Policy Reevaluate Auth Failed
Run a flow when an authentication policy reevaluation results in a policy violation.
Output
| Field | Definition | Type |
|---|---|---|
|
Date and Time |
The date and time when the event was triggered in Okta API. |
Text |
|
Message |
Message details about the event. |
Text |
|
Event ID |
The event's unique identifier key. |
Text |
|
Event Type |
The type of event that was published. |
Text |
|
Event Time |
The time stamp when the notification was delivered to the service. |
Text |
|
Version |
Versioning indicator. |
Text |
|
Severity |
The event's severity level. |
Text |
|
Risk |
||
|
Level |
The user entity's risk level.
|
Text |
|
Reasons |
The reasons that contributed to the risk level. |
Text |
|
Admin |
||
|
ID |
The ID of the Okta admin that initiated the policy reevaluation. |
Text |
|
Alternate ID |
The Okta admin's email address. |
Text |
|
Display Name |
The Okta admin's display name. |
Text |
|
Type |
The type of data returned. |
Text |
|
Detail Entry |
Additional details about the entity. |
Object |
|
Okta User |
||
|
ID |
The ID of the Okta user that failed the policy reevaluation. |
Text |
|
Alternate ID |
The Okta user's email address. |
Text |
|
Display Name |
The Okta user's display name. |
Text |
|
Type |
The type of target object. Typically User. |
Text |
|
Detail Entry |
Additional details about the entity. |
Object |
|
Policy Evaluation |
||
|
ID |
The unique identifier of the evaluated policy. |
Text |
|
Alternate ID |
The policy's alternate ID. |
Text |
|
Display Name |
The evaluated policy's display name. |
Text |
|
Detail Entry |
Additional details about the entity. |
Object |
|
Server Status |
The status of Okta servers. |
Text |
|
Behaviors |
Indicates the status (POSITIVE or NEGATIVE) of the following behaviors:
|
Object |
|
Proxy Type |
The type of proxy mode. |
Text |
|
Post Auth Enforce Mode |
The post auth enforce mode type. |
Text |
|
Tunnels |
Tunnel IP addresses. |
List of Objects |
|
Anonymizer Status |
Indicates if IP addresses are associated with known anonymizers. |
Text |
|
Threat Suspected |
If ThreatInsight is running and detects a request as suspicious, the value for this property is TRUE. |
Text |
|
UUID |
The webhook event's universal unique identifier. |
Text |
|
Event Details |
The raw JSON payload returned from the Okta API for this particular event. |
Object |
|
Headers |
An object representing the headers for the response. Each key of the header is parsed into a header string as "key: value" (Content-Type: text/plain). |
Object |
|
Source |
The source of user-specific data. |
Text |
|
Debug Context |
||
|
Debug Data |
Information on the triggered event used for debugging. For example, returned data can include a URI, risk information, or trace ID. |
Object |
Related topics
Okta ITP connector
Cards in flows