How can I correlate Okta App Group ids with Okta User Group Ids

Hi,

Is there some way for us to make an API call to obtain the Okta Group Id for a group given an “Okta App Group Id”?

Background Info:

We are currently ingesting the “app.user_management” events from Okta’s System Log to determine when a user is added to or removed from an externally controlled Okta User Group (App Group).

To determine which user was added to which group we are looking at the “target” array property on the “app.user_management” event.

As seen in the excerpt below, this array contains elements representing the entities involved in the “app.user_management” event.

"target": [{
"id": "0ukdskskfdasksda0h7",
"type": "AppUser",
"alternateId": "[gquick@email.me](mailto:gquick@email.me)",
"displayName": "A Google Team Name",
"detailEntry": null
}, {
"id": "AGdskskfdasksda0h7",
"type": "AppGroup",
"alternateId": "016643r33uttvm9",
"displayName": "squeezers",
"detailEntry": null
}, {
"id": "00udskskfdasksdaDc0h7",
"type": "User",
"alternateId": "[gquick@email.me](mailto:gquick@email.me)",
"displayName": "Gone Quick",
"detailEntry": null
}, {
"id": "0oadskskfdasksdaB0h7",
"type": "AppInstance",
"alternateId": "G Suite 1",
"displayName": "G Suite",
"detailEntry": null
}]

In our particular use case, we are interested in obtaining the Okta User id of the User added/removed from the App Group and the Okta Group Id of that App Group.

We were able to successfully obtain the Okta User Id via the “id” property of the array entry with “type” == “User”.

However, the “id” property of the array entry with “type” == “AppGroup” doesn’t match the Okta Group Id of the affected group.

After digging around, we were able to identify an “app.user_management.user_group_import.upsert_success” event type that appeared to correlate “AppGroup Ids” with Okta Group Ids.

However since the Okta System Log only goes back a couple of months, we can’t use this event for Okta App Groups that were imported before the Okta System Log ends.

Is there some way for us to make an API call to obtain the Okta Group Id for a group given an “Okta App Group Id”?