Audit Events Integration with Okta System Log

Okta Privileged Access audit events integration with the Okta System Log lets Okta administrators access audit events directly through the System Log. Okta Privileged Access administrators can use this feature to view, search, and query the System Log for specific audit events and filter them based on a specific value.

All the Okta Privileged Access audit events available in the Okta System Log are documented in the Event Types page. The audit events are prefixed with the pam namespace for easy searching and selection by event types.

Prerequisites

View Okta Privileged Access audit events in the Okta System Log

  1. In the Admin Console, go to ReportsSystem Log.

    Okta recommends assigning the lowest privileges required to view the logs, such as the Report Administrator role, to Okta Privileged Access administrators who need to view audit events in the Okta System Log.

  2. Specify a date range to filter the report. Events are retained byOktaretains events for 90 days, so the earliest available starting date range is three months prior.

  3. Use the search filter to find your audit events. For example, you can search "(PAM)" to list all Okta Privileged Access audit events. See System Log filters and search for more information.

  4. Click the search icon to generate the report.

Results

The Okta System Log page displays the following information for each Okta Privileged Access audit event:

Feature Field description

Time

Timestamp of the event.

Actor

The user who initiated the event.

Event information

Details about the event. All audit events have the "(PAM)" prefix.

Target

App integration or user that received the event or action. Depending on the event type, there maybe one or more target type. For example, when you create a group, the group itself will be a target and the team will be another target.

Related topics

System Log