Okta Event Hooks (Filtering) Okta User Querying (Filtering)

I want to create a log of all activation / password changing related activity for users on my application.

Problem: Okta event hooks read from system log which is “global” in a sense and gathers all account activity information for all users in the okta instance. I need all users of only a single application.

Currently it doesn’t seem like there is a way to filter out activity by application. Is there?

So instead I thought of taking a polling approach where I query for all users under an application id.

Problem: Currently when querying users with application you have 4 fields to “filter” on, lastname, firstname, email, and username. This does not support filtering user info on time related fields.



has the available filters:

lastUpdated eq “yyyy-MM-dd’T’HH:mm:ss.SSSZ” - Users last updated before a specific timestamp
lastUpdated lt “yyyy-MM-dd’T’HH:mm:ss.SSSZ” - Users last updated at a specific timestamp
lastUpdated gr “yyyy-MM-dd’T’HH:mm:ss.SSSZ” - Users last updated after a specific timestamp



has the available “filtering”:

The value of q is matched against an application user profile’s userName, firstName, lastName, and email. Note: This operation only supports startsWith that matches what the string starts with to the query.

Really what I want to avoid is polling users from different applications in my organization that are using the same okta instance.

If I understand correctly you would like a way to log all users who change their Okta passwords and also have a specific application assigned to them? Or is your application a SWA app with unique passwords set by the users?

I am assuming it is the first, but if you could verify.

You are correct that an event hook is global. So if you create a hook for users assigned an application it would fire for all apps.

Yes you are correct, but perhaps I misled you.

Yes I want to log user’s activity data for an application. But I want to do so only for a single application in my organization’s Okta instance, which has several applications for which we do not want to gather data. For this reason, and as you stated above, event hooks are global; I cannot gather activity data from the system log for users only assigned to a single application. This is the heart of my query.

There are two different ways I can think of to go about this.

  1. Without hooks
  • periodically have a job use the Okta App APIs to query for all the users of your particular application.

  • use the events API to query for all events you are interested in, but discard any events where a user id is not part of the list you collected in the first part

  1. With Hooks
  • The API that your hooks connect to would run the same above /app API to gather all users assigned your app

  • Then subscribe to event hooks interested in (activation/password change, etc) and filter users not interested in. Also make sure to setup the event hook of whenever a user is added/removed from your app so you could update the list dynamically.