System Log: a Window into Supporting the Okta Cloud

David Bradbury

Transparency is a core value at Okta.

In April 2022, Okta committed to a range of initiatives that aim to drive greater transparency in how we respond to security incidents.

One of those commitments was to provide our customers with insights into all the things our customer support teams do behind the scenes to deliver the unrivaled experience that is the Okta Identity Cloud.

Under 2.6 in our Security Action Plan:

“Okta will enhance the Okta System Log so that every customer support activity - even simply viewing configurations - is visible to customers in the log. We will ensure the log includes the user id of the support person performing any actions including but not limited to viewing data and performing impersonation.”

This was about seizing the opportunity to advance the transparency of cloud operations.

With this change, our customers will not only have an audit log of any configuration activity they perform in their Admin Console, but also an audit log of activities Okta staff perform in our internal customer support tool, if and when those tasks are relevant to any given customer.

If Okta customer support so much as views a page relevant to a customer’s configuration, it is logged for the customer.

As of August 1, 2022, two new events started appearing in customer-facing logs:


support.org.update

Okta has updated the configuration or data within the Org. These actions are typically taken in response to a customer request, such as a request to enable an Early Access feature.

support.org.view

Okta has viewed a page which contains customer data. These actions are typically taken in response to a customer request, such as in the process of investigating an issue raised through a support case.


These events include descriptive details about what action was performed, and also why it was performed (included in the supportAction object within the debugContext.debugData object).

Okta customers can browse, search or filter on these events in the Okta Admin Console. They can also be queried and filtered programmatically via the System Log API, and can be exported or streamed to third-party security monitoring tools.

One of the benefits of moving to a cloud service is the ability to hand off many such support tasks. This frees up your employees to perform higher value-add tasks.

However, the traditional opacity of Cloud Service Providers had made it difficult for organizations to quantify the value and time saved. By offering visibility into the actions performed by Okta’s support agents, these events also offer Okta customers a unique insight into the work it takes to deliver our service. Sometimes the cloud feels like “magic”, but the magic of the experience is as much about the hard work of Oktanauts behind the scenes.

Okta’s System Log contains over 700 other events that provide transparency into the actions that are occurring within your Org*, and we continue to add visibility to our customers at no additional charge. You can learn more about Okta’s System Log events in our help center.

We hope that this commitment to transparency sets a new benchmark for all SaaS (software-as-a-service) providers.

  • An Okta ‘Org’ is synonymous with a tenant - a single customer often has multiple test and production orgs.
David Bradbury
Chief Security Officer

David Bradbury is Chief Security Officer at Okta. As CSO, he leads overall security execution for the organization and his team is responsible for navigating the evolving threat landscape to best protect employees and customers. In addition, he is instrumental in helping Okta’s customers continue to adopt and accelerate Zero Trust security strategies. 

Prior to joining Okta, Bradbury was Senior Vice President and Chief Security Officer at Symantec where he led and had global oversight of all cyber security and physical security programs. 

Bradbury has built an international reputation for leading and delivering cybersecurity at scale. He has worked across his native Australia, as well as in the United Kingdom and the United States, leading highly-regarded security teams at some of the world’s largest banks, including ABN AMRO, Barclays, Morgan Stanley and the Commonwealth Bank of Australia. He holds a B.S. in Computer Science from the University of Sydney.