System Log events for access control
The role-based access control (RBAC) feature introduces four new event types to the System Log.
-
workflows.user.role.user.add
-
workflows.user.role.user.remove
-
workflows.user.role.group.add
-
workflows.user.role.group.remove
These events happen when an Okta super admin or a Workflows Administrator manually changes the role for a user or group in the Workflows Console.
Any admin or security team member can use these events to monitor the addition or removal of a role to an Okta user or group. The event payload includes information about both the role that changed and the user or group that was impacted.
Changing multiple roles in a single action creates individual System Log events for each change.
View System Log events
-
In the Admin Console, go to .
- Use the Search field to add the specific event type query in the System Log.
- Configure a date range, if required.
- Click the magnifying glass icon beside the Search field.
-
Paste any of the following queries into the System Log Search field to find events where the Workflows role changed:
Query
Display message
eventType eq "workflows.user.role.user.add"
Role added to user
eventType eq "workflows.user.role.user.remove"
Role removed from user
eventType eq "workflows.user.role.group.add"
Role added to group
eventType eq "workflows.user.role.group.remove"
Role removed from group
Other System Log events related to these Okta Workflows access control events:
-
application.user_membership.add
-
application.user_membership.remove