Suspicious Activity Reported

Trigger a Flow when suspicious activity is reported in Okta API.

Unless otherwise indicated, field types are text.


  • Date and Time: The date and time the webhook event was published.

  • Name: The name of the user who reported suspicious activity.

  • Email: The email address of the reporter.

  • User ID: The ID of the reporter.

  • Suspicious Activity Details: Details about the suspicious activity reported.

  • Event Details (object): The raw JSON payload returned from the Okta API for this particular event.

  • Headers (object): The object representing the headers for the response; each key of the header will be parsed into a header string as "key: value" (Content-Type: text/plain).

  • Source (object): The source of user-specific data.
  • Debug Context
    • Debug Data: (object) The information on the triggered event used for debugging; for example, returned data can include a URI, an SMS provider, or transaction ID.

Related topics

Okta connector

About the elements of Okta Workflows

Okta API