This article explains how to determine whether a user is evaluated by an authentication policy in Okta Identity Engine (OIE) or by an application policy in Classic Engine.

• Application Policy
• System Logs
• Authentication Policy
• Global Session Policy

To identify the policy evaluating a user, follow these steps:

1. Go to Reports > System Logs.

2. Enter the following query in the search bar:

   eventType eq "policy.evaluate_sign_on"

3. To refine the search, add the following filters:

   • and actor.id eq "<User_ID>" to search for a specific user.

   • and target.id eq "<Application_ID>" to search for a specific application.

4. Select the arrow on the left side of the log to expand the entry.

5. Click Expand All.

6. Scroll to the Target section at the bottom of the log.

In this example, the user has been evaluated by the authentication policy of the Okta Dashboard, the rule name "ever".

Types of rules are differentiated by the ID format:

• Authentication policy rules (OIE) have an ID starting with rul.
• Application sign-on policy rules (Classic Engine) have an ID starting with plr.
• Global session policy rules (OIE) or Okta sign-on policy rules (Classic Engine) have an ID starting with 0pr.