Risk Scoring

Get risk event/score information for a specific user

client.zeroTrust.riskScoring.get(, , ?): RiskScoringGetResponse { email, events, name, 2 more }

GET/accounts/{account_id}/zt_risk_scoring/{user_id}

Clear the risk score for a particular user

client.zeroTrust.riskScoring.reset(, , ?): RiskScoringResetResponse | null

POST/accounts/{account_id}/zt_risk_scoring/{user_id}/reset

ModelsExpand Collapse

RiskScoringGetResponse { email, events, name, 2 more }

email: string

events: Array<Event>

id: string

risk_level: "low" | "medium" | "high"

One of the following:

"low"

"medium"

"high"

timestamp: string

formatdate-time

event_details?: unknown

last_reset_time?: string | null

formatdate-time

risk_level?: "low" | "medium" | "high"

One of the following:

"low"

"medium"

"high"

RiskScoringResetResponse = unknown

Risk ScoringBehaviours

Get all behaviors and associated configuration

client.zeroTrust.riskScoring.behaviours.get(, ?): BehaviourGetResponse { behaviors }

GET/accounts/{account_id}/zt_risk_scoring/behaviors

Update configuration for risk behaviors

client.zeroTrust.riskScoring.behaviours.update(, ?): BehaviourUpdateResponse { behaviors }

PUT/accounts/{account_id}/zt_risk_scoring/behaviors

ModelsExpand Collapse

BehaviourGetResponse { behaviors }

behaviors: Record<string, Behaviors>

description: string

enabled: boolean

risk_level: "low" | "medium" | "high"

One of the following:

"low"

"medium"

"high"

BehaviourUpdateResponse { behaviors }

behaviors: Record<string, Behaviors>

enabled: boolean

risk_level: "low" | "medium" | "high"

One of the following:

"low"

"medium"

"high"

Risk ScoringSummary

Get risk score info for all users in the account

client.zeroTrust.riskScoring.summary.get(, ?): SummaryGetResponse { users }

GET/accounts/{account_id}/zt_risk_scoring/summary

ModelsExpand Collapse

SummaryGetResponse { users }

users: Array<User>

email: string

event_count: number

minimum0

last_event: string

formatdate-time

max_risk_level: "low" | "medium" | "high"

One of the following:

"low"

"medium"

"high"

user_id: string

formatuuid

Risk ScoringIntegrations

List all risk score integrations for the account.

client.zeroTrust.riskScoring.integrations.list(, ?): SinglePage<IntegrationListResponse { id, account_tag, active, 5 more } >

GET/accounts/{account_id}/zt_risk_scoring/integrations

Get risk score integration by id.

client.zeroTrust.riskScoring.integrations.get(, , ?): IntegrationGetResponse { id, account_tag, active, 5 more }

GET/accounts/{account_id}/zt_risk_scoring/integrations/{integration_id}

Create new risk score integration.

client.zeroTrust.riskScoring.integrations.create(, ?): IntegrationCreateResponse { id, account_tag, active, 5 more }

POST/accounts/{account_id}/zt_risk_scoring/integrations

Update a risk score integration.

client.zeroTrust.riskScoring.integrations.update(, , ?): IntegrationUpdateResponse { id, account_tag, active, 5 more }

PUT/accounts/{account_id}/zt_risk_scoring/integrations/{integration_id}

Delete a risk score integration.

client.zeroTrust.riskScoring.integrations.delete(, , ?): IntegrationDeleteResponse | null

DELETE/accounts/{account_id}/zt_risk_scoring/integrations/{integration_id}

ModelsExpand Collapse

IntegrationListResponse { id, account_tag, active, 5 more }

id: string

The id of the integration, a UUIDv4.

formatuuid

account_tag: string

The Cloudflare account tag.

active: boolean

Whether this integration is enabled and should export changes in risk score.

created_at: string

When the integration was created in RFC3339 format.

formatdate-time

integration_type: "Okta"

reference_id: string

A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID.

tenant_url: string

The base URL for the tenant. E.g. “https://tenant.okta.com”.

well_known_url: string

The URL for the Shared Signals Framework configuration, e.g. “/.well-known/sse-configuration/{integration_uuid}/”. https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1.

IntegrationGetResponse { id, account_tag, active, 5 more }

id: string

The id of the integration, a UUIDv4.

formatuuid

account_tag: string

The Cloudflare account tag.

active: boolean

Whether this integration is enabled and should export changes in risk score.

created_at: string

When the integration was created in RFC3339 format.

formatdate-time

integration_type: "Okta"

reference_id: string

A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID.

tenant_url: string

The base URL for the tenant. E.g. “https://tenant.okta.com”.

well_known_url: string

The URL for the Shared Signals Framework configuration, e.g. “/.well-known/sse-configuration/{integration_uuid}/”. https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1.

IntegrationCreateResponse { id, account_tag, active, 5 more }

id: string

The id of the integration, a UUIDv4.

formatuuid

account_tag: string

The Cloudflare account tag.

active: boolean

Whether this integration is enabled and should export changes in risk score.

created_at: string

When the integration was created in RFC3339 format.

formatdate-time

integration_type: "Okta"

reference_id: string

A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID.

tenant_url: string

The base URL for the tenant. E.g. “https://tenant.okta.com”.

well_known_url: string

The URL for the Shared Signals Framework configuration, e.g. “/.well-known/sse-configuration/{integration_uuid}/”. https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1.

IntegrationUpdateResponse { id, account_tag, active, 5 more }

id: string

The id of the integration, a UUIDv4.

formatuuid

account_tag: string

The Cloudflare account tag.

active: boolean

Whether this integration is enabled and should export changes in risk score.

created_at: string

When the integration was created in RFC3339 format.

formatdate-time

integration_type: "Okta"

reference_id: string

A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID.

tenant_url: string

The base URL for the tenant. E.g. “https://tenant.okta.com”.

well_known_url: string

The URL for the Shared Signals Framework configuration, e.g. “/.well-known/sse-configuration/{integration_uuid}/”. https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1.

IntegrationDeleteResponse = unknown

Risk ScoringIntegrationsReferences

Get risk score integration by reference id.

client.zeroTrust.riskScoring.integrations.references.get(, , ?): ReferenceGetResponse { id, account_tag, active, 5 more }

GET/accounts/{account_id}/zt_risk_scoring/integrations/reference_id/{reference_id}

ModelsExpand Collapse

ReferenceGetResponse { id, account_tag, active, 5 more }

id: string

The id of the integration, a UUIDv4.

formatuuid

account_tag: string

The Cloudflare account tag.

active: boolean

Whether this integration is enabled and should export changes in risk score.

created_at: string

When the integration was created in RFC3339 format.

formatdate-time

integration_type: "Okta"

reference_id: string

A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID.

tenant_url: string

The base URL for the tenant. E.g. “https://tenant.okta.com”.

well_known_url: string

The URL for the Shared Signals Framework configuration, e.g. “/.well-known/sse-configuration/{integration_uuid}/”. https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1.