# Risk Scoring ## Get risk event/score information for a specific user `zero_trust.risk_scoring.get(struser_id, RiskScoringGetParams**kwargs) -> RiskScoringGetResponse` **get** `/accounts/{account_id}/zt_risk_scoring/{user_id}` Retrieves the detailed risk score breakdown for a specific user, including contributing factors. ### Parameters - `account_id: str` - `user_id: str` ### Returns - `class RiskScoringGetResponse: …` - `email: str` - `events: List[Event]` - `id: str` - `name: str` - `risk_level: Literal["low", "medium", "high"]` - `"low"` - `"medium"` - `"high"` - `timestamp: datetime` - `event_details: Optional[object]` - `name: str` - `last_reset_time: Optional[datetime]` - `risk_level: Optional[Literal["low", "medium", "high"]]` - `"low"` - `"medium"` - `"high"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) risk_scoring = client.zero_trust.risk_scoring.get( user_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="account_id", ) print(risk_scoring.email) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "email": "email", "events": [ { "id": "id", "name": "name", "risk_level": "low", "timestamp": "2019-12-27T18:11:19.117Z", "event_details": {} } ], "name": "name", "last_reset_time": "2019-12-27T18:11:19.117Z", "risk_level": "low" }, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Clear the risk score for a particular user `zero_trust.risk_scoring.reset(struser_id, RiskScoringResetParams**kwargs) -> object` **post** `/accounts/{account_id}/zt_risk_scoring/{user_id}/reset` Resets risk scores for specified users, clearing their accumulated risk history. ### Parameters - `account_id: str` - `user_id: str` ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.zero_trust.risk_scoring.reset( user_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="account_id", ) print(response) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {} } ``` ## Domain Types ### Risk Scoring Get Response - `class RiskScoringGetResponse: …` - `email: str` - `events: List[Event]` - `id: str` - `name: str` - `risk_level: Literal["low", "medium", "high"]` - `"low"` - `"medium"` - `"high"` - `timestamp: datetime` - `event_details: Optional[object]` - `name: str` - `last_reset_time: Optional[datetime]` - `risk_level: Optional[Literal["low", "medium", "high"]]` - `"low"` - `"medium"` - `"high"` # Behaviours ## Get all behaviors and associated configuration `zero_trust.risk_scoring.behaviours.get(BehaviourGetParams**kwargs) -> BehaviourGetResponse` **get** `/accounts/{account_id}/zt_risk_scoring/behaviors` Retrieves configured risk score behaviors that define how user actions affect their overall risk score. ### Parameters - `account_id: str` ### Returns - `class BehaviourGetResponse: …` - `behaviors: Dict[str, Behaviors]` - `description: str` - `enabled: bool` - `name: str` - `risk_level: Literal["low", "medium", "high"]` - `"low"` - `"medium"` - `"high"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) behaviour = client.zero_trust.risk_scoring.behaviours.get( account_id="account_id", ) print(behaviour.behaviors) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "behaviors": { "foo": { "description": "description", "enabled": true, "name": "name", "risk_level": "low" } } } } ``` ## Update configuration for risk behaviors `zero_trust.risk_scoring.behaviours.update(BehaviourUpdateParams**kwargs) -> BehaviourUpdateResponse` **put** `/accounts/{account_id}/zt_risk_scoring/behaviors` Updates risk score behavior configurations, defining weights and thresholds for risk calculation. ### Parameters - `account_id: str` - `behaviors: Dict[str, Behaviors]` - `enabled: bool` - `risk_level: Literal["low", "medium", "high"]` - `"low"` - `"medium"` - `"high"` ### Returns - `class BehaviourUpdateResponse: …` - `behaviors: Dict[str, Behaviors]` - `enabled: bool` - `risk_level: Literal["low", "medium", "high"]` - `"low"` - `"medium"` - `"high"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) behaviour = client.zero_trust.risk_scoring.behaviours.update( account_id="account_id", behaviors={ "foo": { "enabled": True, "risk_level": "low", } }, ) print(behaviour.behaviors) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "behaviors": { "foo": { "enabled": true, "risk_level": "low" } } } } ``` ## Domain Types ### Behaviour Get Response - `class BehaviourGetResponse: …` - `behaviors: Dict[str, Behaviors]` - `description: str` - `enabled: bool` - `name: str` - `risk_level: Literal["low", "medium", "high"]` - `"low"` - `"medium"` - `"high"` ### Behaviour Update Response - `class BehaviourUpdateResponse: …` - `behaviors: Dict[str, Behaviors]` - `enabled: bool` - `risk_level: Literal["low", "medium", "high"]` - `"low"` - `"medium"` - `"high"` # Summary ## Get risk score info for all users in the account `zero_trust.risk_scoring.summary.get(SummaryGetParams**kwargs) -> SummaryGetResponse` **get** `/accounts/{account_id}/zt_risk_scoring/summary` Gets an aggregate summary of risk scores across the account, including distribution and trends. ### Parameters - `account_id: str` ### Returns - `class SummaryGetResponse: …` - `users: List[User]` - `email: str` - `event_count: int` - `last_event: datetime` - `max_risk_level: Literal["low", "medium", "high"]` - `"low"` - `"medium"` - `"high"` - `name: str` - `user_id: str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) summary = client.zero_trust.risk_scoring.summary.get( account_id="account_id", ) print(summary.users) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "users": [ { "email": "email", "event_count": 0, "last_event": "2019-12-27T18:11:19.117Z", "max_risk_level": "low", "name": "name", "user_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" } ] }, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Domain Types ### Summary Get Response - `class SummaryGetResponse: …` - `users: List[User]` - `email: str` - `event_count: int` - `last_event: datetime` - `max_risk_level: Literal["low", "medium", "high"]` - `"low"` - `"medium"` - `"high"` - `name: str` - `user_id: str` # Integrations ## List all risk score integrations for the account. `zero_trust.risk_scoring.integrations.list(IntegrationListParams**kwargs) -> SyncSinglePage[IntegrationListResponse]` **get** `/accounts/{account_id}/zt_risk_scoring/integrations` Lists all configured Zero Trust risk score integrations for the account. ### Parameters - `account_id: str` ### Returns - `class IntegrationListResponse: …` - `id: str` The id of the integration, a UUIDv4. - `account_tag: str` The Cloudflare account tag. - `active: bool` Whether this integration is enabled and should export changes in risk score. - `created_at: datetime` When the integration was created in RFC3339 format. - `integration_type: Literal["Okta"]` - `"Okta"` - `reference_id: str` A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID. - `tenant_url: str` The base URL for the tenant. E.g. "https://tenant.okta.com". - `well_known_url: str` The URL for the Shared Signals Framework configuration, e.g. "/.well-known/sse-configuration/{integration_uuid}/". https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.risk_scoring.integrations.list( account_id="account_id", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "account_tag": "account_tag", "active": true, "created_at": "2019-12-27T18:11:19.117Z", "integration_type": "Okta", "reference_id": "reference_id", "tenant_url": "tenant_url", "well_known_url": "well_known_url" } ] } ``` ## Get risk score integration by id. `zero_trust.risk_scoring.integrations.get(strintegration_id, IntegrationGetParams**kwargs) -> IntegrationGetResponse` **get** `/accounts/{account_id}/zt_risk_scoring/integrations/{integration_id}` Get risk score integration by id. ### Parameters - `account_id: str` - `integration_id: str` ### Returns - `class IntegrationGetResponse: …` - `id: str` The id of the integration, a UUIDv4. - `account_tag: str` The Cloudflare account tag. - `active: bool` Whether this integration is enabled and should export changes in risk score. - `created_at: datetime` When the integration was created in RFC3339 format. - `integration_type: Literal["Okta"]` - `"Okta"` - `reference_id: str` A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID. - `tenant_url: str` The base URL for the tenant. E.g. "https://tenant.okta.com". - `well_known_url: str` The URL for the Shared Signals Framework configuration, e.g. "/.well-known/sse-configuration/{integration_uuid}/". https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) integration = client.zero_trust.risk_scoring.integrations.get( integration_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="account_id", ) print(integration.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "account_tag": "account_tag", "active": true, "created_at": "2019-12-27T18:11:19.117Z", "integration_type": "Okta", "reference_id": "reference_id", "tenant_url": "tenant_url", "well_known_url": "well_known_url" } } ``` ## Create new risk score integration. `zero_trust.risk_scoring.integrations.create(IntegrationCreateParams**kwargs) -> IntegrationCreateResponse` **post** `/accounts/{account_id}/zt_risk_scoring/integrations` Creates a new Zero Trust risk score integration, connecting external risk signals to Cloudflare's risk scoring system. ### Parameters - `account_id: str` - `integration_type: Literal["Okta"]` - `"Okta"` - `tenant_url: str` The base url of the tenant, e.g. "https://tenant.okta.com". - `reference_id: Optional[str]` A reference id that can be supplied by the client. Currently this should be set to the Access-Okta IDP ID (a UUIDv4). https://developers.cloudflare.com/api/operations/access-identity-providers-get-an-access-identity-provider ### Returns - `class IntegrationCreateResponse: …` - `id: str` The id of the integration, a UUIDv4. - `account_tag: str` The Cloudflare account tag. - `active: bool` Whether this integration is enabled and should export changes in risk score. - `created_at: datetime` When the integration was created in RFC3339 format. - `integration_type: Literal["Okta"]` - `"Okta"` - `reference_id: str` A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID. - `tenant_url: str` The base URL for the tenant. E.g. "https://tenant.okta.com". - `well_known_url: str` The URL for the Shared Signals Framework configuration, e.g. "/.well-known/sse-configuration/{integration_uuid}/". https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) integration = client.zero_trust.risk_scoring.integrations.create( account_id="account_id", integration_type="Okta", tenant_url="https://example.com", ) print(integration.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "account_tag": "account_tag", "active": true, "created_at": "2019-12-27T18:11:19.117Z", "integration_type": "Okta", "reference_id": "reference_id", "tenant_url": "tenant_url", "well_known_url": "well_known_url" } } ``` ## Update a risk score integration. `zero_trust.risk_scoring.integrations.update(strintegration_id, IntegrationUpdateParams**kwargs) -> IntegrationUpdateResponse` **put** `/accounts/{account_id}/zt_risk_scoring/integrations/{integration_id}` Overwrite the reference_id, tenant_url, and active values with the ones provided. ### Parameters - `account_id: str` - `integration_id: str` - `active: bool` Whether this integration is enabled. If disabled, no risk changes will be exported to the third-party. - `tenant_url: str` The base url of the tenant, e.g. "https://tenant.okta.com". - `reference_id: Optional[str]` A reference id that can be supplied by the client. Currently this should be set to the Access-Okta IDP ID (a UUIDv4). https://developers.cloudflare.com/api/operations/access-identity-providers-get-an-access-identity-provider ### Returns - `class IntegrationUpdateResponse: …` - `id: str` The id of the integration, a UUIDv4. - `account_tag: str` The Cloudflare account tag. - `active: bool` Whether this integration is enabled and should export changes in risk score. - `created_at: datetime` When the integration was created in RFC3339 format. - `integration_type: Literal["Okta"]` - `"Okta"` - `reference_id: str` A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID. - `tenant_url: str` The base URL for the tenant. E.g. "https://tenant.okta.com". - `well_known_url: str` The URL for the Shared Signals Framework configuration, e.g. "/.well-known/sse-configuration/{integration_uuid}/". https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) integration = client.zero_trust.risk_scoring.integrations.update( integration_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="account_id", active=True, tenant_url="https://example.com", ) print(integration.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "account_tag": "account_tag", "active": true, "created_at": "2019-12-27T18:11:19.117Z", "integration_type": "Okta", "reference_id": "reference_id", "tenant_url": "tenant_url", "well_known_url": "well_known_url" } } ``` ## Delete a risk score integration. `zero_trust.risk_scoring.integrations.delete(strintegration_id, IntegrationDeleteParams**kwargs) -> object` **delete** `/accounts/{account_id}/zt_risk_scoring/integrations/{integration_id}` Removes a Zero Trust risk score integration, disconnecting the external risk signal source. ### Parameters - `account_id: str` - `integration_id: str` ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) integration = client.zero_trust.risk_scoring.integrations.delete( integration_id="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", account_id="account_id", ) print(integration) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {} } ``` ## Domain Types ### Integration List Response - `class IntegrationListResponse: …` - `id: str` The id of the integration, a UUIDv4. - `account_tag: str` The Cloudflare account tag. - `active: bool` Whether this integration is enabled and should export changes in risk score. - `created_at: datetime` When the integration was created in RFC3339 format. - `integration_type: Literal["Okta"]` - `"Okta"` - `reference_id: str` A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID. - `tenant_url: str` The base URL for the tenant. E.g. "https://tenant.okta.com". - `well_known_url: str` The URL for the Shared Signals Framework configuration, e.g. "/.well-known/sse-configuration/{integration_uuid}/". https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1. ### Integration Get Response - `class IntegrationGetResponse: …` - `id: str` The id of the integration, a UUIDv4. - `account_tag: str` The Cloudflare account tag. - `active: bool` Whether this integration is enabled and should export changes in risk score. - `created_at: datetime` When the integration was created in RFC3339 format. - `integration_type: Literal["Okta"]` - `"Okta"` - `reference_id: str` A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID. - `tenant_url: str` The base URL for the tenant. E.g. "https://tenant.okta.com". - `well_known_url: str` The URL for the Shared Signals Framework configuration, e.g. "/.well-known/sse-configuration/{integration_uuid}/". https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1. ### Integration Create Response - `class IntegrationCreateResponse: …` - `id: str` The id of the integration, a UUIDv4. - `account_tag: str` The Cloudflare account tag. - `active: bool` Whether this integration is enabled and should export changes in risk score. - `created_at: datetime` When the integration was created in RFC3339 format. - `integration_type: Literal["Okta"]` - `"Okta"` - `reference_id: str` A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID. - `tenant_url: str` The base URL for the tenant. E.g. "https://tenant.okta.com". - `well_known_url: str` The URL for the Shared Signals Framework configuration, e.g. "/.well-known/sse-configuration/{integration_uuid}/". https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1. ### Integration Update Response - `class IntegrationUpdateResponse: …` - `id: str` The id of the integration, a UUIDv4. - `account_tag: str` The Cloudflare account tag. - `active: bool` Whether this integration is enabled and should export changes in risk score. - `created_at: datetime` When the integration was created in RFC3339 format. - `integration_type: Literal["Okta"]` - `"Okta"` - `reference_id: str` A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID. - `tenant_url: str` The base URL for the tenant. E.g. "https://tenant.okta.com". - `well_known_url: str` The URL for the Shared Signals Framework configuration, e.g. "/.well-known/sse-configuration/{integration_uuid}/". https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1. # References ## Get risk score integration by reference id. `zero_trust.risk_scoring.integrations.references.get(strreference_id, ReferenceGetParams**kwargs) -> ReferenceGetResponse` **get** `/accounts/{account_id}/zt_risk_scoring/integrations/reference_id/{reference_id}` Retrieves a Zero Trust risk score integration using its external reference ID. ### Parameters - `account_id: str` - `reference_id: str` ### Returns - `class ReferenceGetResponse: …` - `id: str` The id of the integration, a UUIDv4. - `account_tag: str` The Cloudflare account tag. - `active: bool` Whether this integration is enabled and should export changes in risk score. - `created_at: datetime` When the integration was created in RFC3339 format. - `integration_type: Literal["Okta"]` - `"Okta"` - `reference_id: str` A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID. - `tenant_url: str` The base URL for the tenant. E.g. "https://tenant.okta.com". - `well_known_url: str` The URL for the Shared Signals Framework configuration, e.g. "/.well-known/sse-configuration/{integration_uuid}/". https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) reference = client.zero_trust.risk_scoring.integrations.references.get( reference_id="reference_id", account_id="account_id", ) print(reference.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "account_tag": "account_tag", "active": true, "created_at": "2019-12-27T18:11:19.117Z", "integration_type": "Okta", "reference_id": "reference_id", "tenant_url": "tenant_url", "well_known_url": "well_known_url" } } ``` ## Domain Types ### Reference Get Response - `class ReferenceGetResponse: …` - `id: str` The id of the integration, a UUIDv4. - `account_tag: str` The Cloudflare account tag. - `active: bool` Whether this integration is enabled and should export changes in risk score. - `created_at: datetime` When the integration was created in RFC3339 format. - `integration_type: Literal["Okta"]` - `"Okta"` - `reference_id: str` A reference ID defined by the client. Should be set to the Access-Okta IDP integration ID. Useful when the risk-score integration needs to be associated with a secondary asset and recalled using that ID. - `tenant_url: str` The base URL for the tenant. E.g. "https://tenant.okta.com". - `well_known_url: str` The URL for the Shared Signals Framework configuration, e.g. "/.well-known/sse-configuration/{integration_uuid}/". https://openid.net/specs/openid-sse-framework-1_0.html#rfc.section.6.2.1.