Audit Events Integration with Okta System Log

This is an Early Access Feature. To enable it, contact Okta Support.

Advanced Server Access audit events integration with the Okta System Log lets Okta administrators access audit events directly through the System Log. Advanced Server Access administrators can use this feature to view, search, and query the System Log for specific audit events and filter them based on a specific value. This feature doesn't remove the current audit events log from Advanced Server Access.

All the Advanced Server Access audit events available in the Okta System Log are documented in the Event Types page. The audit events are prefixed with the pam namespace for easy searching and selection by event types.


View Advanced Server Access audit events in the Okta System Log

  1. In the Admin Console, go to ReportsSystem Log.

    Okta recommends assigning the lowest privileges required to view the logs, such as the Report Administrator role, to Advanced Server Access administrators who need to view audit events in the Okta System Log.

  2. Specify a date range to filter the report. Okta retains events for 90 days, so the earliest available starting date range is three months prior.

  3. Use the search filter to find your audit events. For example, you can search "(PAM)" to list all Advanced Server Access audit events. See System Log filters and search for more information.

  4. Click the search icon to generate the report.


The Okta System Log page displays the following information for each Advanced Server Access audit event:

Field name Field description


Timestamp of the event.


The user who initiated the event.

Event information

Details about the event. All audit events have the "(PAM)" prefix.


App integration or user that received the event or action. Depending on the event type, there maybe one or more target type. For example, when you create a group, the group itself will be a target and the team will be another target.

Related topics