• Version
• Download 48
• File Size 9.10 KB
• File Count 1
• Create Date June 24, 2024
• Last Updated June 24, 2024

OIG Access Requests Syslog Reporting

This file provides some basic information for this sample set of workflows.

** This is sample code only, and not officially supported by Okta **

Pre-reqs

Prior to using these flows you will need the following

• Okta Identity Governance installed, and events from Access Requests in the Okta syslog
• Okta Workflows configured for your environment
• A folder for these flows and table
• An Okta connector configured
• The okta.logs.read scope granted for the Okta Workflows OAuth app in Okta

Installation

Select the folder you want to install the table/flows into and Import the .folder file

Understanding the Flows/Tables

There are three flows and one table.

The flows are:

• MAIN - Get AR Events - Empty the output table and read all syslog events with an Actor Display Name of "Okta AtSpoke Connector". The results will be streamed into the SUB flow for processing each event.
• SUB - Process single AR Event - For each matching event (i.e. event from OIG Access Requests) strip out key event details (type, name, published date/time and target list), check if it's not an OAuth token event (stop processing if it is), use the UTIL flow to check for the AppUser, AppInstance, User and UserGroup target types, and write the event to the table
• UTIL - Get Target details - For a passed target type, get the ID and name and return them

The MAIN flow is manually run in this example (but it could be scheduled) and will result in the table (AR Events) being filled with all the Access Requests events. This table could be exported to a CSV and processed in Excel.