Pull logs tied to a specific group


#1

Hi there,

We are trying to gather OKTA data via Splunk which queries the API to retrieve data from logs, apps, users, and groups - there is a distinct set up for each of those.

It works fine.

We would like to be able to only retrieve data tied to a group.

Something like this :

logs data -> logs tied to group A only
users data -> logs tied to users part of group A only
apps -> logs of apps that users of group A are assigned to
groups -> logs of group A only

I guess it is possible to achieve this by editing the query that pulls data from the API but that does not fit the context.

So I would like to do the configuration on the OKTA side.

Is this feasible ? Via Authorization Servers maybe ?

Thanks in advance for any hint!