Contents x
    Okta Group Category Events
    • 24 Feb 2025
    • 4 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Okta Group Category Events

    • Updated on 24 Feb 2025
    • 4 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Axonius supports Okta Group Category Events in an Event node of a Workflow.

    You can perform actions using the Okta admin UI or by running the following Enforcement Actions for assets retrieved from the saved query supplied as a trigger or assets selected in the asset table:

    The following table lists the supported Okta Group events, their descriptions, as well as their event names in Okta. Learn more about these event types.

    Event TypeDescriptionEvent Type Name in Okta
    Privilege GrantedGroup's admin privilege was granted. This can be used to audit the provisioning of admin privileges for groups. When fired, this event contains information about the type of admin privileges the group currently has, and what entity sources the group. The group granted privileges can be an Okta sourced group, an AD-sourced group, or an LDAP-sourced group.group.privilege.grant
    Privilege RevokedGroup's admin privilege was revoked. This can be used to audit the deprovisioning of admin privileges from groups. When fired, this event indicates the group has no more admin privileges.group.privilege.revoke
    Profile UpdatedOkta group profile was updated. Events of this type can be used by an IT administrator who wants to trigger an Okta Workflow to provision groups into downstream systems. The utility of the Event type is for Provisioning use cases to downstream systems. A classic example of this is a customer who uses Okta for Office 365 LCM, and wants to push a distribution list from Okta to Office 365.group.profile.update
    Import Group CreatedCreate group was triggered by import process.system.import.group.create
    Import Group DeletedRemove group was triggered by import process.system.import.group.delete
    Add user to groupA user was added to group membership.group.user_membership.add
    Remove user from groupA user was removed from group membership.group.user_membership.remove
    • In the Okta admin management UI, add the Okta Group event types you want to monitor and use in the Workflow.
    • Whenever one of the registered events occurs in the Okta admin UI, a Webhook event is sent to the Axonius URL for Okta events. For example, if a user is added to a Group, Axonius receives a group.user_membership.add event and any Workflows configured with this event are triggered.

    Integrating Okta with Axonius

    Before Okta can begin sending Okta Group Category Events, you must configure the following in the Okta admin management UI:

    • Axonius webhook URL that is to receive Okta events.
    • Private Secure Key.
    • The event types from the above table in Okta, which you want to monitor and include in Workflows. For example, group.user_membership.add, system.import.group.create.

    Adding the Okta Group Category Events to the Workflow

    You can add Okta Group Category Events in the triggering Event node of a Workflow or in an Event node anywhere else in the Workflow, where relevant. When an event from this category occurs, the Workflow begins or continues running.

    To select Okta Group Category Events as the Workflow trigger

    1. In the Trigger Type pane, under Group Onboarded or Offboarded, click the Okta Group Category Events tile.
      OktaGroupCategoryTriggeringEvent.png

    The Workflow is triggered each time an event from this category occurs in Okta. The next node runs on the retrieved Group.

    To select Okta Group Category Events as a non-triggering event

    1. In the Event pane, under Group Onboarded or Offboarded, click the Okta Group Category Events tile.
      OktaGroupCategoryEvent.png

    In this case, when an event from the Okta Group category is created in Okta on the asset retrieved from the previous node (in the above example, the event user), an event occurs and the Workflow continues running.

    Viewing the Event Structure

    After you select the event, you can view the structure of the Events that Okta hook delivers to the Axonius Webhook URL. You can then use these Event fields to follow up on Okta Group Category Events in a Workflow, for example in triggering Event filters or in Event Conditions.

    To view the Event fields

    • In the Trigger Type or Event configuration panes for the Okta Group Category Events (see above screens), click Event Fields. A list opens of all Event field names and their field types.
      EventFieldsOktaUserAuthCategory.png

    The following describes these Event fields:

    • ID - The unique identifier of the Okta Group.
    • Type - Type of Okta Group.
    • Alternate ID - Alternate ID of the Okta Group.
    • Display Name - Display name of the Okta Group.
    • Event Type - Type of event that occurred. For example, group.user_membership.remove.
    • Event Result - Result of the event that was triggered.
    • User ID - ID of user added/removed to/from the group.
    • User Name - Username of the user added/removed to/from the group.
    • Event date - Date the event was triggered.
    • Event timestamp - Timestamp when the notification was delivered to Axonius.

    Filtering By Event Type

    This section describes how to set up your Workflow to be triggered or continued only for a specific Event Type.

    • Filter the Okta Group Category Events triggering event so that only a specific Event Type triggers the Workflow. Learn how to filter a triggering event.
      The following example shows a Workflow that is triggered only for Event Type = group.user_membership. This means that whenever a user is added to or removed from Okta group membership, an event is sent to Axonius, which triggers this Workflow.
      OktaGroupCategoryTriggerFilter.png

    • Add an Event Condition under any Okta Group Category Event event to filter it by Event Type. The workflow will only proceed for matching events.
      The following example shows a Workflow that continues on the True branch only for Event Type = group.user_membership.add. This means that whenever a a user is added to Okta group membership, the Workflow continues running on the True branch.
      OktaGroupCategoryEventCondition.png


    Was this article helpful?
    What's Next