The Okta System Log records system events related to your organization in order to provide an audit trail that can be used to understand platform activity and to diagnose problems.
referenceURL: https://developer.okta.com/docs/reference/api/system-log/
description: Unique identifier for an individual event
description: Timestamp when event was published
description: Type of event that was published
description: Versioning indicator
description: 'Indicates how severe the event is: DEBUG, INFO, WARN, ERROR'
description: Associated Events API Action objectType attribute value
description: The display message for an event
description: Describes the entity that performed an action
description: Type of actor
description: Alternative id of the actor
description: Display name of the actor
description: Details about the actor
description: Detail entry
description: The client that requested an action
description: For OAuth requests this is the id of the OAuth client making the request. For SSWS token requests, this is the id of the agent making the request.
description: The user agent used by an actor to perform an action
description: If the client is a web browser, this field identifies the type of web browser (e.g. CHROME, FIREFOX)
description: The Operating System the client runs on (e.g. Windows 10)
description: A raw string representation of the user agent, formatted according to section 5.5.3 of HTTP/1.1 Semantics and Content. Both the browser and the OS fields can be derived from this field.
- name: geographicalContext
description: The physical location where the client made its request from
description: Contains the geolocation coordinates (latitude, longitude)
description: The city encompassing the area containing the geolocation coordinates, if available (e.g. Seattle, San Francisco)
description: Full name of the state/province encompassing the area containing the geolocation coordinates (e.g. Montana, Incheon)
description: Full name of the country encompassing the area containing the geolocation coordinates (e.g. France, Uganda)
description: Full name of the country encompassing the area containing the geolocation coordinates (e.g. France, Uganda)
description: The name of the Zone that the client's location is mapped to
description: Ip address that the client made its request from
description: Type of device that the client operated from (e.g. Computer)
description: The request that initiated an action
description: If the incoming request passes through any proxies, the IP addresses of those proxies will be stored here in the format (clientIp, proxy1, proxy2, ...).
- name: geographicalContext
description: Geographical context of the IP address
description: Contains the geolocation coordinates (latitude, longitude)
description: The city encompassing the area containing the geolocation coordinates, if available (e.g. Seattle, San Francisco)
description: Full name of the state/province encompassing the area containing the geolocation coordinates (e.g. Montana, Incheon)
description: Full name of the country encompassing the area containing the geolocation coordinates (e.g. France, Uganda)
description: Full name of the country encompassing the area containing the geolocation coordinates (e.g. France, Uganda)
description: Details regarding the source
description: The outcome of an action
description: 'Result of the action: SUCCESS, FAILURE, SKIPPED, ALLOW, DENY, CHALLENGE, UNKNOWN'
description: Reason for the result, for example INVALID_CREDENTIALS
description: Zero or more targets of an action
description: ID of target
description: Type of target
description: Alternative id of the target
description: Display name of the target
description: Details about the target
description: Detail entry
description: The transaction details of an action
description: Unique identifier for this transaction.
description: Describes the kind of transaction. WEB indicates a web request. JOB indicates an asynchronous task.
description: Details for this transaction.
description: The debug request data of an action
description: Dynamic field containing miscellaneous information dependent on the event type.
- name: authenticationContext
description: The authentication data of an action
- name: authenticationProvider
description: The system that proves the identity of an actor using the credentials provided to it
- name: authenticationStep
description: The zero-based step number in the authentication pipeline. Currently unused and always set to 0.
- name: credentialProvider
description: A credential provider is a software service that manages identities and their associated credentials. When authentication occurs via credentials provided by a credential provider, that credential provider will be recorded here.
description: The underlying technology/scheme used in the credential
description: The specific software entity that created and issued the credential.
description: Varies depending on the type of authentication. If authentication is SAML 2.0, id is the issuer in the SAML assertion. For social login, id is the issuer of the token.
description: Information regarding issuer and source of the SAML assertion or token.
- name: externalSessionId
description: A proxy for the actor's session ID
description: The third party user interface that the actor authenticates through, if any.
- name: authenticatorProvider
description: 'DEPRECATED: This field is kept here for backwards compatibility.'
description: The security data of an action
description: Autonomous system number associated with the autonomous system that the event request was sourced to
description: Organization associated with the autonomous system that the event request was sourced to
description: Internet service provider used to sent the event's request
description: The domain name associated with the IP address of the inbound event request
description: Specifies whether an event's request is from a known proxy