This detection rule monitors changes to SAML (Security Assertion Markup Language) settings within Asana workspaces, specifically when a user attempts to toggle SAML from 'required' to 'optional'. The rule is triggered if a user successfully changes the SAML setting to 'optional', which could indicate a potential security risk if not authorized. A log entry is created when this change occurs, capturing details about the actor (the user making the change), the previous and new values of the setting, and the context of the action (such as the IP address and user agent). The rule entails reviewing whether the change aligns with intended business practices and whether the actions are justified based on user roles and permissions within the organization.