OKTA-727230 Add new event type #4817
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
brianduffield-okta
requested review from
susanharper-okta,
kimmaida-okta,
janethu-okta,
grahamsmith-okta,
barbaravo-okta,
emikhasyak-okta and
paulwallace-okta
as code owners
|
Semgrep found 1 Property decoded from JWT token without verifying and cannot be trustworthy. Ignore this finding from react-jwt-decoded-property. |
barbaravo-okta
previously approved these changes
Jun 5, 2024
| | RuleAction | The configured action to respond to the risk. Values include `TERMINATE_ALL_SESSIONS` or `RUN_WORKFLOW`. If the action is `TERMINATE_ALL_SESSIONS`, no further properties appear. If the action is `RUN_WORKFLOW`, the `WorkflowId` appears. | ENUM | `RUN_WORKFLOW` | | ||
| | **target.DetailEntry** (Rule) | | | | | ||
| | RuleAction | The configured action to respond to the risk. Values include `TERMINATE_SESSION` or `RUN_WORKFLOW`. | Enum | `TERMINATE_SESSION` | | ||
| | SingleLogOutEnabled | For a `RuleAction` of `TERMINATE_SESSION`, and if `true`, a continuous access evaluation violation enforces application logout. | Boolean | `true` | |
There was a problem hiding this comment.
Suggested change
| | SingleLogOutEnabled | For a `RuleAction` of `TERMINATE_SESSION`, and if `true`, a continuous access evaluation violation enforces application logout. | Boolean | `true` | | |
| | SingleLogOutEnabled | For a `RuleAction` of `TERMINATE_SESSION`, and if `true`, a continuous access evaluation violation enforces app logout. | Boolean | `true` | |
| | **target** (Policy) | The entity risk policy | Object | | | ||
| | type | The type of target object | String | Policy | | ||
| | **target** (Rule) | The rule of the entity risk policy | | | | ||
| | **target** (Rule) | The rule associated with the continuous access evaluation | Object | | |
There was a problem hiding this comment.
Continuous access has been renamed - Nikita has more information about this.
There was a problem hiding this comment.
Thanks, yeah, for 2024.06.0 we're not updating dev docs, but it's on the to-do list. I'll keep things the same for this pr. It will get updated. Thanks
| | **target.DetailEntry** (Rule) | | | | | ||
| | RuleAction | The configured action to respond to the risk. Values include `TERMINATE_SESSION` or `RUN_WORKFLOW`. | Enum | `TERMINATE_SESSION` | | ||
| | SingleLogOutEnabled | For a `RuleAction` of `TERMINATE_SESSION`, and if `true`, a continuous access evaluation violation enforces application logout. | Boolean | `true` | | ||
| | SingleLogOutSelectionMode | For a `RuleAction` of `TERMINATE_SESSION`, the options of the application logout, either all applications, specific applications, or none. Values can be: `NONE`, `ALL`, or `SPECIFIED`. | Enum | `ALL` | |
There was a problem hiding this comment.
Suggested change
| | SingleLogOutSelectionMode | For a `RuleAction` of `TERMINATE_SESSION`, the options of the application logout, either all applications, specific applications, or none. Values can be: `NONE`, `ALL`, or `SPECIFIED`. | Enum | `ALL` | | |
| | SingleLogOutSelectionMode | For a `RuleAction` of `TERMINATE_SESSION`, the options of the app logout, either all apps, specific apps, or none. Values can be: `NONE`, `ALL`, or `SPECIFIED`. | Enum | `ALL` | |
| | Key event properties | Description | Data type | Example values | | ||
| | --------------------- | --------------------------------------------------- | -------------- | -------------- | | ||
| | **event.system.debugContext.debugData** | | | | | ||
| | AppInstanceIds |A list of application IDs that Okta triggered for Universal Logout | Array of IDs | ["0oa1ysra5y0ESChAr0h8"] | |
There was a problem hiding this comment.
Suggested change
| | AppInstanceIds |A list of application IDs that Okta triggered for Universal Logout | Array of IDs | ["0oa1ysra5y0ESChAr0h8"] | | |
| | AppInstanceIds |A list of app IDs that Okta triggered for Universal Logout | Array of IDs | ["0oa1ysra5y0ESChAr0h8"] | |
| | --------------------- | --------------------------------------------------- | -------------- | -------------- | | ||
| | **event.system.debugContext.debugData** | | | | | ||
| | AppInstanceIds |A list of application IDs that Okta triggered for Universal Logout | Array of IDs | ["0oa1ysra5y0ESChAr0h8"] | | ||
| | TraceId | The `TraceId` is used in continuous access evaluation use cases. A request that triggers a CAE evaluation can ultimately trigger things like CAE action events - and those are executed from the async jobs. `TraceId` connects together events triggered both by the original request handler and from the async jobs triggered by this handler. | String | `94384405-51e3-4e13-b8b0-ba857b585a63` | |
There was a problem hiding this comment.
We don't use the term "CAE" anywhere
There was a problem hiding this comment.
Thanks, did a search for all and replaced them.
| | IPAddress | IP address | | | | ||
|
|
||
| ### user.authentication.universal_logout.scheduled | ||
|
|
||
| **Description:** This event triggers only when an admin manually triggers the Universal Logout against an app instance. It contains the location of the admin and the context of the universal logout, that is, from where and how the Universal Logout API was triggered. This event is only triggered once. You can co-relate this event with the `user.authentication.universal_logout` event using the `traceID` found under `DebugData` for both events. |
There was a problem hiding this comment.
Suggested change
| **Description:** This event triggers only when an admin manually triggers the Universal Logout against an app instance. It contains the location of the admin and the context of the universal logout, that is, from where and how the Universal Logout API was triggered. This event is only triggered once. You can co-relate this event with the `user.authentication.universal_logout` event using the `traceID` found under `DebugData` for both events. | |
| **Description:** This event triggers only when an admin manually triggers the Universal Logout against an app instance. It contains the location of the admin and the context of the Universal Logout, that is, from where and how the Universal Logout API was triggered. This event is only triggered once. You can co-relate this event with the `user.authentication.universal_logout` event using the `traceID` found under `DebugData` for both events. |
There was a problem hiding this comment.
Should "co-related" be correlate?
There was a problem hiding this comment.
Yes, that works far better.
| | Key event properties | Description | Data type | Example values | | ||
| | --------------------- | --------------------------------------------------- | -------------- | -------------- | | ||
| | **event.system.debugContext.debugData** | | | | | ||
| | TraceId | The `TraceId` is used in continuous access evaluation use cases. A request that triggers a CAE evaluation can ultimately trigger things like CAE action events - and those are executed from the async jobs. `TraceId` connects together events triggered both by the original request handler and from the async jobs triggered by this handler. | String | `94384405-51e3-4e13-b8b0-ba857b585a63` | |
| | --------------------- | --------------------------------------------------- | -------------- | -------------- | | ||
| | **event.system.debugContext.debugData** | | | | | ||
| | TraceId | The `TraceId` is used in continuous access evaluation use cases. A request that triggers a CAE evaluation can ultimately trigger things like CAE action events - and those are executed from the async jobs. `TraceId` connects together events triggered both by the original request handler and from the async jobs triggered by this handler. | String | `94384405-51e3-4e13-b8b0-ba857b585a63` | | ||
| | **target** (User) | The user impacted by the universal logout | Object | | |
There was a problem hiding this comment.
Suggested change
| | **target** (User) | The user impacted by the universal logout | Object | | | |
| | **target** (User) | The user impacted by the Universal Logout | Object | | |
| | TraceId | The `TraceId` is used in continuous access evaluation use cases. A request that triggers a CAE evaluation can ultimately trigger things like CAE action events - and those are executed from the async jobs. `TraceId` connects together events triggered both by the original request handler and from the async jobs triggered by this handler. | String | `94384405-51e3-4e13-b8b0-ba857b585a63` | | ||
| | **target** (User) | The user impacted by the universal logout | Object | | | ||
| | type | The type of target object | String | User | | ||
| | **actor** | The admin or system principal that triggers universal logout | Object | | |
There was a problem hiding this comment.
Suggested change
| | **actor** | The admin or system principal that triggers universal logout | Object | | | |
| | **actor** | The admin or system principal that triggers Universal Logout | Object | | |
| | EndedSessionId | The session ID that is ended for the target user | String | `idxffK-esRDSrC5m0ly-Kma9A ` | | ||
| | TraceId | A unique ID that is used across a single flow of ITP events to easily correlate them all into one System Log query | String | `e1214f29-e6b3-4698-b3be-4bccaadf1937` | | ||
| | ThreatSuspected | If ThreatInsight is running and detects a request as suspicious, the value for this property is `true`. | Boolean | | | ||
| | Url | The log-out URL from the end user or admin actor | String | | |
There was a problem hiding this comment.
Suggested change
| | Url | The log-out URL from the end user or admin actor | String | | | |
| | Url | The logout URL from the end user or admin actor | String | | |
brianduffield-okta
added
the
docs release
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Resolves: