Audit events

Note:

End of sale announcement

Effective May 1, 2026, Okta will no longer sell or renew Advanced Server Access. Existing customers must migrate to Okta Privileged Access within one year of their next scheduled renewal date to maintain service.

Read the FAQ and learn more about Okta Privileged Access.

Advanced Server Access allows you to communicate within your team by keeping detailed logs of a wide range of configuration, enrollment, authentication, and authorization events that occur within the product and on your servers. Examples of this are details concerning who is attempting connections, when they took place, team settings changes, and issued credentials. Audited events are listed in the Audits tab for every user, operating system, and project in your team.

To view a list of all audited events, from your Advanced Server Access dashboard, go to Logging and click Audits. The Audits page appears.

Note:

Advanced Server Access retains audit log events for 90 days. If you wish to archive audit log events for a longer period of time, Okta recommends that you ingest them into your security event information management (SEIM) solution. This can be accomplished by integrating with the ASA Audit Log API.

The Audits page displays the following information for each event:

Field name	Description
Resource	Identifies the primary user or resource impacted by the event.
Action	Specifies the specific event being recorded.
Related Info	Lists any other resources impacted by the event. This is usually a specific project, group, client, or sever where the event occurs.
Actor	Identifies the user who initiated the event.
Date	Identifies the general time when Advanced Server Access recorded the event.

Resource - The user or resource that was affected.
Action - What action was taken, whether it was accessing a resource or issuing credentials.
Related Info - What project or server this action took place.
Actor - Who committed the action.
Date - When the action took place.