4

event_hook.deleted

Legacy event types: platform.event_hook.deleted

Triggered when an event hook has been deleted. Used to notify admins that an event hook has been deleted. When triggered, this events contains information about the deleted event hook.

event-hook
Since: 2019.03.4

event_hook.delivery

Legacy event types: platform.event_hook.delivered.failure, platform.event_hook.delivered.success

Triggered when an event hook delivery fails. Used to identify when an event hook from Okta is not successfully delivered to the configured endpoint. Note that the event is triggered only when the delivery is unsuccessful.

event-hook
Since: 2019.04.0

event_hook.updated

Legacy event types: platform.event_hook.updated

Triggered when an event hook has been updated. Used to notify admins that an event hook has been updated. When triggered, this events contains information about the updated event hook.

event-hook
Since: 2019.03.4

event_hook.verified

Legacy event types: platform.event_hook.verified.failure, platform.event_hook.verified.success

Triggered when attempting to verify an event hook. Used to notify admins about the outcome of event hook endpoint URL verification. Note that the event is fired even when the verification is unsuccessful.

event-hook
Since: 2019.03.4

group.application_assignment.add

Legacy event types: group.application_assignment.add

Add assigned application to group.

group
Since: 2016.06

group.application_assignment.remove

Legacy event types: group.application_assignment.remove

Remove assigned application from group.

group
Since: 2016.05

group.application_assignment.skip_assignment_reconcile

Legacy event types: group.application_assignment.skip_assignment_reconcile

No Description

group
Since: 2017.51

group.application_assignment.update

Legacy event types: group.application_assignment.update

Update assigned application in group.

group
Since: 2016.13

group.privilege.grant

Legacy event types: core.group.admin_privilege.granted

Fired when a group within Okta has been granted admin privileges. The group granted privileges can be an Okta mastered group, and AD mastered group, or an LDAP mastered group. This can be used to audit the provisioning of admin privileges for groups. When fired, this event contains information about the type of admin privileges that have been granted, and what entity masters the group. Related events include: GROUP_PRIVILEGE_REVOKE.

group
Since: 2019.03.0

group.privilege.revoke

Legacy event types: core.group.admin_privilege.revoked

Fired when a group within Okta has had admin privileges revoked. The group with revoked privileges can be an Okta mastered group, and AD mastered group, or an LDAP mastered group. This can be used to audit the provisioning of admin privileges for groups. When fired, this event contains information about the type of admin privileges that have been revoked, and what entity masters the group. Related events include: GROUP_PRIVILEGE_REVOKE.

group
Since: 2019.03.0

group.user_membership.add

Legacy event types: core.user_group_member.user_add

Add user to group membership.

event-hook-eligiblegroup
Since: 2016.02

group.user_membership.remove

Legacy event types: core.user_group_member.user_remove

Remove user from group membership.

event-hook-eligiblegroup
Since: 2016.02

group.user_membership.rule.add_exclusion

Legacy event types: core.user.added_to_rule_exclusion

Add user to group membership exclusion rule.

group
Since: 2017.51

group.user_membership.rule.deactivated

Legacy event types: cvd.group_rule_deactivated

No Description

group
Since: 2017.51

group.user_membership.rule.error

Legacy event types: cvd.group.user_membership.rule.error

group membership rule is in error state.

group
Since: 2017.51

group.user_membership.rule.evaluation

Legacy event types: cvd.group.user_membership.rule.evaluation

No Description

group
Since: 2017.51

group.user_membership.rule.invalidate

Legacy event types: cvd.group_rule_invalidated

Invalidate group membership rule.

group
Since: 2017.51

group.user_membership.rule.trigger

Legacy event types: cvd.group_rule_triggered

Trigger group membership rule.

group
Since: 2017.51

inline_hook.activated

Legacy event types: platform.inline_hook.activated

Triggered when an inline hook in activated. Used to identify when an inline hook lifecycle status was changed to activated. When triggered, this events contains information about the activated inline hook.

inline-hook
Since: 2019.01.2

inline_hook.created

Legacy event types: platform.inline_hook.created

Triggered when an inline hook has been created. Used to notify admins that an inline hook has been created. When triggered, this events contains information about the created inline hook.

inline-hook
Since: 2019.01.2

inline_hook.deactivated

Legacy event types: platform.inline_hook.deactivated

Triggered when an inline hook is deactivated. Used to identify when an inline hook lifecycle status was changed to deactivated. When triggered, this events contains information about the deactivated inline hook.

inline-hook
Since: 2019.01.2

inline_hook.deleted

Legacy event types: platform.inline_hook.deleted

Triggered when an inline hook has been deleted. Used to notify admins that an inline hook has been deleted. When triggered, this events contains information about the deleted inline hook.

inline-hook
Since: 2019.01.2

inline_hook.executed

Legacy event types: platform.inline_hook.executed.failure, platform.inline_hook.executed.success

Triggered when an inline hook has been executed. Used to notify admins about the outcome of execution of an inline hook. Note that the event is fired when the execution is unsuccessful.

inline-hook
Since: 2019.01.2

inline_hook.response.processed

Legacy event types: platform.inline_hook.response.processed.failure, platform.inline_hook.response.processed.success

Triggered after Okta has finished processing response from an inline hook. Used to notify admins about the outcome of processing response from an inline hook. Note that the event is fired even when the processing is unsuccessful.

inline-hook
Since: 2019.01.2

inline_hook.updated

Legacy event types: platform.inline_hook.updated

Triggered when an inline hook has been modified. Used to notify admins that an inline hook has been updated. When triggered, this events contains information about the updated inline hook.

inline-hook
Since: 2019.01.2

inline_hook.verified

Legacy event types: platform.inline_hook.verified.failure, platform.inline_hook.verified.success

Triggered when attempting to verify an inline hook. Used to notify admins about the outcome of inline hook endpoint URL verification. Note that the event is fired even when the verification is unsuccessful.

inline-hook
Since: 2019.01.2

master_application.user_membership.add

Legacy event types: app.generic.provision.assign_user_to_app

User provisioned to app.

uncategorized
Since: 2018.06

mim.command.generic.acknowledged

Legacy event types: mim.command.generic.acknowledged

No Description

mim
Since: 2016.13

mim.command.generic.cancelled

Legacy event types: mim.command.generic.cancelled

No Description

mim
Since: 2016.13

mim.command.generic.delegated

Legacy event types: mim.command.generic.delegated

No Description

mim
Since: 2016.13

mim.command.generic.error

Legacy event types: mim.command.generic.error

No Description

mim
Since: 2016.13

mim.command.generic.new

Legacy event types: mim.command.generic.new

No Description

mim
Since: 2016.13

mim.command.generic.notnow

Legacy event types: mim.command.generic.notnow

No Description

mim
Since: 2016.13

mim.command.ios.acknowledged

Legacy event types: mim.command.ios.acknowledged

No Description

mim
Since: 2016.13

mim.command.ios.cancelled

Legacy event types: mim.command.ios.cancelled

No Description

mim
Since: 2016.13

mim.command.ios.error

Legacy event types: mim.command.ios.error

No Description

mim
Since: 2016.13

mim.command.ios.formaterror

Legacy event types: mim.command.ios.formaterror

No Description

mim
Since: 2016.13

mim.command.ios.new

Legacy event types: mim.command.ios.new

No Description

mim
Since: 2016.13

mim.createEnrollment.ANDROID

Legacy event types: mim.createEnrollment.ANDROID

No Description

mim
Since: 2016.39

mim.createEnrollment.IOS

Legacy event types: mim.createEnrollment.IOS

No Description

mim
Since: 2016.39

mim.createEnrollment.OSX

Legacy event types: mim.createEnrollment.OSX

No Description

mim
Since: 2016.39

mim.createEnrollment.UNKNOWN

Legacy event types: mim.createEnrollment.UNKNOWN

No Description

mim
Since: 2016.39

mim.createEnrollment.WINDOWS

Legacy event types: mim.createEnrollment.WINDOWS

No Description

mim
Since: 2016.39

mim.streamDevicesAppListCSVDownload

Legacy event types: mim.streamDevicesAppListCSVDownload

No Description

mim
Since: 2016.39

mim.streamDevicesCSVDownload

Legacy event types: mim.streamDevicesCSVDownload

No Description

mim
Since: 2016.39

network_zone.rule.disabled

Legacy event types: network_zone.rule.disabled

No Description

network-zone
Since: 2016.12

oauth2.as.activated

Legacy event types: api.oauth2.as.activated

Authorization server is activated.

oauth2oauth2-as-lifecycle
Since: 2017.22

oauth2.as.created

Legacy event types: api.oauth2.as.created

Authorization server is created.

oauth2oauth2-as-lifecycle
Since: 2016.50

oauth2.as.deactivated

Legacy event types: api.oauth2.as.deactivated

Authorization server is deactivated.

oauth2oauth2-as-lifecycle
Since: 2017.22

oauth2.as.deleted

Legacy event types: api.oauth2.as.deleted

Authorization server is deleted.

oauth2oauth2-as-lifecycle
Since: 2016.50

oauth2.as.updated

Legacy event types: api.oauth2.as.updated

Authorization server is updated.

oauth2oauth2-as-lifecycle
Since: 2016.50

oauth2.claim.created

Legacy event types: api.oauth2.claim.created

OAuth2 claim is created.

oauth2oauth2-claim
Since: 2016.50

oauth2.claim.deleted

Legacy event types: api.oauth2.claim.deleted

OAuth2 claim is deleted.

oauth2oauth2-claim
Since: 2016.50

oauth2.claim.updated

Legacy event types: api.oauth2.claim.updated

OAuth2 claim is updated.

oauth2oauth2-claim
Since: 2016.50

oauth2.scope.created

Legacy event types: api.oauth2.scope.created

OAuth2 scope is created.

oauth2oauth2-scope
Since: 2016.50

oauth2.scope.deleted

Legacy event types: api.oauth2.scope.deleted

OAuth2 scope is deleted.

oauth2oauth2-scope
Since: 2016.50

oauth2.scope.updated

Legacy event types: api.oauth2.scope.updated

OAuth2 scope is updated.

oauth2oauth2-scope
Since: 2016.50

oauth2.tokens.transform.error.response

Legacy event types: platform.tokens.transform.oauth2.response.error

Fired when Okta's authorization server receives a response from an external service and the response format is valid, but the response contains an error. This can also be used to debug why command response erred. When fired, the event contains information about the error summary. Related events include: oauth2_tokens_transform_response.

tokentokens-transform
Since: 2019.01.3

oauth2.tokens.transform.process

Legacy event types: platform.tokens.transform.oauth2.process.failure

Fired when Okta's authorization server used the command response for token transform, and the token transform failed. This event fires only when the token transform has failed due to the command response from the external server, for example that the response contained info to transform an access token and an access token was not requested in the request. This can also be used to debug why a token transformation failed. When fired, this event contains information about the entities involved in the inline hook request and response - including the relevant application, user, authorization server, and policy. This event also contains information about why the token transformation failed. Related events include: oauth2_tokens_transform_response.

tokentokens-transform
Since: 2019.01.3

oauth2.tokens.transform.response

Legacy event types: platform.tokens.transform.oauth2.response, platform.tokens.transform.oauth2.response.failure

Fired when Okta's authorization server sends an inline hook to an external service. This event fires when the response is successful or when a response is not received. This can be used to audit the details of the entities involved in the inline hook request and response. When fired, this event contains information about the entities involved in the inline hook request and response - including the relevant application, user, authorization server, and policy.

tokentokens-transform
Since: 2019.01.3

omm.app.VPN.settings.changed

Legacy event types: omm.app.VPN.settings.changed

No Description

omm
Since: 2018.01

omm.app.WIFI.settings.changed

Legacy event types: omm.app.WIFI.settings.changed

No Description

omm
Since: 2018.01

omm.app.eas.cert_based.settings.changed

Legacy event types: omm.app.eas.cert_based.settings.changed

No Description

omm
Since: 2018.01

omm.app.eas.disabled

Legacy event types: omm.app.eas.disabled

No Description

omm
Since: 2018.01

omm.app.eas.settings.changed

Legacy event types: omm.app.eas.settings.changed

No Description

omm
Since: 2018.01

omm.cma.created

Legacy event types: omm.cma.created

No Description

omm
Since: 2018.01

omm.cma.deleted

Legacy event types: omm.cma.deleted

No Description

omm
Since: 2018.01

omm.cma.updated

Legacy event types: omm.cma.updated

No Description

omm
Since: 2018.01

omm.enrollment.changed

Legacy event types: omm.enrollment.changed

No Description

omm
Since: 2018.01

org.not_configured_origin.redirection.usage

Legacy event types: org.not_configured_origin.redirection.usage

Using untrusted origin for redirection.

adminorg
Since: 2017.44

pki.cert.issue

Legacy event types: core.user_auth.pki.cert.issue

Device Trust certificate issuance.

device-trust-cert-distribution-and-binding
Since: 2017.45

pki.cert.renew

Legacy event types: core.user_auth.pki.cert.renew

Device Trust certificate renewal.

device-trust-cert-distribution-and-binding
Since: 2017.45

pki.cert.revoke

Legacy event types: core.user_auth.pki.cert.revoke

Device Trust certificate revocation.

device-trust-cert-distribution-and-binding
Since: 2017.45

plugin.downloaded

Legacy event types: plugin.downloaded

Plugin downloaded.

plugin
Since: 2016.48

plugin.script_status

Legacy event types: plugin.script_status

Status information from script execution.

plugin
Since: 2016.48

policy.evaluate_sign_on

No Description

policy
Since: 2017.11

policy.execute.user.start

Legacy event types: policy.execute.user.start

Start execution of policy for user.

policy
Since: 2018.15

policy.lifecycle.activate

Legacy event types: policy.activated

Activate policy.

event-hook-eligiblepolicy
Since: 2016.14

policy.lifecycle.create

Legacy event types: policy.created

Create policy.

policy
Since: 2016.14

policy.lifecycle.deactivate

Legacy event types: policy.deactivated

Deactivate policy.

event-hook-eligiblepolicy
Since: 2016.14

policy.lifecycle.delete

Legacy event types: policy.deleted

Delete policy.

policy
Since: 2016.14

policy.lifecycle.overwrite

Legacy event types: policy.overwritten

Overwrite policy.

policy
Since: 2017.45

policy.lifecycle.update

Legacy event types: policy.updated

Update policy.

event-hook-eligiblepolicy
Since: 2016.14

policy.rule.action.execute

Legacy event types: policy.rule.action.execute

Scheduled execution of policy rule action.

policy
Since: 2018.15

policy.rule.activate

Legacy event types: policy.rule.activated

Activate policy rule.

policy
Since: 2016.14

policy.rule.add

Legacy event types: policy.rule.added

Add policy rule.

event-hook-eligiblepolicy
Since: 2016.14

policy.rule.deactivate

Legacy event types: policy.rule.deactivated

Deactivate policy rule.

event-hook-eligiblepolicy
Since: 2016.14

policy.rule.delete

Legacy event types: policy.rule.deleted

Delete policy rule.

policy
Since: 2016.14

policy.rule.invalidate

Legacy event types: policy.rule.invalidated

Invalidate policy rule.

policy
Since: 2016.14

policy.rule.update

Legacy event types: policy.rule.updated

Update policy rule.

event-hook-eligiblepolicy
Since: 2016.14

policy.scheduled.execute

Legacy event types: policy.scheduled.execute

Scheduled execution of policy.

policy
Since: 2018.15

saml.tokens.transform.process

Legacy event types: platform.tokens.transform.saml.process.failure

Fired when Okta used the command response for token transform, and the token transform failed. This event fires only when the token transform has failed due to the command response from the external server, for example that the response tried to add a duplicate attribute to the assertion. This can also be used to debug why a token transformation failed. When fired, this event contains information about the entities involved in the inline hook request and response - including the relevant application and user. This event also contains information about why the token transformation failed. Related events include: saml_tokens_transform_response.

tokentokens-transform
Since: 2018.28

saml.tokens.transform.response

Legacy event types: platform.tokens.transform.saml.response, platform.tokens.transform.saml.response.failure

Fired when Okta sends an inline hook to an external service for modifying a SAML Assertion. This event fires when the response is successful or when a response is not received. This can be used to audit the details of the entities involved in the inline hook request and response. When fired, this event contains information about the entites involved in the inline hook request and response - including the relevant application and user.

tokentokens-transform
Since: 2018.28

scheduled_action.user_suspension.canceled

Legacy event types: cvd.scheduled_action.user_suspension.canceled

Canceled scheduled user suspension.

uncategorized
Since: 2017.32

scheduled_action.user_suspension.completed

Legacy event types: cvd.scheduled_action.user_suspension.completed

Completed scheduled user suspension.

uncategorized
Since: 2017.32

scheduled_action.user_suspension.scheduled

Legacy event types: cvd.scheduled_action.user_suspension.scheduled

Scheduled user suspension.

uncategorized
Since: 2017.32

scheduled_action.user_suspension.updated

Legacy event types: cvd.scheduled_action.user_suspension.updated

Updated scheduled user suspension.

uncategorized
Since: 2017.32

security.device.add_request_blacklist_policy

Legacy event types: security.device.add_request_blacklist_policy

Added request blacklist to request blacklist policies.

devicesecurity
Since: 2018.08

security.device.remove_request_blacklist_policy

Legacy event types: security.device.remove_request_blacklist_policy

Removed request blacklist from request blacklist policies.

devicesecurity
Since: 2018.08

security.device.temporarily_disable_blacklisting

Legacy event types: security.device.temporarily_disable_blacklisting

Temporarily disabling blacklisting.

devicesecurity
Since: 2018.05

security.password_spray.detected

An invalid Auth attempt was detected as being part of a password spray attack.

password-spray
Since: 2018.40

security.request.blocked

Legacy event types: security.zone.request.blocked

Security request blocked.

security
Since: 2018.32

security.session.detect_client_roaming

Legacy event types: security.session.detect_client_roaming

Roaming session detected for user.

securitysession
Since: 2017.28

security.threat.configuration.update

Fired when a ThreatInsight configuration has been updated. This can be used to identify when an existing ThreatInsight configuration has been updated. An update can be updating the action or the excluded zones. When fired, this event contains information about who made the update to the configuration.

threat-insight-configuration
Since: 2019.07.0

security.threat.detected

Legacy event types: security.threat.detected

Request from an IP identified as malicious by Okta ThreatInsight. This can be used to monitor and act on credential based attacks (such as Brute Force, Password Spray) on your organization. The reasons why the request was classified as malicious can be found in the outcome.reason field. The outcome.result field will be 'ALLOW' or 'DENY' based on whether Okta Threat Insight is configured in log mode or log and block mode, where 'ALLOW' means the request continued and 'DENY' means the request was blocked.

securitythreat-insight
Since: 2019.02.2

security.voice.add_country_blacklist

Legacy event types: security.voice.add_country_blacklist

Fired when a country has been added to the voice call blacklist. This can be used to identify when a country has been blacklisted for voice call. When fired, this event contains information about the country that was added to the blacklist.Related events include security.voice.remove_country_blacklist.

securityvoice
Since: 2019.03.3

security.voice.remove_country_blacklist

Legacy event types: security.voice.remove_country_blacklist

Fired when a country has been removed from the voice call blacklist. This can be used to identify when a country has been removed from voice call blacklist. When fired, this event contains information about the country that was removed from the blacklist.Related events include security.voice.add_country_blacklist.

securityvoice
Since: 2019.03.3

security.zone.make_blacklist

Legacy event types: security.zone.make_blacklist

Added IPs to blacklist zone.

network-zonesecurity
Since: 2017.06

security.zone.remove_blacklist

Legacy event types: security.zone.remove_blacklist

Removed IPs from blacklist zone.

network-zonesecurity
Since: 2017.06

self_service.disabled

Legacy event types: app.self_service.disabled

Self-service disabled for app.

self-service
Since: 2017.48

self_service.enabled

Legacy event types: app.self_service.enabled

Self-service enabled for app.

self-service
Since: 2017.48

system.agent.ad.connect

Legacy event types: app.ad.agent.disconnected, app.ad.agent.reconnected

Connect AD agent to Okta.

ad-agent
Since: 2016.20

system.agent.ad.create

Legacy event types: app.ad.config.agent.agent_created

Create AD agent.

ad-agent
Since: 2016.20

system.agent.ad.deactivate

Legacy event types: app.ad.config.agent.agent_deactivated

Deactivate AD agent.

ad-agent
Since: 2016.20

system.agent.ad.delete

Legacy event types: app.ad.config.agent.agent_deleted

Delete AD agent.

ad-agent
Since: 2016.20

system.agent.ad.import_ou

Legacy event types: app.ad.api.user_import.warn.skipped_ou.missing_required_attribute

Perform import OU by AD agent.

ad-agent
Since: 2016.20

system.agent.ad.import_user

Legacy event types: app.ad.api.user_import.warn.skipped_user.attribute_too_long, app.ad.api.user_import.warn.skipped_user.internal_object, app.ad.api.user_import.warn.skipped_user.internal_object.unknown_user, app.ad.api.user_import.warn.skipped_user.invalid_user_account_control, app.ad.api.user_import.warn.skipped_user.invalid_user_account_control.unknown_user, app.ad.api.user_import.warn.skipped_user.invalid_user_account_control_computed, app.ad.api.user_import.warn.skipped_user.invalid_user_account_control_computed.unknown_user, app.ad.api.user_import.warn.skipped_user.missing_required_attribute, app.ad.api.user_import.warn.skipped_user.missing_required_attribute.unknown_user

Perform import user by AD agent.

ad-agent
Since: 2016.20

system.agent.ad.invoke_dir

Legacy event types: app.ad.agent.dir-invoke, app.ad.agent.dir-invoke.error

Perform directory invoke command by AD agent.

ad-agent
Since: 2016.20

system.agent.ad.reactivate

Legacy event types: app.ad.config.agent.agent_reactivate_failed_missing_token, app.ad.config.agent.agent_reactivated

Reactivate AD agent.

ad-agent
Since: 2016.20

system.agent.ad.read_config

Legacy event types: app.ad.agent.read-config, app.ad.agent.read-config.error

Perform config read by AD agent.

ad-agent
Since: 2016.20

system.agent.ad.read_dirsync

Legacy event types: app.ad.agent.read-dirsync, app.ad.agent.read-dirsync.error

Perform dirsync read by AD agent.

ad-agent
Since: 2016.20

system.agent.ad.read_ldap

Legacy event types: app.ad.agent.read-ldap, app.ad.agent.read-ldap.error

Perform LDAP read by AD agent.

ad-agent
Since: 2016.20

system.agent.ad.read_schema

Legacy event types: app.ad.agent.read-schema, app.ad.agent.read-schema.error

Perform schema read by AD agent.

ad-agent
Since: 2016.20

system.agent.ad.read_topology

Legacy event types: app.ad.agent.read-forest-topology, app.ad.agent.read-forest-topology.error

Directory agent performed topology import operation.

ad-agent
Since: 2016.20

system.agent.ad.realtimesync

Legacy event types: app.ad.agent.real-time-sync, app.ad.agent.real-time-sync.error

Perform RealTimeSync by AD agent.

ad-agent
Since: 2016.20

system.agent.ad.reset_user_password

Legacy event types: app.ad.password.reset.failure, app.ad.password.reset.success, app.ad.password.reset.unlock-failed

Perform user password reset by AD agent.

ad-agent
Since: 2016.20

system.agent.ad.start

Legacy event types: app.ad.agent.start

Start AD agent.

ad-agent
Since: 2016.20

system.agent.ad.unlock_user_account

Legacy event types: app.ad.user.account.unlock.failure, app.ad.user.account.unlock.success

Perform unlock user account by AD agent.

ad-agent
Since: 2016.20

system.agent.ad.update

Legacy event types: app.ad.agent.config, app.ad.agent.config.error, app.ad.agent.modify-config, app.ad.agent.modify-config.error

Update AD agent configuration.

ad-agent
Since: 2016.20

system.agent.ad.update_user

Legacy event types: app.ad.agent.user-auth-and-update, app.ad.agent.user-auth-and-update.error

User Auth and Update.

ad-agent
Since: 2016.20

system.agent.ad.upgrade

Legacy event types: app.ad.agent.upgrade, app.ad.agent.upgrade.error

Upgrade AD agent.

ad-agent
Since: 2016.20

system.agent.ad.upload_iwa_log

Legacy event types: iwa.agent.fetch-logs, iwa.agent.fetch-logs.error

Fired when an AD agent has fetched and uploaded IWA agent log file. This event fires when the log file upload is successful or fails. This can be used to audit that logs files are being fetched successfully, have been uploaded successfully, and troubleshoot why an IWA log upload has failed. When fired, this event indicates whether a log file upload has been successful or failed. This event also indicates whether the event was initiated by the Okta system or a user. Related events: none, all debugging context is included in this event.

ad-agent
Since: 2019.02.1

system.agent.ad.upload_log

Legacy event types: app.ad.agent.fetch-logs, app.ad.agent.fetch-logs.error

Upload AD agent log.

ad-agent
Since: 2016.20

system.agent.ad.write_ldap

Legacy event types: app.ad.agent.write-ldap, app.ad.agent.write-ldap.error

Perform LDAP write by AD agent.

ad-agent
Since: 2016.20

system.agent.connector.connect

Legacy event types: agents.connector_agent.agent_disconnected, agents.connector_agent.agent_reconnected

Connect connector agent to Okta.

connector-agent
Since: 2016.20

system.agent.connector.deactivate

Legacy event types: agents.connector_agent.agent_deactivated

Deactivate connector agent.

connector-agent
Since: 2016.20

system.agent.connector.delete

Legacy event types: agents.connector_agent.agent_deleted

Delete connector agent.

connector-agent
Since: 2016.20

system.agent.connector.reactivate

Legacy event types: agents.connector_agent.agent_reactivate_failed_missing_token, agents.connector_agent.agent_reactivated

Reactivate connector agent.

connector-agent
Since: 2016.20

system.agent.ldap.change_user_password

Legacy event types: app.ldap.agent.password_change, app.ldap.agent.password_change.timeout

Perform change user password by LDAP agent.

ldap-app
Since: 2016.20

system.agent.ldap.create_user_JIT

Legacy event types: app.ldap.jit.ambiguous

Perform create user JIT by LDAP agent.

ldap-app
Since: 2016.20

system.agent.ldap.disconnect

Legacy event types: app.ldap.agent.disconnected

Disconnect LDAP agent from Okta.

ldap-app
Since: 2016.20

system.agent.ldap.reconnect

Legacy event types: app.ldap.agent.reconnected

Reconnect LDAP agent to Okta.

ldap-app
Since: 2016.20

system.agent.ldap.reset_user_password

Legacy event types: app.ldap.agent.password_reset, app.ldap.agent.password_reset.error, app.ldap.agent.password_reset.timeout, app.ldap.password.reset.constraint.error, app.ldap.password.reset.failed, app.ldap.password.reset.invalid.old.password, app.ldap.password.reset.succeeded, app.ldap.password.reset.systemic.error, app.ldap.password_reset.attribs_not_set, app.ldap.password_reset.new_confirm_password_empty, app.ldap.password_reset.new_password_empty, app.ldap.password_reset.old_new_passwords_equal, app.ldap.password_reset.old_password_empty, app.ldap.password_reset.passwords_do_not_match, app.ldap.password_reset.restriction.error

LDAP agent performed a password reset.

ldap-app
Since: 2016.20

system.agent.ldap.unlock_user_account

Legacy event types: app.ldap.unlock.account.failed, app.ldap.unlock.account.succeeded

LDAP agent performed account unlock for User.

ldap-app
Since: 2016.45

system.agent.ldap.update_user_password

Legacy event types: app.ldap.agent.password_update, app.ldap.agent.password_update.error

Perform update user password by LDAP agent.

ldap-app
Since: 2016.20

system.api_token.create

Legacy event types: api.token.create

Create API token.

event-hook-eligibletoken
Since: 2016.12

system.api_token.enable

Legacy event types: api.token.enable

Enable API token.

token
Since: 2016.12

system.api_token.revoke

Legacy event types: api.token.revoke

Revoke API token.

event-hook-eligibletoken
Since: 2016.12

system.billing.sms_usage_sent

Legacy event types: core.billing.sms_usage_sent

Indicates that a report for SMS usage was sent to the billing system.

adminbilling
Since: 2018.36

system.csv.import_user

Legacy event types: app.csv.import_user.skipped_user, app.csv.import_user.skipped_user.unknown_user

Perform import user by CSV.

system
Since: 2018.28

system.directory.debugger.extend

Legacy event types: platform.directory.debugger.extend

Extend Directory Debugger access for Okta support. This can be used to audit the Directory Debugger access extension. When fired, this event contains information about Directory Debugger access extension.

agent
Since: 2019.09.0

system.directory.debugger.grant

Legacy event types: platform.directory.debugger.grant

Grant Directory Debugger access for Okta support. This can be used to audit the Directory Debugger access grants to Okta support. When fired, this event contains information about Directory Debugger access grant.

agent
Since: 2019.09.0

system.directory.debugger.query_executed

Legacy event types: platform.directory.debugger.query.executed

A read-only query executed against AD/LDAP instance by Okta support using the Directory Debugger tool. This can be used to audit the queries executed by Okta support using Directory Debugger. When fired, this event contains information about Directory Debugger query.

agent
Since: 2019.09.0

system.directory.debugger.revoke

Legacy event types: platform.directory.debugger.revoke

Revoke Directory Debugger access for Okta support. This can be used to audit the Directory Debugger access revoke. When fired, this event contains information about Directory Debugger access revoke.

agent
Since: 2019.09.0

system.email.account_unlock.sent_message

Legacy event types: core.user.email.message_sent.self_service.account_unlock

Send self-service account unlock email.

email
Since: 2016.13

system.email.challenge_factor_redeemed

Legacy event types: system.email.challenge_factor_redeemed

This event indicates that a user completed an email factor challenge. This can be used to identify when a credential sent in an email to a user has been redeemed (the link was clicked or the code was entered). When fired, this event contains information about the result. Success if successful or error reasons should be present for failure cases (e.g. incorrect code, timeout, expired, etc.). The event also contains a debugData with the action (the link was clicked or the code was entered).

email
Since: 2019.07.0

system.email.mfa_enroll_notification.sent_message

Legacy event types: core.user.email.message_sent.mfa_enroll_notification

MFA enrollment notification email sent. Used to notify admins MFA enrollment notification email has been sent.

email
Since: 2019.01.1

system.email.mfa_reset_notification.sent_message

Legacy event types: core.user.email.message_sent.mfa_reset_notification

MFA reset notification email sent. Used to notify admins MFA reset notification email has been sent.

email
Since: 2019.01.1

system.email.new_device_notification.sent_message

Legacy event types: core.user.email.message_sent.new_device_notification

New device signin notification email sent.

email
Since: 2016.13

system.email.password_reset.sent_message

Legacy event types: core.user.email.message_sent.self_service.password_reset

Send self-service password reset email.

email
Since: 2016.13

system.email.send_factor_verify_message

Legacy event types: system.email.send_factor_verify_message

An email was sent to a user for verification. Used to notify admins that an email was sent to a user for verification. When fired, this event contains information about the token lifetime in the debugData.

email
Since: 2019.07.0

system.feature.ea_auto_enroll

Legacy event types: core.feature.auto_enroll

Fired when an org has subscribed to or unsubscribed from EA Feature Auto Enroll. This can be used to understand the status of EA Feature Auto Enroll subscription and identify who has made changes to the subscription. When fired, this event contains information about the status of EA Feature Auto enroll subscription, as well as the admin who made any subscription changes.

adminself-service-feature-managementsystem
Since: 2019.03.1

system.import.clear.unconfirmed.users.summary

Legacy event types: system.import.clear.unconfirmed.users.summary

Clear Unconfirmed Imported Users. Can be used for clearing unconfirmed imported users from last import result. Note that a single event is fired for clearing unconfirmed imported users instead of fire delete event on each user.

app
Since: 2019.01.1

system.import.complete

Legacy event types: app.generic.import.complete

Import process complete.

event-hook-eligibleimportsystem
Since: 2016.14

system.import.complete_batch

Legacy event types: app.generic.import.batch.complete

Batch import process complete.

importsystem
Since: 2016.14

system.import.custom_object.complete

Legacy event types: app.generic.import.summary.custom_object

Import of custom objects completed.

importsystem
Since: 2016.14

system.import.custom_object.create

Legacy event types: app.generic.import.details.add_custom_object

Create custom object triggered by import process.

importsystem
Since: 2016.14

system.import.custom_object.delete

Legacy event types: app.generic.import.details.update_custom_object

Delete custom object triggered by import process.

importsystem
Since: 2016.14

system.import.custom_object.update

Legacy event types: app.generic.import.details.delete_custom_object

Update custom object triggered by import process.

importsystem
Since: 2016.14

system.import.group.complete

Legacy event types: app.generic.import.summary.group

Import of groups completed.

importsystem
Since: 2016.14

system.import.group.create

Legacy event types: app.generic.import.details.add_group

Create group triggered by import process.

importsystem
Since: 2016.14

system.import.group.delete

Legacy event types: app.generic.import.details.delete_group

Remove group triggered by import process.

importsystem
Since: 2016.14

system.import.group.start

Legacy event types: app.generic.import.import_groups

Start importing groups from refreshing AppGroups.

importsystem
Since: 2016.14

system.import.group.update

Legacy event types: app.generic.import.details.update_group

Update group triggered from import process.

importsystem
Since: 2016.14

system.import.group_membership.complete

Legacy event types: app.generic.import.summary.group_membership

Import of application group members completed.

importsystem
Since: 2016.14

system.import.import_profile

Legacy event types: app.user_management.importing_profile, app.user_management.importing_profile_failed.email_length, app.user_management.importing_profile_failed.missing_externalid

Import user profile triggered by import process.

importsystem
Since: 2016.14

system.import.import_provisioning_info

Legacy event types: app.generic.import.provisioning_data

Import provisioning info triggered by import process.

importsystem
Since: 2016.14

system.import.roadblock

Legacy event types: app.generic.import.fail.roadblock

Import roadblock triggered due to exceeded threshold.

importsystem
Since: 2016.14

system.import.roadblock.reschedule_and_resume

Legacy event types: app.generic.import.fail.roadblock.reschedule_and_resume

The affected import from AppInstance has been rescheduled. All other imports will resume.

importsystem
Since: 2017.19

system.import.roadblock.resume

Legacy event types: app.generic.import.fail.roadblock.resume

The affected import from AppInstance has been canceled. All other imports will resume.

importsystem
Since: 2017.19

system.import.start

Legacy event types: app.generic.import.started

import started.

event-hook-eligibleimportsystem
Since: 2016.14

system.import.user.complete

Legacy event types: app.generic.import.summary.user

Import of user completed.

importsystem
Since: 2016.14

system.import.user.create

Legacy event types: app.generic.import.details.add_user

Create user triggered by import process.

importsystem
Since: 2016.14

system.import.user.delete

Legacy event types: app.generic.import.details.delete_user

Delete user triggered by import process.

importsystem
Since: 2016.14

system.import.user.match

Legacy event types: app.generic.import.details.match_user

Assign user triggered by import process with callback. This event can be used to alter the matching result for a given imported user. This event is fired when the matching result is altered by the synchronous callback.

importsystem
Since: 2018.43

system.import.user.start

Legacy event types: app.generic.import.import_user

Start importing users triggered import process.

importsystem
Since: 2016.14

system.import.user.suspend

Legacy event types: app.generic.import.details.suspend_user

Suspend user triggered by import process.

importsystem
Since: 2016.24

system.import.user.unsuspend

Legacy event types: app.generic.import.details.unsuspend_user

Unsuspend user triggered by import process.

importsystem
Since: 2016.24

system.import.user.unsuspend_after_confirm

Legacy event types: app.generic.import.user_match.unsuspend_after_confirm, app.user_management.unsuspend_user_after_confirm_failed

No Description

importsystem
Since: 2016.24

system.import.user.update

Legacy event types: app.generic.import.details.update_user

Update user triggered by import process.

importsystem
Since: 2016.14

system.import.user.update_user_lifecycle_from_master

Legacy event types: app.user_management.update_user_lifecycle_from_master_failed

Update user status triggered by import process.

importsystem
Since: 2016.24

system.iwa.create

Legacy event types: iwa.created_successfully, iwa.creating_failed

Create IWA agent.

iwasystem
Since: 2016.13

system.iwa.go_offline

Legacy event types: iwa.ad_agents_went_offline

IWA going offline.

iwasystem
Since: 2016.13

system.iwa.go_online

Legacy event types: iwa.went_online

IWA going online.

iwasystem
Since: 2016.13

system.iwa.promote_primary

Legacy event types: iwa.no_agents_promoted_to_primary, iwa.promoted_to_primary

Promote IWA agent to primary.

iwasystem
Since: 2016.13

system.iwa.remove

Legacy event types: iwa.removed

Remove IWA agent.

iwasystem
Since: 2016.13

system.iwa.update

Legacy event types: iwa.updated_successfully, iwa.updating_failed

Update IWA agent.

iwasystem
Since: 2016.13

system.iwa.use_default

Legacy event types: iwa.primary_not_found

No primary IWA app found. Using default login.

iwasystem
Since: 2016.13

system.iwa_agentless.auth

Legacy event types: iwa.agentless.auth.failure, iwa.agentless.auth.success

Agentless IWA authentication.

iwasystem
Since: 2018.22

system.iwa_agentless.redirect

Legacy event types: iwa.agentless.auth.redirect.defaultloginpage, iwa.agentless.auth.redirect.onpremiwa

Fired when an Agentless DSSO authentication is redirected to an onprem IWA authentication or the default login page. This can be used to identify when an agentless authentication request resulted in a redirect to an onprem IWA or default login page. This can also be used to identify the potential cause of the redirect. When fired, this event contains information about the potential cause of the redirect.

iwasystem
Since: 2019.05.4

system.iwa_agentless.update

Legacy event types: iwa.agentless.update.failure, iwa.agentless.update.success

Update to agentless IWA.

iwasystem
Since: 2018.22

system.iwa_agentless.user.not_found

Legacy event types: iwa.agentless.auth.failed.client_principal_id.invalid, iwa.agentless.auth.failed.user.multiple_user_found, iwa.agentless.auth.failed.user.not_found

Fired when a user could not be found during Agentless DSSO authentication, resulting in an authentication failure. This can be used to identify when an agentless authentication request resulted in a failure. The failure could be due to the user not being found in Okta, Okta not being able to connect to AD, or the user not being found in AD. This can also be used to identify the potential cause of the failure. When fired, this event contains information about the potential cause of the failure.

iwasystem
Since: 2019.08.0

system.iwa_agentless_kerberos.update

Legacy event types: iwa.agentless.kerberos.update.failure, iwa.agentless.kerberos.update.success

Fires when a Kerberos realm settings is updated by an admin. This event fires when the update is successful or fails. This can be used to audit Kerberos realm setting, and troubleshoot why Kerberos authentication failed. When fired, this event indicates whether Kerberos realm setting update has been successful or failed. This event also indicates the initiator of the event and the current setting for Kerberos Realm. Related events: none, all debugging context is included in this event.

iwasystem
Since: 2019.05.4

system.ldapi.bind

Legacy event types: system.ldapi.bind

Fired when a user performs a BIND to LDAP Interface. Can be used to identify when a user attempted to perform an LDAP authentication for audit or debugging purposes. Note that the firing of this event is subject to LDAPi event filtering rules.

ldapi
Since: 2018.10

system.ldapi.search

Legacy event types: system.ldapi.search

Fired when a user performs a SEARCH to LDAP Interface. Can be used to identify when a user attempted to perform a search on LDAP Interface for audit or debugging purposes. Note that the firing of this event is subject to LDAPi event filtering rules.

ldapi
Since: 2018.10

system.ldapi.unbind

Legacy event types: system.ldapi.unbind

Fired when a user performs an UNBIND to LDAP Interface. Can be used to identify when a user attempted to end an LDAP Interface session for audit or debugging purposes. Note that the firing of this event is subject to LDAPi event filtering rules.

ldapi
Since: 2018.10

system.org.lifecycle.create

Legacy event types: core.org.config.org_creation.failure, core.org.config.org_creation.success

Org creation.

system
Since: 2016.51

system.org.rate_limit.expiration.warning

Legacy event types: core.framework.ratelimit.expiration.warning

Rate limit approaching expiration date.

system
Since: 2018.35

system.org.rate_limit.violation

Legacy event types: core.framework.ratelimit.exceeded

Rate limit violation.

system
Since: 2017.02

system.org.rate_limit.warning

Legacy event types: core.framework.ratelimit.warning

Rate limit warning.

system
Since: 2017.02

system.org.task.remove

Legacy event types: core.org.task.remove

Tasks removed.

system
Since: 2017.33

system.sms.send_account_unlock_message

Legacy event types: core.user.sms.message_sent.self_service.account_unlock

Send self-service account unlock SMS message.

smssystem
Since: 2016.12

system.sms.send_factor_verify_message

Legacy event types: core.user.sms.message_sent.factor

Send second factor auth SMS.

smssystem
Since: 2016.12

system.sms.send_okta_push_verify_message

Legacy event types: core.user.sms.message_sent.push_verify.activation

Send activate Okta Verify Push for mobile SMS.

smssystem
Since: 2016.12

system.sms.send_password_reset_message

Legacy event types: core.user.sms.message_sent.self_service.password_reset

Send self-service password reset SMS message.

smssystem
Since: 2016.12

system.sms.send_phone_verification_message

Legacy event types: core.user.sms.message_sent.verify

Send phone verification SMS message.

event-hook-eligiblesmssystem
Since: 2016.12

system.voice.send_account_unlock_call

Legacy event types: core.user.call_to_send_otp.message_sent.self_service.account_unlock

Send self-service account unlock call.

voice
Since: 2017.44

system.voice.send_call

Legacy event types: core.user.call_made.factor

Send phone call.

voice
Since: 2017.44

system.voice.send_mfa_challenge_call

Legacy event types: core.user.call_to_send_otp.message_sent.mfa.challenge

Send second factor auth call.

voice
Since: 2017.44

system.voice.send_password_reset_call

Legacy event types: core.user.call_to_send_otp.message_sent.self_service.password_reset

Send self-service password reset call.

voice
Since: 2017.44

system.voice.send_phone_verification_call

Legacy event types: core.user.call_to_send_otp.message_sent.verify

Send phone verification call.

event-hook-eligiblevoice
Since: 2017.44

task.lifecycle.activate

Legacy event types: platform.task.lifecycle.activate

Activated system task.

task
Since: 2018.15

task.lifecycle.create

Legacy event types: platform.task.lifecycle.create

Created system task.

task
Since: 2018.15

task.lifecycle.deactivate

Legacy event types: platform.task.lifecycle.deactivate

Deactivated system task.

task
Since: 2018.15

task.lifecycle.delete

Legacy event types: platform.task.lifecycle.delete

Deleted system task.

task
Since: 2018.15

task.lifecycle.update

Legacy event types: platform.task.lifecycle.update

Updated system task.

task
Since: 2018.15

user.account.access_super_user_app

Legacy event types: core.user_auth.super_user_app_accessed

Access super user in Okta.

accountuser
Since: 2016.15

user.account.lock

Legacy event types: core.user_auth.account_locked

Auto-lock user account for Okta.

accountuser
Since: 2016.02

user.account.lock.limit

Legacy event types: user.account.lock.limit

This event is fired when a user account has reached the lockout limit. The account will not auto-unlock and a user or client cannot gain access to the account. This event indicates an account that will not be able to log in until remedial action is taken by the account admin. This event can be used to understand the specifics of an account lockout. Often this indicates a client application that is repeatedly attempting to authenticate with invalid credentials such as an old password.

accountuser
Since: 2019.05.0

user.account.privilege.grant

Legacy event types: core.user.admin_privilege.granted

Grant user privilege.

user
Since: 2016.15

user.account.privilege.revoke

Legacy event types: core.user.admin_privilege.revoked

Revoke user privilege.

user
Since: 2016.15

user.account.reset_password

Legacy event types: core.user.config.user_status.password_reset, core.user_auth.self_service.password_reset, core.user_auth.self_service.password_reset.invalid_recovery_token, core.user_auth.self_service.password_reset.invalid_security_answer, core.user_auth.self_service.password_reset.invalid_sms_code, core.user_auth.self_service.password_reset.invalid_user_state, core.user_auth.self_service.password_reset.issued_recovery_token, core.user_auth.self_service.password_reset.shared_email, core.user_auth.self_service.password_reset.suspended_user, core.user_auth.self_service.password_reset.unknown_user

User reset password for Okta (by admin).

accountevent-hook-eligibleuser
Since: 2016.15

user.account.unlock

Legacy event types: core.user_auth.account_auto_unlocked, core.user_auth.self_service.account_unlock, core.user_auth.self_service.account_unlock.already_unlocked, core.user_auth.self_service.account_unlock.invalid_recovery_token, core.user_auth.self_service.account_unlock.invalid_security_answer, core.user_auth.self_service.account_unlock.invalid_sms_code, core.user_auth.self_service.account_unlock.shared_email, core.user_auth.self_service.account_unlock.unknown_user

Auto-unlock user account for Okta.

accountuser
Since: 2016.15

user.account.unlock_by_admin

Legacy event types: core.user_auth.account_unlocked_by_admin

User account unlock by admin.

accountuser
Since: 2016.15

user.account.unlock_failure

Legacy event types: core.user_auth.user.account.unlock_failure

Failed to schedule unlock job for user.

accountuser
Since: 2018.23

user.account.unlock_token

Legacy event types: core.user_auth.self_service.account_unlock.issued_recovery_token

Issued recovery token for self-service account unlock.

accountuser
Since: 2017.47

user.account.update_password

Legacy event types: core.user.config.password_update.failure, core.user.config.password_update.success

User update password for Okta.

accountevent-hook-eligibleuser
Since: 2016.15

user.account.update_primary_email

Legacy event types: core.user.config.update_primary_email

User primary email updated.

accountuseruser-config
Since: 2018.05

user.account.update_profile

Legacy event types: core.user.config.profile_update.success

Update user profile for Okta.

accountevent-hook-eligibleuseruser-config
Since: 2016.02

user.account.update_secondary_email

Legacy event types: core.user.config.update_secondary_email

User secondary email updated.

accountuseruser-config
Since: 2018.25

user.account.use_token

Legacy event types: core.user_auth.self_service.invalid_recovery_token

Invalid self service recovery token used by user.

accountuser
Since: 2016.15

user.authentication.auth

Legacy event types: core.user_auth.invalid_certificate, core.user_auth.login_failed, core.user_auth.login_success

Authenticate user.

user
Since: 2016.02

user.authentication.auth_via_AD_agent

Legacy event types: app.ad.agent.user_auth, app.ad.agent.user_auth.error, app.ad.login.bad_password, app.ad.login.expired_password, app.ad.login.locked_account, app.ad.login.success, app.ad.login.unknown_failure, app.ad.outbound.delauth.no_connected_agent, app.ad.outbound.delauth.timeout

Authenticate user with AD agent.

directoryuser
Since: 2016.18

user.authentication.auth_via_IDP

Legacy event types: core.user_auth.idp.cannot_update_user_profile_or_groups, core.user_auth.idp.cannot_update_user_profile_or_groups.server_read_only, core.user_auth.idp.general_schema_warning, core.user_auth.idp.invalid_user_status, core.user_auth.idp.login_failed, core.user_auth.idp.multiple_matching_users, core.user_auth.idp.no_matching_users, core.user_auth.idp.saml.assertion_received_same_assertion_id, core.user_auth.idp.saml.login_success, core.user_auth.idp.saml.response_received_in_response_to_no_matching_key, core.user_auth.idp.saml.saml_validation_failed, core.user_auth.idp.saml.unknown_endpoint, core.user_auth.idp.saml.unknown_profile_attribute, core.user_auth.idp.username_filtered, core.user_auth.idp.username_transform_failed, core.user_auth.idp.x509.login_success

Authenticate user via IDP.

user
Since: 2016.18

user.authentication.auth_via_LDAP_agent

Legacy event types: app.ldap.login.bad_password, app.ldap.login.disabled_account, app.ldap.login.expired_password, app.ldap.login.locked_account, app.ldap.login.success, app.ldap.login.unknown_failure

Authenticate user via LDAP agent.

directoryuser
Since: 2016.18

user.authentication.auth_via_inbound_SAML

Legacy event types: core.user_auth.saml2.inbound_saml_login_failed

Authenticate user via inbound SAML.

user
Since: 2016.27

user.authentication.auth_via_inbound_delauth

Legacy event types: app.inbound_del_auth.failure.account_not_found, app.inbound_del_auth.failure.duplicate_accounts_found, app.inbound_del_auth.failure.instance_not_found, app.inbound_del_auth.failure.invalid_login_credentials, app.inbound_del_auth.failure.invalid_request.could_not_parse_credentials, app.inbound_del_auth.failure.not_supported

Authenticate user via inbound delauth.

user
Since: 2016.02

user.authentication.auth_via_iwa

Legacy event types: iwa.auth, iwa.invalid_certificate, iwa.invalid_token, iwa.invalid_xml_signature, iwa.no_certificate

Authenticate user via IWA.

user
Since: 2016.02

user.authentication.auth_via_mfa

Legacy event types: core.user.factor.attempt_fail, core.user.factor.attempt_success, core.user_auth.duo.disabled_lockout, core.user_auth.duo.duo_down, core.user_auth.duo.invalid_integration

Authentication of user via MFA.

mfa
Since: 2016.02

user.authentication.auth_via_radius

Legacy event types: core.user_auth.radius.login.failed, core.user_auth.radius.login.succeeded

Authentication of user via Radius.

appradius
Since: 2016.18

user.authentication.auth_via_richclient

Legacy event types: app.rich_client.account_not_found, app.rich_client.instance_not_found, app.rich_client.invalid_org, app.rich_client.login_failure, app.rich_client.login_success, app.rich_client.multiple_accounts_found

Authentication of a user via Rich Client.

user
Since: 2016.18

user.authentication.auth_via_social

Legacy event types: core.user_auth.idp.social.cannot_acquire_access_token, core.user_auth.idp.social.cannot_acquire_profile, core.user_auth.idp.social.invalid_userinfo_response, core.user_auth.idp.social.jit_callout_denied_by_callout, core.user_auth.idp.social.jit_callout_redirect, core.user_auth.idp.social.jit_callout_response_invalid, core.user_auth.idp.social.jit_callout_success, core.user_auth.idp.social.jit_error, core.user_auth.idp.social.link_callout_denied_by_callout, core.user_auth.idp.social.link_callout_redirect, core.user_auth.idp.social.link_callout_response_invalid, core.user_auth.idp.social.link_callout_success, core.user_auth.idp.social.link_denied_for_groups, core.user_auth.idp.social.login_success

Authenticate user with social login.

user
Since: 2016.18

user.authentication.authenticate

Legacy event types: core.user_auth.authentication.auth_via_3rd_party_failure, core.user_auth.authentication.auth_via_3rd_party_success, core.user_auth.authentication.auth_via_okta_mobile_failure, core.user_auth.authentication.auth_via_okta_mobile_success, core.user_auth.authentication.auth_via_omm_failure, core.user_auth.authentication.auth_via_omm_success, core.user_auth.authentication.auth_via_saml_idp_failure, core.user_auth.authentication.auth_via_saml_idp_success, core.user_auth.authentication.authenticate

Authentication via device trust certificate.

device-trust-authenticationevent-hook-eligibleuser
Since: 2017.44

user.authentication.slo

Legacy event types: app.auth.slo, app.auth.slo.saml.invalid_issuer, app.auth.slo.saml.invalid_nameid, app.auth.slo.saml.invalid_signature, app.auth.slo.saml.malformed_request, app.auth.slo.saml.malformed_request.invalid_type, app.auth.slo.with_reason

User single logout out (SLO) from app.

user
Since: 2016.11

user.authentication.sso

Legacy event types: app.auth.sso

Fired when a user performs a single sign-on (SSO) to an app instance and contains the client details of the user. Can be used to identify when a user attempted to sign into an application for audit or debugging purposes. Note that the event is fired even when the sign-on is unsuccessful.

user
Since: 2016.11

user.authentication.verify

Legacy event types: user.authentication.verify

Verify user identity.

user
Since: 2017.27

user.credential.enroll

Legacy event types: core.user_auth.credential.enroll

Device Trust certificate enrollment.

device-trust-cert-distribution-and-bindingevent-hook-eligibleuser
Since: 2017.45

user.lifecycle.activate

Legacy event types: core.user.config.user_activated

Activate Okta user.

event-hook-eligibleuser
Since: 2016.13

user.lifecycle.create

Legacy event types: core.user.config.user_creation.failure, core.user.config.user_creation.success

Create Okta user.

event-hook-eligibleuser
Since: 2016.02

user.lifecycle.deactivate

Legacy event types: core.user.config.user_deactivated

Deactivate Okta user.

event-hook-eligibleuser
Since: 2016.02

user.lifecycle.delete.completed

Legacy event types: core.user.config.user_status.delete.completed

Delete Okta user completed.

user
Since: 2016.29

user.lifecycle.delete.initiated

Legacy event types: core.user.config.user_status.delete.initiated

Delete Okta user initiated.

event-hook-eligibleuser
Since: 2016.29

user.lifecycle.jit.error.read_only

Legacy event types: core.user.jit.error.read_only

Failed to JIT create user.

user
Since: 2018.06

user.lifecycle.password_mass_expiry

Legacy event types: core.user.config.user_status.password_mass_expiry

Mass expire all users' passwords initiated.

user
Since: 2018.04

user.lifecycle.reactivate

Legacy event types: core.user.config.user_reactivation.success

Reactivate Okta user.

event-hook-eligibleuser
Since: 2016.13

user.lifecycle.suspend

Legacy event types: core.user.config.user_status.suspended

Suspend Okta user.

event-hook-eligibleuser
Since: 2016.13

user.lifecycle.unsuspend

Legacy event types: core.user.config.user_status.unsuspended

Unsuspend Okta user.

event-hook-eligibleuser
Since: 2016.13

user.mfa.attempt_bypass

Legacy event types: core.user_auth.mfa_bypass_attempted

Attempt bypass of factor.

mfa
Since: 2016.11

user.mfa.factor.activate

Legacy event types: core.user.factor.activate

Activate factor for user.

mfa
Since: 2016.11

user.mfa.factor.deactivate

Legacy event types: core.user.factor.deactivate

Reset factor for user.

mfa
Since: 2016.11

user.mfa.factor.reset_all

Legacy event types: core.user.factor.reset_all

Reset all factors for user.

mfa
Since: 2016.11

user.mfa.factor.update

Legacy event types: core.user.factor.update

Update factor for user.

mfa
Since: 2016.11

user.mfa.okta_verify

Legacy event types: core.user_auth.mfa_okta_verify_response

Verify user with Okta verify.

mfa
Since: 2016.11

user.mfa.okta_verify.deny_push

Legacy event types: core.user.factor.push_rejected

User rejected Okta push verify.

mfa
Since: 2018.03

user.session.access_admin_app

Legacy event types: app.admin.sso.bad_response, app.admin.sso.login.success, app.admin.sso.no_response

User accessing Okta admin app.

adminappsessionuser
Since: 2016.14

user.session.clear

Legacy event types: core.user_auth.session_clear

Clear user session.

sessionuser
Since: 2016.15

user.session.end

Legacy event types: core.user_auth.logout_success

User logout from Okta.

event-hook-eligiblesessionuser
Since: 2016.02

user.session.expire

Legacy event types: core.user_auth.session_expired

Expire user session.

sessionuser
Since: 2016.15

user.session.impersonation.end

Legacy event types: core.user.impersonation.session.ended

End impersonation session.

sessionuser
Since: 2016.09

user.session.impersonation.extend

Legacy event types: core.user.impersonation.grant.extended

Extend impersonation session.

sessionuser
Since: 2016.09

user.session.impersonation.grant

Legacy event types: core.user.impersonation.grant.enabled

Enable impersonation grant.

sessionuser
Since: 2016.09

user.session.impersonation.initiate

Legacy event types: core.user.impersonation.session.initiated

Initiate impersonation session.

sessionuser
Since: 2016.09

user.session.impersonation.revoke

Legacy event types: core.user.impersonation.grant.revoked

Revoke impersonation grant.

sessionuser
Since: 2016.09

user.session.start

Legacy event types: core.user_auth.invalid_certificate, core.user_auth.login_denied, core.user_auth.login_failed, core.user_auth.login_failed.policy_denied, core.user_auth.login_success, core.user_auth.session_created_using_api_token, core.user_auth.session_created_using_token

User login to Okta.

event-hook-eligiblesessionuser
Since: 2016.02

zone.activate

Legacy event types: zone.activate

Network zone activate.

network-zone
Since: 2017.49

zone.create

Legacy event types: zone.create

Network zone create.

network-zone
Since: 2017.49

zone.deactivate

Legacy event types: zone.deactivate

Network zone deactivate.

network-zone
Since: 2017.49

zone.delete

Legacy event types: zone.delete

Network zone delete.

network-zone
Since: 2017.49

zone.make_blacklist

Legacy event types: zone.make_blacklist

Network zone mark as blacklist.

network-zone
Since: 2017.49

zone.remove_blacklist

Legacy event types: zone.remove_blacklist

Network zone unmark as blacklist.

network-zone
Since: 2017.49

zone.update

Legacy event types: zone.update

Network zone update.

network-zone
Since: 2017.49