We are trying to gather OKTA data via Splunk which queries the API to retrieve data from logs, apps, users, and groups - there is a distinct set up for each of those.
It works fine.
We would like to be able to only retrieve data tied to a group.
Something like this :
logs data -> logs tied to group A only
users data -> logs tied to users part of group A only
apps -> logs of apps that users of group A are assigned to
groups -> logs of group A only
I guess it is possible to achieve this by editing the query that pulls data from the API but that does not fit the context.
So I would like to do the configuration on the OKTA side.
Is this feasible ? Via Authorization Servers maybe ?
Thanks in advance for any hint!