Identify the Policy Used for User Evaluation in Okta

Determine whether an authentication policy in Okta Identity Engine (OIE) or an application policy in Okta Classic Engine evaluates a user. Querying the System Log for specific event types and examining the target rule ID format reveals the exact policy applied during user evaluation.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Application Policy
• System Log
• Authentication Policy
• Global Session Policy

How to identify which Okta policy evaluated the user?

Query the System Log for the policy evaluation event type and inspect the target rule ID format to identify the specific policy evaluating a user.

1. Navigate to Reports > System Log.
2. Enter the following query in the search bar:
   eventType eq "policy.evaluate_sign_on"
3. To refine the search, add the following filters:
   • and actor.id eq "<User_ID>" to search for a specific user.
   • and target.id eq "<Application_ID>" to search for a specific application.
4. Select the arrow on the left side of the log to expand the entry.
5. Select Expand All.
6. Scroll to the Target section at the bottom of the log.

Review the expanded log entry to identify the policy rule name and ID, as demonstrated in the following example, where the Okta Dashboard authentication policy evaluates the user.

Differentiate the types of rules by examining the ID format using the following criteria:

• Authentication policy rules (OIE) have an ID starting with rul.
• Application sign-on policy rules (Classic Engine) have an ID starting with plr.
• Global session policy rules (OIE) or Okta sign-on policy rules (Classic Engine) have an ID starting with 0pr.