It is required to populate a new ECS field called user.entity.attributes.granted_permissions.
To get this from Okta entities, a new API call to the endpoint /api/v1/iam/roles/{roleId}/permissions is required.
This endpoint returns only explicit permissions from custom roles,
A two-step call would be needed: list user's roles (this is currently done with a configuration option), and for any custom role, fetch its permissions and add them to the output event along with their associated role.
It requires a new scope: okta.roles.read
It is required to populate a new ECS field called
user.entity.attributes.granted_permissions.To get this from Okta entities, a new API call to the endpoint /api/v1/iam/roles/{roleId}/permissions is required.
This endpoint returns only explicit permissions from custom roles,
A two-step call would be needed: list user's roles (this is currently done with a configuration option), and for any custom role, fetch its permissions and add them to the output event along with their associated role.
It requires a new scope: okta.roles.read