diff --git a/.circleci/config.yml b/.circleci/config.yml
index 4e2f36b5..7622477c 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -20,18 +20,16 @@ jobs:
name: "test stage"
command: make test
- test-v3:
+ test-v4:
docker:
- image: cimg/go:1.19.4
steps:
- checkout
- run: go version
+ - platform-orb/step-load-dependencies
- run:
name: "test stage"
- command: |
- cd okta/v3
- go mod download
- go test -failfast -race ./ -test.v
+ command: make v4-test
# Invoke jobs via workflows
# See: https://circleci.com/docs/2.0/configuration-reference/#workflows
@@ -44,7 +42,7 @@ workflows:
- test-v2:
requires:
- cache-secrets
- # - test-v3:
+ # - test-v4:
# requires:
# - cache-secrets
# See OKTA-624790
diff --git a/.generator/config.yaml b/.generator/config.yaml
index aba5cef7..43c3b903 100644
--- a/.generator/config.yaml
+++ b/.generator/config.yaml
@@ -1,14 +1,14 @@
generatorName: go
templateDir: ./.generator/templates
-outputDir: ./okta/v3
+outputDir: ./okta/v4
gitUserId: okta
gitRepoId: okta-sdk-golang
-versionName: v3
+versionName: v4
additionalProperties:
enumClassPrefix: true
generateInterfaces: true
packageName: okta
- packageVersion: 3.0.19
+ packageVersion: 4.0.0
useOneOfDiscriminatorLookup: true
disallowAdditionalPropertiesIfNotPresent: false
files:
diff --git a/.generator/okta-management-APIs-oasv3-enum-inheritance.yaml b/.generator/okta-management-APIs-oasv3-enum-inheritance.yaml
index 373b33fd..a32e8f7e 100644
--- a/.generator/okta-management-APIs-oasv3-enum-inheritance.yaml
+++ b/.generator/okta-management-APIs-oasv3-enum-inheritance.yaml
@@ -72,6 +72,9 @@ tags:
|
Feature
| Apps supported | Description |
| -------------------- | -------------- | ----------- |
| `USER_PROVISIONING` | `org2org` | Similar to the app **Provisioning** > **To App** setting in the Admin Console, this feature configures the **Create Users**, **Update User Attributes**, **Deactivate Users**, and **Sync Password** settings. |
+
+ > **Note:** You can't use the `USER_PROVISIONING` feature in an Okta Developer-Edition org because the `org2org` app isn't available in developer orgs.
+ > If you need to test this feature in your Developer-Edition org, contact your Okta account team.
- name: ApplicationGrants
x-displayName: Application Grants
description: |
@@ -85,9 +88,15 @@ tags:
- name: ApplicationLogos
x-displayName: Application Logos
description: Provides a resource to manage the application instance logo
+ - name: ApplicationOktaApplicationSettings
+ x-displayName: Okta Application Settings
+ description: The Okta Application Settings API provides operations to manage settings for Okta applications.
- name: ApplicationPolicies
x-displayName: Application Policies
description: Provides a resource to manage authentication policies associated with an application
+ - name: ApplicationSSO
+ x-displayName: Application SSO
+ description: Provides a Single Sign-On (SSO) resource for an application
- name: ApplicationTokens
x-displayName: Application Tokens
description: |
@@ -100,7 +109,7 @@ tags:
description: Application user operations
- name: AttackProtection
x-displayName: Attack Protection
- description: The Attack Protection API provides operations to configure the User Lockout Settings in your org to prevent brute-force attacks.
+ description: The Attack Protection API provides operations to configure the User Lockout Settings and the Authenticator Settings in your org to protect against password abuse.
- name: Authenticator
x-displayName: Authenticators
description: |-
@@ -124,7 +133,24 @@ tags:
* Custom App
- name: AuthorizationServer
x-displayName: Authorization Servers
- description: Authorization Servers generate OAuth 2.0 and OpenID Connect tokens, including access tokens and ID tokens. The Okta Management API gives you the ability to configure and manage Authorization Servers and the security policies that are attached to them.
+ description: |-
+ Authorization Servers generate OAuth 2.0 and OpenID Connect tokens, including access tokens and ID tokens. The Okta Management API gives you the ability to configure and manage Authorization Servers and the security policies that are attached to them.
+
+ **Work with the Default Authorization Server**
+
+ Okta provides a pre-configured Custom Authorization Server with the name `default`. This Default Authorization Server includes a basic access policy and rule, which you can edit to control access. It allows you to specify `default` instead of the `authorizationServerId` in requests to it:
+
+ `https://${yourOktaDomain}/api/v1/authorizationServers/default`
+
+ vs
+
+ `https://${yourOktaDomain}/api/v1/authorizationServers/${authorizationServerId}` for other Custom Authorization Servers
+ - name: AuthorizationServerAssoc
+ x-displayName: Authorization Server Associated Servers
+ description: Associated authorization servers allow you to designate a trusted authorization server that you associate with another authorization server. This type of association provides a way to configure [token exchange](https://developer.okta.com/docs/guides/set-up-token-exchange/main/#trusted-servers) between other authorization servers under the same Okta tenant.
+ - name: AuthorizationServerClaims
+ x-displayName: Authorization Server Claims
+ description: Provides operations to manage custom token claims for the given `authServerId` and `claimId`
- name: Behavior
x-displayName: Behavior Rules
description: The Behavior Rules API provides operations to manage the behavior detection rules for your organization.
@@ -173,7 +199,7 @@ tags:
description: The Email Domains API provides operations to manage email domains for your organization.
- name: EmailServer
x-displayName: Email Servers
- description: The Email Servers API provides operations to manage custom SMTP servers for your organization. This is an Early Access feature. To enable it, contact [Okta Support](https://support.okta.com/help/s/).
+ description: The Email Servers API allows you to configure a custom external email provider to send email notifications. By default, notifications such as the welcome email or an account recovery email are sent through an Okta-managed SMTP server. Adding a custom email provider gives you more control over your email delivery.
- name: EventHook
x-displayName: Event Hooks
description: |-
@@ -413,7 +439,7 @@ tags:
description: |-
The Okta UI Schema API allows you to control how inputs appear on an enrollment form. The UI Schema API is only available as a part of Okta Identity Engine.
- If you’re not sure which solution you’re using, check the footer on any page of the Admin Console. The version number is appended with E for Identity Engine orgs and C for Classic Engine orgs.
+ If you're not sure which solution you're using, check the footer on any page of the Admin Console. The version number is appended with E for Identity Engine orgs and C for Classic Engine orgs.
- name: User
x-displayName: Users
description: The User API provides operations to manage users in your organization.
@@ -423,6 +449,9 @@ tags:
- name: UserType
x-displayName: User Types
description: The User Types API provides operations to manage User Types.
+ - name: WebAuthnPreregistration
+ x-displayName: WebAuthnPreregistration
+ description: The WebAuthn Preregistration API provides a flow to initiate and set up WebAuthn Preregistration authenticator enrollments through third-party providers.
paths:
/.well-known/app-authenticator-configuration:
get:
@@ -1245,7 +1274,16 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/ProvisioningConnection'
+ oneOf:
+ - $ref: '#/components/schemas/ProvisioningConnectionToken'
+ - $ref: '#/components/schemas/ProvisioningConnectionOauth'
+ - $ref: '#/components/schemas/ProvisioningConnectionUnknown'
+ discriminator: &ref_21
+ propertyName: authScheme
+ mapping:
+ TOKEN: '#/components/schemas/ProvisioningConnectionToken'
+ OAUTH2: '#/components/schemas/ProvisioningConnectionOauth'
+ UNKNOWN: '#/components/schemas/ProvisioningConnectionUnknown'
examples:
ProvisioningConnectionResponseExample:
$ref: '#/components/examples/ProvisioningConnectionTokenResponseEx'
@@ -1278,7 +1316,9 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/ProvisioningConnectionRequest'
+ oneOf:
+ - $ref: '#/components/schemas/ProvisioningConnectionTokenRequest'
+ - $ref: '#/components/schemas/ProvisioningConnectionOauthRequest'
examples:
ProvisioningConnectionTokenExample:
$ref: '#/components/examples/ProvisioningConnectionTokenRequestEx'
@@ -2243,6 +2283,72 @@ paths:
isGenerallyAvailable: false
SKUs:
- Okta Identity Engine
+ /api/v1/apps/{appId}/sso/saml/metadata:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ get:
+ summary: Preview the application SAML metadata
+ description: Previews the SSO SAML metadata for an application
+ operationId: previewSAMLmetadataForApplication
+ responses:
+ '200':
+ description: OK
+ content:
+ text/xml:
+ schema:
+ type: string
+ description: SAML metadata in XML
+ examples:
+ previewSAML:
+ summary: SAML metadata example
+ value: |
+
+
+
+
+
+
+ MIIDqDCCApCgAwIBAgIGAVGNO4qeMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
+ A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+ MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJ
+ ARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODUwMDhaFw0xNzEyMTAxODUxMDdaMIGUMQswCQYD
+ VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
+ A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEc
+ MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ ggEBALAakG48bgcTWHdwmVLHig0mkiRejxIVm3wbzrNSJcBruTq2zCYZ1rGfVxTYON8kJqvkXPmv
+ kzWKhpEkvhubL+mx29XpXY0AsNIfgcm5xIV56yhXSvlMdqzGo3ciRwoACaF+ClNLxmXK9UTZD89B
+ bVVGCG5AEvja0eCQ0GYsO5i9aSI5aTroab8Aew31PuWl/RGQWmjVy8+7P4wwkKKJNKCpxMYDlhfa
+ WRp0zwUSbUCO0qEyeAYdZx6CLES4FGrDi/7D6G+ewWC+kbz1tL1XpF2Dcg3+IOlHrV6VWzz3rG39
+ v9zFIncjvoQJFDGWhpqGqcmXvgH0Ze3SVcVF01T+bK0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
+ AHmnSZ4imjNrIf9wxfQIcqHXEBoJ+oJtd59cw1Ur/YQY9pKXxoglqCQ54ZmlIf4GghlcZhslLO+m
+ NdkQVwSmWMh6KLxVM18/xAkq8zyKbMbvQnTjFB7x45bgokwbjhivWqrB5LYHHCVN7k/8mKlS4eCK
+ Ci6RGEmErjojr4QN2xV0qAqP6CcGANgpepsQJCzlWucMFKAh0x9Kl8fmiQodfyLXyrebYsVnLrMf
+ jxE1b6dg4jKvv975tf5wreQSYZ7m//g3/+NnuDKkN/03HqhV7hTNi1fyctXk8I5Nwgyr+pT5LT2k
+ YoEdncuy+GQGzE9yLOhC4HNfHQXpqp2tMPdRlw==
+
+
+
+ urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+ urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+
+
+
+
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.apps.read
+ tags:
+ - ApplicationSSO
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/tokens:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -2948,21 +3054,25 @@ paths:
/api/v1/authorizationServers:
get:
summary: List all Authorization Servers
- description: Lists all authorization servers
+ description: Lists all custom authorization servers in the org
operationId: listAuthorizationServers
parameters:
- name: q
in: query
+ description: Searches the `name` and `audiences` of authorization servers for matching values
+ example: customasone
schema:
type: string
- name: limit
in: query
+ description: 'Specifies the number of authorization server results on a page. Maximum value: 200'
schema:
type: integer
format: int32
default: 200
- name: after
in: query
+ description: Specifies the pagination cursor for the next page of authorization servers. Treat as an opaque value and obtain through the next link relationship.
schema:
type: string
responses:
@@ -2974,6 +3084,9 @@ paths:
type: array
items:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ ListAuthServers:
+ $ref: '#/components/examples/ListAuthServersResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -2999,6 +3112,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ CreateAuthServer:
+ $ref: '#/components/examples/CreateAuthServerBody'
required: true
responses:
'201':
@@ -3007,6 +3123,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ CreateAuthServer:
+ $ref: '#/components/examples/CreateAuthServerResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -3038,6 +3157,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ RetrieveAuthServer:
+ $ref: '#/components/examples/RetrieveAuthServerResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -3065,6 +3187,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ ReplaceAuthServer:
+ $ref: '#/components/examples/ReplaceAuthServerBody'
required: true
responses:
'200':
@@ -3073,6 +3198,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ ReplaceAuthServer:
+ $ref: '#/components/examples/ReplaceAuthServerResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -3121,18 +3249,19 @@ paths:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
get:
- summary: List all Associated Authorization Servers
- description: Lists all associated authorization servers by trusted type for the given `authServerId`
+ summary: List all associated Authorization Servers
+ description: Lists all associated Authorization Servers by trusted type for the given `authServerId`
operationId: listAssociatedServersByTrustedType
parameters:
- name: trusted
in: query
- description: Searches trusted authorization servers when true, or searches untrusted authorization servers when false
+ description: Searches trusted authorization servers when `true` or searches untrusted authorization servers when `false`
schema:
type: boolean
- name: q
in: query
- description: Searches the name or audience of the associated authorization servers
+ description: Searches for the name or audience of the associated authorization servers
+ example: customasone
schema:
type: string
- name: limit
@@ -3156,6 +3285,9 @@ paths:
type: array
items:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ ListAssocAuthServer:
+ $ref: '#/components/examples/ListAssocAuthServerResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -3167,15 +3299,15 @@ paths:
- oauth2:
- okta.authorizationServers.read
tags:
- - AuthorizationServer
+ - AuthorizationServerAssoc
x-okta-lifecycle:
lifecycle: GA
isGenerallyAvailable: false
SKUs:
- API Access Management
post:
- summary: Create the Associated Authorization Servers
- description: Creates the trusted relationships between the given authorization server and other authorization servers
+ summary: Create an associated Authorization Server
+ description: Creates trusted relationships between the given authorization server and other authorization servers
operationId: createAssociatedServers
x-codegen-request-body-name: associatedServerMediated
requestBody:
@@ -3183,6 +3315,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AssociatedServerMediated'
+ examples:
+ CreateAssocAuthServer:
+ $ref: '#/components/examples/CreateAssocAuthServerBody'
required: true
responses:
'200':
@@ -3193,6 +3328,9 @@ paths:
type: array
items:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ CreateAssocAuthServer:
+ $ref: '#/components/examples/CreateAssocAuthServerResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -3206,7 +3344,7 @@ paths:
- oauth2:
- okta.authorizationServers.manage
tags:
- - AuthorizationServer
+ - AuthorizationServerAssoc
x-okta-lifecycle:
lifecycle: GA
isGenerallyAvailable: false
@@ -3217,8 +3355,8 @@ paths:
- $ref: '#/components/parameters/pathAuthServerId'
- $ref: '#/components/parameters/pathAssociatedServerId'
delete:
- summary: Delete an Associated Authorization Server
- description: Deletes an associated authorization server
+ summary: Delete an associated Authorization Server
+ description: Deletes an associated Authorization Server
operationId: deleteAssociatedServer
responses:
'204':
@@ -3235,7 +3373,7 @@ paths:
- oauth2:
- okta.authorizationServers.manage
tags:
- - AuthorizationServer
+ - AuthorizationServerAssoc
x-okta-lifecycle:
lifecycle: GA
isGenerallyAvailable: false
@@ -3245,8 +3383,8 @@ paths:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
get:
- summary: List all Custom Token Claims
- description: Lists all custom token claims
+ summary: List all custom token Claims
+ description: Lists all custom token Claims defined for a specified custom authorization server
operationId: listOAuth2Claims
responses:
'200':
@@ -3257,6 +3395,9 @@ paths:
type: array
items:
$ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ ListCustomTokenClaims:
+ $ref: '#/components/examples/ListCustomTokenClaimsResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -3268,15 +3409,15 @@ paths:
- oauth2:
- okta.authorizationServers.read
tags:
- - AuthorizationServer
+ - AuthorizationServerClaims
x-okta-lifecycle:
lifecycle: GA
isGenerallyAvailable: false
SKUs:
- API Access Management
post:
- summary: Create a Custom Token Claim
- description: Creates a custom token claim
+ summary: Create a custom token Claim
+ description: Creates a custom token Claim for a custom authorization server
operationId: createOAuth2Claim
x-codegen-request-body-name: oAuth2Claim
requestBody:
@@ -3284,6 +3425,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ CreateCustomTokenClaim:
+ $ref: '#/components/examples/CreateCustomTokenClaimBody'
required: true
responses:
'201':
@@ -3292,6 +3436,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ CreateCustomTokenClaim:
+ $ref: '#/components/examples/CreateCustomTokenClaimResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -3305,7 +3452,7 @@ paths:
- oauth2:
- okta.authorizationServers.manage
tags:
- - AuthorizationServer
+ - AuthorizationServerClaims
x-okta-lifecycle:
lifecycle: GA
isGenerallyAvailable: false
@@ -3316,8 +3463,8 @@ paths:
- $ref: '#/components/parameters/pathAuthServerId'
- $ref: '#/components/parameters/pathClaimId'
get:
- summary: Retrieve a Custom Token Claim
- description: Retrieves a custom token claim
+ summary: Retrieve a custom token Claim
+ description: Retrieves a custom token Claim by the specified `claimId`
operationId: getOAuth2Claim
responses:
'200':
@@ -3326,6 +3473,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ RetrieveCustomTokenClaim:
+ $ref: '#/components/examples/RetrieveCustomTokenClaimResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -3337,15 +3487,15 @@ paths:
- oauth2:
- okta.authorizationServers.read
tags:
- - AuthorizationServer
+ - AuthorizationServerClaims
x-okta-lifecycle:
lifecycle: GA
isGenerallyAvailable: false
SKUs:
- API Access Management
put:
- summary: Replace a Custom Token Claim
- description: Replaces a custom token claim
+ summary: Replace a custom token Claim
+ description: Replaces a custom token Claim specified by the `claimId`
operationId: replaceOAuth2Claim
x-codegen-request-body-name: oAuth2Claim
requestBody:
@@ -3353,6 +3503,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ ReplaceCustomTokenClaim:
+ $ref: '#/components/examples/ReplaceCustomTokenClaimBody'
required: true
responses:
'200':
@@ -3361,6 +3514,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ ReplaceCustomTokenClaim:
+ $ref: '#/components/examples/ReplaceCustomTokenClaimResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -3374,15 +3530,15 @@ paths:
- oauth2:
- okta.authorizationServers.manage
tags:
- - AuthorizationServer
+ - AuthorizationServerClaims
x-okta-lifecycle:
lifecycle: GA
isGenerallyAvailable: false
SKUs:
- API Access Management
delete:
- summary: Delete a Custom Token Claim
- description: Deletes a custom token claim
+ summary: Delete a custom token Claim
+ description: Deletes a custom token Claim specified by the `claimId`
operationId: deleteOAuth2Claim
responses:
'204':
@@ -3399,7 +3555,7 @@ paths:
- oauth2:
- okta.authorizationServers.manage
tags:
- - AuthorizationServer
+ - AuthorizationServerClaims
x-okta-lifecycle:
lifecycle: GA
isGenerallyAvailable: false
@@ -5500,7 +5656,10 @@ paths:
- $ref: '#/components/parameters/pathTemplateName'
get:
summary: List all Email Customizations
- description: Lists all customizations of an email template
+ description: |
+ Lists all customizations of an email template
+
+ If Custom languages for Okta Email Templates is enabled, all existing customizations are retrieved, including customizations for additional languages. If disabled, only customizations for Okta-supported languages are returned.
operationId: listEmailCustomizations
parameters:
- $ref: '#/components/parameters/queryAfter'
@@ -5534,7 +5693,10 @@ paths:
isGenerallyAvailable: true
post:
summary: Create an Email Customization
- description: Creates a new email customization
+ description: |
+ Creates a new Email Customization
+
+ If Custom languages for Okta Email Templates is enabled, you can create a customization for any BCP47 language in addition to the Okta-supported languages.
operationId: createEmailCustomization
x-codegen-request-body-name: instance
requestBody:
@@ -5585,7 +5747,10 @@ paths:
isGenerallyAvailable: true
delete:
summary: Delete all Email Customizations
- description: Deletes all customizations for an email template
+ description: |
+ Deletes all customizations for an email template
+
+ If Custom languages for Okta Email Templates is enabled, all customizations are deleted, including customizations for additional languages. If disabled, only customizations in Okta-supported languages are deleted.
operationId: deleteAllCustomizations
responses:
'204':
@@ -5613,7 +5778,10 @@ paths:
- $ref: '#/components/parameters/pathCustomizationId'
get:
summary: Retrieve an Email Customization
- description: Retrieves an email customization by its unique identifier
+ description: |
+ Retrieves an email customization by its unique identifier
+
+ If Custom languages for Okta Email Templates is disabled, requests to retrieve an additional language customization by ID result in a `404 Not Found` error response.
operationId: getEmailCustomization
responses:
'200':
@@ -5642,7 +5810,10 @@ paths:
isGenerallyAvailable: true
put:
summary: Replace an Email Customization
- description: Replaces an existing email customization using the property values provided
+ description: |
+ Replaces an email customization using property values
+
+ If Custom languages for Okta Email Templates is disabled, requests to update a customization for an additional language return a `404 Not Found` error response.
operationId: replaceEmailCustomization
x-codegen-request-body-name: instance
requestBody:
@@ -5696,7 +5867,10 @@ paths:
isGenerallyAvailable: true
delete:
summary: Delete an Email Customization
- description: Deletes an email customization by its unique identifier
+ description: |
+ Deletes an Email Customization by its unique identifier
+
+ If Custom languages for Okta Email Templates is disabled, deletion of an existing additional language customization by ID doesn't register.
operationId: deleteEmailCustomization
responses:
'204':
@@ -5733,7 +5907,10 @@ paths:
- $ref: '#/components/parameters/pathCustomizationId'
get:
summary: Retrieve a Preview of an Email Customization
- description: Retrieves a preview of an email customization. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+ description: |
+ Retrieves a Preview of an Email Customization. All variable references are populated from the current user's context. For example, `${user.profile.firstName}`.
+
+ If Custom languages for Okta Email Templates is disabled, requests for the preview of an additional language customization by ID return a `404 Not Found` error response.
operationId: getCustomizationPreview
responses:
'200':
@@ -5766,7 +5943,12 @@ paths:
- $ref: '#/components/parameters/pathTemplateName'
get:
summary: Retrieve an Email Template Default Content
- description: Retrieves an email template's default content
+ description: |
+ Retrieves an email template's default content
+
+ Defaults to the current user's language given the following:
+ - Custom languages for Okta Email Templates is enabled
+ - An additional language is specified for the `language` parameter
operationId: getEmailDefaultContent
parameters:
- $ref: '#/components/parameters/queryLanguage'
@@ -5800,8 +5982,13 @@ paths:
- $ref: '#/components/parameters/pathBrandId'
- $ref: '#/components/parameters/pathTemplateName'
get:
- summary: Retrieve a Preview of the Email Template Default Content
- description: Retrieves a preview of an email template's default content. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+ summary: Retrieve a Preview of the Email Template default content
+ description: |
+ Retrieves a preview of an Email Template's default content. All variable references are populated using the current user's context. For example, `${user.profile.firstName}`.
+
+ Defaults to the current user's language given the following:
+ - Custom languages for Okta Email Templates is enabled
+ - An additional language is specified for the `language` parameter
operationId: getEmailDefaultPreview
parameters:
- $ref: '#/components/parameters/queryLanguage'
@@ -5910,6 +6097,7 @@ paths:
description: |-
Sends a test email to the current user’s primary and secondary email addresses. The email content is selected based on the following priority:
1. The email customization for the language specified in the `language` query parameter.
+ If Custom languages for Okta Email Templates is enabled and the `language` parameter is an additional language, the test email uses the customization corresponding to the language.
2. The email template's default customization.
3. The email template’s default content, translated to the current user's language.
operationId: sendTestEmail
@@ -6551,6 +6739,18 @@ paths:
$ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
WindowsWithThirdPartySignalProviders:
$ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
+ AndroidWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementRequest'
+ iOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementRequest'
+ MacOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementRequest'
+ WindowsWithDynamicVersionRequirements:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest'
+ WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest'
+ WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest'
required: true
responses:
'200':
@@ -6575,6 +6775,18 @@ paths:
$ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
WindowsWithThirdPartySignalProviders:
$ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+ AndroidWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
+ iOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
+ MacOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
+ WindowsWithDynamicVersionRequirements:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
+ WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
+ WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -6622,6 +6834,18 @@ paths:
$ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
WindowsWithThirdPartySignalProviders:
$ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+ AndroidWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
+ iOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
+ MacOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
+ WindowsWithDynamicVersionRequirements:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
+ WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
+ WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -6665,6 +6889,18 @@ paths:
$ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
WindowsWithThirdPartySignalProviders:
$ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
+ AndroidWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementRequest'
+ iOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementRequest'
+ MacOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementRequest'
+ WindowsWithDynamicVersionRequirements:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest'
+ WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest'
+ WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest'
required: true
responses:
'200':
@@ -6689,6 +6925,18 @@ paths:
$ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
WindowsWithThirdPartySignalProviders:
$ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+ AndroidWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
+ iOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
+ MacOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
+ WindowsWithDynamicVersionRequirements:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
+ WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
+ WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -7527,7 +7775,7 @@ paths:
tags:
- EmailServer
x-okta-lifecycle:
- lifecycle: EA
+ lifecycle: GA
isGenerallyAvailable: false
SKUs:
- Okta Identity Engine
@@ -7560,7 +7808,7 @@ paths:
tags:
- EmailServer
x-okta-lifecycle:
- lifecycle: EA
+ lifecycle: GA
isGenerallyAvailable: false
SKUs:
- Okta Identity Engine
@@ -7591,7 +7839,7 @@ paths:
tags:
- EmailServer
x-okta-lifecycle:
- lifecycle: EA
+ lifecycle: GA
isGenerallyAvailable: false
SKUs:
- Okta Identity Engine
@@ -7626,7 +7874,7 @@ paths:
tags:
- EmailServer
x-okta-lifecycle:
- lifecycle: EA
+ lifecycle: GA
isGenerallyAvailable: false
SKUs:
- Okta Identity Engine
@@ -7650,7 +7898,7 @@ paths:
tags:
- EmailServer
x-okta-lifecycle:
- lifecycle: EA
+ lifecycle: GA
isGenerallyAvailable: false
SKUs:
- Okta Identity Engine
@@ -7684,7 +7932,7 @@ paths:
tags:
- EmailServer
x-okta-lifecycle:
- lifecycle: EA
+ lifecycle: GA
isGenerallyAvailable: false
SKUs:
- Okta Identity Engine
@@ -8169,6 +8417,81 @@ paths:
x-okta-lifecycle:
lifecycle: GA
isGenerallyAvailable: true
+ /api/v1/first-party-app-settings/{appName}:
+ parameters:
+ - $ref: '#/components/parameters/pathFirstPartyAppName'
+ get:
+ summary: Retrieve the Okta app settings
+ description: Retrieves the settings for the first party Okta app
+ operationId: getFirstPartyAppSettings
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AdminConsoleSettings'
+ examples:
+ exampleSettings:
+ $ref: '#/components/examples/AdminConsoleSettingsExample'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.apps.read
+ tags:
+ - ApplicationOktaApplicationSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ put:
+ summary: Replace the Okta app settings
+ description: Replaces the settings for the first party Okta app
+ operationId: replaceFirstPartyAppSettings
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AdminConsoleSettings'
+ examples:
+ exampleSettings:
+ $ref: '#/components/examples/AdminConsoleSettingsExample'
+ required: true
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AdminConsoleSettings'
+ examples:
+ exampleSettings:
+ $ref: '#/components/examples/AdminConsoleSettingsExample'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ description: Forbidden
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ Access Denied:
+ $ref: '#/components/examples/ErrorAccessDenied'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.apps.manage
+ tags:
+ - ApplicationOktaApplicationSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups:
get:
summary: List all Groups
@@ -13761,7 +14084,7 @@ paths:
items:
oneOf: &ref_12
- $ref: '#/components/schemas/AccessPolicy'
- - $ref: '#/components/schemas/IdentityProviderPolicy'
+ - $ref: '#/components/schemas/IdpDiscoveryPolicy'
- $ref: '#/components/schemas/MultifactorEnrollmentPolicy'
- $ref: '#/components/schemas/OktaSignOnPolicy'
- $ref: '#/components/schemas/PasswordPolicy'
@@ -13770,7 +14093,7 @@ paths:
propertyName: type
mapping:
ACCESS_POLICY: '#/components/schemas/AccessPolicy'
- IDP_DISCOVERY: '#/components/schemas/IdentityProviderPolicy'
+ IDP_DISCOVERY: '#/components/schemas/IdpDiscoveryPolicy'
MFA_ENROLL: '#/components/schemas/MultifactorEnrollmentPolicy'
OKTA_SIGN_ON: '#/components/schemas/OktaSignOnPolicy'
PASSWORD: '#/components/schemas/PasswordPolicy'
@@ -14233,6 +14556,7 @@ paths:
- $ref: '#/components/schemas/ProfileEnrollmentPolicyRule'
- $ref: '#/components/schemas/AuthorizationServerPolicyRule'
- $ref: '#/components/schemas/OktaSignOnPolicyRule'
+ - $ref: '#/components/schemas/IdpDiscoveryPolicyRule'
discriminator: &ref_15
propertyName: type
mapping:
@@ -14241,6 +14565,7 @@ paths:
PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicyRule'
RESOURCE_ACCESS: '#/components/schemas/AuthorizationServerPolicyRule'
SIGN_ON: '#/components/schemas/OktaSignOnPolicyRule'
+ IDP_DISCOVERY: '#/components/schemas/IdpDiscoveryPolicyRule'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -14274,6 +14599,12 @@ paths:
$ref: '#/components/examples/sspr-enabled-sso-step-up'
EnableSsprNoStepUp:
$ref: '#/components/examples/sspr-enabled-no-step-up'
+ Enable2FAPreciseAuth:
+ $ref: '#/components/examples/twofa-enabled-disallow-password-allow-phishing'
+ EnableSpecificRoutingRule:
+ $ref: '#/components/examples/idp-discovery-specific-routing-rule'
+ EnableDynamicRoutingRule:
+ $ref: '#/components/examples/idp-discovery-dynamic-routing-rule'
EnableSsprWithConstraints:
$ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints'
required: true
@@ -14292,6 +14623,12 @@ paths:
$ref: '#/components/examples/sspr-enabled-sso-step-up-response'
EnableSsprNoStepUp:
$ref: '#/components/examples/sspr-enabled-no-step-up-response'
+ Enable2FAPreciseAuth:
+ $ref: '#/components/examples/twofa-enabled-disallow-password-allow-phishing-response'
+ EnableSpecificRoutingRule:
+ $ref: '#/components/examples/idp-discovery-specific-routing-rule-response'
+ EnableDynamicRoutingRule:
+ $ref: '#/components/examples/idp-discovery-dynamic-routing-rule-response'
EnableSsprWithConstraints:
$ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
'400':
@@ -17550,6 +17887,9 @@ paths:
summary: List all Groups
description: Lists all groups of which the user is a member
operationId: listUserGroups
+ parameters:
+ - $ref: '#/components/parameters/queryAfter'
+ - $ref: '#/components/parameters/queryLimit'
responses:
'200':
description: Success
@@ -17803,6 +18143,13 @@ paths:
summary: Reset all Factors
description: Resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
operationId: resetFactors
+ parameters:
+ - name: removeRecoveryEnrollment
+ description: 'If `true`, removes the phone number as both a recovery method and a Factor. Supported Factors: `sms` and `call`'
+ in: query
+ schema:
+ type: boolean
+ default: false
responses:
'200':
description: OK
@@ -19253,6 +19600,122 @@ paths:
/integrations/api/v1/submissions/{submissionId}/testing:
parameters:
- $ref: '#/components/parameters/pathSubmissionId'
+ /webauthn-registration/api/v1/activate:
+ post:
+ summary: Activate a Preregistered WebAuthn Factor
+ description: Activates a preregistered WebAuthn Factor. As part of this operation, Okta first decrypts and verifies the Factor PIN and enrollment data sent by the fulfillment provider.
+ operationId: activatePreregistrationEnrollment
+ x-codegen-request-body-name: body
+ requestBody:
+ description: Enrollment Activation Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EnrollmentActivationRequest'
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EnrollmentActivationResponse'
+ '400':
+ description: PIN or Cred Requests Generation Failed
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ NoDisable:
+ $ref: '#/components/examples/ErrorPinOrCredResponsesProcessingFailure'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.users.manage
+ tags:
+ - WebAuthnPreregistration
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /webauthn-registration/api/v1/enroll:
+ post:
+ summary: Enroll a Preregistered WebAuthn Factor
+ description: Enrolls a preregistered WebAuthn Factor. This WebAuthn Factor has a longer challenge timeout period to accommodate the fulfillment request process. As part of this operation, Okta generates EC key-pairs used to encrypt the Factor PIN and enrollment data sent by the fulfillment provider.
+ operationId: enrollPreregistrationEnrollment
+ x-codegen-request-body-name: body
+ requestBody:
+ description: Enrollment Initialization Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EnrollmentInitializationRequest'
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EnrollmentInitializationResponse'
+ '400':
+ description: PIN or Cred Requests Generation Failed
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ NoDisable:
+ $ref: '#/components/examples/ErrorPinOrCredRequestsGenerationFailure'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.users.manage
+ tags:
+ - WebAuthnPreregistration
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /webauthn-registration/api/v1/initiate-fulfillment-request:
+ post:
+ summary: Generate a Fulfillment Request
+ description: Generates a fulfillment request by sending a WebAuthn Preregistration event to start the flow. The Okta Workflows WebAuthn preregistration integration uses this to populate the fulfillment request.
+ operationId: generateFulfillmentRequest
+ x-codegen-request-body-name: body
+ requestBody:
+ description: Fulfillment Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/FulfillmentRequest'
+ responses:
+ '204':
+ description: No Content
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.users.manage
+ tags:
+ - WebAuthnPreregistration
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
components:
examples:
APIDevicesListAllResponse:
@@ -19469,7 +19932,9 @@ components:
- GET
_embedded:
users:
- - created: '2021-10-01T16:52:41.000Z'
+ - managementStatus: MANAGED
+ created: '2021-10-01T16:52:41.000Z'
+ screenLockType: BIOMETRIC
user:
id: 00u17vh0q8ov8IU881d7
realmId: 00u17vh0q8ov8IU8T0g5
@@ -20331,6 +20796,106 @@ components:
type: HEADER
key: Authorization
value: my-shared-secret
+ CreateAssocAuthServerBody:
+ summary: Create a trusted relationship between authorization servers
+ value:
+ - trusted: '{authorizationServerId}'
+ CreateAssocAuthServerResponse:
+ summary: Create a trusted relationship between authorization servers
+ value:
+ - id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: CUSTOM_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: AUTO
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ use: sig
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+ hints:
+ allow:
+ - DELETE
+ CreateAuthServerBody:
+ summary: Create a custom authorization server
+ value:
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - api://default
+ CreateAuthServerResponse:
+ summary: Create a custom authorization server
+ value:
+ id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: ORG_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: AUTO
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ _links:
+ scopes:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
+ hints:
+ allow:
+ - GET
+ claims:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
+ hints:
+ allow:
+ - GET
+ policies:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+ hints:
+ allow:
+ - GET
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+ hints:
+ allow:
+ - GET
+ - DELETE
+ - PUT
+ metadata:
+ - name: oauth-authorization-server
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+ hints:
+ allow:
+ - GET
+ - name: openid-configuration
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+ hints:
+ allow:
+ - GET
+ rotateKey:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
CreateBrandRequest:
value:
name: My Awesome Brand
@@ -20359,6 +20924,44 @@ components:
hints:
allow:
- GET
+ CreateCustomTokenClaimBody:
+ summary: Create a custom token Claim
+ value:
+ - alwaysIncludeInToken: true
+ claimType: IDENTITY
+ conditions:
+ scopes:
+ - profile
+ group_filter_type: CONTAINS
+ name: Support
+ status: ACTIVE
+ system: false
+ value: Support
+ valueType: GROUPS
+ CreateCustomTokenClaimResponse:
+ summary: Create a custom token Claim response
+ value:
+ - id: '{claimId}'
+ name: Support
+ status: ACTIVE
+ claimType: IDENTITY
+ valueType: GROUPS
+ value: Support
+ conditions:
+ scopes:
+ - profile
+ system: false
+ alwaysIncludeInToken: true
+ apiResourceId: null
+ group_filter_type: CONTAINS
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
CreateEmailDomainRequest:
value:
displayName: Admin
@@ -20735,6 +21338,63 @@ components:
- DELETE
- GET
- PUT
+ DeviceAssuranceAndroidWithDynamicVersionRequirementRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Android with dynamic version requirement request
+ value:
+ name: Device Assurance Android
+ osVersion:
+ dynamicVersionRequirement:
+ type: MINIMUM
+ distanceFromLatestMajor: 0
+ diskEncryptionType:
+ include:
+ - USER
+ - FULL
+ jailbreak: false
+ platform: ANDROID
+ screenLockType:
+ include:
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceAndroidWithDynamicVersionRequirementResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Android with dynamic version requirement response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Android
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ dynamicVersionRequirement:
+ type: MINIMUM
+ distanceFromLatestMajor: 0
+ diskEncryptionType:
+ include:
+ - USER
+ - FULL
+ jailbreak: false
+ platform: ANDROID
+ screenLockType:
+ include:
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest:
x-okta-lifecycle:
lifecycle: GA
@@ -20837,6 +21497,53 @@ components:
- DELETE
- GET
- PUT
+ DeviceAssuranceIosWithDynamicVersionRequirementRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: iOS with dynamic version requirement request
+ value:
+ name: Device Assurance iOS
+ osVersion:
+ dynamicVersionRequirement:
+ type: EXACT_ANY_SUPPORTED
+ latestSecurityPatch: true
+ jailbreak: false
+ platform: IOS
+ screenLockType:
+ include:
+ - BIOMETRIC
+ DeviceAssuranceIosWithDynamicVersionRequirementResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: iOS with dynamic version requirement response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance iOS
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ dynamicVersionRequirement:
+ type: EXACT_ANY_SUPPORTED
+ latestSecurityPatch: true
+ jailbroken: false
+ platform: IOS
+ screenLockType:
+ include:
+ - BIOMETRIC
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
DeviceAssuranceMacOSRequest:
summary: macOS request
value:
@@ -20880,6 +21587,63 @@ components:
- DELETE
- GET
- PUT
+ DeviceAssuranceMacOSWithDynamicVersionRequirementRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: macOS with dynamic version requirement request
+ value:
+ name: Device Assurance macOS
+ osVersion:
+ dynamicVersionRequirement:
+ type: EXACT
+ distanceFromLatestMajor: 0
+ latestSecurityPatch: true
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: MACOS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceMacOSWithDynamicVersionRequirementResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: macOS with dynamic version requirement response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance macOS
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ dynamicVersionRequirement:
+ type: EXACT
+ distanceFromLatestMajor: 0
+ latestSecurityPatch: true
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: MACOS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest:
x-okta-lifecycle:
lifecycle: GA
@@ -21007,6 +21771,71 @@ components:
- DELETE
- GET
- PUT
+ DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 and Windows 10 dynamic version requirements request
+ value:
+ name: Device Assurance Windows
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ dynamicVersionRequirement:
+ type: MINIMUM
+ distanceFromLatestMajor: 1
+ latestSecurityPatch: true
+ - majorVersionConstraint: WINDOWS_10
+ dynamicVersionRequirement:
+ type: EXACT_ANY_SUPPORTED
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 and Windows 10 dynamic version requirements response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Windows
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ dynamicVersionRequirement:
+ type: MINIMUM
+ distanceFromLatestMajor: 1
+ latestSecurityPatch: true
+ - majorVersionConstraint: WINDOWS_10
+ dynamicVersionRequirement:
+ type: EXACT_ANY_SUPPORTED
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest:
x-okta-lifecycle:
lifecycle: GA
@@ -21104,6 +21933,126 @@ components:
- DELETE
- GET
- PUT
+ DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 dynamic version requirement and Windows 10 minimum version request
+ value:
+ name: Device Assurance Windows
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ dynamicVersionRequirement:
+ type: EXACT
+ distanceFromLatestMajor: 1
+ - majorVersionConstraint: WINDOWS_10
+ minimum: 10.0.19045.0
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 dynamic version requirement and Windows 10 minimum version response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Windows
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ dynamicVersionRequirement:
+ type: EXACT
+ distanceFromLatestMajor: 1
+ - majorVersionConstraint: WINDOWS_10
+ minimum: 10.0.19045.0
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 minimum version and a Windows 10 dynamic version requirement request
+ value:
+ name: Device Assurance Windows
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ minimum: 10.0.22000.0
+ - majorVersionConstraint: WINDOWS_10
+ dynamicVersionRequirement:
+ type: NOT_ALLOWED
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 minimum version and Windows 10 dynamic version requirement response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Windows
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ minimum: 10.0.22000.0
+ - majorVersionConstraint: WINDOWS_10
+ dynamicVersionRequirement:
+ type: NOT_ALLOWED
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
DeviceResponse:
value:
id: guo8jx5vVoxfvJeLb0w4
@@ -21410,6 +22359,24 @@ components:
errorLink: E0000028
errorId: sampleiCF-l7mr9XqM1NQ
errorCauses: []
+ ErrorPinOrCredRequestsGenerationFailure:
+ summary: PIN or Cred Requests Generation Failed
+ value:
+ errorCode: E0000001
+ errorSummary: 'Api validation failed: pinRequest|credRequests'
+ errorLink: E0000001
+ errorId: oaehk3rssXQmOWDRsaFfxe8A
+ errorCauses:
+ errorSummary: There was a problem generating the pinRequest|credRequests.
+ ErrorPinOrCredResponsesProcessingFailure:
+ summary: PIN or Cred Response Processing Failed
+ value:
+ errorCode: E0000001
+ errorSummary: 'Api validation failed: pinResponse|credResponses'
+ errorLink: E0000001
+ errorId: oaehk3rssXQmOWDRsaFfxe8B
+ errorCauses:
+ errorSummary: There was a problem generating the pinResponse|credResponses.
ErrorPushProviderUsedByCustomAppAuthenticator:
value:
errorCode: E0000187
@@ -21662,6 +22629,95 @@ components:
client:
href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
title: Client name
+ ListAssocAuthServerResponse:
+ summary: List associated Authorization Servers
+ value:
+ - id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: CUSTOM_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: DYNAMIC
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ use: sig
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+ hints:
+ allow:
+ - DELETE
+ ListAuthServersResponse:
+ summary: List all custom authorization servers in your org
+ value:
+ - id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: ORG_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: AUTO
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ _links:
+ scopes:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
+ hints:
+ allow:
+ - GET
+ claims:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
+ hints:
+ allow:
+ - GET
+ policies:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+ hints:
+ allow:
+ - GET
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+ hints:
+ allow:
+ - GET
+ - DELETE
+ - PUT
+ metadata:
+ - name: oauth-authorization-server
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+ hints:
+ allow:
+ - GET
+ - name: openid-configuration
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+ hints:
+ allow:
+ - GET
+ rotateKey:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
ListBrandsResponse:
value:
- id: bnd114iNkrcN6aR680g4
@@ -21688,6 +22744,29 @@ components:
hints:
allow:
- GET
+ ListCustomTokenClaimsResponse:
+ summary: List all custom token Claims for an authorization server
+ value:
+ - id: '{claimId}'
+ name: sub
+ status: ACTIVE
+ claimType: RESOURCE
+ valueType: EXPRESSION
+ value: '(appuser != null) ? appuser.userName : app.clientId'
+ conditions:
+ scopes:
+ - profile
+ system: true
+ alwaysIncludeInToken: true
+ apiResourceId: null
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
ListEmailCustomizationResponse:
value:
- language: en
@@ -21917,6 +22996,7 @@ components:
isDefault: false
profile:
name: Car Co
+ realmType: PARTNER
_links:
self:
rel: self
@@ -23093,6 +24173,121 @@ components:
type: HEADER
key: Authorization
value: my-shared-secret
+ ReplaceAuthServerBody:
+ summary: Replace a custom authorization server
+ value:
+ name: New Authorization Server
+ description: Authorization Server description
+ audiences:
+ - api://default
+ credentials:
+ signing:
+ rotationMode: AUTO
+ use: sig
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: ORG_URL
+ status: ACTIVE
+ ReplaceAuthServerResponse:
+ summary: Replace a custom authorization server
+ value:
+ id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: ORG_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: AUTO
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ _links:
+ scopes:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
+ hints:
+ allow:
+ - GET
+ claims:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
+ hints:
+ allow:
+ - GET
+ policies:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+ hints:
+ allow:
+ - GET
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+ hints:
+ allow:
+ - GET
+ - DELETE
+ - PUT
+ metadata:
+ - name: oauth-authorization-server
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+ hints:
+ allow:
+ - GET
+ - name: openid-configuration
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+ hints:
+ allow:
+ - GET
+ rotateKey:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ ReplaceCustomTokenClaimBody:
+ summary: Replace a custom token Claim
+ value:
+ - alwaysIncludeInToken: true
+ claimType: IDENTITY
+ conditions:
+ scopes:
+ - profile
+ group_filter_type: CONTAINS
+ name: Knowledge_Base
+ status: ACTIVE
+ system: false
+ value: Knowledge Base
+ valueType: GROUPS
+ ReplaceCustomTokenClaimResponse:
+ summary: Replace a custom token Claim response
+ value:
+ - id: '{claimId}'
+ name: Knowledge_Base
+ status: ACTIVE
+ claimType: IDENTITY
+ valueType: GROUPS
+ value: Knowledge Base
+ conditions:
+ scopes:
+ - profile
+ system: false
+ alwaysIncludeInToken: true
+ apiResourceId: null
+ group_filter_type: CONTAINS
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
ReplaceKeyResponse:
summary: Replace a key response example
value:
@@ -23710,6 +24905,69 @@ components:
hints:
allow:
- POST
+ RetrieveAuthServerResponse:
+ summary: Retrieve a custom authorization server
+ value:
+ id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: ORG_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: AUTO
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ _links:
+ scopes:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
+ hints:
+ allow:
+ - GET
+ claims:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
+ hints:
+ allow:
+ - GET
+ policies:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+ hints:
+ allow:
+ - GET
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+ hints:
+ allow:
+ - GET
+ - DELETE
+ - PUT
+ metadata:
+ - name: oauth-authorization-server
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+ hints:
+ allow:
+ - GET
+ - name: openid-configuration
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+ hints:
+ allow:
+ - GET
+ rotateKey:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
RetrieveCurrentSessionResponse:
summary: Retrieve current session
value:
@@ -23744,6 +25002,30 @@ components:
- GET
href: https://{yourOktaDomain}/api/v1/users/me
name: User Name
+ RetrieveCustomTokenClaimResponse:
+ summary: Retrieve a custom token Claim response
+ value:
+ - id: '{claimId}'
+ name: Support
+ status: ACTIVE
+ claimType: IDENTITY
+ valueType: GROUPS
+ value: Support
+ conditions:
+ scopes:
+ - profile
+ system: false
+ alwaysIncludeInToken: true
+ apiResourceId: null
+ group_filter_type: CONTAINS
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
RetrieveFeaturesResponse:
summary: Retrieve a feature by ID
value:
@@ -24244,26 +25526,62 @@ components:
lastUpdated: '2023-08-24T14:15:22.000Z'
lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
lastPublished: '2023-09-01T13:23:45.000Z'
- TestInfoBase:
- summary: Submission Testing Information example
+ TestInfoOidcRequest:
+ summary: OIDC SSO Submission Testing Information request
+ value:
+ testAccount:
+ url: https://example.com/strawberry/login
+ username: test@example.com
+ password: sUperP@ssw0rd
+ instructions: Go to your app URL from a browser and enter your credentials
+ escalationSupportContact: strawberry.support@example.com
+ oidcTestConfiguration:
+ jit: false
+ spInitiateUrl: https://test.example.com/strawberry/oidc/sp-init
+ TestInfoOidcResponse:
+ summary: OIDC SSO Submission Testing Information response
+ value:
+ testAccount:
+ url: https://example.com/strawberry/login
+ username: test@example.com
+ password: sUperP@ssw0rd
+ instructions: Go to your app URL from a browser and enter your credentials
+ escalationSupportContact: strawberry.support@example.com
+ oidcTestConfiguration:
+ idp: true
+ sp: true
+ jit: false
+ spInitiateUrl: https://test.example.com/strawberry/oidc/sp-init
+ TestInfoSamlRequest:
+ summary: SAML SSO Submission Testing Information request
value:
testAccount:
url: https://example.com/strawberry/login
username: test@example.com
password: sUperP@ssw0rd
- instructions: Just open URL and input credentials
+ instructions: Go to your app URL from a browser and enter your credentials
escalationSupportContact: strawberry.support@example.com
samlTestConfiguration:
idp: true
sp: true
jit: false
spInitiateUrl: https://test.example.com/strawberry/saml/sp-init
- spInitiateDescription: Just open URL and provide your username
- oidcTestConfiguration:
+ spInitiateDescription: Go to the app URL from a browser and enter your username
+ TestInfoSamlResponse:
+ summary: SAML SSO Submission Testing Information response
+ value:
+ testAccount:
+ url: https://example.com/strawberry/login
+ username: test@example.com
+ password: sUperP@ssw0rd
+ instructions: Go to your app URL from a browser and enter your credentials
+ escalationSupportContact: strawberry.support@example.com
+ samlTestConfiguration:
idp: true
sp: true
jit: false
- spInitiateUrl: https://test.example.com/strawberry/oidc/sp-init
+ spInitiateUrl: https://test.example.com/strawberry/saml/sp-init
+ spInitiateDescription: Go to the app URL from a browser and enter your username
ThreatInsightResponseExample:
summary: ThreatInsight response
value:
@@ -24647,6 +25965,106 @@ components:
hints:
allow:
- POST
+ idp-discovery-dynamic-routing-rule:
+ summary: IdP discovery policy - Dynamic routing rule
+ description: This routing rule uses a dynamic Identity Provider.
+ value:
+ name: Dynamic routing rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ network:
+ connection: ANYWHERE
+ actions:
+ idp:
+ providers: []
+ idpSelectionType: DYNAMIC
+ matchCriteria:
+ - providerExpression: login.identifier.substringAfter('@')
+ propertyName: name
+ system: false
+ type: IDP_DISCOVERY
+ idp-discovery-dynamic-routing-rule-response:
+ summary: IdP discovery policy - Dynamic routing rule
+ value:
+ id: ruleId
+ _links:
+ self:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ name: Dynamic routing rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ network:
+ connection: ANYWHERE
+ actions:
+ idp:
+ providers: []
+ idpSelectionType: DYNAMIC
+ matchCriteria:
+ - providerExpression: login.identifier.substringAfter('@')
+ propertyName: name
+ system: false
+ type: IDP_DISCOVERY
+ idp-discovery-specific-routing-rule:
+ summary: IdP discovery policy - Specific routing rule
+ description: This routing rule uses a specific Identity Provider.
+ value:
+ name: Specific routing rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ network:
+ connection: ANYWHERE
+ actions:
+ idp:
+ providers:
+ - type: GOOGLE
+ id: 0oa5ks3WmHLRh8Ivr0g4
+ idpSelectionType: SPECIFIC
+ system: false
+ type: IDP_DISCOVERY
+ idp-discovery-specific-routing-rule-response:
+ summary: IdP discovery policy - Specific routing rule
+ value:
+ id: ruleId
+ _links:
+ self:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ name: Specific routing rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ network:
+ connection: ANYWHERE
+ actions:
+ idp:
+ providers:
+ - type: GOOGLE
+ id: 0oa5ks3WmHLRh8Ivr0g4
+ idpSelectionType: SPECIFIC
+ system: false
+ type: IDP_DISCOVERY
inactiveAPIServiceIntegrationInstanceSecretResponse:
summary: Deactivate Secret response example
value:
@@ -24820,8 +26238,8 @@ components:
system: false
type: PASSWORD
sspr-enabled-sq-step-up:
- summary: Password policy - SSPR with security question as step up
- description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are initial authenticators, and the secondary authentication is a security question.
+ summary: Password policy - SSPR with security question as step-up auth
+ description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are the initial authenticators, and the secondary authentication is a security question.
value:
name: SSPR Rule
priority: 1
@@ -25144,6 +26562,62 @@ components:
access: ALLOW
system: false
type: PASSWORD
+ twofa-enabled-disallow-password-allow-phishing:
+ summary: Authentication policy - 2FA with granular authentication
+ description: This two-factor authentication policy uses a rule to disallow passwords and require phishing resistance for possession authenticators for authentication.
+ value:
+ name: Passwordless 2FA
+ actions:
+ appSignOn:
+ access: ALLOW
+ verificationMethod:
+ factorMode: 2FA
+ type: ASSURANCE
+ reauthenticateIn: PT0S
+ constraints:
+ knowledge:
+ excludedAuthenticationMethods:
+ key: okta_password
+ possession:
+ deviceBound: REQUIRED
+ phishingREsistant: REQUIRED
+ type: ACCESS_POLICY
+ twofa-enabled-disallow-password-allow-phishing-response:
+ summary: Authentication policy - 2FA with granular authentication
+ description: The rule from a two-factor authentication policy that disallows passwords and requires phishing resistance
+ value:
+ id: rul7yut96gmsOzKAA1d6
+ status: ACTIVE
+ name: Passwordless 2FA
+ priority: 0
+ created: '2023-05-01T21:13:15.000Z'
+ lastUpdated: '2023-05-01T21:13:15.000Z'
+ system: false
+ conditions: null
+ actions:
+ appSignOn:
+ access: ALLOW
+ verificationMethod:
+ factorMode: 2FA
+ type: ASSURANCE
+ reauthenticateIn: PT0S
+ constraints:
+ knowledge:
+ excludedAuthenticationMethods:
+ key: okta_password
+ required: false
+ possession:
+ deviceBound: REQUIRED
+ phishingREsistant: REQUIRED
+ required: true
+ type: ACCESS_POLICY
+ _links:
+ self:
+ href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
+ hints:
+ allow:
+ - GET
+ - PUT
parameters:
UISchemaId:
name: id
@@ -25153,6 +26627,13 @@ components:
schema:
type: string
example: uis4a7liocgcRgcxZ0g7
+ authenticatorEnrollmentId:
+ name: authenticatorEnrollmentId
+ in: path
+ required: true
+ description: ID for a WebAuthn Preregistration Factor in Okta
+ schema:
+ type: string
pathApiServiceId:
name: apiServiceId
in: path
@@ -25252,6 +26733,14 @@ components:
required: true
schema:
type: string
+ pathCredentialKeyId:
+ name: keyId
+ description: '`id` of the certificate key'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: P7jXpG-LG2ObNgY9C0Mn2uf4InCQTmRZMDCZoVNxdrk
pathCsrId:
name: csrId
description: '`id` of the CSR'
@@ -25686,7 +27175,7 @@ components:
example: l7FbDVqS8zHSy65uJD85
pathSubmissionId:
name: submissionId
- description: Submission ID
+ description: OIN Integration ID
in: path
required: true
schema:
@@ -25779,7 +27268,7 @@ components:
in: query
schema:
type: string
- description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information.
+ description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination).
queryAppAfter:
name: after
in: query
@@ -26158,15 +27647,67 @@ components:
AccessPolicyConstraint:
type: object
properties:
+ authenticationMethods:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ description:
This property specifies the precise authenticator and method for authentication.
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticationMethodObject'
+ excludedAuthenticationMethods:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ description:
This property specifies the precise authenticator and method to exclude from authentication.
+ items:
+ $ref: '#/components/schemas/AuthenticationMethodObject'
methods:
+ description: The Authenticator methods that are permitted
items:
type: string
+ enum:
+ - PASSWORD
+ - SECURITY_QUESTION
+ - SMS
+ - VOICE
+ - EMAIL
+ - PUSH
+ - SIGNED_NONCE
+ - OTP
+ - TOTP
+ - WEBAUTHN
+ - DUO
+ - IDP
+ - CERT
type: array
reauthenticateIn:
+ description: The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object's `reauthenticateIn` interval. The supported values use ISO 8601 period format for recurring time intervals (for example, `PT1H`).
type: string
+ required:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ description:
This property indicates whether the knowledge or possession factor is required by the assurance. It's optional in the request, but is always returned in the response. By default, this field is `true`. If the knowledge or possession constraint has values for`excludedAuthenticationMethods` the `required` value is false.
+ type: boolean
types:
+ description: The Authenticator types that are permitted
items:
type: string
+ enum:
+ - SECURITY_KEY
+ - PHONE
+ - EMAIL
+ - PASSWORD
+ - SECURITY_QUESTION
+ - APP
+ - FEDERATED
type: array
AccessPolicyConstraints:
type: object
@@ -26424,9 +27965,11 @@ components:
properties:
id:
type: string
+ description: ID of the app
readOnly: true
name:
type: string
+ description: Name of the app type
type:
$ref: '#/components/schemas/AppAndInstanceType'
AppAndInstancePolicyRuleCondition:
@@ -26441,6 +27984,7 @@ components:
items:
$ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
AppAndInstanceType:
+ description: Type of app
type: string
enum:
- APP
@@ -26750,6 +28294,9 @@ components:
type: string
client_secret:
type: string
+ pkce_required:
+ type: boolean
+ description: Require Proof Key for Code Exchange (PKCE) for additional verification
token_endpoint_auth_method:
$ref: '#/components/schemas/OAuthEndpointAuthenticationMethod'
ApplicationCredentialsScheme:
@@ -27052,6 +28599,51 @@ components:
description: A list of the authorization server IDs
items:
type: string
+ AttackProtectionAuthenticatorSettings:
+ type: object
+ properties:
+ verifyKnowledgeSecondWhen2faRequired:
+ type: boolean
+ description: If true, requires users to verify a possession factor before verifying a knowledge factor when the assurance requires two-factor authentication (2FA).
+ default: false
+ AuthServerLinks:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ claims:
+ allOf:
+ - description: Link to the authorization server claims
+ - $ref: '#/components/schemas/HrefObject'
+ deactivate:
+ allOf:
+ - $ref: '#/components/schemas/HrefObjectDeactivateLink'
+ metadata:
+ description: Link to the authorization server metadata
+ type: array
+ items:
+ $ref: '#/components/schemas/HrefObject'
+ policies:
+ allOf:
+ - description: Link to the authorization server policies
+ - $ref: '#/components/schemas/HrefObject'
+ rotateKey:
+ allOf:
+ - description: Link to the authorization server key rotation
+ - $ref: '#/components/schemas/HrefObject'
+ scopes:
+ allOf:
+ - description: Link to the authorization server scopes
+ - $ref: '#/components/schemas/HrefObject'
+ AuthenticationMethodObject:
+ type: object
+ properties:
+ key:
+ type: string
+ description: A label that identifies the authenticator
+ method:
+ type: string
+ description: Specifies the method used for the authenticator
AuthenticationProvider:
description: |-
Specifies the authentication provider that validates the user's password credential. The user's current provider
@@ -27342,6 +28934,7 @@ components:
properties:
audiences:
type: array
+ description: The recipients that the tokens are intended for. This becomes the `aud` claim in an access token. Okta currently supports only one audience.
items:
type: string
created:
@@ -27352,29 +28945,46 @@ components:
$ref: '#/components/schemas/AuthorizationServerCredentials'
description:
type: string
+ description: The description of the custom authorization server
id:
type: string
+ description: The ID of the custom authorization server
readOnly: true
issuer:
type: string
+ description: The complete URL for the custom authorization server. This becomes the `iss` claim in an access token.
issuerMode:
- $ref: '#/components/schemas/IssuerMode'
+ type: string
+ description: |-
+ Indicates which value is specified in the issuer of the tokens that a custom authorization server returns: the Okta org domain URL or a custom domain URL.
+
+ `issuerMode` is visible if you have a custom URL domain configured or the Dynamic Issuer Mode feature enabled. If you have a custom URL domain configured, you can set a custom domain URL in a custom authorization server, and this property is returned in the appropriate responses.
+
+ When set to `ORG_URL`, then in responses, `issuer` is the Okta org domain URL: `https://${yourOktaDomain}`.
+
+ When set to `CUSTOM_URL`, then in responses, `issuer` is the custom domain URL configured in the administration user interface.
+
+ When set to `DYNAMIC`, then in responses, `issuer` is the custom domain URL if the OAuth 2.0 request was sent to the custom domain, or is the Okta org's domain URL if the OAuth 2.0 request was sent to the original Okta org domain.
+
+ After you configure a custom URL domain, all new custom authorization servers use `CUSTOM_URL` by default. If the Dynamic Issuer Mode feature is enabled, then all new custom authorization servers use `DYNAMIC` by default. All existing custom authorization servers continue to use the original value until they're changed using the Admin Console or the API. This way, existing integrations with the client and resource server continue to work after the feature is enabled.
lastUpdated:
type: string
format: date-time
readOnly: true
name:
type: string
+ description: The name of the custom authorization server
status:
$ref: '#/components/schemas/LifecycleStatus'
_links:
- $ref: '#/components/schemas/LinksSelf'
+ $ref: '#/components/schemas/AuthServerLinks'
AuthorizationServerCredentials:
type: object
properties:
signing:
$ref: '#/components/schemas/AuthorizationServerCredentialsSigningConfig'
AuthorizationServerCredentialsRotationMode:
+ description: The Key rotation mode for the authorization server
type: string
enum:
- AUTO
@@ -27384,12 +28994,16 @@ components:
properties:
kid:
type: string
+ description: The ID of the JSON Web Key used for signing tokens issued by the authorization server
+ readOnly: true
lastRotated:
type: string
+ description: The timestamp when the authorization server started using the `kid` for signing tokens
format: date-time
readOnly: true
nextRotation:
type: string
+ description: The timestamp when the authorization server changes the Key for signing tokens. This is only returned when `rotationMode` is set to `AUTO`.
format: date-time
readOnly: true
rotationMode:
@@ -27397,6 +29011,7 @@ components:
use:
$ref: '#/components/schemas/AuthorizationServerCredentialsUse'
AuthorizationServerCredentialsUse:
+ description: How the key is used
type: string
enum:
- sig
@@ -27406,7 +29021,12 @@ components:
- type: object
properties:
conditions:
- $ref: '#/components/schemas/PolicyRuleConditions'
+ $ref: '#/components/schemas/AuthorizationServerPolicyConditions'
+ AuthorizationServerPolicyConditions:
+ type: object
+ properties:
+ clients:
+ $ref: '#/components/schemas/ClientPolicyCondition'
AuthorizationServerPolicyRule:
allOf:
- $ref: '#/components/schemas/PolicyRule'
@@ -27424,18 +29044,16 @@ components:
token:
$ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleAction'
AuthorizationServerPolicyRuleConditions:
- allOf:
- - $ref: '#/components/schemas/PolicyRuleConditions'
- - type: object
- properties:
- clients:
- $ref: '#/components/schemas/ClientPolicyCondition'
- grantTypes:
- $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
- people:
- $ref: '#/components/schemas/PolicyPeopleCondition'
- scopes:
- $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
+ type: object
+ properties:
+ clients:
+ $ref: '#/components/schemas/ClientPolicyCondition'
+ grantTypes:
+ $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
+ people:
+ $ref: '#/components/schemas/PolicyPeopleCondition'
+ scopes:
+ $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
AutoLoginApplication:
allOf:
- $ref: '#/components/schemas/Application'
@@ -28024,10 +29642,12 @@ components:
minimum:
type: string
ClientPolicyCondition:
+ description: Specifies which clients are included in the Policy
type: object
properties:
include:
type: array
+ description: Which clients are included in the Policy
items:
type: string
ClientPrivilegesSetting:
@@ -28153,7 +29773,15 @@ components:
profile:
$ref: '#/components/schemas/UserProfile'
type:
- $ref: '#/components/schemas/UserType'
+ type: object
+ description: |-
+ The ID of the user type. Add this value if you want to create a user with a non-default [user type](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/).
+ The user type determines which [schema](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/) applies to that user. After a user has been created, the user can
+ only be assigned a different user type by an administrator through a full replacement (`PUT`) operation.
+ properties:
+ id:
+ type: string
+ description: The ID of the user type
required:
- profile
Csr:
@@ -28466,7 +30094,7 @@ components:
jailbreak:
type: boolean
osVersion:
- $ref: '#/components/schemas/OSVersionFourComponents'
+ $ref: '#/components/schemas/OSVersion'
screenLockType:
type: object
properties:
@@ -28499,7 +30127,7 @@ components:
jailbreak:
type: boolean
osVersion:
- $ref: '#/components/schemas/OSVersionThreeComponents'
+ $ref: '#/components/schemas/OSVersion'
screenLockType:
type: object
properties:
@@ -28520,7 +30148,7 @@ components:
items:
$ref: '#/components/schemas/DiskEncryptionTypeDesktop'
osVersion:
- $ref: '#/components/schemas/OSVersionThreeComponents'
+ $ref: '#/components/schemas/OSVersion'
screenLockType:
type: object
properties:
@@ -28554,6 +30182,24 @@ components:
$ref: '#/components/schemas/DiskEncryptionTypeDesktop'
osVersion:
$ref: '#/components/schemas/OSVersionFourComponents'
+ osVersionConstraints:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ type: array
+ description: |
+
Specifies the Windows version requirements for the assurance policy. Each requirement must correspond to a different major version (Windows 11 or Windows 10). If a requirement isn't specified for a major version, then devices on that major version satisfy the condition.
+
+ There are two types of OS requirements:
+ * **Static**: A specific Windows version requirement that doesn't change until you update the policy. A static OS Windows requirement is specified with `majorVersionConstraint` and `minimum`.
+ * **Dynamic**: A Windows version requirement that is relative to the latest major release and security patch. A dynamic OS Windows requirement is specified with `majorVersionConstraint` and `dynamicVersionRequirement`.
+
+ > **Note:** Dynamic OS requirements are available only if the **Dynamic OS version compliance** [self-service EA](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature is enabled. The `osVersionConstraints` property is only supported for the Windows platform. You can't specify both `osVersion.minimum` and `osVersionConstraints` properties at the same time.
+ items:
+ $ref: '#/components/schemas/OSVersionConstraint'
+ minItems: 1
+ maxItems: 2
screenLockType:
type: object
properties:
@@ -28912,15 +30558,65 @@ components:
type: integer
unit:
type: string
+ ECKeyJWK:
+ description: Elliptic Curve Key in JWK format, currently used during enrollment to encrypt fulfillment requests to Yubico, or during activation to verify Yubico's JWS objects in fulfillment responses. The currently agreed protocol uses P-384.
+ type: object
+ properties:
+ crv:
+ type: string
+ enum:
+ - P-384
+ kid:
+ type: string
+ description: The unique identifier of the key
+ kty:
+ type: string
+ enum:
+ - EC
+ description: The type of public key
+ use:
+ type: string
+ description: The intended use for the key. The ECKeyJWK is always `enc` because Okta uses it to encrypt requests to Yubico.
+ enum:
+ - enc
+ x:
+ type: string
+ description: The public x coordinate for the elliptic curve point
+ 'y':
+ type: string
+ description: The public y coordinate for the elliptic curve point
+ required:
+ - x
+ - 'y'
+ - kty
+ - crv
+ - use
+ - kid
EmailContent:
type: object
properties:
body:
type: string
- description: The email's HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+ description: |
+ The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+
+ Not required if Custom languages for Okta Email Templates is enabled. A `null` body is replaced with a default value from one of the following in priority order:
+
+ 1. An existing default email customization, if one exists
+ 2. Okta-provided translated content for the specified language, if one exists
+ 3. Okta-provided translated content for the brand locale, if it's set
+ 4. Okta-provided content in English
subject:
type: string
- description: The email's subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+ description: |
+ The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+
+ Not required if Custom languages for Okta Email Templates is enabled. A `null` subject is replaced with a default value from one of the following in priority order:
+
+ 1. An existing default email customization, if one exists
+ 2. Okta-provided translated content for the specified language, if one exists
+ 3. Okta-provided translated content for the brand locale, if it's set
+ 4. Okta-provided content in English
required:
- subject
- body
@@ -29183,6 +30879,93 @@ components:
- LOGO_ON_FULL_WHITE_BACKGROUND
- OKTA_DEFAULT
- WHITE_LOGO_BACKGROUND
+ EnrollmentActivationRequest:
+ description: Enrollment Initialization Request
+ type: object
+ properties:
+ credResponses:
+ description: List of credential responses from the fulfillment provider
+ type: array
+ items:
+ $ref: '#/components/schemas/WebAuthnCredResponse'
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ pinResponseJwe:
+ description: Encrypted JWE of PIN response from the fulfillment provider
+ type: string
+ serial:
+ description: Serial number of the YubiKey
+ type: string
+ userId:
+ description: ID of an existing Okta user
+ type: string
+ version:
+ description: Firmware version of the YubiKey
+ type: string
+ yubicoSigningJwks:
+ description: List of usable signing keys from Yubico (in JWKS format) used to verify the JWS inside the JWE
+ type: array
+ items:
+ $ref: '#/components/schemas/ECKeyJWK'
+ EnrollmentActivationResponse:
+ description: Enrollment Initialization Response
+ type: object
+ properties:
+ authenticatorEnrollmentIds:
+ description: List of IDs for preregistered WebAuthn Factors in Okta
+ type: array
+ items:
+ type: string
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ userId:
+ description: ID of an existing Okta user
+ type: string
+ EnrollmentInitializationRequest:
+ description: Enrollment Initialization Request
+ type: object
+ properties:
+ enrollmentRpIds:
+ description: List of Relying Party hostnames to register on the YubiKey.
+ type: array
+ items:
+ type: string
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ userId:
+ description: ID of an existing Okta user
+ type: string
+ yubicoTransportKeyJWK:
+ $ref: '#/components/schemas/ECKeyJWK'
+ EnrollmentInitializationResponse:
+ description: Yubico Transport Key in the form of a JWK, used to encrypt our fulfillment request to Yubico. The currently agreed protocol uses P-384.
+ type: object
+ properties:
+ credRequests:
+ description: List of credential requests for the fulfillment provider
+ type: array
+ items:
+ $ref: '#/components/schemas/WebAuthnCredRequest'
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ pinRequestJwe:
+ description: Encrypted JWE of PIN request for the fulfillment provider
+ type: string
+ userId:
+ description: ID of an existing Okta user
+ type: string
Error:
title: Error
type: object
@@ -29535,6 +31318,33 @@ components:
resetPasswordUrl:
type: string
readOnly: true
+ FulfillmentData:
+ description: Fulfillment provider details
+ type: object
+ properties:
+ customizationId:
+ description: ID for the set of custom configurations of the requested Factor
+ type: string
+ inventoryProductId:
+ description: ID for the specific inventory bucket of the requested Factor
+ type: string
+ productId:
+ description: ID for the make and model of the requested Factor
+ type: string
+ FulfillmentRequest:
+ description: Fulfillment Request
+ type: object
+ properties:
+ fulfillmentData:
+ $ref: '#/components/schemas/FulfillmentData'
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ userId:
+ description: ID of an existing Okta user
+ type: string
GoogleApplicationSettings:
allOf:
- $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
@@ -29565,10 +31375,12 @@ components:
- REVOKED
readOnly: true
GrantTypePolicyRuleCondition:
+ description: Array of grant types that this condition includes. Determines the mechanism that Okta uses to authorize the creation of the tokens.
type: object
properties:
include:
type: array
+ description: Array of grant types thagt this condition includes.
items:
type: string
Group:
@@ -29619,14 +31431,17 @@ components:
users:
$ref: '#/components/schemas/HrefObject'
GroupCondition:
+ description: Specifies a set of Groups whose Users are to be included or excluded
type: object
properties:
exclude:
type: array
+ description: Groups to be excluded
items:
type: string
include:
type: array
+ description: Groups to be included
items:
type: string
GroupOwner:
@@ -29667,14 +31482,17 @@ components:
- GROUP
- USER
GroupPolicyRuleCondition:
+ description: Specifies a set of Groups whose Users are to be included or excluded
type: object
properties:
exclude:
type: array
+ description: Groups to be excluded
items:
type: string
include:
type: array
+ description: Groups to be included
items:
type: string
GroupProfile:
@@ -30125,6 +31943,9 @@ components:
type: string
client_secret:
type: string
+ pkce_required:
+ type: boolean
+ description: Require Proof Key for Code Exchange (PKCE) for additional verification
IdentityProviderCredentialsSigning:
type: object
properties:
@@ -30151,16 +31972,13 @@ components:
- OCSP
IdentityProviderPolicy:
allOf:
- - $ref: '#/components/schemas/Policy'
- type: object
properties:
accountLink:
$ref: '#/components/schemas/PolicyAccountLink'
- conditions:
- $ref: '#/components/schemas/PolicyRuleConditions'
mapAMRClaims:
type: boolean
- description: Enable mapping AMR from IdP to Okta to downstream apps
+ description:
Enable mapping AMR from IdP to Okta to downstream apps
default: false
x-okta-lifecycle:
lifecycle: EA
@@ -30283,21 +32101,75 @@ components:
userName:
type: string
maxLength: 100
+ IdpDiscoveryPolicy:
+ allOf:
+ - $ref: '#/components/schemas/Policy'
+ IdpDiscoveryPolicyRule:
+ allOf:
+ - $ref: '#/components/schemas/PolicyRule'
+ - type: object
+ properties:
+ actions:
+ $ref: '#/components/schemas/IdpPolicyRuleAction'
+ conditions:
+ $ref: '#/components/schemas/IdpDiscoveryPolicyRuleCondition'
+ IdpDiscoveryPolicyRuleCondition:
+ allOf:
+ - type: object
+ properties:
+ app:
+ $ref: '#/components/schemas/AppAndInstancePolicyRuleCondition'
+ network:
+ $ref: '#/components/schemas/PolicyNetworkCondition'
+ userIdentifier:
+ $ref: '#/components/schemas/UserIdentifierPolicyRuleCondition'
+ platform:
+ $ref: '#/components/schemas/PlatformPolicyRuleCondition'
IdpPolicyRuleAction:
type: object
properties:
- providers:
- items:
- $ref: '#/components/schemas/IdpPolicyRuleActionProvider'
- type: array
+ idp:
+ type: object
+ properties:
+ providers:
+ items:
+ $ref: '#/components/schemas/IdpPolicyRuleActionProvider'
+ type: array
+ description: List of configured Identity Providers that a given Rule can route to. Ability to define multiple providers is a part of the Okta Identity Engine. This allows users to choose a Provider when they sign in. Contact support for information on the Identity Engine.
+ idpSelectionType:
+ description: Determines whether the rule should use expression language or a specific IdP
+ $ref: '#/components/schemas/IdpSelectionType'
+ matchCriteria:
+ items:
+ $ref: '#/components/schemas/IdpPolicyRuleActionMatchCriteria'
+ type: array
+ description: Required if `idpSelectionType` is set to `DYNAMIC`
+ IdpPolicyRuleActionMatchCriteria:
+ type: object
+ properties:
+ propertyName:
+ type: string
+ description: The IdP property that the evaluated string should match to
+ providerExpression:
+ type: string
+ description: |
+ You can provide an Okta Expression Language expression with the Login Context that's evaluated with the IdP. For example, the value `login.identifier` refers to the user's username. If the user is signing in with the username `john.doe@mycompany.com`, the expression `login.identifier.substringAfter(@))` is evaluated to the domain name of the user, for example: `mycompany.com`.
IdpPolicyRuleActionProvider:
type: object
properties:
id:
- readOnly: true
type: string
- type:
+ description: IdP types of `OKTA`, `AgentlessDSSO`, and `IWA` don't require an ID.
+ name:
type: string
+ description: Provider `name` in Okta. Optional. Supported in `IDENTITY ENGINE`.
+ type:
+ $ref: '#/components/schemas/IdentityProviderType'
+ IdpSelectionType:
+ type: string
+ enum:
+ - DYNAMIC
+ - SPECIFIC
IframeEmbedScopeAllowedApps:
type: string
enum:
@@ -30539,41 +32411,67 @@ components:
type: object
properties:
alg:
+ description: 'The algorithm used with the Key. Valid value: `RS256`'
type: string
created:
$ref: '#/components/schemas/createdProperty'
e:
+ description: RSA key value (public exponent) for Key binding
type: string
+ readOnly: true
expiresAt:
+ description: Timestamp when the certificate expires
type: string
format: date-time
+ readOnly: true
key_ops:
+ description: Identifies the operation(s) for which the key is intended to be used
type: array
items:
type: string
kid:
+ description: Unique identifier for the certificate
type: string
+ readOnly: true
kty:
+ description: 'Cryptographic algorithm family for the certificate''s keypair. Valid value: `RSA`'
type: string
+ readOnly: true
lastUpdated:
type: string
format: date-time
+ $ref: '#/components/schemas/lastUpdatedProperty'
'n':
+ description: RSA modulus value that is used by both the public and private keys and provides a link between them
type: string
status:
+ description: |-
+ An `ACTIVE` Key is used to sign tokens issued by the authorization server. Supported values: `ACTIVE`, `NEXT`, or `EXPIRED`
+ A `NEXT` Key is the next Key that the authorization server uses to sign tokens when Keys are rotated. The `NEXT` Key might not be listed if it hasn't been generated yet.
+ An `EXPIRED` Key is the previous Key that the authorization server used to sign tokens. The `EXPIRED` Key might not be listed if no Key has expired or the expired Key was deleted.
type: string
use:
+ description: 'Acceptable use of the certificate. Valid value: `sig`'
type: string
+ readOnly: true
x5c:
+ description: X.509 certificate chain that contains a chain of one or more certificates
type: array
items:
type: string
+ readOnly: true
x5t:
+ description: X.509 certificate SHA-1 thumbprint, which is the base64url-encoded SHA-1 thumbprint (digest) of the DER encoding of an X.509 certificate
type: string
+ readOnly: true
x5t#S256:
+ description: X.509 certificate SHA-256 thumbprint, which is the base64url-encoded SHA-256 thumbprint (digest) of the DER encoding of an X.509 certificate
type: string
+ readOnly: true
x5u:
+ description: A URI that refers to a resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS (JSON Web Signature)
type: string
+ readOnly: true
_links:
$ref: '#/components/schemas/LinksSelf'
JwkUse:
@@ -31517,6 +33415,7 @@ components:
properties:
alwaysIncludeInToken:
type: boolean
+ description: Specifies whether to include Claims in the token. The value is always `TRUE` for access token Claims. If the value is set to `FALSE` for an ID token claim, the Claim isn't included in the ID token when the token is requested with the access token or with the `authorization_code`. The client instead uses the access token to get Claims from the `/userinfo` endpoint.
claimType:
$ref: '#/components/schemas/OAuth2ClaimType'
conditions:
@@ -31525,20 +33424,25 @@ components:
$ref: '#/components/schemas/OAuth2ClaimGroupFilterType'
id:
type: string
+ description: ID of the Claim
readOnly: true
name:
type: string
+ description: Name of the Claim
status:
$ref: '#/components/schemas/LifecycleStatus'
system:
+ description: When `true`, indicates that Okta created the Claim
type: boolean
value:
+ description: Specifies the value of the Claim. This value must be a string literal if `valueType` is `GROUPS`, and the string literal is matched with the selected `group_filter_type`. The value must be an Okta EL expression if `valueType` is `EXPRESSION`.
type: string
valueType:
$ref: '#/components/schemas/OAuth2ClaimValueType'
_links:
$ref: '#/components/schemas/LinksSelf'
OAuth2ClaimConditions:
+ description: Specifies the scopes for the Claim
type: object
properties:
scopes:
@@ -31546,18 +33450,31 @@ components:
items:
type: string
OAuth2ClaimGroupFilterType:
+ description: |-
+ Specifies the type of group filter if `valueType` is `GROUPS`
+
+ If `valueType` is `GROUPS`, then the groups returned are filtered according to the value of `group_filter_type`.
+
+ If you have complex filters for Groups, you can [create a Groups allowlist](https://developer.okta.com/docs/guides/customize-tokens-groups-claim/main/) to put them all in a Claim.
type: string
enum:
- CONTAINS
- EQUALS
- REGEX
- STARTS_WITH
+ x-enumDescriptions:
+ STARTS_WITH: Group names start with `value` (not case-sensitive). For example, if `value` is `group1`, then `group123` and `Group123` are included.
+ EQUALS: Group name is the same as `value` (not case-sensitive). For example, if `value` is `group1`, then `group1` and `Group1` are included, but `group123` isn't.
+ CONTAINS: Group names contain `value` (not case-sensitive). For example, if `value` is `group1`, then `MyGroup123` and `group1` are included.
+ REGEX: Group names match the regular expression in `value` (case-sensitive). For example if `value` is `/^[a-z0-9_-]{3,16}$/`, then any Group name that has at least three letters, no more than 16, and contains lowercase letters, a hyphen, or numbers is a match.
OAuth2ClaimType:
+ description: Specifies whether the Claim is for an access token (`RESOURCE`) or an ID token (`IDENTITY`)
type: string
enum:
- IDENTITY
- RESOURCE
OAuth2ClaimValueType:
+ description: Specifies whether the Claim is an Okta Expression Language (EL) expression (`EXPRESSION`), a set of groups (`GROUPS`), or a system claim (`SYSTEM`)
type: string
enum:
- EXPRESSION
@@ -31567,15 +33484,18 @@ components:
type: object
properties:
client_id:
+ description: Unique key for the client application. The `client_id` is immutable
type: string
readOnly: true
client_name:
+ description: Human-readable string name of the client application
type: string
readOnly: true
client_uri:
type: string
readOnly: true
logo_uri:
+ description: URL string that references a logo for the client consent dialog (not the sign-in dialog)
type: string
readOnly: true
_links:
@@ -31795,6 +33715,7 @@ components:
- ALL_CLIENTS
- NO_CLIENTS
OAuth2ScopesMediationPolicyRuleCondition:
+ description: Array of scopes that the condition includes
type: object
properties:
include:
@@ -32013,6 +33934,91 @@ components:
type: array
items:
$ref: '#/components/schemas/SamlAttributeStatement'
+ OSVersion:
+ description: |
+ Specifies the OS requirement for the policy.
+
+ There are two types of OS requirements:
+
+ * **Static**: A specific OS version requirement that doesn't change until you update the policy. A static OS requirement is specified with the `osVersion.minimum` property.
+ * **Dynamic**: An OS version requirement that is relative to the latest major OS release and security patch. A dynamic OS requirement is specified with the `osVersion.dynamicVersionRequirement` property.
+ > **Note:** Dynamic OS requirements are available only if the **Dynamic OS version compliance** [self-service EA](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature is enabled. You can't specify both `osVersion.minimum` and `osVersion.dynamicVersionRequirement` properties at the same time.
+ type: object
+ properties:
+ dynamicVersionRequirement:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ description:
Contains the necessary properties for a dynamic version requirement
+ type: object
+ properties:
+ type:
+ type: string
+ description: Indicates the type of the dynamic OS version requirement
+ enum:
+ - MINIMUM
+ - EXACT
+ - EXACT_ANY_SUPPORTED
+ x-enumDescriptions:
+ MINIMUM: The device version must be equal to or newer than the dynamically determined version. `distanceFromLatestMajor` must be specified for this type.
+ EXACT: The device version must be on the same major version as the dynamically determined version. `distanceFromLatestMajor` must be specified for this type.
+ EXACT_ANY_SUPPORTED: The device version must be on a major version which is supported. You can't specify `distanceFromLatestMajor` for this type.
+ distanceFromLatestMajor:
+ description: Indicates the distance from the latest major version
+ type: integer
+ minimum: 0
+ maximum: 1
+ latestSecurityPatch:
+ description: Indicates whether the device needs to be on the latest security patch
+ type: boolean
+ minimum:
+ description: The device version must be equal to or newer than the specified version string (maximum of three components for iOS and macOS, and maximum of four components for Android)
+ type: string
+ example: 12.4.5
+ OSVersionConstraint:
+ type: object
+ properties:
+ dynamicVersionRequirement:
+ type: object
+ description: Contains the necessary properties for a dynamic Windows version requirement
+ properties:
+ type:
+ type: string
+ description: Indicates the type of the dynamic Windows version requirement
+ enum:
+ - MINIMUM
+ - EXACT
+ - EXACT_ANY_SUPPORTED
+ - NOT_ALLOWED
+ x-enumDescriptions:
+ MINIMUM: The device version must be equal to or newer than the dynamically determined Windows version. `distanceFromLatestMajor` must be specified for this type.
+ EXACT: The device version must be on the same major version as the dynamically determined Windows version. `distanceFromLatestMajor` must be specified for this type.
+ EXACT_ANY_SUPPORTED: The device version must be on a Windows major version which is supported. You can't specify `distanceFromLatestMajor` for this type.
+ NOT_ALLOWED: The device version isn't allowed. You can't specify `distanceFromLatestMajor` or `latestSecurityPatch` for this type.
+ distanceFromLatestMajor:
+ description: Indicates the distance from the latest Windows major version
+ type: integer
+ minimum: 0
+ maximum: 1
+ latestSecurityPatch:
+ description: Indicates whether the policy requires Windows devices to be on the latest security patch
+ type: boolean
+ majorVersionConstraint:
+ type: string
+ description: Indicates the Windows major version
+ enum:
+ - WINDOWS_11
+ - WINDOWS_10
+ x-enumDescriptions:
+ WINDOWS_11: The device is on Windows 11
+ WINDOWS_10: The device is on Windows 10 or an older Windows version
+ minimum:
+ description: The Windows device version must be equal to or newer than the specified version
+ type: string
+ example: 12.4.5.9
+ required:
+ - majorVersionConstraint
OSVersionFourComponents:
description: Current version of the operating system (maximum of four components in the versioning scheme)
type: object
@@ -32083,7 +34089,7 @@ components:
doc:
type: string
format: uri
- description: The URL to your customer-facing instructions for configuring your OIDC integration
+ description: The URL to your customer-facing instructions for configuring your OIDC integration. See [Customer configuration document guidelines](https://developer.okta.com/docs/guides/submit-app-prereq/main/#customer-configuration-document-guidelines).
example: https://example.com/strawberry/help/oidcSetup
initiateLoginUri:
type: string
@@ -32957,6 +34963,21 @@ components:
type: array
items:
$ref: '#/components/schemas/Permission'
+ PinRequest:
+ description: Pin Request
+ type: object
+ properties:
+ authenticatorEnrollmentId:
+ description: ID for a WebAuthn Preregistration Factor in Okta
+ type: string
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ userId:
+ description: ID of an existing Okta user
+ type: string
PipelineType:
description: The authentication pipeline of the org. `idx` means the org is using the Identity Engine, while `v1` means the org is using the Classic authentication pipeline.
type: string
@@ -33014,27 +35035,36 @@ components:
type: object
properties:
created:
+ description: Timestamp when the Policy was created
type: string
format: date-time
readOnly: true
description:
+ description: Policy description
type: string
id:
+ description: Policy ID
type: string
readOnly: true
lastUpdated:
+ description: Timestamp when the Policy was last updated
type: string
format: date-time
readOnly: true
name:
+ description: Policy name
type: string
priority:
+ description: Specifies the order in which this Policy is evaluated in relation to the other policies in a custom authorization server.
type: integer
status:
+ description: Specifies whether requests have access to this Policy
$ref: '#/components/schemas/LifecycleStatus'
system:
+ description: Specifies whether Okta created the Policy
type: boolean
type:
+ description: Indicates that the Policy is an authorization server policy (`OAUTH_AUTHORIZATION_POLICY`)
$ref: '#/components/schemas/PolicyType'
_embedded:
type: object
@@ -33178,11 +35208,13 @@ components:
items:
type: string
PolicyNetworkConnection:
+ description: Network selection mode
type: string
enum:
- ANYWHERE
- ZONE
PolicyPeopleCondition:
+ description: Identifies Users and Groups that are used together
type: object
properties:
groups:
@@ -33210,24 +35242,30 @@ components:
properties:
created:
type: string
+ description: Timestamp when the rule was created
format: date-time
readOnly: true
nullable: true
id:
type: string
+ description: Identifier for the rule
lastUpdated:
type: string
+ description: Timestamp when the rule was last modified
format: date-time
readOnly: true
nullable: true
name:
type: string
+ description: Name of the rule
priority:
type: integer
+ description: Priority of the rule
status:
$ref: '#/components/schemas/LifecycleStatus'
system:
type: boolean
+ description: Specifies whether Okta created the Policy Rule (`system=true`). You can't delete Policy Rules that have `system` set to `true`.
default: false
type:
$ref: '#/components/schemas/PolicyRuleType'
@@ -33301,6 +35339,7 @@ components:
userStatus:
$ref: '#/components/schemas/UserStatusPolicyRuleCondition'
PolicyRuleType:
+ description: Rule type
type: string
enum:
- ACCESS_POLICY
@@ -33333,6 +35372,7 @@ components:
- USERNAME
- USERNAME_OR_EMAIL
PolicyType:
+ description: All Okta orgs contain only one IdP Discovery Policy with an immutable default Rule routing to your org's sign-in page. Creating or replacing a policy with `IDP_DISCOVERY` type isn't supported.
type: string
enum:
- ACCESS_POLICY
@@ -33364,12 +35404,39 @@ components:
properties:
deviceBound:
type: string
+ description: Indicates if device-bound Factors are required. This property is only set for `POSSESSION` constraints.
+ enum:
+ - OPTIONAL
+ - REQUIRED
+ default: OPTIONAL
hardwareProtection:
type: string
+ description: Indicates if any secrets or private keys used during authentication must be hardware protected and not exportable. This property is only set for `POSSESSION` constraints.
+ enum:
+ - OPTIONAL
+ - REQUIRED
+ default: OPTIONAL
phishingResistant:
type: string
+ description: Indicates if phishing-resistant Factors are required. This property is only set for `POSSESSION` constraints.
+ enum:
+ - OPTIONAL
+ - REQUIRED
+ default: OPTIONAL
userPresence:
type: string
+ description: Indicates if the user needs to approve an Okta Verify prompt or provide biometrics (meets NIST AAL2 requirements). This property is only set for `POSSESSION` constraints.
+ enum:
+ - OPTIONAL
+ - REQUIRED
+ default: REQUIRED
+ userVerification:
+ type: string
+ description: Indicates the user interaction requirement (PIN or biometrics) to ensure verification of a possession factor
+ enum:
+ - OPTIONAL
+ - REQUIRED
+ default: OPTIONAL
PreRegistrationInlineHook:
type: object
properties:
@@ -33735,8 +35802,6 @@ components:
properties:
authScheme:
$ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
- profile:
- $ref: '#/components/schemas/ProvisioningConnectionProfile'
status:
$ref: '#/components/schemas/ProvisioningConnectionStatus'
_links:
@@ -33744,6 +35809,7 @@ components:
required:
- authScheme
- status
+ discriminator: *ref_21
ProvisioningConnectionAuthScheme:
description: Defines the method of authentication
type: string
@@ -33755,6 +35821,20 @@ components:
TOKEN: A token is used to authenticate with the app.
OAUTH2: OAuth 2.0 is used to authenticate with the app.
UNKNOWN: The authentication scheme used by the app isn't supported, or the app doesn't support provisioning.
+ ProvisioningConnectionOauth:
+ allOf:
+ - $ref: '#/components/schemas/ProvisioningConnection'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/ProvisioningConnectionProfileOauth'
+ ProvisioningConnectionOauthRequest:
+ type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/ProvisioningConnectionProfileOauth'
+ required:
+ - profile
ProvisioningConnectionProfile:
description: |
The profile used to configure the connection method of authentication and the credentials.
@@ -33763,8 +35843,8 @@ components:
properties:
authScheme:
$ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
- token:
- type: string
+ required:
+ - authScheme
ProvisioningConnectionProfileOauth:
description: |
The app provisioning connection profile used to configure the method of authentication and the credentials.
@@ -33778,7 +35858,6 @@ components:
description: Unique client identifier for the OAuth 2.0 service app from the target org
required:
- authScheme
- - clientId
ProvisioningConnectionProfileOauthSettings:
title: Generic
description: Specific settings aren't defined for generic OAuth 2.0 provisioning connections
@@ -33804,13 +35883,6 @@ components:
allOf:
- $ref: '#/components/schemas/ProvisioningConnectionProfile'
- type: object
- ProvisioningConnectionRequest:
- type: object
- properties:
- profile:
- $ref: '#/components/schemas/ProvisioningConnectionProfile'
- required:
- - profile
ProvisioningConnectionStatus:
description: Provisioning connection status
default: DISABLED
@@ -33823,6 +35895,27 @@ components:
DISABLED: The provisioning connection is disabled.
ENABLED: The provisioning connection is enabled.
UNKNOWN: Provisioning isn't supported by the app, or the authentication method is unknown.
+ ProvisioningConnectionToken:
+ allOf:
+ - $ref: '#/components/schemas/ProvisioningConnection'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/ProvisioningConnectionProfileToken'
+ ProvisioningConnectionTokenRequest:
+ type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/ProvisioningConnectionProfileToken'
+ required:
+ - profile
+ ProvisioningConnectionUnknown:
+ allOf:
+ - $ref: '#/components/schemas/ProvisioningConnection'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/ProvisioningConnectionProfileUnknown'
ProvisioningDeprovisionedAction:
type: string
enum:
@@ -33979,6 +36072,17 @@ components:
name:
type: string
description: Name of a Realm
+ realmType:
+ type: string
+ description: An optional parameter to specify type of a Realm (Only applicable for Partner use-case)
+ enum:
+ - PARTNER
+ - OTHER
+ x-enumDescriptions:
+ PARTNER: Realm with external partner portal
+ OTHER: Other
+ required:
+ - name
RecoveryQuestionCredential:
description: |-
Specifies a secret question and answer that's validated (case insensitive) when a user forgets their
@@ -34559,7 +36663,7 @@ components:
acs:
type: array
minItems: 1
- description: 'List of Assertion Consumer Service (ACS) URLs. The default ACS URL is required and is indicated by a null index value. You can use the org properties you defined in the `config` array as variables in the URL. For example: `https://${org.subdomain}.example.com/saml/login`'
+ description: 'List of Assertion Consumer Service (ACS) URLs. The default ACS URL is required and is indicated by a null `index` value. You can use the org-level variables you defined in the `config` array in the URL. For example: `https://${org.subdomain}.example.com/saml/login`'
items:
type: object
properties:
@@ -34567,7 +36671,7 @@ components:
type: number
minimum: 0
maximum: 65535
- description: Index of ACS URL
+ description: Index of ACS URL. You can't reuse the same index in the ACS URL array.
example: 0
url:
type: string
@@ -34578,11 +36682,11 @@ components:
doc:
type: string
format: uri
- description: The URL to your customer-facing instructions for configuring your SAML integration
+ description: The URL to your customer-facing instructions for configuring your SAML integration. See [Customer configuration document guidelines](https://developer.okta.com/docs/guides/submit-app-prereq/main/#customer-configuration-document-guidelines).
example: https://example.com/strawberry/help/samlSetup
entityId:
type: string
- description: Globally unique name for your SAML entity. For instance, your Identity Provider (IdP) or Service Provider (SP).
+ description: Globally unique name for your SAML entity. For instance, your Identity Provider (IdP) or Service Provider (SP) URL.
example: https://${org.subdomain}.example.com
required:
- acs
@@ -35213,7 +37317,7 @@ components:
type: string
pattern: (?i)^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$
Sso:
- description: Supported SSO protocol configurations. You must configure at least one protocol.
+ description: 'Supported SSO protocol configurations. You must configure at least one protocol: `oidc` or `saml`'
type: object
properties:
oidc:
@@ -35280,39 +37384,39 @@ components:
properties:
config:
type: array
- description: 'List of org-level properties used to set up the per-tenant configuration for your customers. For example the `subdomain` property can be used in the ACS URL: `https://${org.subdomain}.example.com/saml/login`.'
+ description: 'List of org-level variables for the customer per-tenant configuration. For example, a `subdomain` variable can be used in the ACS URL: `https://${org.subdomain}.example.com/saml/login`'
items:
type: object
properties:
label:
type: string
- description: Display name of org property in the Admin Console.
+ description: Display name of the variable in the Admin Console
example: Subdomain
name:
type: string
maxLength: 1024
minLength: 1
- description: Name of the org property
+ description: Name of the variable
example: subdomain
description:
type: string
maxLength: 1024
minLength: 1
- description: A general description of your application and value of the Okta integration
+ description: A general description of your application and the benefits provided to your customers
example: Your one source for in-season strawberry deals. Okta's Strawberry Central integration allow users to securely access those sweet deals.
id:
type: string
- description: ID of a Submission
+ description: OIN Integration ID
readOnly: true
example: acme_submissionapp_1
lastPublished:
type: string
- description: Timestamp when the Submission was last published
+ description: Timestamp when the OIN Integration was last published
readOnly: true
example: '2023-08-24T14:15:22.000Z'
lastUpdated:
type: string
- description: Timestamp when the Submission object was last updated
+ description: Timestamp when the OIN Integration instance was last updated
readOnly: true
example: '2023-08-24T14:15:22.000Z'
lastUpdatedBy:
@@ -35323,7 +37427,7 @@ components:
logo:
type: string
format: uri
- description: URL to an uploaded application logo. This logo appears next to your app integration name in the OIN catalog.
+ description: URL to an uploaded application logo. This logo appears next to your app integration name in the OIN catalog. You must first [Upload an OIN Integration logo](/openapi/okta-management/management/tag/YourOinIntegrations/#tag/YourOinIntegrations/operation/uploadSubmissionLogo) to obtain the logo URL before you can specify this value.
example: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
name:
type: string
@@ -35335,7 +37439,7 @@ components:
$ref: '#/components/schemas/Sso'
status:
type: string
- description: Status of the Submission
+ description: Status of the OIN Integration submission
readOnly: true
example: New
Subscription:
@@ -35444,11 +37548,11 @@ components:
properties:
idp:
type: boolean
- description: Indicates if your integration supports IdP-initiated sign-in flows
+ description: Read only.
Indicates if your integration supports IdP-initiated sign-in flows. If [`sso.oidc.initiateLoginUri`](/openapi/okta-management/management/tag/YourOinIntegrations/#tag/YourOinIntegrations/operation/createSubmission!path=sso/oidc/initiateLoginUri&t=request) is specified, this property is set to `true`. If [`sso.oidc.initiateLoginUri`](/openapi/okta-management/management/tag/YourOinIntegrations/#tag/YourOinIntegrations/operation/createSubmission!path=sso/oidc/initiateLoginUri&t=request) isn't set for the integration submission, this property is set to `false`
readOnly: true
sp:
type: boolean
- description: Indicates if your integration supports SP-initiated sign-in flows
+ description: Read only.
Indicates if your integration supports SP-initiated sign-in flows and is always set to `true` for OIDC SSO
readOnly: true
jit:
type: boolean
@@ -35483,8 +37587,8 @@ components:
spInitiateDescription:
type: string
maxLength: 2048
- description: Instructions on how to sign in to your app using the SP-initiated flow
- example: Just open URL and provide your username
+ description: Instructions on how to sign in to your app using the SP-initiated flow (required if `sp = true`)
+ example: Go to your app URL from a browser and enter your username
required:
- spInitiateUrl
testAccount:
@@ -35511,7 +37615,7 @@ components:
type: string
maxLength: 2048
description: Additional instructions to test the app integration, including instructions for obtaining test accounts
- example: Just open URL and input credentials
+ example: Go to your app URL from a browser and enter your credentials
required:
- url
- username
@@ -35634,12 +37738,15 @@ components:
properties:
accessTokenLifetimeMinutes:
type: integer
+ description: Lifetime of the access token in minutes. The minimum is five minutes. The maximum is one day.
inlineHook:
$ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleActionInlineHook'
refreshTokenLifetimeMinutes:
type: integer
+ description: Lifetime of the refresh token is the minimum access token lifetime.
refreshTokenWindowMinutes:
type: integer
+ description: Timeframe when the refresh token is valid. The minimum is 10 minutes. The maximum is five years (2,628,000 minutes).
TokenAuthorizationServerPolicyRuleActionInlineHook:
type: object
properties:
@@ -35888,9 +37995,24 @@ components:
readOnly: true
nullable: true
transitioningToStatus:
- $ref: '#/components/schemas/UserStatus'
+ type: string
+ description: The target status of an in-progress asynchronous status transition. This property is only returned if the user's state is transitioning.
+ readOnly: true
+ nullable: true
+ enum:
+ - ACTIVE
+ - DEPROVISIONED
+ - PROVISIONED
type:
- $ref: '#/components/schemas/UserType'
+ type: object
+ description: |-
+ The user type that determines the schema for the user's profile. The `type` property is a map that identifies
+ the User Type (see [User Types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/#tag/UserType)).
+ Currently it contains a single element, `id`. It can be specified when creating a new user, and may be updated by an administrator on a full replace of an existing user (but not a partial update).
+ properties:
+ id:
+ type: string
+ description: The ID of the user type
_embedded:
type: object
description: If specified, includes embedded resources related to the user
@@ -36000,13 +38122,16 @@ components:
enum:
- DEVICE_BASED
UserCondition:
+ description: Specifies a set of Users to be included or excluded
type: object
properties:
exclude:
+ description: Users to be excluded
type: array
items:
type: string
include:
+ description: Users to be included
type: array
items:
type: string
@@ -36459,13 +38584,16 @@ components:
items:
$ref: '#/components/schemas/UserBlock'
UserIdentifierConditionEvaluatorPattern:
+ description: Used in the User Identifier Condition object. Specifies the details of the patterns to match against.
type: object
properties:
matchType:
$ref: '#/components/schemas/UserIdentifierMatchType'
value:
type: string
+ description: The regex expression of a simple match string
UserIdentifierMatchType:
+ description: The type of pattern. For regex, use `EXPRESSION`.
type: string
enum:
- CONTAINS
@@ -36507,21 +38635,25 @@ components:
preventBruteForceLockoutFromUnknownDevices:
type: boolean
description: Prevents brute-force lockout from unknown devices for the password authenticator.
+ default: false
UserNextLogin:
type: string
enum:
- changePassword
UserPolicyRuleCondition:
+ description: Specifies a set of Users to be included or excluded
type: object
properties:
exclude:
type: array
+ description: Users to be excluded
items:
type: string
inactivity:
$ref: '#/components/schemas/InactivityPolicyRuleCondition'
include:
type: array
+ description: Users to be included
items:
type: string
lifecycleExpiration:
@@ -36631,6 +38763,7 @@ components:
nickName:
type: string
description: The casual way to address the user in real life
+ nullable: true
organization:
type: string
description: Name of the the user's organization
@@ -37091,6 +39224,63 @@ components:
- ANY
- BUILT_IN
- ROAMING
+ WebAuthnCredRequest:
+ description: Credential request object for the initialized credential, along with the enrollment and key identifiers to associate with the credential
+ type: object
+ properties:
+ authenticatorEnrollmentId:
+ description: ID for a WebAuthn Preregistration Factor in Okta
+ type: string
+ credRequestJwe:
+ description: Encrypted JWE of credential request for the fulfillment provider
+ type: string
+ keyId:
+ description: ID for the Okta response key-pair used to encrypt and decrypt credential requests and responses
+ type: string
+ WebAuthnCredResponse:
+ description: Credential response object for enrolled credential details, along with enrollment and key identifiers to associate the credential
+ type: object
+ properties:
+ authenticatorEnrollmentId:
+ description: ID for a WebAuthn Preregistration Factor in Okta
+ type: string
+ credResponseJWE:
+ description: Encrypted JWE of credential response from the fulfillment provider
+ type: string
+ WebAuthnPreregistrationFactor:
+ description: User Factor variant used for WebAuthn Preregistration Factors
+ type: object
+ properties:
+ created:
+ description: Timestamp indicating when the Factor was enrolled
+ type: string
+ format: date-time
+ readOnly: true
+ factorType:
+ $ref: '#/components/schemas/UserFactorType'
+ id:
+ description: ID of the Factor
+ type: string
+ readOnly: true
+ lastUpdated:
+ description: Timestamp indicating when the Factor was last updated
+ type: string
+ format: date-time
+ readOnly: true
+ profile:
+ type: object
+ description: Specific attributes related to the Factor
+ provider:
+ $ref: '#/components/schemas/UserFactorProvider'
+ status:
+ $ref: '#/components/schemas/UserFactorStatus'
+ vendorName:
+ description: Name of the Factor vendor. This is usually the same as the provider.
+ type: string
+ example: OKTA
+ readOnly: true
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
WellKnownAppAuthenticatorConfiguration:
type: object
properties:
@@ -37389,4 +39579,4 @@ components:
okta.userTypes.manage: Allows the app to manage user types in your Okta organization.
okta.userTypes.read: Allows the app to read user types in your Okta organization.
okta.users.manage: Allows the app to create new users and to manage all users' profile and credentials information.
- okta.users.read: Allows the app to read the existing users' profiles and credentials.
+ okta.users.read: Allows the app to read the existing users' profiles and credentials.
\ No newline at end of file
diff --git a/.generator/okta-management-APIs-oasv3-noEnums-inheritance.yaml b/.generator/okta-management-APIs-oasv3-noEnums-inheritance.yaml
index 342175a0..4e1e7734 100644
--- a/.generator/okta-management-APIs-oasv3-noEnums-inheritance.yaml
+++ b/.generator/okta-management-APIs-oasv3-noEnums-inheritance.yaml
@@ -10,14 +10,14 @@ info:
license:
name: Apache-2.0
url: https://www.apache.org/licenses/LICENSE-2.0.html
- version: 4.0.0
+ version: 5.1.0
x-logo:
url: logo.svg
backgroundColor: transparent
altText: Okta Developer
externalDocs:
description: Find more info here
- url: https://developer.okta.com/docs/api/getting_started/design_principles.html
+ url: https://developer.okta.com/docs/reference/core-okta-api/#design-principles
servers:
- url: https://{yourOktaDomain}
variables:
@@ -28,15 +28,88 @@ tags:
- name: AgentPools
x-displayName: Agent Pools
description: The Agent Pools API provides operation to manage the update settings of the agents for your organization.
+ - name: ApiServiceIntegrations
+ x-displayName: API Service Integrations
+ description: |
+ This API provides operations to manage API service integration instances in your organization.
+
+ For a current list of available API service integrations, see the [Okta Integration Network catalog](https://www.okta.com/integrations/?capability=api).
+
+ See [Add an API Service Integration](https://help.okta.com/okta_help.htm?type=oie&id=ext-add-api-service-integration) for corresponding admin instructions using the Admin Console.
+ If you want to build an API service integration, see [API service integrations in the OIN](https://developer.okta.com/docs/guides/oin-api-service-overview/).
- name: ApiToken
x-displayName: API Tokens
description: The API Tokens API provides operations to manage SSWS API tokens for your organization.
- name: Application
x-displayName: Applications
description: The Applications API provides operations to manage applications and/or assignments to users or groups for your organization.
+ - name: ApplicationConnections
+ x-displayName: Application Connections
+ description: |
+ The Application Connections API provides operations for configuring connections to an app.
+
+ Currently, only the Okta Org2Org app provisioning connection is supported in this API.
+ - name: ApplicationCredentials
+ x-displayName: Application Credentials
+ description: |
+ Specifies credentials and scheme for the application's `signOnMode`
+
+ ### Application Key Credential
+ The application Key Credential object defines a [JSON Web Key](https://datatracker.ietf.org/doc/html/rfc7517) for a signature or encryption credential for an application.
+
+ > **Notes:**
+ > * To update the app, you can provide just the Signing Credential object instead of the entire Application Credential object.
+ > * Currently only the X.509 JWK format is supported for applications with the `SAML_2_0` sign-on mode.
+ - name: ApplicationFeatures
+ x-displayName: Application Features
+ description: |
+ The Application Features API supports operations to configure app feature settings.
+
+ You must have app provisioning enabled to configure provisioning features. See [Update the default Provisioning Connection](/openapi/okta-management/management/tag/ApplicationConnections/#tag/ApplicationConnections/operation/updateDefaultProvisioningConnectionForApplication).
+
+ The following available provisioning feature is supported by the indicated app:
+
+ | Feature
| Apps supported | Description |
+ | -------------------- | -------------- | ----------- |
+ | `USER_PROVISIONING` | `org2org` | Similar to the app **Provisioning** > **To App** setting in the Admin Console, this feature configures the **Create Users**, **Update User Attributes**, **Deactivate Users**, and **Sync Password** settings. |
+
+ > **Note:** You can't use the `USER_PROVISIONING` feature in an Okta Developer-Edition org because the `org2org` app isn't available in developer orgs.
+ > If you need to test this feature in your Developer-Edition org, contact your Okta account team.
+ - name: ApplicationGrants
+ x-displayName: Application Grants
+ description: |
+ The Application Grants API provides a set of operations to manage scope consent grants for an app.
+
+ A scope consent grant represents an app's permission to include specific Okta scopes in OAuth 2.0 Bearer tokens.
+ If the app doesn't have permission to grant consent for a particular Okta scope, token requests that contain the scope are denied.
+ - name: ApplicationGroups
+ x-displayName: Application Groups
+ description: Groups assigned to an application
+ - name: ApplicationLogos
+ x-displayName: Application Logos
+ description: Provides a resource to manage the application instance logo
+ - name: ApplicationOktaApplicationSettings
+ x-displayName: Okta Application Settings
+ description: The Okta Application Settings API provides operations to manage settings for Okta applications.
+ - name: ApplicationPolicies
+ x-displayName: Application Policies
+ description: Provides a resource to manage authentication policies associated with an application
+ - name: ApplicationSSO
+ x-displayName: Application SSO
+ description: Provides a Single Sign-On (SSO) resource for an application
+ - name: ApplicationTokens
+ x-displayName: Application Tokens
+ description: |
+ Resource to manage OAuth 2.0 tokens for an app
+ > **Note:** To configure refresh tokens for an app, see
+ > [grant_types](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=4/settings/oauthClient/grant_types&t=request)
+ > and [refresh_token](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=4/settings/oauthClient/refresh_token&t=request).
+ - name: ApplicationUsers
+ x-displayName: Application Users
+ description: Application user operations
- name: AttackProtection
x-displayName: Attack Protection
- description: The Attack Protection API provides operations to configure the User Lockout Settings in your org to prevent brute-force attacks.
+ description: The Attack Protection API provides operations to configure the User Lockout Settings and the Authenticator Settings in your org to protect against password abuse.
- name: Authenticator
x-displayName: Authenticators
description: |-
@@ -57,10 +130,27 @@ tags:
* Email
* WebAuthn
* Duo
- * Custom App Early Access
+ * Custom App
- name: AuthorizationServer
x-displayName: Authorization Servers
- description: Authorization Servers generate OAuth 2.0 and OpenID Connect tokens, including access tokens and ID tokens. The Okta Management API gives you the ability to configure and manage Authorization Servers and the security policies that are attached to them.
+ description: |-
+ Authorization Servers generate OAuth 2.0 and OpenID Connect tokens, including access tokens and ID tokens. The Okta Management API gives you the ability to configure and manage Authorization Servers and the security policies that are attached to them.
+
+ **Work with the Default Authorization Server**
+
+ Okta provides a pre-configured Custom Authorization Server with the name `default`. This Default Authorization Server includes a basic access policy and rule, which you can edit to control access. It allows you to specify `default` instead of the `authorizationServerId` in requests to it:
+
+ `https://${yourOktaDomain}/api/v1/authorizationServers/default`
+
+ vs
+
+ `https://${yourOktaDomain}/api/v1/authorizationServers/${authorizationServerId}` for other Custom Authorization Servers
+ - name: AuthorizationServerAssoc
+ x-displayName: Authorization Server Associated Servers
+ description: Associated authorization servers allow you to designate a trusted authorization server that you associate with another authorization server. This type of association provides a way to configure [token exchange](https://developer.okta.com/docs/guides/set-up-token-exchange/main/#trusted-servers) between other authorization servers under the same Okta tenant.
+ - name: AuthorizationServerClaims
+ x-displayName: Authorization Server Claims
+ description: Provides operations to manage custom token claims for the given `authServerId` and `claimId`
- name: Behavior
x-displayName: Behavior Rules
description: The Behavior Rules API provides operations to manage the behavior detection rules for your organization.
@@ -72,14 +162,15 @@ tags:
The vendor implementations supported by Okta are both invisible. They each run risk-analysis software in the background during user sign in to determine the likelihood that the user is a bot. This risk analysis is based on the settings that you configure with the provider that you choose.
Before you configure your org to use CAPTCHA, sign in to the vendor of your choice or sign up for an account. For more details, refer to [CAPTCHA integration](https://help.okta.com/okta_help.htm?type=oie&id=csh-captcha).
+ - name: CustomDomain
+ x-displayName: Custom Domains
+ description: The Custom Domains API provides operations to manage custom domains for your organization.
- name: Customization
x-displayName: Customizations
description: |-
The Brands API allows you to customize the look and feel of pages and templates, such as the Okta-hosted sign-in page, error pages, email templates, and the Okta End-User Dashboard.
- Each org starts off with Okta's default branding. You can upload your own assets (colors, background image, logo, and favicon) to replace Okta's default brand assets. You can then publish these assets directly to your pages and templates.
-
- >**Important:** Despite being called the Brands API (due to conventions around REST API naming), each org can currently contain only one brand and one theme. We will likely allow multiple brands and themes per org at some point in the future, so stay tuned!
+ Each new org contains Okta default branding. You can upload your own assets (colors, background image, logo, and favicon) to replace the default assets and publish these assets directly to your pages and templates.
- name: Device
x-displayName: Devices
description: |-
@@ -88,6 +179,7 @@ tags:
The Devices API supports the following **Device Operations**:
* Get, Delete Device objects.
* Perform lifecycle transitions on the Device objects.
+ Device lifecycle is defined as transitions of the Device Status by the associated operations. The Device object follows a predefined lifecycle transition flow. Device Lifecycle operations are idempotent and its calls are synchronous.
The Devices API supports the following **Authorization Schemes**:
* SSWS - [API tokens](https://developer.okta.com/docs/reference/core-okta-api/#authentication)
@@ -97,17 +189,17 @@ tags:
> 1. Admins - Enable Okta FastPass. See [Enable FastPass](https://help.okta.com/okta_help.htm?type=oie&id=ext-fp-enable)
> 2. End users with existing mobile Okta Verify enrollments - After you upgrade your org to Okta Identity Engine, direct end users with existing Okta Verify enrollments to use [FastPass](https://help.okta.com/okta_help.htm?type=oie&id=csh-fp-main).
- > End users with a new enrollment in Okta Verify on an Okta Identity Engine org have a device record created in the device inventory by default.
+ > **Note:** End users with a new enrollment in Okta Verify on an Okta Identity Engine org have a device record created in the device inventory by default.
See [Device Registration](https://help.okta.com/okta_help.htm?type=oie&id=csh-device-registration), [Login Using Okta Verify](https://help.okta.com/okta_help.htm?type=eu&id=ext-ov-user-overview).
- name: DeviceAssurance
x-displayName: Device Assurance Policies
description: The Device Assurance Policies API provides operations to manage device assurance policies in your organization.
- - name: Domain
- x-displayName: Domains
- description: The Domains API provides operations to manage custom domains for your organization.
- name: EmailDomain
x-displayName: Email Domains
- description: The Email Domains API provides operations to manage custom domains for your organization.
+ description: The Email Domains API provides operations to manage email domains for your organization.
+ - name: EmailServer
+ x-displayName: Email Servers
+ description: The Email Servers API allows you to configure a custom external email provider to send email notifications. By default, notifications such as the welcome email or an account recovery email are sent through an Okta-managed SMTP server. Adding a custom email provider gives you more control over your email delivery.
- name: EventHook
x-displayName: Event Hooks
description: |-
@@ -116,6 +208,8 @@ tags:
For general information on event hooks and how to create and use them, see [Event hooks](https://developer.okta.com/docs/concepts/event-hooks/). The following documentation is only for the management API, which provides a CRUD interface for registering event hooks.
For a step-by-step guide on implementing an example event hook, see the [Event hook](https://developer.okta.com/docs/guides/event-hook-implementation/) guide.
+
+ When you create an event hook, you need to specify which events you want to subscribe to. To see the list of event types currently eligible for use in event hooks, use the [Event Types](https://developer.okta.com/docs/reference/api/event-types/#catalog) catalog and search with the parameter `event-hook-eligible`.
- name: Feature
x-displayName: Features
description: |-
@@ -199,6 +293,8 @@ tags:
The Okta Network Zones API provides operations to manage Zones in your organization. There are two usage Zone types: Policy Network Zones and Blocklist Network Zones. Policy Network Zones are used to guide policy decisions. Blocklist Network Zones are used to deny access from certain IP addresses, locations, proxy types, or Autonomous System Numbers (ASNs) before policy evaluation.
A default system Policy Network Zone is provided in your Okta org. You can use the Network Zones API to modify the default Policy Network Zone or to create a custom Policy or Blocklist Network Zone. When you create your custom Zone, you can specify if the Zone is an IP Zone or a Dynamic Zone. An IP Zone allows you to define network perimeters around a set of IPs, whereas a Dynamic Zone allows you to define network perimeters around location, IP type, and ASNs.
+
+ > **Note:** To create multiple network zones, including Dynamic Zones, you must enable Adaptive MFA.
- name: OrgSetting
x-displayName: Org Settings
description: The Org Settings API provides operations to manage your org account settings such as contact information, granting Okta Support access, and more.
@@ -213,10 +309,14 @@ tags:
description: The Principal Rate Limits API provides operations to manage Principal Rate Limits for your organization.
- name: ProfileMapping
x-displayName: Profile Mappings
- description: The Mappings API provides operations to manage the mapping of properties between an Okta User's and an App User's Profile properties using [Okta Expression Language](https://developer.okta.com/docs/reference/okta-expression-language). More information on Okta User and App User Profiles can be found in Okta's [User profiles](https://developer.okta.com/docs/concepts/user-profiles/#what-is-the-okta-universal-directory).
+ description: The Mappings API provides operations to manage the mapping of Profile properties between an Okta User and an App User using [Okta Expression Language](https://developer.okta.com/docs/reference/okta-expression-language). More information on Okta User and App User Profiles can be found in Okta's [User profiles](https://developer.okta.com/docs/concepts/user-profiles/#what-is-the-okta-universal-directory).
- name: PushProvider
x-displayName: Push Providers
description: The Push Providers API provides operations to manage Push Providers for your organization.
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
- name: RateLimitSettings
x-displayName: Rate Limit Settings
description: The Rate Limit Settings APIs provide operations to manage settings and configurations surrounding rate limiting in your Okta organization.
@@ -225,10 +325,10 @@ tags:
description: The Resource Sets API provides operations to manage Resource Sets as custom collections of resources. You can use Resource Sets to assign Custom Roles to administrators who are scoped to the designated resources. See [Supported Resources](https://developer.okta.com/docs/concepts/role-assignment/#supported-resources).
- name: RiskEvent
x-displayName: Risk Events
- description: The Risk Events API provides the ability for third-party Risk Providers to send Risk Events to Okta. See [Third-party risk provider integration overview](https://developer.okta.com/docs/guides/third-party-risk-integration/) for guidance on integrating third-party risk providers with Okta.
+ description: The Risk Events API provides the ability for third-party risk providers to send risk events to Okta. See [Third-party risk provider integration](https://developer.okta.com/docs/guides/third-party-risk-integration/) for guidance on integrating third-party risk providers with Okta.
- name: RiskProvider
x-displayName: Risk Providers
- description: The Risk Providers API provides the ability to manage the Risk Providers within Okta. See [Third-party risk provider integration overview](https://developer.okta.com/docs/guides/third-party-risk-integration/) for guidance on integrating third-party risk providers with Okta.
+ description: The Risk Providers API provides the ability to manage the Risk Providers within Okta. See [Third-party risk provider integration](https://developer.okta.com/docs/guides/third-party-risk-integration/) for guidance on integrating third-party risk providers with Okta.
- name: Role
x-displayName: Roles
description: |-
@@ -315,9 +415,15 @@ tags:
- name: ThreatInsight
x-displayName: ThreatInsight
description: |-
- [Okta ThreatInsight](https://help.okta.com/okta_help.htm?id=ext_threatinsight) maintains a constantly evolving list of IPs that exhibit suspicious behaviors suggestive of malicious activity. Authentication requests associated with an IP in this list can be logged in [System Log](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog) and blocked. The Okta ThreatInsight Configuration API provides operations to manage your ThreatInsight configuration.
+ [Okta ThreatInsight](https://help.okta.com/okta_help.htm?id=ext_threatinsight) maintains a
+ constantly evolving list of IP addresses that consistently exhibit malicious activity.
+ Authentication requests that are associated with an IP in this list can be logged to the
+ [System Log](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog) and blocked.
+ ThreatInsight also covers non-authentication requests in limited capacity depending on the attack patterns of these malicious IPs.
+
+ The ThreatInsight API provides operations to manage your org ThreatInsight configuration.
- In order to prevent abuse, Okta ThreatInsight works in a limited capacity for free trial editions. Please contact Okta support if fully functional Okta ThreatInsight is required.
+ > **Note:** To prevent abuse, Okta ThreatInsight works in a limited capacity for free trial edition orgs. Please contact Okta support if fully functional Okta ThreatInsight is required.
- name: TrustedOrigin
x-displayName: Trusted Origins
description: |-
@@ -328,6 +434,12 @@ tags:
You can also configure Trusted Origins to allow iFrame embedding of Okta resources, such as Okta sign-in pages and the Okta End-User Dashboard, within that origin. This is an Early Access feature. To enable it, contact [Okta Support](https://support.okta.com/help/s/).
> **Note:** This Early Access feature is supported for Okta domains only. It isn't currently supported for custom domains.
+ - name: UISchema
+ x-displayName: UI Schema
+ description: |-
+ The Okta UI Schema API allows you to control how inputs appear on an enrollment form. The UI Schema API is only available as a part of Okta Identity Engine.
+
+ If you're not sure which solution you're using, check the footer on any page of the Admin Console. The version number is appended with E for Identity Engine orgs and C for Classic Engine orgs.
- name: User
x-displayName: Users
description: The User API provides operations to manage users in your organization.
@@ -337,7 +449,42 @@ tags:
- name: UserType
x-displayName: User Types
description: The User Types API provides operations to manage User Types.
+ - name: WebAuthnPreregistration
+ x-displayName: WebAuthnPreregistration
+ description: The WebAuthn Preregistration API provides a flow to initiate and set up WebAuthn Preregistration authenticator enrollments through third-party providers.
paths:
+ /.well-known/app-authenticator-configuration:
+ get:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Retrieve the Well-Known App Authenticator Configuration
+ description: Retrieves the well-known app authenticator configuration, which includes an app authenticator's settings, supported methods and various other configuration details
+ operationId: getWellKnownAppAuthenticatorConfiguration
+ parameters:
+ - name: oauthClientId
+ in: query
+ description: Filters app authenticator configurations by `oauthClientId`
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ $ref: '#/components/schemas/WellKnownAppAuthenticatorConfiguration'
+ '400':
+ $ref: '#/components/responses/ErrorMissingRequiredParameter400'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security: []
+ tags:
+ - Authenticator
/.well-known/okta-organization:
get:
summary: Retrieve the Well-Known Org Metadata
@@ -360,6 +507,10 @@ paths:
security: []
tags:
- OrgSetting
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools:
get:
summary: List all Agent Pools
@@ -388,13 +539,17 @@ paths:
- okta.agentPools.read
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates:
+ parameters:
+ - $ref: '#/components/parameters/pathPoolId'
get:
summary: List all Agent Pool updates
description: Lists all agent pool updates
operationId: listAgentPoolsUpdates
parameters:
- - $ref: '#/components/parameters/pathPoolId'
- $ref: '#/components/parameters/queryScheduled'
responses:
'200':
@@ -417,12 +572,13 @@ paths:
- okta.agentPools.read
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Agent Pool update
description: Creates an Agent pool update \n For user flow 2 manual update, starts the update immediately. \n For user flow 3, schedules the update based on the configured update window and delay.
operationId: createAgentPoolsUpdate
- parameters:
- - $ref: '#/components/parameters/pathPoolId'
requestBody:
content:
application/json:
@@ -450,6 +606,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/settings:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -476,6 +635,9 @@ paths:
- okta.agentPools.read
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update an Agent Pool update settings
description: Updates an agent pool update settings
@@ -507,6 +669,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -534,6 +699,9 @@ paths:
- okta.agentPools.read
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update an Agent Pool update by id
description: Updates Agent pool update and return latest agent pool update
@@ -565,6 +733,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Agent Pool update
description: Deletes Agent pool update
@@ -584,6 +755,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/activate:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -611,6 +785,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/deactivate:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -638,6 +815,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/pause:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -665,6 +845,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/resume:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -692,6 +875,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/retry:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -719,6 +905,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/stop:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -746,19 +935,14 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/api-tokens:
get:
summary: List all API Token Metadata
description: Lists all the metadata of the active API tokens
operationId: listApiTokens
- parameters:
- - $ref: '#/components/parameters/queryAfter'
- - $ref: '#/components/parameters/queryLimit'
- - name: q
- in: query
- description: Finds a token that matches the name or clientName.
- schema:
- type: string
responses:
'200':
description: OK
@@ -781,6 +965,9 @@ paths:
- okta.apiTokens.read
tags:
- ApiToken
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/api-tokens/current:
delete:
summary: Revoke the Current API Token
@@ -797,6 +984,9 @@ paths:
- apiToken: []
tags:
- ApiToken
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/api-tokens/{apiTokenId}:
parameters:
- $ref: '#/components/parameters/pathApiTokenId'
@@ -826,6 +1016,9 @@ paths:
- okta.apiTokens.read
tags:
- ApiToken
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke an API Token
description: Revokes an API token by `apiTokenId`
@@ -845,6 +1038,9 @@ paths:
- okta.apiTokens.manage
tags:
- ApiToken
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps:
get:
summary: List all Applications
@@ -921,6 +1117,9 @@ paths:
- okta.apps.read
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Application
description: Creates a new application to your Okta organization
@@ -964,17 +1163,17 @@ paths:
- okta.apps.manage
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
get:
summary: Retrieve an Application
description: Retrieves an application from your Okta organization by `id`
operationId: getApplication
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -999,16 +1198,13 @@ paths:
- okta.apps.read
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Application
description: Replaces an application
operationId: replaceApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: application
requestBody:
content:
@@ -1039,16 +1235,13 @@ paths:
- okta.apps.manage
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Application
description: Deletes an inactive application
operationId: deleteApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -1065,24 +1258,35 @@ paths:
- okta.apps.manage
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/connections/default:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
get:
summary: Retrieve the default Provisioning Connection
- description: Retrieves the default Provisioning Connection for application
+ description: Retrieves the default Provisioning Connection for an app
operationId: getDefaultProvisioningConnectionForApplication
- parameters:
- - in: path
- name: appId
- required: true
- schema:
- type: string
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/ProvisioningConnection'
+ oneOf:
+ - $ref: '#/components/schemas/ProvisioningConnectionToken'
+ - $ref: '#/components/schemas/ProvisioningConnectionOauth'
+ - $ref: '#/components/schemas/ProvisioningConnectionUnknown'
+ discriminator: &ref_21
+ propertyName: authScheme
+ mapping:
+ TOKEN: '#/components/schemas/ProvisioningConnectionToken'
+ OAUTH2: '#/components/schemas/ProvisioningConnectionOauth'
+ UNKNOWN: '#/components/schemas/ProvisioningConnectionUnknown'
+ examples:
+ ProvisioningConnectionResponseExample:
+ $ref: '#/components/examples/ProvisioningConnectionTokenResponseEx'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -1094,26 +1298,32 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationConnections
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update the default Provisioning Connection
- description: Updates the default provisioning connection for application
+ description: Updates the default Provisioning Connection for an app
operationId: updateDefaultProvisioningConnectionForApplication
parameters:
- - in: path
- name: appId
- required: true
- schema:
- type: string
- in: query
name: activate
schema:
type: boolean
+ description: Activates the Provisioning Connection
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/ProvisioningConnectionRequest'
+ oneOf:
+ - $ref: '#/components/schemas/ProvisioningConnectionTokenRequest'
+ - $ref: '#/components/schemas/ProvisioningConnectionOauthRequest'
+ examples:
+ ProvisioningConnectionTokenExample:
+ $ref: '#/components/examples/ProvisioningConnectionTokenRequestEx'
+ ProvisioningConnectionOauthExample:
+ $ref: '#/components/examples/ProvisioningConnectionOauthRequestEx'
required: true
responses:
'201':
@@ -1122,6 +1332,11 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ProvisioningConnection'
+ examples:
+ ProvisioningConnectionTokenExample:
+ $ref: '#/components/examples/ProvisioningConnectionTokenResponseEx'
+ ProvisioningConnectionOauthExample:
+ $ref: '#/components/examples/ProvisioningConnectionOauthResponseEx'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -1135,18 +1350,17 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationConnections
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/connections/default/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
post:
summary: Activate the default Provisioning Connection
- description: Activates the default Provisioning Connection for an application
+ description: Activates the default Provisioning Connection for an app
operationId: activateDefaultProvisioningConnectionForApplication
- parameters:
- - in: path
- name: appId
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -1161,18 +1375,17 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationConnections
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/connections/default/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
post:
- summary: Deactivate the default Provisioning Connection for an Application
- description: Deactivates the default Provisioning Connection for an application
+ summary: Deactivate the default Provisioning Connection
+ description: Deactivates the default Provisioning Connection for an app
operationId: deactivateDefaultProvisioningConnectionForApplication
- parameters:
- - in: path
- name: appId
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -1187,18 +1400,17 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationConnections
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/csrs:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
get:
summary: List all Certificate Signing Requests
description: Lists all Certificate Signing Requests for an application
operationId: listCsrsForApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -1219,17 +1431,14 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Generate a Certificate Signing Request
description: Generates a new key pair and returns the Certificate Signing Request for it
operationId: generateCsrForApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: metadata
requestBody:
content:
@@ -1257,23 +1466,18 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/csrs/{csrId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ - $ref: '#/components/parameters/pathCsrId'
get:
summary: Retrieve a Certificate Signing Request
description: Retrieves a certificate signing request for the app by `id`
operationId: getCsrForApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: csrId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -1292,22 +1496,14 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke a Certificate Signing Request
description: Revokes a certificate signing request and deletes the key pair from the application
operationId: revokeCsrFromApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: csrId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -1323,23 +1519,18 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ - $ref: '#/components/parameters/pathCsrId'
post:
summary: Publish a Certificate Signing Request
description: Publishes a certificate signing request for the app with a signed X.509 certificate and adds it into the application key credentials
operationId: publishCsrFromApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: csrId
- in: path
- required: true
- schema:
- type: string
requestBody:
required: true
content:
@@ -1378,18 +1569,17 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/keys:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
get:
summary: List all Key Credentials
description: Lists all key credentials for an application
operationId: listApplicationKeys
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -1410,18 +1600,18 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/keys/generate:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
post:
summary: Generate a Key Credential
description: Generates a new X.509 certificate for an application key credential
operationId: generateApplicationKey
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- name: validityYears
in: query
schema:
@@ -1444,23 +1634,18 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/keys/{keyId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ - $ref: '#/components/parameters/pathKeyId'
get:
summary: Retrieve a Key Credential
description: Retrieves a specific application key credential by kid
operationId: getApplicationKey
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: keyId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -1479,23 +1664,19 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/keys/{keyId}/clone:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ - $ref: '#/components/parameters/pathKeyId'
post:
summary: Clone a Key Credential
description: Clones a X.509 certificate for an application key credential from a source application to target application.
operationId: cloneApplicationKey
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: keyId
- in: path
- required: true
- schema:
- type: string
- name: targetAid
in: query
description: Unique key of the target Application
@@ -1520,18 +1701,20 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/features:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
get:
summary: List all Features
- description: Lists all features for an application
+ description: |
+ Lists all features for an application
+ > **Note:** This request returns an error if provisioning isn't enabled for the application.
+ > To set up provisioning, see [Update the default Provisioning Connection](/openapi/okta-management/management/tag/ApplicationConnections/#tag/ApplicationConnections/operation/updateDefaultProvisioningConnectionForApplication).
operationId: listFeaturesForApplication
- parameters:
- - in: path
- name: appId
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -1539,8 +1722,27 @@ paths:
application/json:
schema:
items:
- $ref: '#/components/schemas/ApplicationFeature'
+ oneOf: &ref_2
+ - $ref: '#/components/schemas/UserProvisioningApplicationFeature'
+ - $ref: '#/components/schemas/InboundProvisioningApplicationFeature'
+ discriminator: &ref_3
+ propertyName: name
+ mapping:
+ USER_PROVISIONING: '#/components/schemas/UserProvisioningApplicationFeature'
+ INBOUND_PROVISIONING: '#/components/schemas/InboundProvisioningApplicationFeature'
type: array
+ examples:
+ ListAppFeatureResponse:
+ $ref: '#/components/examples/AppFeatureListResponseEx'
+ '400':
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ ListAppFeatureAPIValidationFailed:
+ $ref: '#/components/examples/ErrorAppFeatureAPIValidationFailed'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -1552,30 +1754,29 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
- /api/v1/apps/{appId}/features/{name}:
+ - ApplicationFeatures
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/apps/{appId}/features/{featureName}:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ - $ref: '#/components/parameters/pathFeatureName'
get:
summary: Retrieve a Feature
description: Retrieves a Feature object for an application
operationId: getFeatureForApplication
- parameters:
- - in: path
- name: appId
- required: true
- schema:
- type: string
- - in: path
- name: name
- required: true
- schema:
- type: string
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/ApplicationFeature'
+ oneOf: *ref_2
+ discriminator: *ref_3
+ examples:
+ AppFeatureResponse:
+ $ref: '#/components/examples/AppFeatureResponseEx'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -1587,27 +1788,25 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationFeatures
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Update a Feature
- description: Updates a Feature object for an application
+ description: |
+ Updates a Feature object for an application
+ > **Note:** This endpoint supports partial updates.
operationId: updateFeatureForApplication
- parameters:
- - in: path
- name: appId
- required: true
- schema:
- type: string
- - in: path
- name: name
- required: true
- schema:
- type: string
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/CapabilitiesObject'
+ oneOf:
+ - $ref: '#/components/schemas/CapabilitiesObject'
+ examples:
+ UpdateAppFeatureEx:
+ $ref: '#/components/examples/UpdateAppFeatureRequestEx'
required: true
responses:
'200':
@@ -1615,7 +1814,11 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/ApplicationFeature'
+ oneOf: *ref_2
+ discriminator: *ref_3
+ examples:
+ UpdateAppFeatureEx:
+ $ref: '#/components/examples/UpdateAppFeatureResponseEx'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -1629,22 +1832,19 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationFeatures
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/grants:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
get:
- summary: List all Scope Consent Grants
- description: Lists all scope consent grants for the application
+ summary: List all app Grants
+ description: Lists all scope consent Grants for the app
operationId: listScopeConsentGrants
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: expand
- in: query
- schema:
- type: string
+ - $ref: '#/components/parameters/queryAppExpand'
responses:
'200':
description: Success
@@ -1654,6 +1854,9 @@ paths:
type: array
items:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+ examples:
+ ListAppGrantsExample:
+ $ref: '#/components/examples/ListAppGrantsEx'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -1662,24 +1865,26 @@ paths:
$ref: '#/components/responses/ErrorTooManyRequests429'
security:
- apiToken: []
+ - oauth2:
+ - okta.appGrants.read
tags:
- - Application
+ - ApplicationGrants
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
- summary: Grant Consent to Scope
- description: Grants consent for the application to request an OAuth 2.0 Okta scope
+ summary: Grant consent to scope
+ description: Grants consent for the app to request an OAuth 2.0 Okta scope
operationId: grantConsentToScope
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: oAuth2ScopeConsentGrant
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+ examples:
+ AppGrantsExample:
+ $ref: '#/components/examples/AppGrantsPostEx'
required: true
responses:
'201':
@@ -1688,6 +1893,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+ examples:
+ AppGrantsExample:
+ $ref: '#/components/examples/AppGrantsEx'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -1698,28 +1906,23 @@ paths:
$ref: '#/components/responses/ErrorTooManyRequests429'
security:
- apiToken: []
+ - oauth2:
+ - okta.appGrants.manage
tags:
- - Application
+ - ApplicationGrants
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/grants/{grantId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ - $ref: '#/components/parameters/pathGrantId'
get:
- summary: Retrieve a Scope Consent Grant
- description: Retrieves a single scope consent grant for the application
+ summary: Retrieve an app Grant
+ description: Retrieves a single scope consent Grant object for the app
operationId: getScopeConsentGrant
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: grantId
- in: path
- required: true
- schema:
- type: string
- - name: expand
- in: query
- schema:
- type: string
+ - $ref: '#/components/parameters/queryAppExpand'
responses:
'200':
description: Success
@@ -1727,6 +1930,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+ examples:
+ AppGrantsExample:
+ $ref: '#/components/examples/AppGrantsEx'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -1735,23 +1941,17 @@ paths:
$ref: '#/components/responses/ErrorTooManyRequests429'
security:
- apiToken: []
+ - oauth2:
+ - okta.appGrants.read
tags:
- - Application
+ - ApplicationGrants
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Revoke a Scope Consent Grant
- description: Revokes permission for the application to request the given scope
+ summary: Revoke an app Grant
+ description: Revokes permission for the app to grant the given scope
operationId: revokeScopeConsentGrant
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: grantId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -1764,19 +1964,21 @@ paths:
$ref: '#/components/responses/ErrorTooManyRequests429'
security:
- apiToken: []
+ - oauth2:
+ - okta.appGrants.manage
tags:
- - Application
+ - ApplicationGrants
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/groups:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
get:
summary: List all Assigned Groups
description: Lists all group assignments for an application
operationId: listApplicationGroupAssignments
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- name: q
in: query
schema:
@@ -1817,8 +2019,14 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationGroups
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/groups/{groupId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ - $ref: '#/components/parameters/pathGroupId'
get:
summary: Retrieve an Assigned Group
description: Retrieves an application group assignment
@@ -1856,7 +2064,10 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationGroups
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Assign a Group
description: Assigns a group to an application
@@ -1899,7 +2110,10 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationGroups
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Group
description: Unassigns a group from an application
@@ -1930,18 +2144,17 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationGroups
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
post:
summary: Activate an Application
description: Activates an inactive application
operationId: activateApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -1958,17 +2171,16 @@ paths:
- okta.apps.manage
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
post:
summary: Deactivate an Application
description: Deactivates an active application
operationId: deactivateApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -1985,17 +2197,23 @@ paths:
- okta.apps.manage
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/logo:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
post:
- summary: Upload a Logo
- description: Uploads a logo for the application. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.
+ summary: Upload an application Logo
+ description: |
+ Uploads a logo for the app instance.
+ If the app already has a logo, this operation replaces the previous logo.
+
+ The logo is visible in the Admin Console as an icon for your app instance.
+ If you have one `appLink` object configured, this logo also appears in the End-User Dashboard as an icon for your app.
+ > **Note:** If you have multiple `appLink` objects, use the Admin Console to add logos for each app link.
+ > You can't use the API to add logos for multiple app links.
operationId: uploadApplicationLogo
- parameters:
- - in: path
- name: appId
- required: true
- schema:
- type: string
requestBody:
content:
multipart/form-data:
@@ -2005,11 +2223,16 @@ paths:
file:
type: string
format: binary
+ description: |
+ The image file containing the logo.
+
+ The file must be in PNG, JPG, SVG, or GIF format, and less than one MB in size.
+ For best results, use an image with a transparent background and a square dimension of 200 x 200 pixels to prevent upscaling.
required:
- file
responses:
'201':
- description: Created
+ description: Content Created
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -2023,23 +2246,23 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationLogos
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/policies/{policyId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ - $ref: '#/components/parameters/pathPolicyId'
put:
- summary: Assign an Application to a Policy
- description: Assigns an application to a policy identified by `policyId`. If the application was previously assigned to another policy, this removes that assignment.
+ summary: Assign an application to a Policy
+ description: |-
+ Assigns an application to an [authentication policy](/openapi/okta-management/management/tag/Policy/), identified by `policyId`.
+ If the application was previously assigned to another policy, this operation replaces that assignment with the updated policy identified by `policyId`.
+
+ > **Note:** When you [merge duplicate authentication policies](https://help.okta.com/okta_help.htm?type=oie&id=ext-merge-auth-policies),
+ the policy and mapping CRUD operations may be unavailable during the consolidation. When the consolidation is complete, you receive an email.
operationId: assignApplicationPolicy
- parameters:
- - in: path
- name: appId
- required: true
- schema:
- type: string
- - in: path
- name: policyId
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -2054,32 +2277,93 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationPolicies
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/apps/{appId}/sso/saml/metadata:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ get:
+ summary: Preview the application SAML metadata
+ description: Previews the SSO SAML metadata for an application
+ operationId: previewSAMLmetadataForApplication
+ responses:
+ '200':
+ description: OK
+ content:
+ text/xml:
+ schema:
+ type: string
+ description: SAML metadata in XML
+ examples:
+ previewSAML:
+ summary: SAML metadata example
+ value: |
+
+
+
+
+
+
+ MIIDqDCCApCgAwIBAgIGAVGNO4qeMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
+ A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+ MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJ
+ ARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODUwMDhaFw0xNzEyMTAxODUxMDdaMIGUMQswCQYD
+ VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
+ A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEc
+ MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ ggEBALAakG48bgcTWHdwmVLHig0mkiRejxIVm3wbzrNSJcBruTq2zCYZ1rGfVxTYON8kJqvkXPmv
+ kzWKhpEkvhubL+mx29XpXY0AsNIfgcm5xIV56yhXSvlMdqzGo3ciRwoACaF+ClNLxmXK9UTZD89B
+ bVVGCG5AEvja0eCQ0GYsO5i9aSI5aTroab8Aew31PuWl/RGQWmjVy8+7P4wwkKKJNKCpxMYDlhfa
+ WRp0zwUSbUCO0qEyeAYdZx6CLES4FGrDi/7D6G+ewWC+kbz1tL1XpF2Dcg3+IOlHrV6VWzz3rG39
+ v9zFIncjvoQJFDGWhpqGqcmXvgH0Ze3SVcVF01T+bK0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
+ AHmnSZ4imjNrIf9wxfQIcqHXEBoJ+oJtd59cw1Ur/YQY9pKXxoglqCQ54ZmlIf4GghlcZhslLO+m
+ NdkQVwSmWMh6KLxVM18/xAkq8zyKbMbvQnTjFB7x45bgokwbjhivWqrB5LYHHCVN7k/8mKlS4eCK
+ Ci6RGEmErjojr4QN2xV0qAqP6CcGANgpepsQJCzlWucMFKAh0x9Kl8fmiQodfyLXyrebYsVnLrMf
+ jxE1b6dg4jKvv975tf5wreQSYZ7m//g3/+NnuDKkN/03HqhV7hTNi1fyctXk8I5Nwgyr+pT5LT2k
+ YoEdncuy+GQGzE9yLOhC4HNfHQXpqp2tMPdRlw==
+
+
+
+ urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+ urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+
+
+
+
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.apps.read
+ tags:
+ - ApplicationSSO
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/tokens:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
get:
- summary: List all OAuth 2.0 Tokens
- description: Lists all tokens for the application
+ summary: List all application refresh Tokens
+ description: |
+ Lists all refresh tokens for an app
+
+ > **Note:** The results are [paginated](/#pagination) according to the `limit` parameter.
+ > If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it).
operationId: listOAuth2TokensForApplication
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: expand
- in: query
- schema:
- type: string
- - name: after
- in: query
- schema:
- type: string
- - name: limit
- in: query
- schema:
- type: integer
- format: int32
- default: 20
+ - $ref: '#/components/parameters/queryAppExpand'
+ - $ref: '#/components/parameters/queryAppAfter'
+ - $ref: '#/components/parameters/queryLimit'
responses:
'200':
description: Success
@@ -2088,7 +2372,10 @@ paths:
schema:
type: array
items:
- $ref: '#/components/schemas/OAuth2Token'
+ $ref: '#/components/schemas/OAuth2RefreshToken'
+ examples:
+ getOAuth2TokenForApplicationListExample:
+ $ref: '#/components/examples/OAuth2RefreshTokenResponseListEx'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -2100,17 +2387,14 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationTokens
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Revoke all OAuth 2.0 Tokens
- description: Revokes all tokens for the specified application
+ summary: Revoke all application Tokens
+ description: Revokes all OAuth 2.0 refresh tokens for the specified app. Any access tokens issued with these refresh tokens are also revoked, but access tokens issued without a refresh token aren't affected.
operationId: revokeOAuth2TokensForApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -2126,34 +2410,30 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationTokens
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/tokens/{tokenId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ - $ref: '#/components/parameters/pathTokenId'
get:
- summary: Retrieve an OAuth 2.0 Token
- description: Retrieves a token for the specified application
+ summary: Retrieve an application Token
+ description: Retrieves a refresh token for the specified app
operationId: getOAuth2TokenForApplication
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: tokenId
- in: path
- required: true
- schema:
- type: string
- - name: expand
- in: query
- schema:
- type: string
+ - $ref: '#/components/parameters/queryAppExpand'
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/OAuth2Token'
+ $ref: '#/components/schemas/OAuth2RefreshToken'
+ examples:
+ getOAuth2TokenForApplicationExample:
+ $ref: '#/components/examples/OAuth2RefreshTokenResponseEx'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -2165,22 +2445,14 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationTokens
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Revoke an OAuth 2.0 Token
- description: Revokes the specified token for the specified application
+ summary: Revoke an application Token
+ description: Revokes the specified token for the specified app
operationId: revokeOAuth2TokenForApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: tokenId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -2196,18 +2468,18 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationTokens
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/users:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
get:
- summary: List all Assigned Users
- description: Lists all assigned [application users](#application-user-model) for an application
+ summary: List all assigned Users
+ description: Lists all assigned users for an app
operationId: listApplicationUsers
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- name: q
in: query
schema:
@@ -2256,17 +2528,22 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationUsers
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Assign a User
- description: Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.
+ description: |-
+ Assigns a user to an app with credentials and an app-specific [profile](/openapi/okta-management/management/tag/Application/#tag/Application/operation/assignUserToApplication!c=200&path=profile&t=response).
+ Profile mappings defined for the app are applied first before applying any profile properties that are specified in the request.
+
+ > **Notes:**
+ > * You need to specify the `id` and omit the `credentials` parameter in the request body only for
+ `signOnMode` or authentication schemes (`credentials.scheme`) that don't require credentials.
+ > * You can only specify profile properties that aren't defined by profile mappings when Universal Directory is enabled.
+ > * If your SSO app requires a profile but doesn't have provisioning enabled, you need to add a profile to the request body.
operationId: assignUserToApplication
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: appUser
requestBody:
content:
@@ -2294,23 +2571,19 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationUsers
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/users/{userId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
+ - $ref: '#/components/parameters/pathUserId'
get:
- summary: Retrieve an Assigned User
- description: Retrieves a specific user assignment for application by `id`
+ summary: Retrieve an assigned User
+ description: Retrieves a specific user assignment for app by `id`
operationId: getApplicationUser
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -2333,22 +2606,14 @@ paths:
- oauth2:
- okta.apps.read
tags:
- - Application
+ - ApplicationUsers
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
- summary: Update an Application Profile for Assigned User
+ summary: Update an App Profile for an assigned User
description: Updates a user's profile for an application
operationId: updateApplicationUser
- parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: userId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: appUser
requestBody:
content:
@@ -2376,22 +2641,15 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationUsers
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Unassign a User
+ summary: Unassign an App User
description: Unassigns a user from an application
operationId: unassignUserFromApplication
parameters:
- - name: appId
- in: path
- required: true
- schema:
- type: string
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: sendEmail
in: query
schema:
@@ -2413,12 +2671,17 @@ paths:
- oauth2:
- okta.apps.manage
tags:
- - Application
+ - ApplicationUsers
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/authenticators:
get:
summary: List all Authenticators
description: Lists all authenticators
operationId: listAuthenticators
+ parameters:
+ - $ref: '#/components/parameters/queryExpandAuthenticator'
responses:
'200':
description: Success
@@ -2429,7 +2692,7 @@ paths:
$ref: '#/components/schemas/Authenticator'
type: array
examples:
- Org Authenticators:
+ OrgAuthenticatorsEx:
$ref: '#/components/examples/AuthenticatorsResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
@@ -2441,9 +2704,14 @@ paths:
- okta.authenticators.read
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Create an Authenticator
- description: Creates an authenticator. You can use this operation as part of the "Create a custom authenticator" flow. See the [Custom authenticator integration guide](https://developer.okta.com/docs/guides/authenticators-custom-authenticator/android/main/).
+ description: Creates an authenticator
operationId: createAuthenticator
parameters:
- in: query
@@ -2470,17 +2738,20 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/authenticators/{authenticatorId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthenticatorId'
get:
summary: Retrieve an Authenticator
description: Retrieves an authenticator from your Okta organization by `authenticatorId`
operationId: getAuthenticator
parameters:
- - in: path
- name: authenticatorId
- required: true
- schema:
- type: string
+ - $ref: '#/components/parameters/queryExpandAuthenticator'
responses:
'200':
$ref: '#/components/responses/AuthenticatorResponse'
@@ -2496,16 +2767,15 @@ paths:
- okta.authenticators.read
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
summary: Replace an Authenticator
- description: Replaces an authenticator
+ description: Replaces the properties for an Authenticator identified by `authenticatorId`
operationId: replaceAuthenticator
- parameters:
- - in: path
- name: authenticatorId
- required: true
- schema:
- type: string
x-codegen-request-body-name: authenticator
requestBody:
$ref: '#/components/requestBodies/AuthenticatorRequestBody'
@@ -2526,17 +2796,18 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/authenticators/{authenticatorId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthenticatorId'
post:
summary: Activate an Authenticator
description: Activates an authenticator by `authenticatorId`
operationId: activateAuthenticator
- parameters:
- - in: path
- name: authenticatorId
- required: true
- schema:
- type: string
responses:
'200':
$ref: '#/components/responses/AuthenticatorResponse'
@@ -2552,17 +2823,18 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/authenticators/{authenticatorId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthenticatorId'
post:
summary: Deactivate an Authenticator
description: Deactivates an authenticator by `authenticatorId`
operationId: deactivateAuthenticator
- parameters:
- - in: path
- name: authenticatorId
- required: true
- schema:
- type: string
responses:
'200':
$ref: '#/components/responses/AuthenticatorResponse'
@@ -2578,26 +2850,18 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
- /api/v1/authorizationServers:
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/authenticators/{authenticatorId}/methods:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthenticatorId'
get:
- summary: List all Authorization Servers
- description: Lists all authorization servers
- operationId: listAuthorizationServers
- parameters:
- - name: q
- in: query
- schema:
- type: string
- - name: limit
- in: query
- schema:
- type: integer
- format: int32
- default: 200
- - name: after
- in: query
- schema:
- type: string
+ summary: List all Methods of an Authenticator
+ description: Lists all Methods of an Authenticator identified by `authenticatorId`
+ operationId: listAuthenticatorMethods
responses:
'200':
description: Success
@@ -2606,10 +2870,226 @@ paths:
schema:
type: array
items:
- $ref: '#/components/schemas/AuthorizationServer'
+ oneOf: &ref_4
+ - $ref: '#/components/schemas/AuthenticatorMethodSimple'
+ - $ref: '#/components/schemas/AuthenticatorMethodPush'
+ - $ref: '#/components/schemas/AuthenticatorMethodSignedNonce'
+ - $ref: '#/components/schemas/AuthenticatorMethodTotp'
+ - $ref: '#/components/schemas/AuthenticatorMethodOtp'
+ - $ref: '#/components/schemas/AuthenticatorMethodWebAuthn'
+ - $ref: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
+ discriminator: &ref_5
+ propertyName: type
+ mapping:
+ sms: '#/components/schemas/AuthenticatorMethodSimple'
+ voice: '#/components/schemas/AuthenticatorMethodSimple'
+ email: '#/components/schemas/AuthenticatorMethodSimple'
+ push: '#/components/schemas/AuthenticatorMethodPush'
+ signed_nonce: '#/components/schemas/AuthenticatorMethodSignedNonce'
+ totp: '#/components/schemas/AuthenticatorMethodTotp'
+ otp: '#/components/schemas/AuthenticatorMethodOtp'
+ password: '#/components/schemas/AuthenticatorMethodSimple'
+ webauthn: '#/components/schemas/AuthenticatorMethodWebAuthn'
+ security_question: '#/components/schemas/AuthenticatorMethodSimple'
+ idp: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
+ duo: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
+ cert: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
- '429':
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.authenticators.read
+ tags:
+ - Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/authenticators/{authenticatorId}/methods/{methodType}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthenticatorId'
+ - $ref: '#/components/parameters/pathMethodType'
+ get:
+ summary: Retrieve a Method
+ description: Retrieves a Method identified by `methodType` of an Authenticator identified by `authenticatorId`
+ operationId: getAuthenticatorMethod
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_4
+ discriminator: *ref_5
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.authenticators.read
+ tags:
+ - Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ put:
+ summary: Replace a Method
+ description: Replaces a Method of `methodType` for an Authenticator identified by `authenticatorId`
+ operationId: replaceAuthenticatorMethod
+ requestBody:
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_4
+ discriminator: *ref_5
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_4
+ discriminator: *ref_5
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.authenticators.manage
+ tags:
+ - Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthenticatorId'
+ - $ref: '#/components/parameters/pathMethodType'
+ post:
+ summary: Activate an Authenticator Method
+ description: Activates a Method for an Authenticator identified by `authenticatorId` and `methodType`
+ operationId: activateAuthenticatorMethod
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_4
+ discriminator: *ref_5
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.authenticators.manage
+ tags:
+ - Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthenticatorId'
+ - $ref: '#/components/parameters/pathMethodType'
+ post:
+ summary: Deactivate an Authenticator Method
+ description: Deactivates a Method for an Authenticator identified by `authenticatorId` and `methodType`
+ operationId: deactivateAuthenticatorMethod
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_4
+ discriminator: *ref_5
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.authenticators.manage
+ tags:
+ - Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/authenticators/{authenticatorId}/policies/{mappingId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthenticatorId'
+ - $ref: '#/components/parameters/pathPolicyMappingId'
+ /api/v1/authorizationServers:
+ get:
+ summary: List all Authorization Servers
+ description: Lists all custom authorization servers in the org
+ operationId: listAuthorizationServers
+ parameters:
+ - name: q
+ in: query
+ description: Searches the `name` and `audiences` of authorization servers for matching values
+ example: customasone
+ schema:
+ type: string
+ - name: limit
+ in: query
+ description: 'Specifies the number of authorization server results on a page. Maximum value: 200'
+ schema:
+ type: integer
+ format: int32
+ default: 200
+ - name: after
+ in: query
+ description: Specifies the pagination cursor for the next page of authorization servers. Treat as an opaque value and obtain through the next link relationship.
+ schema:
+ type: string
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ ListAuthServers:
+ $ref: '#/components/examples/ListAuthServersResponse'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
$ref: '#/components/responses/ErrorTooManyRequests429'
security:
- apiToken: []
@@ -2617,6 +3097,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
summary: Create an Authorization Server
description: Creates an authorization server
@@ -2627,6 +3112,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ CreateAuthServer:
+ $ref: '#/components/examples/CreateAuthServerBody'
required: true
responses:
'201':
@@ -2635,6 +3123,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ CreateAuthServer:
+ $ref: '#/components/examples/CreateAuthServerResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -2647,17 +3138,18 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
get:
summary: Retrieve an Authorization Server
description: Retrieves an authorization server
operationId: getAuthorizationServer
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -2665,6 +3157,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ RetrieveAuthServer:
+ $ref: '#/components/examples/RetrieveAuthServerResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -2677,22 +3172,24 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
put:
summary: Replace an Authorization Server
description: Replaces an authorization server
operationId: replaceAuthorizationServer
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: authorizationServer
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ ReplaceAuthServer:
+ $ref: '#/components/examples/ReplaceAuthServerBody'
required: true
responses:
'200':
@@ -2701,6 +3198,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ ReplaceAuthServer:
+ $ref: '#/components/examples/ReplaceAuthServerResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -2715,16 +3215,15 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Delete an Authorization Server
description: Deletes an authorization server
operationId: deleteAuthorizationServer
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -2741,15 +3240,40 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
- /api/v1/authorizationServers/{authServerId}/claims:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
+ /api/v1/authorizationServers/{authServerId}/associatedServers:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
get:
- summary: List all Custom Token Claims
- description: Lists all custom token claims
- operationId: listOAuth2Claims
+ summary: List all associated Authorization Servers
+ description: Lists all associated Authorization Servers by trusted type for the given `authServerId`
+ operationId: listAssociatedServersByTrustedType
parameters:
- - name: authServerId
- in: path
- required: true
+ - name: trusted
+ in: query
+ description: Searches trusted authorization servers when `true` or searches untrusted authorization servers when `false`
+ schema:
+ type: boolean
+ - name: q
+ in: query
+ description: Searches for the name or audience of the associated authorization servers
+ example: customasone
+ schema:
+ type: string
+ - name: limit
+ in: query
+ description: Specifies the number of results for a page
+ schema:
+ type: integer
+ format: int32
+ default: 200
+ - name: after
+ in: query
+ description: Specifies the pagination cursor for the next page of the associated authorization servers
schema:
type: string
responses:
@@ -2760,7 +3284,10 @@ paths:
schema:
type: array
items:
- $ref: '#/components/schemas/OAuth2Claim'
+ $ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ ListAssocAuthServer:
+ $ref: '#/components/examples/ListAssocAuthServerResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -2772,31 +3299,38 @@ paths:
- oauth2:
- okta.authorizationServers.read
tags:
- - AuthorizationServer
+ - AuthorizationServerAssoc
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
- summary: Create a Custom Token Claim
- description: Creates a custom token claim
- operationId: createOAuth2Claim
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- x-codegen-request-body-name: oAuth2Claim
+ summary: Create an associated Authorization Server
+ description: Creates trusted relationships between the given authorization server and other authorization servers
+ operationId: createAssociatedServers
+ x-codegen-request-body-name: associatedServerMediated
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/OAuth2Claim'
+ $ref: '#/components/schemas/AssociatedServerMediated'
+ examples:
+ CreateAssocAuthServer:
+ $ref: '#/components/examples/CreateAssocAuthServerBody'
required: true
responses:
- '201':
+ '200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/OAuth2Claim'
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthorizationServer'
+ examples:
+ CreateAssocAuthServer:
+ $ref: '#/components/examples/CreateAssocAuthServerResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -2810,30 +3344,60 @@ paths:
- oauth2:
- okta.authorizationServers.manage
tags:
- - AuthorizationServer
- /api/v1/authorizationServers/{authServerId}/claims/{claimId}:
+ - AuthorizationServerAssoc
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
+ /api/v1/authorizationServers/{authServerId}/associatedServers/{associatedServerId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathAssociatedServerId'
+ delete:
+ summary: Delete an associated Authorization Server
+ description: Deletes an associated Authorization Server
+ operationId: deleteAssociatedServer
+ responses:
+ '204':
+ description: No Content
+ content: {}
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.authorizationServers.manage
+ tags:
+ - AuthorizationServerAssoc
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
+ /api/v1/authorizationServers/{authServerId}/claims:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
get:
- summary: Retrieve a Custom Token Claim
- description: Retrieves a custom token claim
- operationId: getOAuth2Claim
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: claimId
- in: path
- required: true
- schema:
- type: string
+ summary: List all custom token Claims
+ description: Lists all custom token Claims defined for a specified custom authorization server
+ operationId: listOAuth2Claims
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/OAuth2Claim'
+ type: array
+ items:
+ $ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ ListCustomTokenClaims:
+ $ref: '#/components/examples/ListCustomTokenClaimsResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -2845,36 +3409,36 @@ paths:
- oauth2:
- okta.authorizationServers.read
tags:
- - AuthorizationServer
- put:
- summary: Replace a Custom Token Claim
- description: Replaces a custom token claim
- operationId: replaceOAuth2Claim
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: claimId
- in: path
- required: true
- schema:
- type: string
+ - AuthorizationServerClaims
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
+ post:
+ summary: Create a custom token Claim
+ description: Creates a custom token Claim for a custom authorization server
+ operationId: createOAuth2Claim
x-codegen-request-body-name: oAuth2Claim
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ CreateCustomTokenClaim:
+ $ref: '#/components/examples/CreateCustomTokenClaimBody'
required: true
responses:
- '200':
+ '201':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ CreateCustomTokenClaim:
+ $ref: '#/components/examples/CreateCustomTokenClaimResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -2888,22 +3452,94 @@ paths:
- oauth2:
- okta.authorizationServers.manage
tags:
- - AuthorizationServer
+ - AuthorizationServerClaims
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
+ /api/v1/authorizationServers/{authServerId}/claims/{claimId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathClaimId'
+ get:
+ summary: Retrieve a custom token Claim
+ description: Retrieves a custom token Claim by the specified `claimId`
+ operationId: getOAuth2Claim
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ RetrieveCustomTokenClaim:
+ $ref: '#/components/examples/RetrieveCustomTokenClaimResponse'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.authorizationServers.read
+ tags:
+ - AuthorizationServerClaims
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
+ put:
+ summary: Replace a custom token Claim
+ description: Replaces a custom token Claim specified by the `claimId`
+ operationId: replaceOAuth2Claim
+ x-codegen-request-body-name: oAuth2Claim
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ ReplaceCustomTokenClaim:
+ $ref: '#/components/examples/ReplaceCustomTokenClaimBody'
+ required: true
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/OAuth2Claim'
+ examples:
+ ReplaceCustomTokenClaim:
+ $ref: '#/components/examples/ReplaceCustomTokenClaimResponse'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.authorizationServers.manage
+ tags:
+ - AuthorizationServerClaims
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
- summary: Delete a Custom Token Claim
- description: Deletes a custom token claim
+ summary: Delete a custom token Claim
+ description: Deletes a custom token Claim specified by the `claimId`
operationId: deleteOAuth2Claim
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: claimId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -2919,18 +3555,19 @@ paths:
- oauth2:
- okta.authorizationServers.manage
tags:
- - AuthorizationServer
+ - AuthorizationServerClaims
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/clients:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
get:
summary: List all Clients
description: Lists all clients
operationId: listOAuth2ClientsForAuthorizationServer
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -2952,22 +3589,20 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathClientId'
get:
summary: List all Refresh Tokens for a Client
description: Lists all refresh tokens for a client
operationId: listRefreshTokensForAuthorizationServerAndClient
parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: clientId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -3003,21 +3638,15 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Revoke all Refresh Tokens for a Client
description: Revokes all refresh tokens for a client
operationId: revokeRefreshTokensForAuthorizationServerAndClient
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: clientId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3034,27 +3663,21 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathClientId'
+ - $ref: '#/components/parameters/pathTokenId'
get:
summary: Retrieve a Refresh Token for a Client
description: Retrieves a refresh token for a client
operationId: getRefreshTokenForAuthorizationServerAndClient
parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: clientId
- in: path
- required: true
- schema:
- type: string
- - name: tokenId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -3078,26 +3701,15 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Revoke a Refresh Token for a Client
description: Revokes a refresh token for a client
operationId: revokeRefreshTokenForAuthorizationServerAndClient
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: clientId
- in: path
- required: true
- schema:
- type: string
- - name: tokenId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3114,17 +3726,18 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/credentials/keys:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
get:
summary: List all Credential Keys
description: Lists all credential keys
operationId: listAuthorizationServerKeys
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -3146,17 +3759,18 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
post:
summary: Rotate all Credential Keys
description: Rotates all credential keys
operationId: rotateAuthorizationServerKeys
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: use
requestBody:
content:
@@ -3187,17 +3801,18 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
post:
summary: Activate an Authorization Server
description: Activates an authorization server
operationId: activateAuthorizationServer
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3214,17 +3829,18 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
post:
summary: Deactivate an Authorization Server
description: Deactivates an authorization server
operationId: deactivateAuthorizationServer
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3241,17 +3857,18 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
get:
summary: List all Policies
description: Lists all policies
operationId: listAuthorizationServerPolicies
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -3273,16 +3890,15 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
summary: Create a Policy
description: Creates a policy
operationId: createAuthorizationServerPolicy
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: policy
requestBody:
content:
@@ -3311,22 +3927,19 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathPolicyId'
get:
summary: Retrieve a Policy
description: Retrieves a policy
operationId: getAuthorizationServerPolicy
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: policyId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -3346,21 +3959,15 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
put:
summary: Replace a Policy
description: Replaces a policy
operationId: replaceAuthorizationServerPolicy
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: policyId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: policy
requestBody:
content:
@@ -3389,21 +3996,15 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Delete a Policy
description: Deletes a policy
operationId: deleteAuthorizationServerPolicy
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: policyId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3420,22 +4021,19 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathPolicyId'
post:
summary: Activate a Policy
description: Activates an authorization server policy
operationId: activateAuthorizationServerPolicy
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: policyId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3452,22 +4050,19 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathPolicyId'
post:
summary: Deactivate a Policy
description: Deactivates an authorization server policy
operationId: deactivateAuthorizationServerPolicy
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: policyId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3484,22 +4079,19 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathPolicyId'
get:
summary: List all Policy Rules
description: Lists all policy rules for the specified Custom Authorization Server and Policy
operationId: listAuthorizationServerPolicyRules
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -3521,21 +4113,15 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
summary: Create a Policy Rule
description: Creates a policy rule for the specified Custom Authorization Server and Policy
operationId: createAuthorizationServerPolicyRule
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: policyRule
requestBody:
content:
@@ -3564,27 +4150,20 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathPolicyId'
+ - $ref: '#/components/parameters/pathRuleId'
get:
summary: Retrieve a Policy Rule
description: Retrieves a policy rule by `ruleId`
operationId: getAuthorizationServerPolicyRule
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -3604,26 +4183,15 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
put:
summary: Replace a Policy Rule
description: Replaces the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy
operationId: replaceAuthorizationServerPolicyRule
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: policyRule
requestBody:
content:
@@ -3652,26 +4220,15 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Delete a Policy Rule
description: Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy
operationId: deleteAuthorizationServerPolicyRule
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3688,27 +4245,20 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathPolicyId'
+ - $ref: '#/components/parameters/pathRuleId'
post:
summary: Activate a Policy Rule
description: Activates an authorization server policy rule
operationId: activateAuthorizationServerPolicyRule
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3725,27 +4275,20 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathPolicyId'
+ - $ref: '#/components/parameters/pathRuleId'
post:
summary: Deactivate a Policy Rule
description: Deactivates an authorization server policy rule
operationId: deactivateAuthorizationServerPolicyRule
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3762,17 +4305,19 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/scopes:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
get:
summary: List all Custom Token Scopes
description: Lists all custom token scopes
operationId: listOAuth2Scopes
parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- name: q
in: query
schema:
@@ -3812,16 +4357,15 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
summary: Create a Custom Token Scope
description: Creates a custom token scope
operationId: createOAuth2Scope
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: oAuth2Scope
requestBody:
content:
@@ -3850,22 +4394,19 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthServerId'
+ - $ref: '#/components/parameters/pathScopeId'
get:
summary: Retrieve a Custom Token Scope
description: Retrieves a custom token scope
operationId: getOAuth2Scope
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: scopeId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -3885,21 +4426,15 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
put:
summary: Replace a Custom Token Scope
description: Replaces a custom token scope
operationId: replaceOAuth2Scope
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: scopeId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: oAuth2Scope
requestBody:
content:
@@ -3928,21 +4463,15 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Delete a Custom Token Scope
description: Deletes a custom token scope
operationId: deleteOAuth2Scope
- parameters:
- - name: authServerId
- in: path
- required: true
- schema:
- type: string
- - name: scopeId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -3959,6 +4488,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/behaviors:
get:
summary: List all Behavior Detection Rules
@@ -3972,12 +4506,12 @@ paths:
schema:
type: array
items:
- oneOf: &ref_2
+ oneOf: &ref_6
- $ref: '#/components/schemas/BehaviorRuleAnomalousLocation'
- $ref: '#/components/schemas/BehaviorRuleAnomalousIP'
- $ref: '#/components/schemas/BehaviorRuleAnomalousDevice'
- $ref: '#/components/schemas/BehaviorRuleVelocity'
- discriminator: &ref_3
+ discriminator: &ref_7
propertyName: type
mapping:
ANOMALOUS_LOCATION: '#/components/schemas/BehaviorRuleAnomalousLocation'
@@ -3994,6 +4528,9 @@ paths:
- okta.behaviors.read
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Behavior Detection Rule
description: Creates a new behavior detection rule
@@ -4003,8 +4540,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_6
+ discriminator: *ref_7
examples:
BehaviorRuleRequest:
$ref: '#/components/examples/BehaviorRuleRequest'
@@ -4038,6 +4575,9 @@ paths:
- okta.behaviors.manage
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/behaviors/{behaviorId}:
parameters:
- $ref: '#/components/parameters/pathBehaviorId'
@@ -4051,8 +4591,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_6
+ discriminator: *ref_7
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -4072,6 +4612,9 @@ paths:
- okta.behaviors.read
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Behavior Detection Rule
description: Replaces a Behavior Detection Rule by `behaviorId`
@@ -4081,8 +4624,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_6
+ discriminator: *ref_7
examples:
BehaviorRuleRequest:
$ref: '#/components/examples/BehaviorRuleRequest'
@@ -4093,8 +4636,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_6
+ discriminator: *ref_7
examples:
BehaviorRuleReSponse:
$ref: '#/components/examples/BehaviorRuleResponse'
@@ -4126,6 +4669,9 @@ paths:
- okta.behaviors.manage
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Behavior Detection Rule
description: Deletes a Behavior Detection Rule by `behaviorId`
@@ -4152,21 +4698,24 @@ paths:
- okta.behaviors.manage
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/behaviors/{behaviorId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathBehaviorId'
post:
summary: Activate a Behavior Detection Rule
description: Activates a behavior detection rule
operationId: activateBehaviorDetectionRule
- parameters:
- - $ref: '#/components/parameters/pathBehaviorId'
responses:
'200':
description: Success
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_6
+ discriminator: *ref_7
examples:
BehaviorRuleReSponse:
$ref: '#/components/examples/BehaviorRuleResponse'
@@ -4182,21 +4731,24 @@ paths:
- okta.behaviors.manage
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/behaviors/{behaviorId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathBehaviorId'
post:
summary: Deactivate a Behavior Detection Rule
description: Deactivates a behavior detection rule
operationId: deactivateBehaviorDetectionRule
- parameters:
- - $ref: '#/components/parameters/pathBehaviorId'
responses:
'200':
description: Success
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_6
+ discriminator: *ref_7
examples:
BehaviorRuleReSponse:
$ref: '#/components/examples/BehaviorRuleResponse'
@@ -4212,7 +4764,15 @@ paths:
- okta.behaviors.manage
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands:
+ parameters:
+ - $ref: '#/components/parameters/queryExpandBrand'
+ - $ref: '#/components/parameters/queryAfter'
+ - $ref: '#/components/parameters/queryLimit'
+ - $ref: '#/components/parameters/queryFilter'
get:
summary: List all Brands
description: Lists all the brands in your org
@@ -4225,7 +4785,7 @@ paths:
schema:
type: array
items:
- $ref: '#/components/schemas/Brand'
+ $ref: '#/components/schemas/BrandWithEmbedded'
examples:
Get brands response:
$ref: '#/components/examples/ListBrandsResponse'
@@ -4239,9 +4799,12 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Brand
- description: Creates new brand in your org
+ description: Creates a new brand in your org
operationId: createBrand
requestBody:
content:
@@ -4273,9 +4836,13 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}:
parameters:
- $ref: '#/components/parameters/pathBrandId'
+ - $ref: '#/components/parameters/queryExpandBrand'
get:
summary: Retrieve a Brand
description: Retrieves a brand by `brandId`
@@ -4286,7 +4853,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/Brand'
+ $ref: '#/components/schemas/BrandWithEmbedded'
examples:
Get brand response:
$ref: '#/components/examples/GetBrandResponse'
@@ -4302,6 +4869,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Brand
description: Replaces a brand by `brandId`
@@ -4340,9 +4910,12 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a brand
- description: Deletes a brand by its unique identifier
+ description: Deletes a brand by `brandId`
operationId: deleteBrand
responses:
'204':
@@ -4370,6 +4943,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/domains:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4396,81 +4972,16 @@ paths:
- okta.brands.read
tags:
- Customization
- post:
- summary: Link a Brand to a Domain
- description: Links a brand to a domain by `domainId`
- operationId: linkBrandDomain
- requestBody:
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/CreateBrandDomainRequest'
- examples:
- Create brand request:
- $ref: '#/components/examples/CreateBrandDomainRequest'
- responses:
- '201':
- description: Created
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/BrandDomain'
- examples:
- Link a brand with a domain:
- $ref: '#/components/examples/LinkBrandDomain'
- '400':
- $ref: '#/components/responses/ErrorApiValidationFailed400'
- '403':
- $ref: '#/components/responses/ErrorAccessDenied403'
- '404':
- $ref: '#/components/responses/ErrorResourceNotFound404'
- '409':
- description: Conflict
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Error'
- examples:
- Cannot link default brand with a domain:
- $ref: '#/components/examples/ErrorLinkDefaultBrand'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.brands.manage
- tags:
- - Customization
- /api/v1/brands/{brandId}/domains/{domainId}:
- parameters:
- - $ref: '#/components/parameters/pathBrandId'
- - $ref: '#/components/parameters/pathDomainId'
- delete:
- summary: Unlink a Brand from a Domain
- description: Unlinks a brand and domain by their identifiers
- operationId: unlinkBrandDomain
- responses:
- '204':
- description: Successfully unlinked the domain from the brand
- '403':
- $ref: '#/components/responses/ErrorAccessDenied403'
- '404':
- $ref: '#/components/responses/ErrorResourceNotFound404'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.brands.manage
- tags:
- - Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/error:
parameters:
- $ref: '#/components/parameters/pathBrandId'
- $ref: '#/components/parameters/queryExpandPageRoot'
get:
- summary: Retrieve the Error Page
- description: Retrieves the error page
+ summary: Retrieve the Error Page Sub-Resources
+ description: Retrieves the error page sub-resources. The `expand` query parameter specifies which sub-resources to include in the response.
operationId: getErrorPage
responses:
'200':
@@ -4491,12 +5002,15 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/error/customized:
parameters:
- $ref: '#/components/parameters/pathBrandId'
get:
summary: Retrieve the Customized Error Page
- description: Retrieves the customized error page
+ description: Retrieves the customized error page. The customized error page appears in your live environment.
operationId: getCustomizedErrorPage
responses:
'200':
@@ -4509,7 +5023,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/CustomizablePage'
+ $ref: '#/components/schemas/ErrorPage'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -4522,15 +5036,18 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Customized Error Page
- description: Replaces the customized error page
+ description: Replaces the customized error page. The customized error page appears in your live environment.
operationId: replaceCustomizedErrorPage
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/CustomizablePage'
+ $ref: '#/components/schemas/ErrorPage'
required: true
responses:
'200':
@@ -4543,7 +5060,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/CustomizablePage'
+ $ref: '#/components/schemas/ErrorPage'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -4558,13 +5075,16 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Reset the Customized Error Page
- description: Resets the customized error page
- operationId: resetCustomizedErrorPage
+ summary: Delete the Customized Error Page
+ description: Deletes the customized error page. As a result, the default error page appears in your live environment.
+ operationId: deleteCustomizedErrorPage
responses:
'204':
- description: Successfully reset the customized error page.
+ description: Successfully deleted the customized error page.
content: {}
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
@@ -4578,12 +5098,15 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/error/default:
parameters:
- $ref: '#/components/parameters/pathBrandId'
get:
summary: Retrieve the Default Error Page
- description: Retrieves the default error page
+ description: Retrieves the default error page. The default error page appears when no customized error page exists.
operationId: getDefaultErrorPage
responses:
'200':
@@ -4591,7 +5114,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/CustomizablePage'
+ $ref: '#/components/schemas/ErrorPage'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -4604,12 +5127,15 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/error/preview:
parameters:
- $ref: '#/components/parameters/pathBrandId'
get:
summary: Retrieve the Preview Error Page Preview
- description: Retrieves the preview error page
+ description: Retrieves the preview error page. The preview error page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/error/preview`.
operationId: getPreviewErrorPage
responses:
'200':
@@ -4622,7 +5148,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/CustomizablePage'
+ $ref: '#/components/schemas/ErrorPage'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -4635,15 +5161,18 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Preview Error Page
- description: Replaces the preview error page
+ description: Replaces the preview error page. The preview error page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/error/preview`.
operationId: replacePreviewErrorPage
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/CustomizablePage'
+ $ref: '#/components/schemas/ErrorPage'
required: true
responses:
'200':
@@ -4656,7 +5185,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/CustomizablePage'
+ $ref: '#/components/schemas/ErrorPage'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -4671,13 +5200,16 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Reset the Preview Error Page
- description: Resets the preview error page
- operationId: resetPreviewErrorPage
+ summary: Delete the Preview Error Page
+ description: Deletes the preview error page. The preview error page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/error/preview`.
+ operationId: deletePreviewErrorPage
responses:
'204':
- description: Successfully reset the preview error page.
+ description: Successfully deleted the preview error page.
content: {}
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
@@ -4691,13 +5223,16 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-in:
parameters:
- $ref: '#/components/parameters/pathBrandId'
- $ref: '#/components/parameters/queryExpandPageRoot'
get:
- summary: Retrieve the Sign-in Page
- description: Retrieves the sign-in page
+ summary: Retrieve the Sign-in Page Sub-Resources
+ description: Retrieves the sign-in page sub-resources. The `expand` query parameter specifies which sub-resources to include in the response.
operationId: getSignInPage
responses:
'200':
@@ -4718,12 +5253,15 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-in/customized:
parameters:
- $ref: '#/components/parameters/pathBrandId'
get:
summary: Retrieve the Customized Sign-in Page
- description: Retrieves the customized sign-in page
+ description: Retrieves the customized sign-in page. The customized sign-in page appears in your live environment.
operationId: getCustomizedSignInPage
responses:
'200':
@@ -4749,9 +5287,12 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Customized Sign-in Page
- description: Replaces the customized sign-in page
+ description: Replaces the customized sign-in page. The customized sign-in page appears in your live environment.
operationId: replaceCustomizedSignInPage
requestBody:
content:
@@ -4785,13 +5326,16 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Reset the Customized Sign-in Page
- description: Resets the customized sign-in page
- operationId: resetCustomizedSignInPage
+ summary: Delete the Customized Sign-in Page
+ description: Deletes the customized sign-in page. As a result, the default sign-in page appears in your live environment.
+ operationId: deleteCustomizedSignInPage
responses:
'204':
- description: Successfully reset the sign-in page.
+ description: Successfully deleted the sign-in page.
content: {}
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
@@ -4805,12 +5349,15 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-in/default:
parameters:
- $ref: '#/components/parameters/pathBrandId'
get:
summary: Retrieve the Default Sign-in Page
- description: Retrieves the default sign-in page
+ description: Retrieves the default sign-in page. The default sign-in page appears when no customized sign-in page exists.
operationId: getDefaultSignInPage
responses:
'200':
@@ -4831,12 +5378,15 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-in/preview:
parameters:
- $ref: '#/components/parameters/pathBrandId'
get:
summary: Retrieve the Preview Sign-in Page Preview
- description: Retrieves the preview sign-in page
+ description: Retrieves the preview sign-in page. The preview sign-in page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/login/preview`.
operationId: getPreviewSignInPage
responses:
'200':
@@ -4862,9 +5412,12 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Preview Sign-in Page
- description: Replaces the preview sign-in page
+ description: Replaces the preview sign-in page. The preview sign-in page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/login/preview`.
operationId: replacePreviewSignInPage
requestBody:
content:
@@ -4898,13 +5451,16 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Reset the Preview Sign-in Page
- description: Resets the preview sign-in page
- operationId: resetPreviewSignInPage
+ summary: Delete the Preview Sign-in Page
+ description: Deletes the preview sign-in page. The preview sign-in page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/login/preview`.
+ operationId: deletePreviewSignInPage
responses:
'204':
- description: Successfully reset the preview sign-in page.
+ description: Successfully deleted the preview sign-in page.
content: {}
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
@@ -4918,12 +5474,15 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-in/widget-versions:
parameters:
- $ref: '#/components/parameters/pathBrandId'
get:
summary: List all Sign-in Widget Versions
- description: Lists all sign-in widget versions
+ description: Lists all sign-in widget versions supported by the current org
operationId: listAllSignInWidgetVersions
responses:
'200':
@@ -4947,6 +5506,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-out/customized:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4973,6 +5535,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Sign-out Page Settings
description: Replaces the sign-out page settings
@@ -5004,6 +5569,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5044,6 +5612,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5076,13 +5647,19 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/customizations:
parameters:
- $ref: '#/components/parameters/pathBrandId'
- $ref: '#/components/parameters/pathTemplateName'
get:
summary: List all Email Customizations
- description: Lists all customizations of an email template
+ description: |
+ Lists all customizations of an email template
+
+ If Custom languages for Okta Email Templates is enabled, all existing customizations are retrieved, including customizations for additional languages. If disabled, only customizations for Okta-supported languages are returned.
operationId: listEmailCustomizations
parameters:
- $ref: '#/components/parameters/queryAfter'
@@ -5111,9 +5688,15 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Email Customization
- description: Creates a new email customization
+ description: |
+ Creates a new Email Customization
+
+ If Custom languages for Okta Email Templates is enabled, you can create a customization for any BCP47 language in addition to the Okta-supported languages.
operationId: createEmailCustomization
x-codegen-request-body-name: instance
requestBody:
@@ -5159,9 +5742,15 @@ paths:
- okta.templates.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete all Email Customizations
- description: Deletes all customizations for an email template
+ description: |
+ Deletes all customizations for an email template
+
+ If Custom languages for Okta Email Templates is enabled, all customizations are deleted, including customizations for additional languages. If disabled, only customizations in Okta-supported languages are deleted.
operationId: deleteAllCustomizations
responses:
'204':
@@ -5179,6 +5768,9 @@ paths:
- okta.templates.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5186,7 +5778,10 @@ paths:
- $ref: '#/components/parameters/pathCustomizationId'
get:
summary: Retrieve an Email Customization
- description: Retrieves an email customization by its unique identifier
+ description: |
+ Retrieves an email customization by its unique identifier
+
+ If Custom languages for Okta Email Templates is disabled, requests to retrieve an additional language customization by ID result in a `404 Not Found` error response.
operationId: getEmailCustomization
responses:
'200':
@@ -5210,9 +5805,15 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Email Customization
- description: Replaces an existing email customization using the property values provided
+ description: |
+ Replaces an email customization using property values
+
+ If Custom languages for Okta Email Templates is disabled, requests to update a customization for an additional language return a `404 Not Found` error response.
operationId: replaceEmailCustomization
x-codegen-request-body-name: instance
requestBody:
@@ -5261,9 +5862,15 @@ paths:
- okta.templates.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Email Customization
- description: Deletes an email customization by its unique identifier
+ description: |
+ Deletes an Email Customization by its unique identifier
+
+ If Custom languages for Okta Email Templates is disabled, deletion of an existing additional language customization by ID doesn't register.
operationId: deleteEmailCustomization
responses:
'204':
@@ -5290,6 +5897,9 @@ paths:
- okta.templates.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5297,7 +5907,10 @@ paths:
- $ref: '#/components/parameters/pathCustomizationId'
get:
summary: Retrieve a Preview of an Email Customization
- description: Retrieves a preview of an email customization. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+ description: |
+ Retrieves a Preview of an Email Customization. All variable references are populated from the current user's context. For example, `${user.profile.firstName}`.
+
+ If Custom languages for Okta Email Templates is disabled, requests for the preview of an additional language customization by ID return a `404 Not Found` error response.
operationId: getCustomizationPreview
responses:
'200':
@@ -5321,13 +5934,21 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/default-content:
parameters:
- $ref: '#/components/parameters/pathBrandId'
- $ref: '#/components/parameters/pathTemplateName'
get:
summary: Retrieve an Email Template Default Content
- description: Retrieves an email template's default content
+ description: |
+ Retrieves an email template's default content
+
+ Defaults to the current user's language given the following:
+ - Custom languages for Okta Email Templates is enabled
+ - An additional language is specified for the `language` parameter
operationId: getEmailDefaultContent
parameters:
- $ref: '#/components/parameters/queryLanguage'
@@ -5353,13 +5974,21 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview:
parameters:
- $ref: '#/components/parameters/pathBrandId'
- $ref: '#/components/parameters/pathTemplateName'
get:
- summary: Retrieve a Preview of the Email Template Default Content
- description: Retrieves a preview of an email template's default content. All variable references (e.g., `${user.profile.firstName}`) are populated using the current user's context.
+ summary: Retrieve a Preview of the Email Template default content
+ description: |
+ Retrieves a preview of an Email Template's default content. All variable references are populated using the current user's context. For example, `${user.profile.firstName}`.
+
+ Defaults to the current user's language given the following:
+ - Custom languages for Okta Email Templates is enabled
+ - An additional language is specified for the `language` parameter
operationId: getEmailDefaultPreview
parameters:
- $ref: '#/components/parameters/queryLanguage'
@@ -5385,6 +6014,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/settings:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5415,6 +6047,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Email Template Settings
description: Replaces an email template's settings
@@ -5450,6 +6085,9 @@ paths:
- okta.templates.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/test:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5459,6 +6097,7 @@ paths:
description: |-
Sends a test email to the current user’s primary and secondary email addresses. The email content is selected based on the following priority:
1. The email customization for the language specified in the `language` query parameter.
+ If Custom languages for Okta Email Templates is enabled and the `language` parameter is an additional language, the test email uses the customization corresponding to the language.
2. The email template's default customization.
3. The email template’s default content, translated to the current user's language.
operationId: sendTestEmail
@@ -5480,6 +6119,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/themes:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5508,6 +6150,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/themes/{themeId}:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5535,6 +6180,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Theme
description: Replaces a theme for a brand
@@ -5567,6 +6215,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/themes/{themeId}/background-image:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5609,6 +6260,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete the Background Image
description: Deletes a Theme background image
@@ -5629,6 +6283,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/themes/{themeId}/favicon:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5671,6 +6328,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete the Favicon
description: Deletes a Theme favicon. The theme will use the default Okta favicon.
@@ -5691,6 +6351,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/themes/{themeId}/logo:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5733,6 +6396,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete the Logo
description: Deletes a Theme logo. The theme will use the default Okta logo.
@@ -5753,9 +6419,12 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/captchas:
get:
- summary: List all CAPTCHA instances
+ summary: List all CAPTCHA Instances
description: Lists all CAPTCHA instances with pagination support. A subset of CAPTCHA instances can be returned that match a supported filter expression or query.
operationId: listCaptchaInstances
responses:
@@ -5777,9 +6446,14 @@ paths:
- okta.captchas.read
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Create a CAPTCHA instance
- description: Creates a new CAPTCHA instance. In the current release, we only allow one CAPTCHA instance per org.
+ description: Creates a new CAPTCHA instance. Currently, an org can only configure a single CAPTCHA instance.
operationId: createCaptchaInstance
x-codegen-request-body-name: instance
requestBody:
@@ -5826,12 +6500,17 @@ paths:
- okta.captchas.manage
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/captchas/{captchaId}:
parameters:
- $ref: '#/components/parameters/pathCaptchaId'
get:
summary: Retrieve a CAPTCHA Instance
- description: Retrieves a CAPTCHA instance by `captchaId`
+ description: Retrieves the properties of a specified CAPTCHA instance
operationId: getCaptchaInstance
responses:
'200':
@@ -5857,9 +6536,14 @@ paths:
- okta.captchas.read
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
- summary: Update a CAPTCHA instance
- description: Partially updates a CAPTCHA instance by `captchaId`
+ summary: Update a CAPTCHA Instance
+ description: Partially updates the properties of a specified CAPTCHA instance
operationId: updateCaptchaInstance
x-codegen-request-body-name: instance
requestBody:
@@ -5899,9 +6583,14 @@ paths:
- okta.captchas.manage
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
- summary: Replace a CAPTCHA instance
- description: Replaces a CAPTCHA instance by `captchaId`
+ summary: Replace a CAPTCHA Instance
+ description: Replaces the properties for a specified CAPTCHA instance
operationId: replaceCaptchaInstance
x-codegen-request-body-name: instance
requestBody:
@@ -5941,9 +6630,16 @@ paths:
- okta.captchas.manage
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete a CAPTCHA Instance
- description: Deletes a CAPTCHA instance by `captchaId`. If the CAPTCHA instance is currently being used in the org, the delete will not be allowed.
+ description: |-
+ Deletes a specified CAPTCHA instance
+ > **Note:** If your CAPTCHA instance is still associated with your org, the request fails. You must first update your Org-wide CAPTCHA settings to remove the CAPTCHA instance.
operationId: deleteCaptchaInstance
responses:
'204':
@@ -5970,6 +6666,11 @@ paths:
- okta.captchas.manage
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/device-assurances:
get:
summary: List all Device Assurance Policies
@@ -5983,7 +6684,20 @@ paths:
schema:
type: array
items:
- $ref: '#/components/schemas/DeviceAssurance'
+ oneOf: &ref_8
+ - $ref: '#/components/schemas/DeviceAssuranceWindowsPlatform'
+ - $ref: '#/components/schemas/DeviceAssuranceMacOSPlatform'
+ - $ref: '#/components/schemas/DeviceAssuranceChromeOSPlatform'
+ - $ref: '#/components/schemas/DeviceAssuranceIOSPlatform'
+ - $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform'
+ discriminator: &ref_9
+ propertyName: platform
+ mapping:
+ WINDOWS: '#/components/schemas/DeviceAssuranceWindowsPlatform'
+ MACOS: '#/components/schemas/DeviceAssuranceMacOSPlatform'
+ CHROMEOS: '#/components/schemas/DeviceAssuranceChromeOSPlatform'
+ IOS: '#/components/schemas/DeviceAssuranceIOSPlatform'
+ ANDROID: '#/components/schemas/DeviceAssuranceAndroidPlatform'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -5994,6 +6708,11 @@ paths:
- okta.deviceAssurance.read
tags:
- DeviceAssurance
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Create a Device Assurance Policy
description: Creates a new Device Assurance Policy
@@ -6003,16 +6722,35 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/DeviceAssurance'
+ oneOf: *ref_8
+ discriminator: *ref_9
examples:
- ANDROID:
+ Android:
$ref: '#/components/examples/DeviceAssuranceAndroidRequest'
- MACOS:
+ iOS:
+ $ref: '#/components/examples/DeviceAssuranceIosRequest'
+ MacOS:
$ref: '#/components/examples/DeviceAssuranceMacOSRequest'
- WINDOWS:
+ Windows:
$ref: '#/components/examples/DeviceAssuranceWindowsRequest'
- IOS:
- $ref: '#/components/examples/DeviceAssuranceIosRequest'
+ ChromeOSWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest'
+ MacOSWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
+ WindowsWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
+ AndroidWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementRequest'
+ iOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementRequest'
+ MacOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementRequest'
+ WindowsWithDynamicVersionRequirements:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest'
+ WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest'
+ WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest'
required: true
responses:
'200':
@@ -6020,10 +6758,35 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/DeviceAssurance'
+ oneOf: *ref_8
+ discriminator: *ref_9
examples:
- DeviceAssuranceResponse:
- $ref: '#/components/examples/DeviceAssuranceResponse'
+ Android:
+ $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
+ iOS:
+ $ref: '#/components/examples/DeviceAssuranceIosResponse'
+ MacOS:
+ $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
+ Windows:
+ $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
+ ChromeOSWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
+ MacOSWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
+ WindowsWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+ AndroidWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
+ iOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
+ MacOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
+ WindowsWithDynamicVersionRequirements:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
+ WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
+ WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -6036,23 +6799,53 @@ paths:
- okta.deviceAssurance.manage
tags:
- DeviceAssurance
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/device-assurances/{deviceAssuranceId}:
+ parameters:
+ - $ref: '#/components/parameters/pathDeviceAssuranceId'
get:
summary: Retrieve a Device Assurance Policy
description: Retrieves a Device Assurance Policy by `deviceAssuranceId`
operationId: getDeviceAssurancePolicy
- parameters:
- - $ref: '#/components/parameters/pathDeviceAssuranceId'
responses:
'200':
description: OK
content:
application/json:
schema:
- $ref: '#/components/schemas/DeviceAssurance'
+ oneOf: *ref_8
+ discriminator: *ref_9
examples:
- DeviceAssuranceResponse:
- $ref: '#/components/examples/DeviceAssuranceResponse'
+ Android:
+ $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
+ iOS:
+ $ref: '#/components/examples/DeviceAssuranceIosResponse'
+ MacOS:
+ $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
+ Windows:
+ $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
+ ChromeOSWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
+ MacOSWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
+ WindowsWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+ AndroidWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
+ iOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
+ MacOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
+ WindowsWithDynamicVersionRequirements:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
+ WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
+ WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -6065,21 +6858,49 @@ paths:
- okta.deviceAssurance.read
tags:
- DeviceAssurance
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
summary: Replace a Device Assurance Policy
description: Replaces a Device Assurance Policy by `deviceAssuranceId`
operationId: replaceDeviceAssurancePolicy
- parameters:
- - $ref: '#/components/parameters/pathDeviceAssuranceId'
x-codegen-request-body-name: deviceAssurance
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/DeviceAssurance'
+ oneOf: *ref_8
+ discriminator: *ref_9
examples:
- DeviceAssuranceResponse:
- $ref: '#/components/examples/DeviceAssuranceResponse'
+ Android:
+ $ref: '#/components/examples/DeviceAssuranceAndroidRequest'
+ iOS:
+ $ref: '#/components/examples/DeviceAssuranceIosRequest'
+ MacOS:
+ $ref: '#/components/examples/DeviceAssuranceMacOSRequest'
+ Windows:
+ $ref: '#/components/examples/DeviceAssuranceWindowsRequest'
+ ChromeOSWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest'
+ MacOSWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
+ WindowsWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
+ AndroidWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementRequest'
+ iOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementRequest'
+ MacOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementRequest'
+ WindowsWithDynamicVersionRequirements:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest'
+ WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest'
+ WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest'
required: true
responses:
'200':
@@ -6087,10 +6908,35 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/DeviceAssurance'
+ oneOf: *ref_8
+ discriminator: *ref_9
examples:
- DeviceAssuranceResponse:
- $ref: '#/components/examples/DeviceAssuranceResponse'
+ Android:
+ $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
+ iOS:
+ $ref: '#/components/examples/DeviceAssuranceIosResponse'
+ MacOS:
+ $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
+ Windows:
+ $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
+ ChromeOSWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
+ MacOSWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
+ WindowsWithThirdPartySignalProviders:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
+ AndroidWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
+ iOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
+ MacOSWithDynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
+ WindowsWithDynamicVersionRequirements:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
+ WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
+ WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
+ $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -6105,12 +6951,15 @@ paths:
- okta.deviceAssurance.manage
tags:
- DeviceAssurance
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete a Device Assurance Policy
description: Deletes a Device Assurance Policy by `deviceAssuranceId`. If the Device Assurance Policy is currently being used in the org Authentication Policies, the delete will not be allowed.
operationId: deleteDeviceAssurancePolicy
- parameters:
- - $ref: '#/components/parameters/pathDeviceAssuranceId'
responses:
'204':
description: No Content
@@ -6126,7 +6975,7 @@ paths:
schema:
$ref: '#/components/schemas/Error'
examples:
- Cannot delete device assurance policy in use by authentication policies:
+ ErrorDeviceAssuranceInUse:
$ref: '#/components/examples/ErrorDeviceAssuranceInUse'
'429':
$ref: '#/components/responses/ErrorTooManyRequests429'
@@ -6136,28 +6985,43 @@ paths:
- okta.deviceAssurance.manage
tags:
- DeviceAssurance
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices:
get:
summary: List all Devices
description: |-
Lists all devices with pagination support.
-
- A subset of Devices can be returned that match a supported search criteria using the `search` query parameter.
-
+ You can return a subset of Devices that match a supported search criteria using the `search` query parameter.
Searches for devices based on the properties specified in the `search` parameter conforming SCIM filter specifications (case-insensitive). This data is eventually consistent. The API returns different results depending on specified queries in the request. Empty list is returned if no objects match `search` request.
-
> **Note:** Listing devices with `search` should not be used as a part of any critical flows—such as authentication or updates—to prevent potential data loss. `search` results may not reflect the latest information, as this endpoint uses a search index which may not be up-to-date with recent updates to the object.
Don't use search results directly for record updates, as the data might be stale and therefore overwrite newer data, resulting in data loss.
Use an `id` lookup for records that you update to ensure your results contain the latest data.
-
- This operation equires [URL encoding](http://en.wikipedia.org/wiki/Percent-encoding). For example, `search=profile.displayName eq "Bob"` is encoded as `search=profile.displayName%20eq%20%22Bob%22`.
+ This operation requires [URL encoding](https://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.1). For example, `search=profile.displayName eq "Bob"` is encoded as `search=profile.displayName%20eq%20%22Bob%22`.
operationId: listDevices
parameters:
- - $ref: '#/components/parameters/queryAfter'
- - $ref: '#/components/parameters/queryLimit'
+ - name: after
+ in: query
+ schema:
+ type: string
+ description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information.
+ example: 200u3des4afA47rYJu1d7
+ - name: limit
+ in: query
+ schema:
+ type: integer
+ minimum: 1
+ maximum: 200
+ default: 200
+ example: 20
+ description: A limit on the number of objects to return (recommend `20`)
- name: search
in: query
- description: SCIM filter expression that filters the results. Searches include all Device `profile` properties, as well as the Device `id`, `status` and `lastUpdated` properties.
+ description: A SCIM filter expression that filters the results. Searches include all Device `profile` properties and the Device `id`, `status`, and `lastUpdated` properties.
schema:
type: string
+ example: lastUpdated gt "2019-06-01T09:00:00.000Z"
examples:
Devices that have a `status` of `ACTIVE`:
value: status eq "ACTIVE"
@@ -6171,6 +7035,25 @@ paths:
value: profile.platform eq "WINDOWS"
Devices whose `sid` starts with `S-1`:
value: profile.sid sw "S-1"
+ - name: expand
+ in: query
+ description: Includes associated user details and management status for the device in the `_embedded` attribute
+ schema:
+ type: string
+ example: userSummary
+ enum:
+ - user
+ - userSummary
+ x-enumDescriptions:
+ user: Lists full details for associated users
+ userSummary: Lists summaries for associated users
+ examples:
+ UserFullDetails:
+ summary: Get a detailed list of associated users
+ value: user
+ UserSummaries:
+ summary: Get the list of associated user summaries
+ value: userSummary
responses:
'200':
description: OK
@@ -6179,7 +7062,14 @@ paths:
schema:
type: array
items:
- $ref: '#/components/schemas/Device'
+ $ref: '#/components/schemas/DeviceList'
+ examples:
+ APIDevicesResponseUserSummaryExample:
+ type: array
+ $ref: '#/components/examples/APIDevicesListAllUserSummaryResponse'
+ APIDevicesResponseExample:
+ type: array
+ $ref: '#/components/examples/APIDevicesListAllResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -6190,6 +7080,11 @@ paths:
- okta.devices.read
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
@@ -6205,7 +7100,7 @@ paths:
schema:
$ref: '#/components/schemas/Device'
examples:
- Example Response:
+ APIDevicesResponseExample:
$ref: '#/components/examples/DeviceResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
@@ -6219,9 +7114,17 @@ paths:
- okta.devices.read
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete a Device
- description: Deletes a device by `deviceId`
+ description: |-
+ Deletes (permanently) a device by `deviceId` if it has a status of `DEACTIVATED`. You can transition the device to `DEACTIVATED` status using the [Deactivate a Device](#tag/Device/operation/deactivateDevice) endpoint.
+ This request is destructive and deletes all of the profile data related to the device. Once deleted, device data can't be recovered. However, reenrollment creates a new device record.
+ > **Note:** Attempts to delete a device that isn't in a `DEACTIVATED` state raise an error.
operationId: deleteDevice
responses:
'204':
@@ -6246,12 +7149,19 @@ paths:
- okta.devices.manage
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
post:
summary: Activate a Device
- description: Activates a device by `deviceId`
+ description: |-
+ Activates a Device by setting its status to ACTIVE by `deviceId`.
+ Activated devices are used to create and delete Device user links.
operationId: activateDevice
responses:
'204':
@@ -6268,12 +7178,23 @@ paths:
- okta.devices.manage
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
post:
summary: Deactivate a Device
- description: Deactivates a device by `deviceId`
+ description: |-
+ Deactivates a Device by setting its status to DEACTIVATED by `deviceId`.
+ Deactivation causes a Device to lose all device user links.
+ Set the Device status to DEACTIVATED before deleting it.
+ > **Note:** When deactivating a Device, keep in mind the following:
+ - Device deactivation is a destructive operation for device factors and client certificates. Device reenrollment using Okta Verify allows end users to set up new factors on the device.
+ - Device deletion removes the device record from Okta. Reenrollment creates a new device record.
operationId: deactivateDevice
responses:
'204':
@@ -6290,12 +7211,21 @@ paths:
- okta.devices.manage
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}/lifecycle/suspend:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
post:
summary: Suspend a Device
- description: Suspends a device by `deviceId`
+ description: |-
+ Suspends a Device by setting its status to SUSPENDED.
+ Use suspended devices to create and delete device user links.
+ You can only unsuspend or deactivate suspended devices.
+ > **Note:** SUSPENDED status is meant to be temporary, so it isn't destructive.
operationId: suspendDevice
responses:
'204':
@@ -6312,12 +7242,19 @@ paths:
- okta.devices.manage
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}/lifecycle/unsuspend:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
post:
summary: Unsuspend a Device
- description: Unsuspends a device by `deviceId`
+ description: |-
+ Unsuspends a Device by returning its `status` to ACTIVE.
+ >**Note:** Only devices with a SUSPENDED status can be unsuspended.
operationId: unsuspendDevice
responses:
'204':
@@ -6334,11 +7271,53 @@ paths:
- okta.devices.manage
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/devices/{deviceId}/users:
+ parameters:
+ - $ref: '#/components/parameters/pathDeviceId'
+ get:
+ summary: List all Users for a Device
+ description: Lists all Users for a Device by `deviceId`
+ operationId: listDeviceUsers
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ $ref: '#/components/schemas/DeviceUser'
+ examples:
+ APIDevicesListAllUsersResponseExample:
+ summary: List all users for a specific device
+ $ref: '#/components/examples/APIDevicesListAllUsersResponse'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.devices.read
+ tags:
+ - Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/domains:
get:
- summary: List all Domains
- description: Lists all verified custom Domains for the org
- operationId: listDomains
+ summary: List all Custom Domains
+ description: Lists all verified custom domains for the org
+ operationId: listCustomDomains
responses:
'200':
description: Success
@@ -6355,17 +7334,20 @@ paths:
- oauth2:
- okta.domains.read
tags:
- - Domain
+ - CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
- summary: Create a Domain
- description: Creates your domain
- operationId: createDomain
+ summary: Create a Custom Domain
+ description: Creates your custom domain
+ operationId: createCustomDomain
x-codegen-request-body-name: domain
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/Domain'
+ $ref: '#/components/schemas/DomainRequest'
required: true
responses:
'200':
@@ -6385,18 +7367,17 @@ paths:
- oauth2:
- okta.domains.manage
tags:
- - Domain
+ - CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/domains/{domainId}:
+ parameters:
+ - $ref: '#/components/parameters/pathDomainId'
get:
- summary: Retrieve a Domain
- description: Retrieves a Domain by `id`
- operationId: getDomain
- parameters:
- - name: domainId
- in: path
- required: true
- schema:
- type: string
+ summary: Retrieve a Custom Domain
+ description: Retrieves a custom domain by `domainId`
+ operationId: getCustomDomain
responses:
'200':
description: Success
@@ -6415,17 +7396,14 @@ paths:
- oauth2:
- okta.domains.read
tags:
- - Domain
+ - CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
- summary: Replace a Domain's brandId
- description: Replaces a Domain by `id`
- operationId: replaceDomain
- parameters:
- - name: domainId
- in: path
- required: true
- schema:
- type: string
+ summary: Replace a Custom Domain's Brand
+ description: Replaces a custom domain's brand
+ operationId: replaceCustomDomain
requestBody:
content:
application/json:
@@ -6452,17 +7430,14 @@ paths:
- oauth2:
- okta.domains.manage
tags:
- - Domain
+ - CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Delete a Domain
- description: Deletes a Domain by `id`
- operationId: deleteDomain
- parameters:
- - name: domainId
- in: path
- required: true
- schema:
- type: string
+ summary: Delete a Custom Domain
+ description: Deletes a custom domain by `domainId`
+ operationId: deleteCustomDomain
responses:
'204':
description: No Content
@@ -6478,18 +7453,17 @@ paths:
- oauth2:
- okta.domains.manage
tags:
- - Domain
+ - CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/domains/{domainId}/certificate:
+ parameters:
+ - $ref: '#/components/parameters/pathDomainId'
put:
- summary: Upsert the Certificate
- description: Creates or replaces the certificate for the domain
+ summary: Upsert the Custom Domain's Certificate
+ description: Upserts (creates or renews) the `MANUAL` certificate for the custom domain. If the `certificateSourceType` in the domain is `OKTA_MANAGED`, it becomes `MANUAL` and Okta no longer manages and renews certificates for this domain since a user-managed certificate has been provided.
operationId: upsertCertificate
- parameters:
- - name: domainId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: certificate
requestBody:
content:
@@ -6514,18 +7488,17 @@ paths:
- oauth2:
- okta.domains.manage
tags:
- - Domain
+ - CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/domains/{domainId}/verify:
+ parameters:
+ - $ref: '#/components/parameters/pathDomainId'
post:
- summary: Verify a Domain
- description: Verifies the Domain by `id`
+ summary: Verify a Custom Domain
+ description: Verifies the custom domain and validity of DNS records by `domainId`. Furthermore, if the `certificateSourceType` in the domain is `OKTA_MANAGED`, then an attempt is made to obtain and install a certificate. After a certificate is obtained and installed by Okta, Okta manages the certificate including certificate renewal.
operationId: verifyDomain
- parameters:
- - name: domainId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -6544,11 +7517,16 @@ paths:
- oauth2:
- okta.domains.manage
tags:
- - Domain
+ - CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/email-domains:
+ parameters:
+ - $ref: '#/components/parameters/queryExpandEmailDomain'
get:
- summary: List all email domains
- description: Lists all the email domains in your org
+ summary: List all Email Domains
+ description: Lists all the Email Domains in your org
operationId: listEmailDomains
responses:
'200':
@@ -6556,7 +7534,12 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/EmailDomainListResponse'
+ type: array
+ items:
+ $ref: '#/components/schemas/EmailDomainResponseWithEmbedded'
+ examples:
+ List email domain response:
+ $ref: '#/components/examples/EmailDomainResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -6564,12 +7547,15 @@ paths:
security:
- apiToken: []
- oauth2:
- - okta.email-domains.read
+ - okta.emailDomains.read
tags:
- EmailDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Email Domain
- description: Creates a custom email domain
+ description: Creates an Email Domain in your org
operationId: createEmailDomain
x-codegen-request-body-name: emailDomain
requestBody:
@@ -6577,6 +7563,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/EmailDomain'
+ examples:
+ Create email domain request:
+ $ref: '#/components/examples/CreateEmailDomainRequest'
required: true
responses:
'200':
@@ -6585,32 +7574,53 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/EmailDomainResponse'
+ examples:
+ Create email domain response:
+ $ref: '#/components/examples/EmailDomainResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '409':
+ description: Conflict
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ Email domain already exists:
+ $ref: '#/components/examples/ErrorEmailDomainAlreadyExists'
'429':
$ref: '#/components/responses/ErrorTooManyRequests429'
security:
- apiToken: []
- oauth2:
- - okta.email-domains.manage
+ - okta.emailDomains.manage
tags:
- EmailDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/email-domains/{emailDomainId}:
+ parameters:
+ - $ref: '#/components/parameters/pathEmailDomainId'
+ - $ref: '#/components/parameters/queryExpandEmailDomain'
get:
- summary: Retrieve a Email Domain
+ summary: Retrieve an Email Domain
description: Retrieves an Email Domain by `emailDomainId`
operationId: getEmailDomain
- parameters:
- - $ref: '#/components/parameters/pathEmailDomainId'
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/EmailDomainResponse'
+ $ref: '#/components/schemas/EmailDomainResponseWithEmbedded'
+ examples:
+ Retrieve email domain response:
+ $ref: '#/components/examples/EmailDomainResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -6620,21 +7630,25 @@ paths:
security:
- apiToken: []
- oauth2:
- - okta.email-domains.read
+ - okta.emailDomains.read
tags:
- EmailDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Email Domain
- description: Replaces an email domain by `emailDomainId`
+ description: Replaces associated username and sender display name by `emailDomainId`
operationId: replaceEmailDomain
- parameters:
- - $ref: '#/components/parameters/pathEmailDomainId'
x-codegen-request-body-name: updateEmailDomain
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateEmailDomain'
+ examples:
+ Update email domain request:
+ $ref: '#/components/examples/UpdateEmailDomainRequest'
required: true
responses:
'200':
@@ -6643,6 +7657,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/EmailDomainResponse'
+ examples:
+ Update email domain response:
+ $ref: '#/components/examples/UpdatedEmailDomainResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -6654,19 +7671,29 @@ paths:
security:
- apiToken: []
- oauth2:
- - okta.email-domains.manage
+ - okta.emailDomains.manage
tags:
- EmailDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Email Domain
description: Deletes an Email Domain by `emailDomainId`
operationId: deleteEmailDomain
- parameters:
- - $ref: '#/components/parameters/pathEmailDomainId'
responses:
'204':
description: No Content
content: {}
+ '400':
+ description: Unable to delete custom email domain due to mail provider specific restrictions
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ Email domain in use:
+ $ref: '#/components/examples/ErrorEmailDomainInUse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -6676,25 +7703,40 @@ paths:
security:
- apiToken: []
- oauth2:
- - okta.email-domains.manage
+ - okta.emailDomains.manage
tags:
- EmailDomain
- /api/v1/email-domains/{emailDomainId}/brands:
- get:
- summary: List all brands linked to an email domain
- description: Lists all brands linked to an email domain
- operationId: listEmailDomainBrands
- parameters:
- - $ref: '#/components/parameters/pathEmailDomainId'
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/email-domains/{emailDomainId}/verify:
+ parameters:
+ - $ref: '#/components/parameters/pathEmailDomainId'
+ post:
+ summary: Verify an Email Domain
+ description: Verifies an Email Domain by `emailDomainId`
+ operationId: verifyEmailDomain
responses:
'200':
- description: OK
+ description: Success
content:
application/json:
schema:
- type: array
- items:
- $ref: '#/components/schemas/Brand'
+ $ref: '#/components/schemas/EmailDomainResponse'
+ examples:
+ Verified email domain response:
+ $ref: '#/components/examples/VerifiedEmailDomainResponse'
+ '400':
+ description: Email domain could not be verified by mail provider
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ Email domain could not be verified:
+ $ref: '#/components/examples/ErrorEmailDomainNotVerified'
+ Email domain invalid status:
+ $ref: '#/components/examples/ErrorEmailDomainInvalidStatus'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -6704,23 +7746,86 @@ paths:
security:
- apiToken: []
- oauth2:
- - okta.email-domains.read
+ - okta.emailDomains.manage
tags:
- EmailDomain
- /api/v1/email-domains/{emailDomainId}/verify:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/email-servers:
+ get:
+ summary: List all enrolled SMTP servers
+ description: Lists all the enrolled custom SMTP server configurations
+ operationId: listEmailServers
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EmailServerListResponse'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.emailServers.read
+ tags:
+ - EmailServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
- summary: Verify an Email Domain
- description: Verifies an Email Domain by `emailDomainId`
- operationId: verifyEmailDomain
- parameters:
- - $ref: '#/components/parameters/pathEmailDomainId'
+ summary: Create a custom SMTP server
+ description: Creates a custom email SMTP server configuration for your org
+ operationId: createEmailServer
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EmailServerPost'
+ responses:
+ '201':
+ description: Successfully enrolled server credentials
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EmailServerResponse'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.emailServers.manage
+ tags:
+ - EmailServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/email-servers/{emailServerId}:
+ parameters:
+ - $ref: '#/components/parameters/pathEmailServerId'
+ get:
+ summary: Retrieve an SMTP Server configuration
+ description: Retrieves the specified custom SMTP server configuration
+ operationId: getEmailServer
responses:
'200':
- description: Success
+ description: OK
content:
application/json:
schema:
- $ref: '#/components/schemas/EmailDomainResponse'
+ $ref: '#/components/schemas/EmailServerListResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -6730,9 +7835,107 @@ paths:
security:
- apiToken: []
- oauth2:
- - okta.email-domains.manage
+ - okta.emailServers.read
tags:
- - EmailDomain
+ - EmailServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ patch:
+ summary: Update an SMTP Server configuration
+ description: Updates the specified custom SMTP server configuration
+ operationId: updateEmailServer
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EmailServerRequest'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EmailServerResponse'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.emailServers.manage
+ tags:
+ - EmailServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ delete:
+ summary: Delete an SMTP Server configuration
+ description: Deletes the specified custom SMTP server configuration
+ operationId: deleteEmailServer
+ responses:
+ '204':
+ description: No content
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.emailServers.manage
+ tags:
+ - EmailServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/email-servers/{emailServerId}/test:
+ parameters:
+ - $ref: '#/components/parameters/pathEmailServerId'
+ post:
+ summary: Test an SMTP Server configuration
+ description: Tests the specified custom SMTP Server configuration
+ operationId: testEmailServer
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EmailTestAddresses'
+ responses:
+ '204':
+ description: No content
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.emailServers.manage
+ tags:
+ - EmailServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/eventHooks:
get:
summary: List all Event Hooks
@@ -6747,6 +7950,9 @@ paths:
type: array
items:
$ref: '#/components/schemas/EventHook'
+ examples:
+ RetrieveAllEventHooks:
+ $ref: '#/components/examples/RetrieveAllEventHooks'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -6757,9 +7963,23 @@ paths:
- okta.eventHooks.read
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Event Hook
- description: Creates an event hook
+ description: |-
+ Creates a new event hook for your organization in `ACTIVE` status. You pass an event hook object in the JSON payload
+ of your request. That object represents the set of required information about the event hook you're registering, including:
+ * The URI of your external service
+ * The [events](https://developer.okta.com/docs/reference/api/event-types/) in Okta you want to subscribe to
+ * An optional event hook filter that can reduce the number of event hook calls. This is a self-service Early Access (EA) feature.
+ See [Create an event hook filter](https://developer.okta.com/docs/concepts/event-hooks/#create-an-event-hook-filter).
+
+ Additionally, you can specify a secret API key for Okta to pass to your external service endpoint for security verification. Note that the API key you set here is unrelated to the Okta API token
+ you must supply when making calls to Okta APIs. Optionally, you can specify extra headers that Okta passes to your external
+ service with each call.
+ Your external service must use a valid HTTPS endpoint.
operationId: createEventHook
x-codegen-request-body-name: eventHook
requestBody:
@@ -6767,6 +7987,11 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/EventHook'
+ examples:
+ CreateAnEventHook:
+ $ref: '#/components/examples/CreateAnEventHook'
+ CreateAnEventHookWithFilter:
+ $ref: '#/components/examples/CreateAnEventHookWithFilter'
required: true
responses:
'200':
@@ -6775,6 +8000,11 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/EventHook'
+ examples:
+ CreateAnEventHook:
+ $ref: '#/components/examples/RetrieveAnEventHook'
+ CreateAnEventHookWithFilter:
+ $ref: '#/components/examples/RetrieveAnEventHookWithFilter'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -6787,17 +8017,16 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/eventHooks/{eventHookId}:
+ parameters:
+ - $ref: '#/components/parameters/pathEventHookId'
get:
summary: Retrieve an Event Hook
description: Retrieves an event hook
operationId: getEventHook
- parameters:
- - name: eventHookId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -6805,6 +8034,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/EventHook'
+ examples:
+ RetrieveAnEventHook:
+ $ref: '#/components/examples/RetrieveAnEventHook'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -6817,22 +8049,26 @@ paths:
- okta.eventHooks.read
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Event Hook
- description: Replaces an event hook
+ description: |-
+ Replaces an event hook. Okta validates the new properties before replacing the existing values.
+ Some event hook properties are immutable and can't be updated. Refer to the parameter description in the request body schema.
+
+ >**Note:** Updating the `channel` property requires you to verify the hook again.
operationId: replaceEventHook
- parameters:
- - name: eventHookId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: eventHook
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EventHook'
+ examples:
+ ReplaceAnEventHook:
+ $ref: '#/components/examples/ReplaceAnEventHookWithFilter'
required: true
responses:
'200':
@@ -6841,6 +8077,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/EventHook'
+ examples:
+ ReplaceAnEventHook:
+ $ref: '#/components/examples/RetrieveAnEventHookWithFilter'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -6855,16 +8094,15 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Event Hook
- description: Deletes an event hook
+ description: |-
+ Deletes the event hook that matches the provided `id`. After deletion, the event hook is unrecoverable.
+ As a safety precaution, you can only delete event hooks with a status of `INACTIVE`.
operationId: deleteEventHook
- parameters:
- - name: eventHookId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -6881,17 +8119,16 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/eventHooks/{eventHookId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathEventHookId'
post:
summary: Activate an Event Hook
- description: Activates an event hook
+ description: Activates the event hook that matches the provided `id`
operationId: activateEventHook
- parameters:
- - name: eventHookId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -6899,6 +8136,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/EventHook'
+ examples:
+ ActivateAnEventHook:
+ $ref: '#/components/examples/RetrieveAnEventHook'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -6911,17 +8151,16 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/eventHooks/{eventHookId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathEventHookId'
post:
summary: Deactivate an Event Hook
- description: Deactivates an event hook
+ description: Deactivates the event hook that matches the provided `id`
operationId: deactivateEventHook
- parameters:
- - name: eventHookId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -6929,6 +8168,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/EventHook'
+ examples:
+ DeactivateAnEventHook:
+ $ref: '#/components/examples/RetrieveADeactivatedEventHook'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -6941,17 +8183,22 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/eventHooks/{eventHookId}/lifecycle/verify:
+ parameters:
+ - $ref: '#/components/parameters/pathEventHookId'
post:
summary: Verify an Event Hook
- description: Verifies an event hook
+ description: |-
+ Verifies that the event hook matches the provided `eventHookId`. To verify ownership, your endpoint must send information back to Okta in JSON format. See [Event hooks](https://developer.okta.com/docs/concepts/event-hooks/#one-time-verification-request).
+
+ Only `ACTIVE` and `VERIFIED` event hooks can receive events from Okta.
+
+ If a response is not received within 3 seconds, the outbound request times out. One retry is attempted after a timeout or error response.
+ If a successful response still isn't received, this operation returns a 400 error with more information about the failure.
operationId: verifyEventHook
- parameters:
- - name: eventHookId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -6959,6 +8206,11 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/EventHook'
+ examples:
+ VerifyAnEventHook:
+ $ref: '#/components/examples/RetrieveAnEventHook'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -6971,10 +8223,13 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/features:
get:
summary: List all Features
- description: Lists all features
+ description: Lists all self-service features for your org
operationId: listFeatures
responses:
'200':
@@ -6985,6 +8240,10 @@ paths:
type: array
items:
$ref: '#/components/schemas/Feature'
+ examples:
+ FeaturesList:
+ summary: List all self-service features for your org
+ $ref: '#/components/examples/ListFeaturesResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -6995,17 +8254,16 @@ paths:
- okta.features.read
tags:
- Feature
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/features/{featureId}:
+ parameters:
+ - $ref: '#/components/parameters/pathFeatureId'
get:
summary: Retrieve a Feature
- description: Retrieves a feature
+ description: Retrieves a feature by ID
operationId: getFeature
- parameters:
- - name: featureId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -7013,6 +8271,10 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Feature'
+ examples:
+ FeaturesRetrieve:
+ summary: Retrieve a Feature by ID
+ $ref: '#/components/examples/RetrieveFeaturesResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -7025,17 +8287,19 @@ paths:
- okta.features.read
tags:
- Feature
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/features/{featureId}/dependencies:
+ parameters:
+ - $ref: '#/components/parameters/pathFeatureId'
get:
- summary: List all Dependencies
- description: Lists all dependencies
+ summary: List all dependencies
+ description: |-
+ Lists all feature dependencies for a specified feature.
+
+ A feature's dependencies are the features that it requires to be enabled in order for itself to be enabled.
operationId: listFeatureDependencies
- parameters:
- - name: featureId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -7045,6 +8309,10 @@ paths:
type: array
items:
$ref: '#/components/schemas/Feature'
+ examples:
+ FeaturesDependenciesList:
+ summary: List all Dependencies
+ $ref: '#/components/examples/ListFeatureDependenciesResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -7057,17 +8325,19 @@ paths:
- okta.features.read
tags:
- Feature
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/features/{featureId}/dependents:
+ parameters:
+ - $ref: '#/components/parameters/pathFeatureId'
get:
- summary: List all Dependents
- description: Lists all dependents
+ summary: List all dependents
+ description: |-
+ Lists all feature dependents for the specified feature.
+
+ A feature's dependents are the features that need to be disabled in order for the feature itself to be disabled.
operationId: listFeatureDependents
- parameters:
- - name: featureId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -7077,6 +8347,10 @@ paths:
type: array
items:
$ref: '#/components/schemas/Feature'
+ examples:
+ FeaturesDependentsList:
+ summary: List all feature dependents for the specified feature
+ $ref: '#/components/examples/ListFeatureDependentsResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -7089,24 +8363,32 @@ paths:
- okta.features.read
tags:
- Feature
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/features/{featureId}/{lifecycle}:
+ parameters:
+ - $ref: '#/components/parameters/pathFeatureId'
+ - $ref: '#/components/parameters/pathLifecycle'
post:
- summary: Update a Feature Lifecycle
- description: Updates a feature lifecycle
+ summary: Update a Feature lifecycle
+ description: |-
+ Updates a feature's lifecycle status. Use this endpoint to enable or disable a feature for your org.
+
+ Use the `mode=force` parameter to override dependency restrictions for a particular feature. Normally, you can't enable a feature if it has one or more dependencies that aren't enabled.
+
+ When you use the `mode=force` parameter while enabling a feature, Okta first tries to enable any disabled features that this feature may have as dependencies. If you don't pass the `mode=force` parameter and the feature has dependencies that need to be enabled before the feature is enabled, a 400 error is returned.
+
+ When you use the `mode=force` parameter while disabling a feature, Okta first tries to disable any enabled features that this feature may have as dependents. If you don't pass the `mode=force` parameter and the feature has dependents that need to be disabled before the feature is disabled, a 400 error is returned.
+
+ The following chart shows the different state transitions for a feature.
+
+ ![State transitions of a feature](../../../../../images/features/update-ssfeat-flowchart.png '#width=500px;')
operationId: updateFeatureLifecycle
parameters:
- - name: featureId
- in: path
- required: true
- schema:
- type: string
- - name: lifecycle
- in: path
- required: true
- schema:
- type: string
- - name: mode
- in: query
+ - name: mode
+ in: query
+ description: Indicates if you want to force enable or disable a feature. Supported value is `force`.
schema:
type: string
responses:
@@ -7116,6 +8398,10 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Feature'
+ examples:
+ FeaturesUpdate:
+ summary: Update the feature lifecycle status
+ $ref: '#/components/examples/UpdateFeatureLifecycleResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -7128,6 +8414,84 @@ paths:
- okta.features.manage
tags:
- Feature
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/first-party-app-settings/{appName}:
+ parameters:
+ - $ref: '#/components/parameters/pathFirstPartyAppName'
+ get:
+ summary: Retrieve the Okta app settings
+ description: Retrieves the settings for the first party Okta app
+ operationId: getFirstPartyAppSettings
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AdminConsoleSettings'
+ examples:
+ exampleSettings:
+ $ref: '#/components/examples/AdminConsoleSettingsExample'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.apps.read
+ tags:
+ - ApplicationOktaApplicationSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ put:
+ summary: Replace the Okta app settings
+ description: Replaces the settings for the first party Okta app
+ operationId: replaceFirstPartyAppSettings
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AdminConsoleSettings'
+ examples:
+ exampleSettings:
+ $ref: '#/components/examples/AdminConsoleSettingsExample'
+ required: true
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AdminConsoleSettings'
+ examples:
+ exampleSettings:
+ $ref: '#/components/examples/AdminConsoleSettingsExample'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ description: Forbidden
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ Access Denied:
+ $ref: '#/components/examples/ErrorAccessDenied'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.apps.manage
+ tags:
+ - ApplicationOktaApplicationSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups:
get:
summary: List all Groups
@@ -7166,6 +8530,20 @@ paths:
description: Searches for groups with a supported filtering expression for all attributes except for _embedded, _links, and objectClass
schema:
type: string
+ - name: sortBy
+ in: query
+ description: Specifies field to sort by and can be any single property (for search queries only).
+ schema:
+ type: string
+ example: lastUpdated
+ - name: sortOrder
+ in: query
+ description: |-
+ Specifies sort order `asc` or `desc` (for search queries only). This parameter is ignored if `sortBy` is not present.
+ Groups with the same value for the `sortBy` parameter are ordered by `id`.
+ schema:
+ type: string
+ default: asc
responses:
'200':
description: Success
@@ -7185,6 +8563,9 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Group
description: Creates a new group with `OKTA_GROUP` type
@@ -7215,6 +8596,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/rules:
get:
summary: List all Group Rules
@@ -7263,6 +8647,9 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Group Rule
description: Creates a group rule to dynamically add users to the specified group if they match the condition
@@ -7293,17 +8680,17 @@ paths:
- okta.groups.manage
tags:
- Group
- /api/v1/groups/rules/{ruleId}:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/groups/rules/{groupRuleId}:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupRuleId'
get:
summary: Retrieve a Group Rule
- description: Retrieves a specific group rule by `ruleId`
+ description: Retrieves a specific group rule by `groupRuleId`
operationId: getGroupRule
parameters:
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -7327,16 +8714,13 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Group Rule
description: Replaces a group rule. Only `INACTIVE` rules can be updated.
operationId: replaceGroupRule
- parameters:
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: groupRule
requestBody:
content:
@@ -7365,16 +8749,14 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a group Rule
- description: Deletes a specific group rule by `ruleId`
+ description: Deletes a specific group rule by `groupRuleId`
operationId: deleteGroupRule
parameters:
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
- name: removeUsers
in: query
description: Indicates whether to keep or remove users from groups assigned by this rule.
@@ -7396,17 +8778,16 @@ paths:
- okta.groups.manage
tags:
- Group
- /api/v1/groups/rules/{ruleId}/lifecycle/activate:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/groups/rules/{groupRuleId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupRuleId'
post:
summary: Activate a Group Rule
- description: Activates a specific group rule by `ruleId`
+ description: Activates a specific group rule by `groupRuleId`
operationId: activateGroupRule
- parameters:
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -7423,17 +8804,16 @@ paths:
- okta.groups.manage
tags:
- Group
- /api/v1/groups/rules/{ruleId}/lifecycle/deactivate:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/groups/rules/{groupRuleId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupRuleId'
post:
summary: Deactivate a Group Rule
- description: Deactivates a specific group rule by `ruleId`
+ description: Deactivates a specific group rule by `groupRuleId`
operationId: deactivateGroupRule
- parameters:
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -7450,17 +8830,16 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
get:
summary: Retrieve a Group
description: Retrieves a group by `groupId`
operationId: getGroup
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -7480,16 +8859,13 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Group
description: Replaces the profile for a group with `OKTA_GROUP` type
operationId: replaceGroup
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: group
requestBody:
content:
@@ -7518,16 +8894,13 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Group
description: Deletes a group with `OKTA_GROUP` type
operationId: deleteGroup
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -7544,17 +8917,17 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/apps:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
get:
summary: List all Assigned Applications
description: Lists all applications that are assigned to a group
operationId: listAssignedApplicationsForGroup
parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- name: after
in: query
description: Specifies the pagination cursor for the next page of apps
@@ -7589,17 +8962,17 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/owners:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
get:
summary: List all Group Owners
description: Lists all owners for a specific group
operationId: listGroupOwners
parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- name: filter
in: query
description: SCIM Filter expression for group owners. Allows to filter owners by type.
@@ -7626,6 +8999,11 @@ paths:
type: array
items:
$ref: '#/components/schemas/GroupOwner'
+ examples:
+ ListsOneOwnerOfaGroup:
+ $ref: '#/components/examples/ListsOwnerOneResponse'
+ ListsMultipleOwnersOfaGroup:
+ $ref: '#/components/examples/ListsOwnersMultipleResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -7638,6 +9016,9 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Assign a Group Owner
description: Assigns a group owner
@@ -7652,7 +9033,10 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/GroupOwner'
+ $ref: '#/components/schemas/AssignGroupOwnerRequestBody'
+ examples:
+ AssignAGroupOwner:
+ $ref: '#/components/examples/AssignGroupOwnerRequest'
required: true
responses:
'201':
@@ -7661,6 +9045,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/GroupOwner'
+ examples:
+ AssignAGroupOwner:
+ $ref: '#/components/examples/AssignGroupOwnerResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -7675,22 +9062,17 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/owners/{ownerId}:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
+ - $ref: '#/components/parameters/pathOwnerId'
delete:
summary: Delete a Group Owner
description: Deletes a group owner from a specific group
operationId: deleteGroupOwner
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: ownerId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -7707,17 +9089,17 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
get:
summary: List all Assigned Roles of Group
description: Lists all assigned roles of group identified by `groupId`
operationId: listGroupAssignedRoles
parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -7743,16 +9125,14 @@ paths:
- okta.roles.read
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Assign a Role to a Group
description: Assigns a role to a group
operationId: assignRoleToGroup
parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- name: disableNotifications
in: query
description: Setting this to `true` grants the group third-party admin status
@@ -7789,22 +9169,17 @@ paths:
- okta.roles.manage
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
+ - $ref: '#/components/parameters/pathRoleId'
get:
summary: Retrieve a Role assigned to Group
description: Retrieves a role identified by `roleId` assigned to group identified by `groupId`
operationId: getGroupAssignedRole
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -7824,21 +9199,13 @@ paths:
- okta.roles.read
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Role from a Group
description: Unassigns a role identified by `roleId` assigned to group identified by `groupId`
operationId: unassignRoleFromGroup
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -7855,22 +9222,18 @@ paths:
- okta.roles.manage
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
+ - $ref: '#/components/parameters/pathRoleId'
get:
summary: List all Application Targets for an Application Administrator Role
description: Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
operationId: listApplicationTargetsForApplicationAdministratorRoleForGroup
parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- name: after
in: query
schema:
@@ -7902,27 +9265,18 @@ paths:
- okta.roles.read
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
+ - $ref: '#/components/parameters/pathRoleId'
+ - $ref: '#/components/parameters/pathAppName'
put:
summary: Assign an Application Target to Administrator Role
description: Assigns an application target to administrator role
operationId: assignAppTargetToAdminRoleForGroup
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: appName
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -7939,26 +9293,13 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign an Application Target from Application Administrator Role
description: Unassigns an application target from application administrator role
operationId: unassignAppTargetToAdminRoleForGroup
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: appName
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -7975,32 +9316,19 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
- /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{appId}:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
+ - $ref: '#/components/parameters/pathRoleId'
+ - $ref: '#/components/parameters/pathAppName'
+ - $ref: '#/components/parameters/pathAppId'
put:
summary: Assign an Application Instance Target to Application Administrator Role
description: Assigns App Instance Target to App Administrator Role given to a Group
operationId: assignAppInstanceTargetToAppAdminRoleForGroup
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: appName
- in: path
- required: true
- schema:
- type: string
- - name: applicationId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -8017,31 +9345,13 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign an Application Instance Target from an Application Administrator Role
description: Unassigns an application instance target from application administrator role
operationId: unassignAppInstanceTargetToAppAdminRoleForGroup
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: appName
- in: path
- required: true
- schema:
- type: string
- - name: applicationId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -8058,22 +9368,18 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}/targets/groups:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
+ - $ref: '#/components/parameters/pathRoleId'
get:
summary: List all Group Targets for a Group Role
description: Lists all group targets for a group role
operationId: listGroupTargetsForGroupRole
parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- name: after
in: query
schema:
@@ -8105,27 +9411,18 @@ paths:
- okta.roles.read
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
+ - $ref: '#/components/parameters/pathRoleId'
+ - $ref: '#/components/parameters/pathTargetGroupId'
put:
summary: Assign a Group Target to a Group Role
description: Assigns a group target to a group role
operationId: assignGroupTargetToGroupAdminRole
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: targetGroupId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -8142,26 +9439,13 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Group Target from a Group Role
description: Unassigns a group target from a group role
operationId: unassignGroupTargetFromGroupAdminRole
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: targetGroupId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -8178,17 +9462,17 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/users:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
get:
summary: List all Member Users
description: Lists all users that are a member of a group
operationId: listGroupUsers
parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- name: after
in: query
description: Specifies the pagination cursor for the next page of users
@@ -8222,22 +9506,17 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/users/{userId}:
+ parameters:
+ - $ref: '#/components/parameters/pathGroupId'
+ - $ref: '#/components/parameters/pathUserId'
put:
summary: Assign a User
description: Assigns a user to a group with 'OKTA_GROUP' type
operationId: assignUserToGroup
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -8254,21 +9533,13 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a User
description: Unassigns a user from a group with 'OKTA_GROUP' type
operationId: unassignUserFromGroup
- parameters:
- - name: groupId
- in: path
- required: true
- schema:
- type: string
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -8285,6 +9556,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/hook-keys:
get:
summary: List all keys
@@ -8299,6 +9573,9 @@ paths:
type: array
items:
$ref: '#/components/schemas/HookKey'
+ examples:
+ ResponseExample:
+ $ref: '#/components/examples/ListAllKeysResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -8309,9 +9586,17 @@ paths:
- okta.inlineHooks.read
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a key
- description: Creates a key
+ description: |
+ Creates a key for use with other parts of the application, such as inline hooks
+
+ Use the key name to access this key for inline hook operations.
+
+ The total number of keys that you can create in an Okta org is limited to 50.
operationId: createHookKey
x-codegen-request-body-name: keyRequest
requestBody:
@@ -8327,6 +9612,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/HookKey'
+ examples:
+ ResponseExample:
+ $ref: '#/components/examples/CreateHookKeyResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -8339,17 +9627,16 @@ paths:
- okta.inlineHooks.manage
tags:
- HookKey
- /api/v1/hook-keys/public/{keyId}:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/hook-keys/public/{publicKeyId}:
+ parameters:
+ - $ref: '#/components/parameters/pathPublicKeyId'
get:
summary: Retrieve a public key
description: Retrieves a public key by `keyId`
operationId: getPublicKey
- parameters:
- - name: keyId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -8357,6 +9644,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/JsonWebKey'
+ examples:
+ ResponseExample:
+ $ref: '#/components/examples/RetrievePublicKeyResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -8369,17 +9659,16 @@ paths:
- okta.inlineHooks.read
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/hook-keys/{hookKeyId}:
+ parameters:
+ - $ref: '#/components/parameters/pathHookKeyId'
get:
summary: Retrieve a key
description: Retrieves a key by `hookKeyId`
operationId: getHookKey
- parameters:
- - name: hookKeyId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -8387,6 +9676,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/HookKey'
+ examples:
+ ResponseExample:
+ $ref: '#/components/examples/RetrieveKeyResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -8399,16 +9691,18 @@ paths:
- okta.inlineHooks.read
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a key
- description: Replaces a key by `hookKeyId`
+ description: |
+ Replaces a key by `hookKeyId`
+
+ This request replaces existing properties after passing validation.
+
+ Note: The only parameter that you can update is the name of the key, which must be unique at all times.
operationId: replaceHookKey
- parameters:
- - name: hookKeyId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: keyRequest
requestBody:
content:
@@ -8423,6 +9717,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/HookKey'
+ examples:
+ ResponseExample:
+ $ref: '#/components/examples/ReplaceKeyResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -8437,16 +9734,16 @@ paths:
- okta.inlineHooks.manage
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a key
- description: Deletes a key by `hookKeyId`. Once deleted, the Hook Key is unrecoverable. As a safety precaution, unused keys are eligible for deletion.
+ description: |
+ Deletes a key by `hookKeyId`. After being deleted, the key is unrecoverable.
+
+ As a safety precaution, only keys that aren't being used are eligible for deletion.
operationId: deleteHookKey
- parameters:
- - name: hookKeyId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -8463,10 +9760,57 @@ paths:
- okta.inlineHooks.manage
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/iam/assignees/users:
+ get:
+ summary: List all Users with Role Assignments
+ description: Lists all users with Role Assignments
+ operationId: listUsersWithRoleAssignments
+ parameters:
+ - name: after
+ in: query
+ schema:
+ type: string
+ - name: limit
+ in: query
+ description: Specifies the number of results returned. Defaults to `100`.
+ schema:
+ type: integer
+ format: int32
+ default: 100
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RoleAssignedUsers'
+ examples:
+ User List:
+ $ref: '#/components/examples/RoleAssignedUsersResponseExample'
+ '403':
+ description: Forbidden
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.roles.read
+ tags:
+ - RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets:
get:
summary: List all Resource Sets
- description: Lists all resource sets with pagination support
+ description: Lists all Resource Sets with pagination support
operationId: listResourceSets
parameters:
- $ref: '#/components/parameters/queryAfter'
@@ -8490,16 +9834,19 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Resource Set
- description: Creates a new resource set
+ description: Creates a new Resource Set
operationId: createResourceSet
x-codegen-request-body-name: instance
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/ResourceSet'
+ $ref: '#/components/schemas/CreateResourceSetRequest'
examples:
Example Request:
$ref: '#/components/examples/ResourceSetRequest'
@@ -8533,12 +9880,15 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
get:
summary: Retrieve a Resource Set
- description: Retrieves a resource set by `resourceSetId`
+ description: Retrieves a Resource Set by `resourceSetId`
operationId: getResourceSet
responses:
'200':
@@ -8562,9 +9912,12 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Resource Set
- description: Replaces a resource set by `resourceSetId`
+ description: Replaces a Resource Set by `resourceSetId`
operationId: replaceResourceSet
x-codegen-request-body-name: instance
requestBody:
@@ -8600,6 +9953,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Resource Set
description: Deletes a role by `resourceSetId`
@@ -8627,12 +9983,15 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/bindings:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
get:
summary: List all Bindings
- description: Lists all resource set bindings with pagination support
+ description: Lists all Resource Set bindings with pagination support
operationId: listBindings
parameters:
- $ref: '#/components/parameters/queryAfter'
@@ -8658,9 +10017,12 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Resource Set Binding
- description: Creates a new resource set binding
+ description: Creates a new Resource Set binding
operationId: createResourceSetBinding
x-codegen-request-body-name: instance
requestBody:
@@ -8703,13 +10065,16 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
- $ref: '#/components/parameters/pathRoleIdOrLabel'
get:
summary: Retrieve a Binding
- description: Retrieves a resource set binding by `resourceSetId` and `roleIdOrLabel`
+ description: Retrieves a Resource Set binding by `resourceSetId` and `roleIdOrLabel`
operationId: getBinding
responses:
'200':
@@ -8733,9 +10098,12 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Binding
- description: Deletes a resource set binding by `resourceSetId` and `roleIdOrLabel`
+ description: Deletes a Resource Set binding by `resourceSetId` and `roleIdOrLabel`
operationId: deleteBinding
responses:
'204':
@@ -8760,13 +10128,16 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
- $ref: '#/components/parameters/pathRoleIdOrLabel'
get:
summary: List all Members of a binding
- description: Lists all members of a resource set binding with pagination support
+ description: Lists all members of a Resource Set binding with pagination support
operationId: listMembersOfBinding
parameters:
- $ref: '#/components/parameters/queryAfter'
@@ -8792,9 +10163,12 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
patch:
summary: Add more Members to a binding
- description: Adds more members to a resource set binding
+ description: Adds more members to a Resource Set binding
operationId: addMembersToBinding
x-codegen-request-body-name: instance
requestBody:
@@ -8837,6 +10211,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
@@ -8868,6 +10245,9 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Member from a binding
description: Unassigns a member identified by `memberId` from a binding
@@ -8896,12 +10276,15 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/resources:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
get:
- summary: List all Resources of a resource set
- description: Lists all resources that make up the resource set
+ summary: List all Resources of a Resource Set
+ description: Lists all resources that make up the Resource Set
operationId: listResourceSetResources
responses:
'200':
@@ -8925,9 +10308,12 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
patch:
- summary: Add more Resource to a resource set
- description: Adds more resources to a resource set
+ summary: Add more Resource to a Resource Set
+ description: Adds more resources to a Resource Set
operationId: addResourceSetResource
x-codegen-request-body-name: instance
requestBody:
@@ -8970,13 +10356,16 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/resources/{resourceId}:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
- $ref: '#/components/parameters/pathResourceId'
delete:
- summary: Delete a Resource from a resource set
- description: Deletes a resource identified by `resourceId` from a resource set
+ summary: Delete a Resource from a Resource Set
+ description: Deletes a resource identified by `resourceId` from a Resource Set
operationId: deleteResourceSetResource
responses:
'204':
@@ -9001,6 +10390,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/roles:
get:
summary: List all Roles
@@ -9028,6 +10420,9 @@ paths:
- okta.roles.read
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Role
description: Creates a new role
@@ -9037,7 +10432,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/IamRole'
+ $ref: '#/components/schemas/CreateIamRoleRequest'
examples:
Example Request:
$ref: '#/components/examples/RoleRequest'
@@ -9071,6 +10466,9 @@ paths:
- okta.roles.manage
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/roles/{roleIdOrLabel}:
parameters:
- $ref: '#/components/parameters/pathRoleIdOrLabel'
@@ -9100,6 +10498,9 @@ paths:
- okta.roles.read
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Role
description: Replaces a role by `roleIdOrLabel`
@@ -9109,7 +10510,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/IamRole'
+ $ref: '#/components/schemas/UpdateIamRoleRequest'
examples:
Example Request:
$ref: '#/components/examples/RoleRequest'
@@ -9138,6 +10539,9 @@ paths:
- okta.roles.manage
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Role
description: Deletes a role by `roleIdOrLabel`
@@ -9165,6 +10569,9 @@ paths:
- okta.roles.manage
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/roles/{roleIdOrLabel}/permissions:
parameters:
- $ref: '#/components/parameters/pathRoleIdOrLabel'
@@ -9194,6 +10601,9 @@ paths:
- okta.roles.read
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType}:
parameters:
- $ref: '#/components/parameters/pathRoleIdOrLabel'
@@ -9224,11 +10634,26 @@ paths:
- okta.roles.read
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Permission
description: Creates a permission specified by `permissionType` to the role
operationId: createRolePermission
x-codegen-request-body-name: instance
+ requestBody:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateUpdateIamRolePermissionRequest'
+ examples:
+ Example Request:
+ $ref: '#/components/examples/CreateUpdateIamRolePermissionRequestExample'
+ required: false
responses:
'204':
description: No Content
@@ -9246,6 +10671,50 @@ paths:
- okta.roles.manage
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ put:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ summary: Replace a Permission
+ description: Replaces a permission specified by `permissionType` in the role
+ operationId: replaceRolePermission
+ x-codegen-request-body-name: instance
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateUpdateIamRolePermissionRequest'
+ examples:
+ Example Request:
+ $ref: '#/components/examples/CreateUpdateIamRolePermissionRequestExample'
+ required: false
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Permission'
+ examples:
+ Example Response:
+ $ref: '#/components/examples/PermissionResponseWithConditions'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.roles.manage
+ tags:
+ - Role
delete:
summary: Delete a Permission
description: Deletes a permission from a role by `permissionType`
@@ -9273,13 +10742,16 @@ paths:
- okta.roles.manage
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/identity-sources/{identitySourceId}/sessions:
+ parameters:
+ - $ref: '#/components/parameters/pathIdentitySourceId'
get:
summary: List all Identity Source Sessions
description: Lists all identity source sessions for the given identity source instance
operationId: listIdentitySourceSessions
- parameters:
- - $ref: '#/components/parameters/pathIdentitySourceId'
responses:
'200':
description: Success
@@ -9290,8 +10762,8 @@ paths:
items:
$ref: '#/components/schemas/IdentitySourceSession'
examples:
- Sessions List:
- $ref: '#/components/examples/ListSessionsResponse'
+ sessionsList:
+ $ref: '#/components/examples/ListSessionsResponseForGetSessions'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -9304,12 +10776,14 @@ paths:
- okta.identitySources.read
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
post:
summary: Create an Identity Source Session
description: Creates an identity source session for the given identity source instance
operationId: createIdentitySourceSession
- parameters:
- - $ref: '#/components/parameters/pathIdentitySourceId'
responses:
'200':
description: Success
@@ -9334,14 +10808,18 @@ paths:
- okta.identitySources.manage
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}:
+ parameters:
+ - $ref: '#/components/parameters/pathIdentitySourceId'
+ - $ref: '#/components/parameters/pathIdentitySourceSessionId'
get:
summary: Retrieve an Identity Source Session
description: Retrieves an identity source session for a given identity source id and session id
operationId: getIdentitySourceSession
- parameters:
- - $ref: '#/components/parameters/pathIdentitySourceId'
- - $ref: '#/components/parameters/pathSessionId'
responses:
'200':
description: Success
@@ -9364,13 +10842,14 @@ paths:
- okta.identitySources.read
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
delete:
summary: Delete an Identity Source Session
description: Deletes an identity source session for a given `identitySourceId` and `sessionId`
operationId: deleteIdentitySourceSession
- parameters:
- - $ref: '#/components/parameters/pathIdentitySourceId'
- - $ref: '#/components/parameters/pathSessionId'
responses:
'204':
description: No Content
@@ -9386,14 +10865,18 @@ paths:
- okta.identitySources.manage
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-delete:
+ parameters:
+ - $ref: '#/components/parameters/pathIdentitySourceId'
+ - $ref: '#/components/parameters/pathIdentitySourceSessionId'
post:
summary: Upload the data to be deleted in Okta
description: Uploads entities that need to be deleted in Okta from the identity source for the given session
operationId: uploadIdentitySourceDataForDelete
- parameters:
- - $ref: '#/components/parameters/pathIdentitySourceId'
- - $ref: '#/components/parameters/pathSessionId'
requestBody:
content:
application/json:
@@ -9416,14 +10899,18 @@ paths:
- okta.identitySources.manage
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-upsert:
+ parameters:
+ - $ref: '#/components/parameters/pathIdentitySourceId'
+ - $ref: '#/components/parameters/pathIdentitySourceSessionId'
post:
summary: Upload the data to be upserted in Okta
description: Uploads entities that need to be upserted in Okta from the identity source for the given session
operationId: uploadIdentitySourceDataForUpsert
- parameters:
- - $ref: '#/components/parameters/pathIdentitySourceId'
- - $ref: '#/components/parameters/pathSessionId'
requestBody:
content:
application/json:
@@ -9446,14 +10933,18 @@ paths:
- okta.identitySources.manage
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/start-import:
+ parameters:
+ - $ref: '#/components/parameters/pathIdentitySourceId'
+ - $ref: '#/components/parameters/pathIdentitySourceSessionId'
post:
summary: Start the import from the Identity Source
description: Starts the import from the identity source described by the uploaded bulk operations
operationId: startImportFromIdentitySource
- parameters:
- - $ref: '#/components/parameters/pathIdentitySourceId'
- - $ref: '#/components/parameters/pathSessionId'
responses:
'200':
description: Success
@@ -9478,6 +10969,10 @@ paths:
- okta.identitySources.manage
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/idps:
get:
summary: List all Identity Providers
@@ -9525,6 +11020,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Identity Provider
description: Creates a new identity provider integration
@@ -9555,6 +11053,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/credentials/keys:
get:
summary: List all Credential Keys
@@ -9592,6 +11093,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an X.509 Certificate Public Key
description: Creates a new X.509 certificate credential to the IdP key store.
@@ -9622,17 +11126,16 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
- /api/v1/idps/credentials/keys/{keyId}:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/idps/credentials/keys/{idpKeyId}:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpKeyId'
get:
summary: Retrieve an Credential Key
description: Retrieves a specific IdP Key Credential by `kid`
operationId: getIdentityProviderKey
- parameters:
- - name: keyId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -9652,16 +11155,13 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Signing Credential Key
description: Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP
operationId: deleteIdentityProviderKey
- parameters:
- - name: keyId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -9678,17 +11178,16 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
get:
summary: Retrieve an Identity Provider
description: Retrieves an identity provider integration by `idpId`
operationId: getIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -9708,16 +11207,13 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Identity Provider
description: Replaces an identity provider integration by `idpId`
operationId: replaceIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: identityProvider
requestBody:
content:
@@ -9746,16 +11242,13 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Identity Provider
description: Deletes an identity provider integration by `idpId`
operationId: deleteIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -9772,17 +11265,16 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/credentials/csrs:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
get:
summary: List all Certificate Signing Requests
description: Lists all Certificate Signing Requests for an IdP
operationId: listCsrsForIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -9804,16 +11296,13 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Generate a Certificate Signing Request
description: Generates a new key pair and returns a Certificate Signing Request for it
operationId: generateCsrForIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: metadata
requestBody:
content:
@@ -9842,22 +11331,17 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
- /api/v1/idps/{idpId}/credentials/csrs/{csrId}:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
+ - $ref: '#/components/parameters/pathIdpCsrId'
get:
summary: Retrieve a Certificate Signing Request
description: Retrieves a specific Certificate Signing Request model by id
operationId: getCsrForIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
- - name: csrId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -9877,21 +11361,13 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke a Certificate Signing Request
description: Revokes a certificate signing request and deletes the key pair from the IdP
operationId: revokeCsrForIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
- - name: csrId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -9908,22 +11384,17 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
- /api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}/lifecycle/publish:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
+ - $ref: '#/components/parameters/pathIdpCsrId'
post:
summary: Publish a Certificate Signing Request
description: Publishes a certificate signing request with a signed X.509 certificate and adds it into the signing key credentials for the IdP
operationId: publishCsrForIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
- - name: csrId
- in: path
- required: true
- schema:
- type: string
requestBody:
required: true
content:
@@ -9963,17 +11434,16 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/credentials/keys:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
get:
summary: List all Signing Credential Keys
description: Lists all signing key credentials for an IdP
operationId: listIdentityProviderSigningKeys
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -9995,17 +11465,17 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/credentials/keys/generate:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
post:
summary: Generate a new Signing Credential Key
description: Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP
operationId: generateIdentityProviderSigningKey
parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
- name: validityYears
in: query
description: expiry of the IdP Key Credential
@@ -10032,22 +11502,17 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
- /api/v1/idps/{idpId}/credentials/keys/{keyId}:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/idps/{idpId}/credentials/keys/{idpKeyId}:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
+ - $ref: '#/components/parameters/pathIdpKeyId'
get:
summary: Retrieve a Signing Credential Key
description: Retrieves a specific IdP Key Credential by `kid`
operationId: getIdentityProviderSigningKey
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
- - name: keyId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -10067,22 +11532,18 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
- /api/v1/idps/{idpId}/credentials/keys/{keyId}/clone:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/idps/{idpId}/credentials/keys/{idpKeyId}/clone:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
+ - $ref: '#/components/parameters/pathIdpKeyId'
post:
summary: Clone a Signing Credential Key
description: Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP
operationId: cloneIdentityProviderKey
parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
- - name: keyId
- in: path
- required: true
- schema:
- type: string
- name: targetIdpId
in: query
required: true
@@ -10107,17 +11568,16 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
post:
summary: Activate an Identity Provider
description: Activates an inactive IdP
operationId: activateIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -10137,17 +11597,16 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
post:
summary: Deactivate an Identity Provider
description: Deactivates an active IdP
operationId: deactivateIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -10167,17 +11626,16 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/users:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
get:
summary: List all Users
description: Lists all users linked to the identity provider
operationId: listIdentityProviderApplicationUsers
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -10199,22 +11657,17 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/users/{userId}:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
+ - $ref: '#/components/parameters/pathUserId'
get:
summary: Retrieve a User
description: Retrieves a linked IdP user by ID
operationId: getIdentityProviderApplicationUser
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -10234,21 +11687,13 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Link a User to a Social IdP
description: Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type
operationId: linkUserToIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
- - name: userId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: userIdentityProviderLinkRequest
requestBody:
content:
@@ -10277,21 +11722,13 @@ paths:
- okta.users.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unlink a User from IdP
description: Unlinks the link between the Okta user and the IdP user
operationId: unlinkUserFromIdentityProvider
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -10308,22 +11745,17 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/users/{userId}/credentials/tokens:
+ parameters:
+ - $ref: '#/components/parameters/pathIdpId'
+ - $ref: '#/components/parameters/pathUserId'
get:
summary: List all Tokens from a OIDC Identity Provider
description: Lists the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth
operationId: listSocialAuthTokens
- parameters:
- - name: idpId
- in: path
- required: true
- schema:
- type: string
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -10345,6 +11777,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/inlineHooks:
get:
summary: List all Inline Hooks
@@ -10374,6 +11809,9 @@ paths:
- okta.inlineHooks.read
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Inline Hook
description: Creates an inline hook
@@ -10404,17 +11842,16 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/inlineHooks/{inlineHookId}:
+ parameters:
+ - $ref: '#/components/parameters/pathInlineHookId'
get:
summary: Retrieve an Inline Hook
description: Retrieves an inline hook by `inlineHookId`
operationId: getInlineHook
- parameters:
- - name: inlineHookId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -10434,16 +11871,13 @@ paths:
- okta.inlineHooks.read
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Inline Hook
description: Replaces an inline hook by `inlineHookId`
operationId: replaceInlineHook
- parameters:
- - name: inlineHookId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: inlineHook
requestBody:
content:
@@ -10472,16 +11906,13 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Inline Hook
description: Deletes an inline hook by `inlineHookId`. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.
operationId: deleteInlineHook
- parameters:
- - name: inlineHookId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -10498,17 +11929,16 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/inlineHooks/{inlineHookId}/execute:
+ parameters:
+ - $ref: '#/components/parameters/pathInlineHookId'
post:
summary: Execute an Inline Hook
description: Executes the inline hook by `inlineHookId` using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.
operationId: executeInlineHook
- parameters:
- - name: inlineHookId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: payloadData
requestBody:
content:
@@ -10537,17 +11967,16 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/inlineHooks/{inlineHookId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathInlineHookId'
post:
summary: Activate an Inline Hook
description: Activates the inline hook by `inlineHookId`
operationId: activateInlineHook
- parameters:
- - name: inlineHookId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -10567,17 +11996,16 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathInlineHookId'
post:
summary: Deactivate an Inline Hook
description: Deactivates the inline hook by `inlineHookId`
operationId: deactivateInlineHook
- parameters:
- - name: inlineHookId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -10597,24 +12025,23 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/logStreams:
get:
summary: List all Log Streams
- description: Lists all log streams. You can request a paginated list or a subset of Log Streams that match a supported filter expression.
+ description: Lists all Log Stream objects in your org. You can request a paginated list or a subset of Log Streams that match a supported filter expression.
operationId: listLogStreams
parameters:
- $ref: '#/components/parameters/queryAfter'
- $ref: '#/components/parameters/queryLimit'
- name: filter
in: query
- description: SCIM filter expression that filters the results. This expression only supports the `eq` operator on either the `status` or `type`.
+ description: An expression that [filters](/#filter) the returned objects. You can only use the `eq` operator on either the `status` or `type` properties in the filter expression.
schema:
type: string
- examples:
- Filter on type for AWS EventBridge:
- value: type eq "aws_eventbridge"
- Filter on status for `ACTIVE` Log Streams:
- value: status eq "ACTIVE"
+ example: type eq "aws_eventbridge"
responses:
'200':
description: OK
@@ -10623,14 +12050,17 @@ paths:
schema:
type: array
items:
- oneOf: &ref_4
+ oneOf: &ref_10
- $ref: '#/components/schemas/LogStreamAws'
- $ref: '#/components/schemas/LogStreamSplunk'
- discriminator: &ref_5
+ discriminator: &ref_11
propertyName: type
mapping:
aws_eventbridge: '#/components/schemas/LogStreamAws'
splunk_cloud_logstreaming: '#/components/schemas/LogStreamSplunk'
+ examples:
+ ExampleGetAllResponse:
+ $ref: '#/components/examples/LogStreamGetAllResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -10641,20 +12071,24 @@ paths:
- okta.logStreams.read
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
post:
summary: Create a Log Stream
- description: Creates a new log stream
+ description: Creates a new Log Stream object
operationId: createLogStream
x-codegen-request-body-name: instance
requestBody:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
- Example Request:
- $ref: '#/components/examples/LogStreamRequest'
+ LogStreamPostRequestExample:
+ $ref: '#/components/examples/LogStreamPostRequest'
required: true
responses:
'200':
@@ -10662,11 +12096,11 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
- Example Response:
- $ref: '#/components/examples/LogStreamResponse'
+ LogStreamPostResponseExample:
+ $ref: '#/components/examples/LogStreamPostResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -10686,12 +12120,16 @@ paths:
- okta.logStreams.manage
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/logStreams/{logStreamId}:
parameters:
- $ref: '#/components/parameters/pathLogStreamId'
get:
summary: Retrieve a Log Stream
- description: Retrieves a log stream by `logStreamId`
+ description: Retrieves a Log Stream object by ID
operationId: getLogStream
responses:
'200':
@@ -10699,11 +12137,11 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
- Example Response:
- $ref: '#/components/examples/LogStreamResponse'
+ LogStreamGetRequestExample:
+ $ref: '#/components/examples/LogStreamPostResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -10716,20 +12154,39 @@ paths:
- okta.logStreams.read
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
put:
summary: Replace a Log Stream
- description: Replaces a log stream by `logStreamId`
+ description: |-
+ Replaces the Log Stream object properties for a given ID.
+
+ This operation is typically used to update the configuration of a Log Stream.
+ Depending on the type of Log Stream you want to update, certain properties can't be modified after the Log Stream is initially created.
+ Use the [Retrieve the Log Stream Schema for the schema type](/openapi/okta-management/management/tag/Schema/#tag/Schema/operation/getLogStreamSchema) request to determine which properties you can update for the specific Log Stream type.
+ Log Stream properties with the `"writeOnce" : true` attribute can't be updated after creation.
+ You must still specify these `writeOnce` properties in the request body with the original values in the PUT request.
+
+ > **Note:** You don't have to specify properties that have both the `"writeOnce": true` and the `"writeOnly": true` attributes in the PUT request body. These property values are ignored even if you add them in the PUT request body.
operationId: replaceLogStream
x-codegen-request-body-name: instance
requestBody:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf:
+ - $ref: '#/components/schemas/LogStreamAwsPutSchema'
+ - $ref: '#/components/schemas/LogStreamSplunkPutSchema'
+ discriminator: &ref_20
+ propertyName: type
+ mapping:
+ aws_eventbridge: '#/components/schemas/LogStreamAwsPutSchema'
+ splunk_cloud_logstreaming: '#/components/schemas/LogStreamSplunkPutSchema'
examples:
- Example Request:
- $ref: '#/components/examples/LogStreamRequest'
+ LogStreamPutRequestExample:
+ $ref: '#/components/examples/LogStreamPutRequest'
required: true
responses:
'200':
@@ -10737,11 +12194,11 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
- Example Response:
- $ref: '#/components/examples/LogStreamResponse'
+ LogStreamPostResponseExample:
+ $ref: '#/components/examples/LogStreamPutResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -10756,9 +12213,13 @@ paths:
- okta.logStreams.manage
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
delete:
summary: Delete a Log Stream
- description: Deletes a log stream by `logStreamId`
+ description: Deletes a Log Stream object from your org by ID
operationId: deleteLogStream
responses:
'204':
@@ -10783,6 +12244,10 @@ paths:
- okta.logStreams.manage
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/logStreams/{logStreamId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathLogStreamId'
@@ -10796,11 +12261,11 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
- Example Response:
- $ref: '#/components/examples/LogStreamResponse'
+ LogStreamActivateResponseExample:
+ $ref: '#/components/examples/LogStreamActivateResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -10813,6 +12278,10 @@ paths:
- okta.logStreams.manage
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/logStreams/{logStreamId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathLogStreamId'
@@ -10826,11 +12295,11 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
- Example Response:
- $ref: '#/components/examples/LogStreamResponse'
+ LogStreamDeactivateResponseExample:
+ $ref: '#/components/examples/LogStreamDeactivateResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -10843,6 +12312,10 @@ paths:
- okta.logStreams.manage
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/logs:
get:
summary: List all System Log Events
@@ -10900,31 +12373,43 @@ paths:
- okta.logs.read
tags:
- SystemLog
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/mappings:
get:
summary: List all Profile Mappings
- description: Lists all profile mappings with pagination
+ description: |-
+ Lists all profile mappings in your organization with [pagination](https://developer.okta.com/docs/api/#pagination). You can return a subset of profile mappings that match a supported `sourceId` and/or `targetId`.
+ The results are [paginated](/#pagination) according to the limit parameter. If there are multiple pages of results, the Link header contains a `next` link that should be treated as an opaque value (follow it, don't parse it).
+
+ The response is a collection of profile mappings that include a subset of the profile mapping object's parameters. The profile mapping object describes
+ the properties mapping between an Okta User and an App User Profile using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
operationId: listProfileMappings
parameters:
- name: after
in: query
+ description: Mapping `id` that specifies the pagination cursor for the next page of mappings
schema:
type: string
- name: limit
in: query
+ description: Specifies the number of results per page (maximum 200)
schema:
type: integer
format: int32
- default: -1
+ default: 20
- name: sourceId
in: query
+ description: The UserType or App Instance `id` that acts as the source of expressions in a mapping. If this parameter is included, all returned mappings have this as their `source.id`.
schema:
type: string
- name: targetId
in: query
+ description: The UserType or App Instance `id` that acts as the target of expressions in a mapping. If this parameter is included, all returned mappings have this as their `target.id`.
schema:
type: string
- default: ''
responses:
'200':
description: Success
@@ -10933,7 +12418,11 @@ paths:
schema:
type: array
items:
- $ref: '#/components/schemas/ProfileMapping'
+ $ref: '#/components/schemas/ListProfileMappings'
+ examples:
+ MappingList:
+ summary: List all Profile Mappings response
+ $ref: '#/components/examples/ListMappingsResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -10944,17 +12433,17 @@ paths:
- okta.profileMappings.read
tags:
- ProfileMapping
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/mappings/{mappingId}:
+ parameters:
+ - $ref: '#/components/parameters/pathMappingId'
get:
summary: Retrieve a Profile Mapping
description: Retrieves a single Profile Mapping referenced by its ID
operationId: getProfileMapping
- parameters:
- - name: mappingId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -10962,6 +12451,10 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ProfileMapping'
+ examples:
+ MappingRetrieve:
+ summary: Retrieve a single Profile Mapping
+ $ref: '#/components/examples/RetrieveMappingsResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -10974,22 +12467,27 @@ paths:
- okta.profileMappings.read
tags:
- ProfileMapping
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
post:
summary: Update a Profile Mapping
- description: Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings
+ description: Updates an existing profile mapping by adding, updating, or removing one or many property mappings
operationId: updateProfileMapping
- parameters:
- - name: mappingId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: profileMapping
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/ProfileMapping'
+ $ref: '#/components/schemas/ProfileMappingRequest'
+ examples:
+ Addpropertymapping:
+ $ref: '#/components/examples/AddMappingBody'
+ Updatepropertymapping:
+ $ref: '#/components/examples/UpdateMappingBody'
+ Removepropertymapping:
+ $ref: '#/components/examples/RemoveMappingBody'
required: true
responses:
'200':
@@ -10998,6 +12496,16 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ProfileMapping'
+ examples:
+ Addpropertymapping:
+ summary: Update an existing profile mapping by adding one or more properties
+ $ref: '#/components/examples/AddMappingResponse'
+ Updatepropertymapping:
+ summary: Update an existing profile mapping by updating one or more properties
+ $ref: '#/components/examples/UpdateMappingResponse'
+ Removepropertymapping:
+ summary: Update an existing profile mapping by removing one or more properties
+ $ref: '#/components/examples/RemoveMappingResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -11012,47 +12520,25 @@ paths:
- okta.profileMappings.manage
tags:
- ProfileMapping
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/meta/layouts/apps/{appName}:
- get:
- summary: Retrieve the UI Layout for an Application
- description: Retrieves the UI layout for an application by `appName`
- operationId: getApplicationLayout
- parameters:
- - name: appName
- in: path
- required: true
- schema:
- type: string
- responses:
- '200':
- description: successful operation
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/ApplicationLayout'
- '403':
- $ref: '#/components/responses/ErrorAccessDenied403'
- '404':
- $ref: '#/components/responses/ErrorResourceNotFound404'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.schemas.read
- tags:
- - Schema
- /api/v1/meta/schemas/apps/{appInstanceId}/default:
+ parameters:
+ - $ref: '#/components/parameters/pathAppName'
+ /api/v1/meta/layouts/apps/{appName}/sections/{section}/{operation}:
+ parameters:
+ - $ref: '#/components/parameters/pathAppName'
+ - $ref: '#/components/parameters/pathSection'
+ - $ref: '#/components/parameters/pathOperation'
+ /api/v1/meta/schemas/apps/{appId}/default:
+ parameters:
+ - $ref: '#/components/parameters/pathAppId'
get:
summary: Retrieve the default Application User Schema for an Application
description: Retrieves the Schema for an App User
operationId: getApplicationUserSchema
- parameters:
- - name: appInstanceId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: successful operation
@@ -11072,16 +12558,13 @@ paths:
- okta.schemas.read
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update the default Application User Schema for an Application
description: Partially updates on the User Profile properties of the Application User Schema
operationId: updateApplicationUserProfile
- parameters:
- - name: appInstanceId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: body
requestBody:
content:
@@ -11116,6 +12599,9 @@ paths:
- okta.schemas.manage
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/schemas/group/default:
get:
summary: Retrieve the default Group Schema
@@ -11142,6 +12628,9 @@ paths:
- okta.schemas.read
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update the default Group Schema
description: Updates the default group schema. This updates, adds, or removes one or more custom Group Profile properties in the schema.
@@ -11176,6 +12665,9 @@ paths:
- okta.schemas.manage
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/schemas/logStream:
get:
summary: List the Log Stream Schemas
@@ -11203,13 +12695,13 @@ paths:
- okta.logStreams.read
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/meta/schemas/logStream/{logStreamType}:
parameters:
- - name: logStreamType
- in: path
- required: true
- schema:
- $ref: '#/components/schemas/LogStreamType'
+ - $ref: '#/components/parameters/pathLogStreamType'
get:
summary: Retrieve the Log Stream Schema for the schema type
description: Retrieves the schema for a Log Stream type. The `logStreamType` element in the URL specifies the Log Stream type, which is either `aws_eventbridge` or `splunk_cloud_logstreaming`. Use the `aws_eventbridge` literal to retrieve the AWS EventBridge type schema, and use the `splunk_cloud_logstreaming` literal retrieve the Splunk Cloud type schema.
@@ -11238,6 +12730,10 @@ paths:
- okta.logStreams.read
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/meta/schemas/user/linkedObjects:
get:
summary: List all Linked Object Definitions
@@ -11262,6 +12758,9 @@ paths:
- okta.linkedObjects.read
tags:
- LinkedObject
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Linked Object Definition
description: Creates a linked object definition
@@ -11292,13 +12791,12 @@ paths:
- okta.linkedObjects.manage
tags:
- LinkedObject
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}:
parameters:
- - name: linkedObjectName
- in: path
- required: true
- schema:
- type: string
+ - $ref: '#/components/parameters/pathLinkedObjectName'
get:
summary: Retrieve a Linked Object Definition
description: Retrieves a linked object definition
@@ -11322,6 +12820,9 @@ paths:
- okta.linkedObjects.read
tags:
- LinkedObject
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Linked Object Definition
description: Deletes a linked object definition
@@ -11342,13 +12843,12 @@ paths:
- okta.linkedObjects.manage
tags:
- LinkedObject
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/schemas/user/{schemaId}:
parameters:
- - name: schemaId
- in: path
- required: true
- schema:
- type: string
+ - $ref: '#/components/parameters/pathSchemaId'
get:
summary: Retrieve a User Schema
description: Retrieves the schema for a Schema Id
@@ -11375,6 +12875,9 @@ paths:
- okta.schemas.read
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update a User Schema
description: Partially updates on the User Profile properties of the user schema
@@ -11413,6 +12916,9 @@ paths:
- okta.schemas.manage
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/types/user:
get:
summary: List all User Types
@@ -11427,6 +12933,9 @@ paths:
type: array
items:
$ref: '#/components/schemas/UserType'
+ examples:
+ ListsAllUserTypes:
+ $ref: '#/components/examples/ListsAllUserTypes'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -11437,9 +12946,14 @@ paths:
- okta.userTypes.read
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a User Type
- description: Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.
+ description: |-
+ Creates a new User Type. Okta automatically creates a `default` User Type for your org. You may add up to nine additional User Types.
+ > **Note**: New User Types are based on the current default schema template. Modifications to this schema do not automatically propagate to previously created User Types.
operationId: createUserType
x-codegen-request-body-name: userType
requestBody:
@@ -11447,6 +12961,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/UserType'
+ examples:
+ CreateUserRequest:
+ $ref: '#/components/examples/CreateUserRequest'
required: true
responses:
'200':
@@ -11455,6 +12972,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/UserType'
+ examples:
+ CreateUserResponse:
+ $ref: '#/components/examples/CreateUserResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -11467,16 +12987,15 @@ paths:
- okta.userTypes.manage
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/types/user/{typeId}:
parameters:
- - name: typeId
- in: path
- required: true
- schema:
- type: string
+ - $ref: '#/components/parameters/pathTypeId'
get:
summary: Retrieve a User Type
- description: Retrieves a User Type by ID. The special identifier `default` may be used to fetch the default User Type.
+ description: Retrieves a User Type by ID. Use `default` to fetch the default User Type.
operationId: getUserType
responses:
'200':
@@ -11485,6 +13004,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/UserType'
+ examples:
+ GetUserResponse:
+ $ref: '#/components/examples/GetUserResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -11497,16 +13019,24 @@ paths:
- okta.userTypes.read
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update a User Type
- description: Updates an existing User Type
+ description: |-
+ Updates an existing User Type.
+ > **Note**: You can only update the `displayName` and `description` elements. The `name` of an existing User Type can't be changed.
operationId: updateUserType
x-codegen-request-body-name: userType
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/UserType'
+ $ref: '#/components/schemas/UserTypePostRequest'
+ examples:
+ UpdateUserTypePostRequest:
+ $ref: '#/components/examples/UpdateUserTypePostRequest'
required: true
responses:
'200':
@@ -11515,6 +13045,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/UserType'
+ examples:
+ UpdateUserTypePutRequest:
+ $ref: '#/components/examples/UpdateUserTypePostResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -11529,17 +13062,24 @@ paths:
- okta.userTypes.manage
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a User Type
- description: Replaces an existing user type
+ description: |-
+ Replaces an existing User Type.
+ > **Note**: The `name` of an existing User Type can't be changed, but must be part of the request body. You can only replace the `displayName` and `description` elements.
operationId: replaceUserType
x-codegen-request-body-name: userType
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/UserType'
- required: true
+ $ref: '#/components/schemas/UserTypePutRequest'
+ examples:
+ ReplaceUserTypePutRequest:
+ $ref: '#/components/examples/ReplaceUserTypePutRequest'
responses:
'200':
description: Success
@@ -11547,6 +13087,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/UserType'
+ examples:
+ ReplaceUserTypePutResponse:
+ $ref: '#/components/examples/ReplaceUserTypePutResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -11561,9 +13104,14 @@ paths:
- okta.userTypes.manage
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a User Type
- description: Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users
+ description: |-
+ Deletes a User Type permanently.
+ > **Note**: You can't delete the default User Type or a User Type that is currently assigned to users.
operationId: deleteUserType
responses:
'204':
@@ -11581,19 +13129,27 @@ paths:
- okta.userTypes.manage
tags:
- UserType
- /api/v1/org:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/meta/uischemas:
get:
- summary: Retrieve the Org Settings
- description: Retrieves the org settings
- operationId: getOrgSettings
- parameters: []
+ summary: List all UI Schemas
+ description: Lists all UI Schemas in your org
+ operationId: listUISchemas
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/OrgSetting'
+ type: array
+ items:
+ $ref: '#/components/schemas/UISchemasResponseObject'
+ examples:
+ UIISchemaList:
+ summary: Lists all UI Schemas response
+ $ref: '#/components/examples/ListUISchemaResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -11601,25 +13157,38 @@ paths:
security:
- apiToken: []
- oauth2:
- - okta.orgs.read
+ - okta.uischemas.read
tags:
- - OrgSetting
+ - UISchema
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
- summary: Update the Org Settings
- description: Partially updates the org settings depending on provided fields
- operationId: updateOrgSettings
+ summary: Create a UI Schema
+ description: Creates an input for an enrollment form
+ operationId: createUISchema
+ x-codegen-request-body-name: uischemabody
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/OrgSetting'
+ $ref: '#/components/schemas/CreateUISchema'
+ examples:
+ UISchemaCreate:
+ $ref: '#/components/examples/CreateUISchemaBody'
+ required: true
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/OrgSetting'
+ $ref: '#/components/schemas/UISchemasResponseObject'
+ examples:
+ UISchemaCreate:
+ $ref: '#/components/examples/CreateUISchemaResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -11629,12 +13198,179 @@ paths:
security:
- apiToken: []
- oauth2:
- - okta.orgs.manage
+ - okta.uischemas.manage
tags:
- - OrgSetting
- put:
- summary: Replace the Org Settings
- description: Replaces the settings of your organization
+ - UISchema
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/meta/uischemas/{id}:
+ parameters:
+ - $ref: '#/components/parameters/UISchemaId'
+ get:
+ summary: Retrieve a UI Schema
+ description: Retrieves a UI Schema by `id`
+ operationId: getUISchema
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UISchemasResponseObject'
+ examples:
+ UISchemaRetrieve:
+ summary: Retrieves a UI Schema response
+ $ref: '#/components/examples/RetrieveUISchemaResponse'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.uischemas.read
+ tags:
+ - UISchema
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ put:
+ summary: Replace a UI Schema
+ description: Replaces a UI Schema by `id`
+ operationId: replaceUISchemas
+ x-codegen-request-body-name: updateUISchemaBody
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateUISchema'
+ examples:
+ UISchemaPUT:
+ $ref: '#/components/examples/CreateUISchemaBody'
+ required: true
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UISchemasResponseObject'
+ examples:
+ UISchemaUpdate:
+ $ref: '#/components/examples/CreateUISchemaResponse'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.uischemas.manage
+ tags:
+ - UISchema
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ delete:
+ summary: Delete a UI Schema
+ description: Deletes a UI Schema by `id`
+ operationId: deleteUISchemas
+ responses:
+ '204':
+ description: No Content
+ content: {}
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.uischemas.manage
+ tags:
+ - UISchema
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/org:
+ get:
+ summary: Retrieve the Org Settings
+ description: Retrieves the org settings
+ operationId: getOrgSettings
+ parameters: []
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/OrgSetting'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.orgs.read
+ tags:
+ - OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ post:
+ summary: Update the Org Settings
+ description: Partially updates the org settings depending on provided fields
+ operationId: updateOrgSettings
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/OrgSetting'
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/OrgSetting'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.orgs.manage
+ tags:
+ - OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ put:
+ summary: Replace the Org Settings
+ description: Replaces the settings of your organization
operationId: replaceOrgSettings
x-codegen-request-body-name: orgSetting
requestBody:
@@ -11662,6 +13398,121 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/org/captcha:
+ get:
+ summary: Retrieve the Org-wide CAPTCHA Settings
+ description: |-
+ Retrieves the CAPTCHA settings object for your organization.
+ > **Note**: If the current organization hasn't configured CAPTCHA Settings, the request returns an empty object.
+ operationId: getOrgCaptchaSettings
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/OrgCAPTCHASettings'
+ examples:
+ configured:
+ $ref: '#/components/examples/OrgCAPTCHASettingsConfigured'
+ empty:
+ $ref: '#/components/examples/OrgCAPTCHASettingsEmpty'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.captchas.read
+ tags:
+ - CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ put:
+ summary: Replace the Org-wide CAPTCHA Settings
+ description: |-
+ Replaces the CAPTCHA settings object for your organization.
+ > **Note**: You can disable CAPTCHA for your organization by setting `captchaId` and `enabledPages` to `null`.
+ operationId: replacesOrgCaptchaSettings
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/OrgCAPTCHASettings'
+ examples:
+ Update:
+ $ref: '#/components/examples/OrgCAPTCHASettingsUpdate'
+ Disable:
+ $ref: '#/components/examples/OrgCAPTCHASettingsDisable'
+ required: true
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/OrgCAPTCHASettings'
+ examples:
+ Update:
+ $ref: '#/components/examples/OrgCAPTCHASettingsUpdated'
+ Disable:
+ $ref: '#/components/examples/OrgCAPTCHASettingsDisabled'
+ '400':
+ description: Bad Request
+ headers: {}
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ NoDisable:
+ $ref: '#/components/examples/ErrorCAPTCHAOrgWideSettingNull'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.captchas.manage
+ tags:
+ - CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ delete:
+ summary: Delete the Org-wide CAPTCHA Settings
+ description: Deletes the CAPTCHA settings object for your organization
+ operationId: deleteOrgCaptchaSettings
+ responses:
+ '204':
+ description: No Content
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.captchas.manage
+ tags:
+ - CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/org/contacts:
get:
summary: Retrieve the Org Contact Types
@@ -11687,17 +13538,16 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/contacts/{contactType}:
+ parameters:
+ - $ref: '#/components/parameters/pathContactType'
get:
summary: Retrieve the User of the Contact Type
description: Retrieves the URL of the User associated with the specified Contact Type
operationId: getOrgContactUser
- parameters:
- - in: path
- name: contactType
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -11717,16 +13567,13 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the User of the Contact Type
description: Replaces the User associated with the specified Contact Type
operationId: replaceOrgContactUser
- parameters:
- - in: path
- name: contactType
- required: true
- schema:
- type: string
x-codegen-request-body-name: orgContactUser
requestBody:
content:
@@ -11755,6 +13602,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/email/bounces/remove-list:
post:
summary: Remove Emails from Email Provider Bounce List
@@ -11799,6 +13649,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/logo:
post:
summary: Upload the Org Logo
@@ -11832,6 +13685,60 @@ paths:
- okta.apps.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/org/orgSettings/thirdPartyAdminSetting:
+ get:
+ summary: Retrieve the Org Third-Party Admin setting
+ description: Retrieves the Third-Party Admin setting
+ operationId: getThirdPartyAdminSetting
+ parameters: []
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ThirdPartyAdminSetting'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.orgs.read
+ tags:
+ - OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ post:
+ summary: Update the Org Third-Party Admin setting
+ description: Updates the Third-Party Admin setting
+ operationId: updateThirdPartyAdminSetting
+ parameters: []
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ThirdPartyAdminSetting'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.orgs.manage
+ tags:
+ - OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/preferences:
get:
summary: Retrieve the Org Preferences
@@ -11855,6 +13762,9 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/preferences/hideEndUserFooter:
post:
summary: Update the Preference to Hide the Okta Dashboard Footer
@@ -11878,6 +13788,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/preferences/showEndUserFooter:
post:
summary: Update the Preference to Show the Okta Dashboard Footer
@@ -11901,6 +13814,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaCommunication:
get:
summary: Retrieve the Okta Communication Settings
@@ -11924,6 +13840,9 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaCommunication/optIn:
post:
summary: Opt in all Users to Okta Communication emails
@@ -11947,6 +13866,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaCommunication/optOut:
post:
summary: Opt out all Users from Okta Communication emails
@@ -11970,6 +13892,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaSupport:
get:
summary: Retrieve the Okta Support Settings
@@ -11993,6 +13918,9 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaSupport/extend:
post:
summary: Extend Okta Support Access
@@ -12016,6 +13944,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaSupport/grant:
post:
summary: Grant Okta Support Access to your Org
@@ -12039,6 +13970,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaSupport/revoke:
post:
summary: Revoke Okta Support Access
@@ -12062,49 +13996,105 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
- /api/v1/policies:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/org/settings/clientPrivilegesSetting:
get:
- summary: List all Policies
- description: Lists all policies with the specified type
- operationId: listPolicies
- parameters:
- - name: type
- in: query
- required: true
- schema:
- type: string
- - name: status
- in: query
- schema:
- type: string
- - name: expand
- in: query
- schema:
- type: string
- default: ''
+ summary: Retrieve the Org settings to assign the Super Admin role
+ description: Retrieves the Org settings to assign the [Super Admin role](https://help.okta.com/okta_help.htm?type=oie&id=ext_superadmin) by default to a public client app
+ operationId: getClientPrivilegesSetting
+ parameters: []
responses:
'200':
description: Success
content:
application/json:
schema:
- type: array
- items:
- oneOf: &ref_6
- - $ref: '#/components/schemas/AccessPolicy'
- - $ref: '#/components/schemas/IdentityProviderPolicy'
- - $ref: '#/components/schemas/MultifactorEnrollmentPolicy'
- - $ref: '#/components/schemas/AuthorizationServerPolicy'
+ $ref: '#/components/schemas/ClientPrivilegesSetting'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.orgs.read
+ tags:
+ - OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ put:
+ summary: Assign the Super Admin role to a public client app
+ description: Assigns the [Super Admin role](https://help.okta.com/okta_help.htm?type=oie&id=ext_superadmin) by default to a public client app
+ operationId: assignClientPrivilegesSetting
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ClientPrivilegesSetting'
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ClientPrivilegesSetting'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.orgs.manage
+ tags:
+ - OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/policies:
+ get:
+ summary: List all Policies
+ description: Lists all policies with the specified type
+ operationId: listPolicies
+ parameters:
+ - name: type
+ in: query
+ required: true
+ schema:
+ type: string
+ - name: status
+ in: query
+ schema:
+ type: string
+ - name: expand
+ in: query
+ schema:
+ type: string
+ default: ''
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ oneOf: &ref_12
+ - $ref: '#/components/schemas/AccessPolicy'
+ - $ref: '#/components/schemas/IdpDiscoveryPolicy'
+ - $ref: '#/components/schemas/MultifactorEnrollmentPolicy'
- $ref: '#/components/schemas/OktaSignOnPolicy'
- $ref: '#/components/schemas/PasswordPolicy'
- $ref: '#/components/schemas/ProfileEnrollmentPolicy'
- discriminator: &ref_7
+ discriminator: &ref_13
propertyName: type
mapping:
ACCESS_POLICY: '#/components/schemas/AccessPolicy'
- IDP_DISCOVERY: '#/components/schemas/IdentityProviderPolicy'
+ IDP_DISCOVERY: '#/components/schemas/IdpDiscoveryPolicy'
MFA_ENROLL: '#/components/schemas/MultifactorEnrollmentPolicy'
- OAUTH_AUTHORIZATION_POLICY: '#/components/schemas/AuthorizationServerPolicy'
OKTA_SIGN_ON: '#/components/schemas/OktaSignOnPolicy'
PASSWORD: '#/components/schemas/PasswordPolicy'
PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicy'
@@ -12118,6 +14108,9 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Policy
description: Creates a policy
@@ -12133,8 +14126,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_12
+ discriminator: *ref_13
required: true
responses:
'200':
@@ -12142,8 +14135,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_12
+ discriminator: *ref_13
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -12156,17 +14149,65 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/policies/simulate:
+ parameters:
+ - $ref: '#/components/parameters/simulateParameter'
+ post:
+ summary: Create a Policy Simulation
+ description: |-
+ Creates a policy or policy rule simulation. The access simulation evaluates policy and policy rules based on the existing policy rule configuration.
+ The evaluation result simulates what the real-world authentication flow is and what policy rules have been applied or matched to the authentication flow.
+ operationId: createPolicySimulation
+ x-codegen-request-body-name: simulatePolicy
+ requestBody:
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ $ref: '#/components/schemas/SimulatePolicyBody'
+ examples:
+ SimulatePolicy:
+ $ref: '#/components/examples/SimulatePolicyBody'
+ required: true
+ responses:
+ '204':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SimulatePolicyResponse'
+ examples:
+ SimulatePolicy:
+ $ref: '#/components/examples/SimulatePolicyResponse'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.policies.read
+ tags:
+ - Policy
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/policies/{policyId}:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
get:
summary: Retrieve a Policy
description: Retrieves a policy
operationId: getPolicy
parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -12178,8 +14219,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_12
+ discriminator: *ref_13
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -12192,23 +14233,20 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Policy
- description: Replaces a policy
+ description: Replaces the properties of a Policy identified by `policyId`
operationId: replacePolicy
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: policy
requestBody:
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_12
+ discriminator: *ref_13
required: true
responses:
'200':
@@ -12216,8 +14254,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_12
+ discriminator: *ref_13
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -12232,16 +14270,13 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Policy
description: Deletes a policy
operationId: deletePolicy
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -12257,25 +14292,60 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/policies/{policyId}/app:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
+ get:
+ deprecated: true
+ summary: List all Applications mapped to a Policy
+ description: |-
+ Lists all applications mapped to a policy identified by `policyId`
+
+ > **Note:** Use [List all resources mapped to a Policy](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/listPolicyMappings) to list all applications mapped to a policy.
+ operationId: listPolicyApps
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ oneOf: *ref_0
+ discriminator: *ref_1
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.policies.read
+ tags:
+ - Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/clone:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
post:
- summary: Clone an existing policy
+ summary: Clone an existing Policy
description: Clones an existing policy
operationId: clonePolicy
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_12
+ discriminator: *ref_13
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -12290,17 +14360,18 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/policies/{policyId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
post:
summary: Activate a Policy
description: Activates a policy
operationId: activatePolicy
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -12317,17 +14388,16 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
post:
summary: Deactivate a Policy
description: Deactivates a policy
operationId: deactivatePolicy
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -12344,17 +14414,16 @@ paths:
- okta.policies.manage
tags:
- Policy
- /api/v1/policies/{policyId}/rules:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/policies/{policyId}/mappings:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
get:
- summary: List all Policy Rules
- description: Lists all policy rules
- operationId: listPolicyRules
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
+ summary: List all resources mapped to a Policy
+ description: Lists all resources mapped to a Policy identified by `policyId`
+ operationId: listPolicyMappings
responses:
'200':
description: Success
@@ -12363,20 +14432,7 @@ paths:
schema:
type: array
items:
- oneOf: &ref_8
- - $ref: '#/components/schemas/AccessPolicyRule'
- - $ref: '#/components/schemas/PasswordPolicyRule'
- - $ref: '#/components/schemas/ProfileEnrollmentPolicyRule'
- - $ref: '#/components/schemas/AuthorizationServerPolicyRule'
- - $ref: '#/components/schemas/OktaSignOnPolicyRule'
- discriminator: &ref_9
- propertyName: type
- mapping:
- ACCESS_POLICY: '#/components/schemas/AccessPolicyRule'
- PASSWORD: '#/components/schemas/PasswordPolicyRule'
- PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicyRule'
- RESOURCE_ACCESS: '#/components/schemas/AuthorizationServerPolicyRule'
- SIGN_ON: '#/components/schemas/OktaSignOnPolicyRule'
+ $ref: '#/components/schemas/PolicyMapping'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -12389,23 +14445,18 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
- summary: Create a Policy Rule
- description: Creates a policy rule
- operationId: createPolicyRule
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- x-codegen-request-body-name: policyRule
+ summary: Map a resource to a Policy
+ description: Maps a resource to a Policy identified by `policyId`
+ operationId: mapResourceToPolicy
requestBody:
content:
application/json:
schema:
- oneOf: *ref_8
- discriminator: *ref_9
+ $ref: '#/components/schemas/PolicyMappingRequest'
required: true
responses:
'200':
@@ -12413,8 +14464,7 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_8
- discriminator: *ref_9
+ $ref: '#/components/schemas/PolicyMapping'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -12429,30 +14479,24 @@ paths:
- okta.policies.manage
tags:
- Policy
- /api/v1/policies/{policyId}/rules/{ruleId}:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/policies/{policyId}/mappings/{mappingId}:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
+ - $ref: '#/components/parameters/pathPolicyMappingId'
get:
- summary: Retrieve a Policy Rule
- description: Retrieves a policy rule
- operationId: getPolicyRule
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
+ summary: Retrieve a policy resource Mapping
+ description: Retrieves a resource Mapping for a Policy identified by `policyId` and `mappingId`
+ operationId: getPolicyMapping
responses:
'200':
description: Success
content:
application/json:
schema:
- oneOf: *ref_8
- discriminator: *ref_9
+ $ref: '#/components/schemas/PolicyMapping'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -12465,37 +14509,223 @@ paths:
- okta.policies.read
tags:
- Policy
- put:
- summary: Replace a Policy Rule
- description: Replaces a policy rules
- operationId: replacePolicyRule
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
- x-codegen-request-body-name: policyRule
- requestBody:
- content:
- application/json:
- schema:
- oneOf: *ref_8
- discriminator: *ref_9
- required: true
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ delete:
+ summary: Delete a policy resource Mapping
+ description: Deletes the resource Mapping for a Policy identified by `policyId` and `mappingId`
+ operationId: deletePolicyResourceMapping
responses:
- '200':
- description: Success
- content:
- application/json:
+ '204':
+ description: No Content
+ content: {}
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.policies.manage
+ tags:
+ - Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/policies/{policyId}/rules:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
+ get:
+ summary: List all Policy Rules
+ description: Lists all policy rules
+ operationId: listPolicyRules
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
schema:
- oneOf: *ref_8
- discriminator: *ref_9
+ type: array
+ items:
+ oneOf: &ref_14
+ - $ref: '#/components/schemas/AccessPolicyRule'
+ - $ref: '#/components/schemas/PasswordPolicyRule'
+ - $ref: '#/components/schemas/ProfileEnrollmentPolicyRule'
+ - $ref: '#/components/schemas/AuthorizationServerPolicyRule'
+ - $ref: '#/components/schemas/OktaSignOnPolicyRule'
+ - $ref: '#/components/schemas/IdpDiscoveryPolicyRule'
+ discriminator: &ref_15
+ propertyName: type
+ mapping:
+ ACCESS_POLICY: '#/components/schemas/AccessPolicyRule'
+ PASSWORD: '#/components/schemas/PasswordPolicyRule'
+ PROFILE_ENROLLMENT: '#/components/schemas/ProfileEnrollmentPolicyRule'
+ RESOURCE_ACCESS: '#/components/schemas/AuthorizationServerPolicyRule'
+ SIGN_ON: '#/components/schemas/OktaSignOnPolicyRule'
+ IDP_DISCOVERY: '#/components/schemas/IdpDiscoveryPolicyRule'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.policies.read
+ tags:
+ - Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ post:
+ summary: Create a Policy Rule
+ description: Creates a policy rule
+ operationId: createPolicyRule
+ x-codegen-request-body-name: policyRule
+ requestBody:
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_14
+ discriminator: *ref_15
+ examples:
+ EnableSsprSecurityQuestionStepUp:
+ $ref: '#/components/examples/sspr-enabled-sq-step-up'
+ EnableSsprSSOStepUp:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up'
+ EnableSsprNoStepUp:
+ $ref: '#/components/examples/sspr-enabled-no-step-up'
+ Enable2FAPreciseAuth:
+ $ref: '#/components/examples/twofa-enabled-disallow-password-allow-phishing'
+ EnableSpecificRoutingRule:
+ $ref: '#/components/examples/idp-discovery-specific-routing-rule'
+ EnableDynamicRoutingRule:
+ $ref: '#/components/examples/idp-discovery-dynamic-routing-rule'
+ EnableSsprWithConstraints:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints'
+ required: true
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_14
+ discriminator: *ref_15
+ examples:
+ EnableSsprSecurityQuestionStepUp:
+ $ref: '#/components/examples/sspr-enabled-sq-step-up-response'
+ EnableSsprSSOStepUp:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-response'
+ EnableSsprNoStepUp:
+ $ref: '#/components/examples/sspr-enabled-no-step-up-response'
+ Enable2FAPreciseAuth:
+ $ref: '#/components/examples/twofa-enabled-disallow-password-allow-phishing-response'
+ EnableSpecificRoutingRule:
+ $ref: '#/components/examples/idp-discovery-specific-routing-rule-response'
+ EnableDynamicRoutingRule:
+ $ref: '#/components/examples/idp-discovery-dynamic-routing-rule-response'
+ EnableSsprWithConstraints:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.policies.manage
+ tags:
+ - Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/policies/{policyId}/rules/{ruleId}:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
+ - $ref: '#/components/parameters/pathRuleId'
+ get:
+ summary: Retrieve a Policy Rule
+ description: Retrieves a policy rule
+ operationId: getPolicyRule
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_14
+ discriminator: *ref_15
+ examples:
+ EnableSsprSecurityQuestionStepUp:
+ $ref: '#/components/examples/sspr-enabled-sq-step-up-update'
+ EnableSsprSSOStepUp:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-update'
+ EnableSsprNoStepUp:
+ $ref: '#/components/examples/sspr-enabled-no-step-up-update'
+ EnableSsprWithConstraints:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.policies.read
+ tags:
+ - Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ put:
+ summary: Replace a Policy Rule
+ description: Replaces the properties for a Policy Rule identified by `policyId` and `ruleId`
+ operationId: replacePolicyRule
+ x-codegen-request-body-name: policyRule
+ requestBody:
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_14
+ discriminator: *ref_15
+ examples:
+ EnableSsprSecurityQuestionStepUp:
+ $ref: '#/components/examples/sspr-enabled-sq-step-up-update'
+ EnableSsprSSOStepUp:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-update'
+ EnableSsprNoStepUp:
+ $ref: '#/components/examples/sspr-enabled-no-step-up-update'
+ EnableSsprWithConstraints:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
+ required: true
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_14
+ discriminator: *ref_15
+ examples:
+ EnableSsprSecurityQuestionStepUp:
+ $ref: '#/components/examples/sspr-enabled-sq-step-up-response'
+ EnableSsprSSOStepUp:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-response'
+ EnableSsprNoStepUp:
+ $ref: '#/components/examples/sspr-enabled-no-step-up-response'
+ EnableSsprWithConstraints:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -12510,21 +14740,13 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Policy Rule
- description: Deletes a policy rule
+ description: Deletes a Policy Rule identified by `policyId` and `ruleId`
operationId: deletePolicyRule
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -12541,22 +14763,17 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
+ - $ref: '#/components/parameters/pathRuleId'
post:
summary: Activate a Policy Rule
- description: Activates a policy rule
+ description: Activates a Policy Rule identified by `policyId` and `ruleId`
operationId: activatePolicyRule
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -12572,22 +14789,17 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathPolicyId'
+ - $ref: '#/components/parameters/pathRuleId'
post:
summary: Deactivate a Policy Rule
- description: Deactivates a policy rule
+ description: Deactivates a Policy Rule identified by `policyId` and `ruleId`
operationId: deactivatePolicyRule
- parameters:
- - name: policyId
- in: path
- required: true
- schema:
- type: string
- - name: ruleId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -12603,6 +14815,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/principal-rate-limits:
get:
summary: List all Principal Rate Limits
@@ -12645,6 +14860,9 @@ paths:
- okta.principalRateLimits.read
tags:
- PrincipalRateLimit
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Principal Rate Limit
description: Creates a new Principal Rate Limit entity. In the current release, we only allow one Principal Rate Limit entity per org and principal.
@@ -12685,6 +14903,9 @@ paths:
- okta.principalRateLimits.manage
tags:
- PrincipalRateLimit
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/principal-rate-limits/{principalRateLimitId}:
parameters:
- $ref: '#/components/parameters/pathPrincipalRateLimitId'
@@ -12714,6 +14935,9 @@ paths:
- okta.principalRateLimits.read
tags:
- PrincipalRateLimit
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Principal Rate Limit
description: Replaces a principal rate limit entity by `principalRateLimitId`
@@ -12754,6 +14978,9 @@ paths:
- okta.principalRateLimits.manage
tags:
- PrincipalRateLimit
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/push-providers:
get:
summary: List all Push Providers
@@ -12773,10 +15000,10 @@ paths:
schema:
type: array
items:
- oneOf: &ref_10
+ oneOf: &ref_16
- $ref: '#/components/schemas/APNSPushProvider'
- $ref: '#/components/schemas/FCMPushProvider'
- discriminator: &ref_11
+ discriminator: &ref_17
propertyName: providerType
mapping:
APNS: '#/components/schemas/APNSPushProvider'
@@ -12791,6 +15018,11 @@ paths:
- okta.pushProviders.read
tags:
- PushProvider
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Create a Push Provider
description: Creates a new push provider
@@ -12800,8 +15032,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_16
+ discriminator: *ref_17
examples:
APNs:
$ref: '#/components/examples/PushProviderAPNsRequest'
@@ -12814,8 +15046,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_16
+ discriminator: *ref_17
examples:
APNs:
$ref: '#/components/examples/PushProviderAPNsResponse'
@@ -12833,21 +15065,26 @@ paths:
- okta.pushProviders.manage
tags:
- PushProvider
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/push-providers/{pushProviderId}:
+ parameters:
+ - $ref: '#/components/parameters/pathPushProviderId'
get:
summary: Retrieve a Push Provider
description: Retrieves a push provider by `pushProviderId`
operationId: getPushProvider
- parameters:
- - $ref: '#/components/parameters/pathPushProviderId'
responses:
'200':
description: OK
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_16
+ discriminator: *ref_17
examples:
APNs:
$ref: '#/components/examples/PushProviderAPNsResponse'
@@ -12865,19 +15102,22 @@ paths:
- okta.pushProviders.read
tags:
- PushProvider
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
summary: Replace a Push Provider
description: Replaces a push provider by `pushProviderId`
operationId: replacePushProvider
- parameters:
- - $ref: '#/components/parameters/pathPushProviderId'
x-codegen-request-body-name: pushProvider
requestBody:
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_16
+ discriminator: *ref_17
examples:
APNs:
$ref: '#/components/examples/PushProviderAPNsRequest'
@@ -12890,8 +15130,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_16
+ discriminator: *ref_17
examples:
APNs:
$ref: '#/components/examples/PushProviderAPNsResponse'
@@ -12911,12 +15151,15 @@ paths:
- okta.pushProviders.manage
tags:
- PushProvider
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete a Push Provider
description: Deletes a push provider by `pushProviderId`. If the push provider is currently being used in the org by a custom authenticator, the delete will not be allowed.
operationId: deletePushProvider
- parameters:
- - $ref: '#/components/parameters/pathPushProviderId'
responses:
'204':
description: No Content
@@ -12942,6 +15185,11 @@ paths:
- okta.pushProviders.manage
tags:
- PushProvider
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/rate-limit-settings/admin-notifications:
get:
summary: Retrieve the Rate Limit Admin Notification Settings
@@ -12969,6 +15217,9 @@ paths:
- okta.rateLimits.read
tags:
- RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Rate Limit Admin Notification Settings
description: Replaces the Rate Limit Admin Notification Settings and returns the configured properties
@@ -13009,6 +15260,9 @@ paths:
- okta.rateLimits.manage
tags:
- RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/rate-limit-settings/per-client:
get:
summary: Retrieve the Per-Client Rate Limit Settings
@@ -13038,6 +15292,9 @@ paths:
- okta.rateLimits.read
tags:
- RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Per-Client Rate Limit Settings
description: Replaces the Per-Client Rate Limit Settings and returns the configured properties
@@ -13082,10 +15339,88 @@ paths:
- okta.rateLimits.manage
tags:
- RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/rate-limit-settings/warning-threshold:
+ get:
+ summary: Retrieve the Rate Limit Warning Threshold Percentage
+ description: Retrieves the currently configured threshold for warning notifications when the API's rate limit is exceeded
+ operationId: getRateLimitSettingsWarningThreshold
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RateLimitWarningThresholdResponse'
+ examples:
+ ExampleThreshold:
+ $ref: '#/components/examples/RateLimitWarningThresholdValidExample'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.rateLimits.read
+ tags:
+ - RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ put:
+ summary: Replace the Rate Limit Warning Threshold Percentage
+ description: Replaces the Rate Limit Warning Threshold Percentage and returns the configured property
+ operationId: replaceRateLimitSettingsWarningThreshold
+ x-codegen-request-body-name: RateLimitWarningThreshold
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RateLimitWarningThresholdRequest'
+ examples:
+ ExampleThreshold:
+ $ref: '#/components/examples/RateLimitWarningThresholdValidExample'
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RateLimitWarningThresholdResponse'
+ examples:
+ ExampleThreshold:
+ $ref: '#/components/examples/RateLimitWarningThresholdValidExample'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.rateLimits.manage
+ tags:
+ - RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/realms/{realmId}:
+ parameters:
+ - $ref: '#/components/parameters/pathRealmId'
+ /api/v1/resource-selectors/{resourceSelectorId}:
+ parameters:
+ - $ref: '#/components/parameters/pathResourceSelectorId'
/api/v1/risk/events/ip:
post:
summary: Send multiple Risk Events
- description: Sends multiple risk events to Okta. This API is intended for Risk Providers. This API has a rate limit of 30 requests per minute. The caller should include multiple Risk Events (up to a maximum of 20 events) in a single payload to reduce the number of API calls. If a client has more risk signals to send than what the API supports, we recommend prioritizing posting high risk signals.
+ description: |-
+ Sends multiple IP risk events to Okta.
+ This request is used by a third-party risk provider to send IP risk events to Okta. The third-party risk provider needs to be registered with Okta before they can send events to Okta. See [Risk Providers](/openapi/okta-management/management/tag/RiskProvider/).
+ This API has a rate limit of 30 requests per minute. You can include multiple risk events (up to a maximum of 20 events) in a single payload to reduce the number of API calls. Prioritize sending high risk signals if you have a burst of signals to send that would exceed the maximum request limits.
operationId: sendRiskEvents
x-codegen-request-body-name: instance
requestBody:
@@ -13096,8 +15431,8 @@ paths:
items:
$ref: '#/components/schemas/RiskEvent'
examples:
- Example Request:
- $ref: '#/components/examples/RiskEventsRequest'
+ RiskEventsRequestExample:
+ $ref: '#/components/examples/RiskEventsRequestExample'
required: true
responses:
'202':
@@ -13121,10 +15456,14 @@ paths:
- okta.riskEvents.manage
tags:
- RiskEvent
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/risk/providers:
get:
summary: List all Risk Providers
- description: Lists all Risk Providers
+ description: Lists all Risk Provider objects
operationId: listRiskProviders
responses:
'200':
@@ -13135,6 +15474,9 @@ paths:
type: array
items:
$ref: '#/components/schemas/RiskProvider'
+ examples:
+ RiskProviderList:
+ $ref: '#/components/examples/ListRiskProviderResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -13145,9 +15487,13 @@ paths:
- okta.riskProviders.read
tags:
- RiskProvider
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
post:
summary: Create a Risk Provider
- description: Creates a risk provider. A maximum of 3 providers can be created. By default, one risk provider is created by Okta.
+ description: Creates a Risk Provider object. A maximum of three Risk Provider objects can be created.
operationId: createRiskProvider
x-codegen-request-body-name: instance
requestBody:
@@ -13156,7 +15502,7 @@ paths:
schema:
$ref: '#/components/schemas/RiskProvider'
examples:
- Request Example:
+ RiskProviderRequestExample:
$ref: '#/components/examples/RiskProviderRequest'
required: true
responses:
@@ -13167,7 +15513,7 @@ paths:
schema:
$ref: '#/components/schemas/RiskProvider'
examples:
- Example Response:
+ RiskProviderPostResponseExample:
$ref: '#/components/examples/RiskProviderResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
@@ -13188,12 +15534,16 @@ paths:
- okta.riskProviders.manage
tags:
- RiskProvider
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/risk/providers/{riskProviderId}:
parameters:
- $ref: '#/components/parameters/pathRiskProviderId'
get:
summary: Retrieve a Risk Provider
- description: Retrieves a risk provider by `riskProviderId`
+ description: Retrieves a Risk Provider object by ID
operationId: getRiskProvider
responses:
'200':
@@ -13203,7 +15553,7 @@ paths:
schema:
$ref: '#/components/schemas/RiskProvider'
examples:
- Example Response:
+ RiskProviderGetResponseExample:
$ref: '#/components/examples/RiskProviderResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
@@ -13217,9 +15567,13 @@ paths:
- okta.riskProviders.read
tags:
- RiskProvider
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
put:
summary: Replace a Risk Provider
- description: Replaces a risk provider by `riskProviderId`
+ description: Replaces the properties for a given Risk Provider object ID
operationId: replaceRiskProvider
x-codegen-request-body-name: instance
requestBody:
@@ -13228,8 +15582,8 @@ paths:
schema:
$ref: '#/components/schemas/RiskProvider'
examples:
- Request Example:
- $ref: '#/components/examples/RiskProviderRequest'
+ RiskProviderPutRequestExample:
+ $ref: '#/components/examples/RiskProviderPutRequest'
required: true
responses:
'200':
@@ -13239,8 +15593,8 @@ paths:
schema:
$ref: '#/components/schemas/RiskProvider'
examples:
- Example Response:
- $ref: '#/components/examples/RiskProviderResponse'
+ RiskProviderPutResponseExample:
+ $ref: '#/components/examples/RiskProviderPutResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -13255,9 +15609,13 @@ paths:
- okta.riskProviders.manage
tags:
- RiskProvider
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
delete:
summary: Delete a Risk Provider
- description: Deletes a CAPTCHA instance by `riskProviderId`
+ description: Deletes a Risk Provider object by its ID
operationId: deleteRiskProvider
responses:
'204':
@@ -13282,17 +15640,17 @@ paths:
- okta.riskProviders.manage
tags:
- RiskProvider
- /api/v1/roles/{roleTypeOrRoleId}/subscriptions:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ /api/v1/roles/{roleRef}/subscriptions:
+ parameters:
+ - $ref: '#/components/parameters/pathRoleRef'
get:
- summary: List all Subscriptions of a Custom Role
- description: Lists all subscriptions of a Role identified by `roleType` or of a Custom Role identified by `roleId`
- operationId: listRoleSubscriptions
- parameters:
- - in: path
- name: roleTypeOrRoleId
- required: true
- schema:
- type: string
+ summary: List all Subscriptions for a Role
+ description: Lists all subscriptions available to a specified Role
+ operationId: listSubscriptionsRole
responses:
'200':
description: Success
@@ -13314,22 +15672,17 @@ paths:
- okta.roles.read
tags:
- Subscription
- /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/roles/{roleRef}/subscriptions/{notificationType}:
+ parameters:
+ - $ref: '#/components/parameters/pathRoleRef'
+ - $ref: '#/components/parameters/pathNotificationType'
get:
- summary: List all Subscriptions of a Custom Role with a specific notification type
- description: Lists all subscriptions with a specific notification type of a Role identified by `roleType` or of a Custom Role identified by `roleId`
- operationId: listRoleSubscriptionsByNotificationType
- parameters:
- - in: path
- name: roleTypeOrRoleId
- required: true
- schema:
- type: string
- - in: path
- name: notificationType
- required: true
- schema:
- type: string
+ summary: Retrieve a Subscription for a Role
+ description: Retrieves a subscription by `notificationType` for a specified Role
+ operationId: getSubscriptionsNotificationTypeRole
responses:
'200':
description: Success
@@ -13349,25 +15702,20 @@ paths:
- okta.roles.read
tags:
- Subscription
- /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/roles/{roleRef}/subscriptions/{notificationType}/subscribe:
+ parameters:
+ - $ref: '#/components/parameters/pathRoleRef'
+ - $ref: '#/components/parameters/pathNotificationType'
post:
- summary: Subscribe a Custom Role to a specific notification type
- description: Subscribes a Role identified by `roleType` or of a Custom Role identified by `roleId` to a specific notification type. When you change the subscription status of a Role or Custom Role, it overrides the subscription of any individual user of that Role or Custom Role.
- operationId: subscribeRoleSubscriptionByNotificationType
- parameters:
- - in: path
- name: roleTypeOrRoleId
- required: true
- schema:
- type: string
- - in: path
- name: notificationType
- required: true
- schema:
- type: string
+ summary: Subscribe a Role to a Specific Notification Type
+ description: Subscribes a Role to a specified notification type. Changes to Role subscriptions override the subscription status of any individual users with the Role.
+ operationId: subscribeByNotificationTypeRole
responses:
'200':
- description: Success
+ description: No Content
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -13380,25 +15728,20 @@ paths:
- okta.roles.manage
tags:
- Subscription
- /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/roles/{roleRef}/subscriptions/{notificationType}/unsubscribe:
+ parameters:
+ - $ref: '#/components/parameters/pathRoleRef'
+ - $ref: '#/components/parameters/pathNotificationType'
post:
- summary: Unsubscribe a Custom Role from a specific notification type
- description: Unsubscribes a Role identified by `roleType` or of a Custom Role identified by `roleId` from a specific notification type. When you change the subscription status of a Role or Custom Role, it overrides the subscription of any individual user of that Role or Custom Role.
- operationId: unsubscribeRoleSubscriptionByNotificationType
- parameters:
- - in: path
- name: roleTypeOrRoleId
- required: true
- schema:
- type: string
- - in: path
- name: notificationType
- required: true
- schema:
- type: string
+ summary: Unsubscribe a Role from a Specific Notification Type
+ description: Unsubscribes a Role from a specified notification type. Changes to Role subscriptions override the subscription status of any individual users with the Role.
+ operationId: unsubscribeByNotificationTypeRole
responses:
'200':
- description: Success
+ description: No Content
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -13411,10 +15754,13 @@ paths:
- okta.roles.manage
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/sessions:
post:
- summary: Create a Session with Session Token
- description: Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL.
+ summary: Create a Session with session token
+ description: Creates a new Session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID to delete a session through the API instead of visiting the logout URL.
operationId: createSession
x-codegen-request-body-name: createSessionRequest
requestBody:
@@ -13422,6 +15768,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/CreateSessionRequest'
+ examples:
+ SessionsCreate:
+ $ref: '#/components/examples/CreateSessionBody'
required: true
responses:
'200':
@@ -13430,6 +15779,10 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Session'
+ examples:
+ SessionsCreate:
+ summary: Create a new Session with a valid session token
+ $ref: '#/components/examples/CreateSessionResponse'
'400':
description: Bad Request
'403':
@@ -13440,17 +15793,113 @@ paths:
- apiToken: []
tags:
- Session
- /api/v1/sessions/{sessionId}:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/sessions/me:
get:
- summary: Retrieve a Session
- description: Retrieves the details about a session
- operationId: getSession
+ summary: Retrieve the current Session
+ description: |-
+ Retrieves Session information for the current user. Use this method in a browser-based application to determine if the user is signed in.
+
+ > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation.
+ operationId: getCurrentSession
parameters:
- - name: sessionId
- in: path
- required: true
+ - in: header
+ name: Cookie
+ schema:
+ description: Session ID (`sid`) or Identity Engine (`idx`) cookie
+ type: string
+ example: sid=abcde-123 or idx=abcde-123
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Session'
+ examples:
+ CurrentSessionsRetrieve:
+ summary: Retrieve current Session information
+ $ref: '#/components/examples/RetrieveCurrentSessionResponse'
+ '404':
+ description: Not Found
+ security: []
+ tags:
+ - Session
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
+ delete:
+ summary: Close the current Session
+ description: |-
+ Closes the Session for the user who is currently signed in. Use this method in a browser-based application to sign out a user.
+
+ > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation.
+ operationId: closeCurrentSession
+ parameters:
+ - in: header
+ name: Cookie
+ schema:
+ description: Session ID (`sid`) or Identity Engine (`idx`) cookie
+ type: string
+ example: sid=abcde-123 or idx=abcde-123
+ responses:
+ '204':
+ description: No Content
+ content: {}
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ security: []
+ tags:
+ - Session
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/sessions/me/lifecycle/refresh:
+ post:
+ summary: Refresh the current Session
+ description: |-
+ Refreshes the Session for the current user
+
+ > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation.
+ operationId: refreshCurrentSession
+ parameters:
+ - in: header
+ name: Cookie
schema:
+ description: Session ID (`sid`) or Identity Engine (`idx`) cookie
type: string
+ example: sid=abcde-123 or idx=abcde-123
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Session'
+ examples:
+ CurrentSessionsRefresh:
+ summary: Refersh current Session
+ $ref: '#/components/examples/RefreshCurrentSessionResponse'
+ '404':
+ description: Not Found
+ security: []
+ tags:
+ - Session
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/sessions/{sessionId}:
+ parameters:
+ - $ref: '#/components/parameters/pathSessionId'
+ get:
+ summary: Retrieve a Session
+ description: Retrieves information about the Session specified by the given session ID
+ operationId: getSession
responses:
'200':
description: Success
@@ -13458,6 +15907,10 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Session'
+ examples:
+ SessionsRetrieve:
+ summary: Retrieve Session information for a single session ID
+ $ref: '#/components/examples/RetrieveSessionResponse'
'400':
description: Bad Request
'403':
@@ -13472,16 +15925,13 @@ paths:
- okta.sessions.read
tags:
- Session
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke a Session
- description: Revokes a session
+ description: Revokes the specified Session
operationId: revokeSession
- parameters:
- - name: sessionId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -13498,17 +15948,16 @@ paths:
- okta.sessions.manage
tags:
- Session
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/sessions/{sessionId}/lifecycle/refresh:
+ parameters:
+ - $ref: '#/components/parameters/pathSessionId'
post:
summary: Refresh a Session
- description: Refreshes a session
+ description: Refreshes an existing Session using the `id` for that Session. A successful response contains the refreshed Session with an updated `expiresAt` timestamp.
operationId: refreshSession
- parameters:
- - name: sessionId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -13516,6 +15965,10 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/Session'
+ examples:
+ SessionsRefresh:
+ summary: Refresh an existing Session using the session ID
+ $ref: '#/components/examples/RefreshSessionResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -13528,6 +15981,9 @@ paths:
- okta.sessions.manage
tags:
- Session
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/templates/sms:
get:
summary: List all SMS Templates
@@ -13557,6 +16013,9 @@ paths:
- okta.templates.read
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an SMS Template
description: Creates a new custom SMS template
@@ -13587,17 +16046,16 @@ paths:
- okta.templates.manage
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/templates/sms/{templateId}:
+ parameters:
+ - $ref: '#/components/parameters/pathTemplateId'
get:
summary: Retrieve an SMS Template
description: Retrieves a specific template by `id`
operationId: getSmsTemplate
- parameters:
- - name: templateId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -13617,16 +16075,13 @@ paths:
- okta.templates.read
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update an SMS Template
description: Updates an SMS template
operationId: updateSmsTemplate
- parameters:
- - name: templateId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: smsTemplate
requestBody:
content:
@@ -13655,16 +16110,13 @@ paths:
- okta.templates.manage
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an SMS Template
description: Replaces the SMS template
operationId: replaceSmsTemplate
- parameters:
- - name: templateId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: smsTemplate
requestBody:
content:
@@ -13693,16 +16145,13 @@ paths:
- okta.templates.manage
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an SMS Template
description: Deletes an SMS template
operationId: deleteSmsTemplate
- parameters:
- - name: templateId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -13719,10 +16168,13 @@ paths:
- okta.templates.manage
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/threats/configuration:
get:
summary: Retrieve the ThreatInsight Configuration
- description: Retrieves current ThreatInsight configuration
+ description: Retrieves the ThreatInsight configuration for the org
operationId: getCurrentConfiguration
responses:
'200':
@@ -13731,6 +16183,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ThreatInsightConfiguration'
+ examples:
+ ThreatInsightResponseEx:
+ $ref: '#/components/examples/ThreatInsightResponseExample'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -13741,9 +16196,12 @@ paths:
- okta.threatInsights.read
tags:
- ThreatInsight
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update the ThreatInsight Configuration
- description: Updates ThreatInsight configuration
+ description: Updates the ThreatInsight configuration for the org
operationId: updateConfiguration
x-codegen-request-body-name: threatInsightConfiguration
requestBody:
@@ -13751,6 +16209,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ThreatInsightConfiguration'
+ examples:
+ ThreatInsightUpdateEx:
+ $ref: '#/components/examples/ThreatInsightUpdateRequestExample'
required: true
responses:
'200':
@@ -13759,6 +16220,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ThreatInsightConfiguration'
+ examples:
+ ThreatInsightUpdateEx:
+ $ref: '#/components/examples/ThreatInsightUpdateResponseExample'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -13771,6 +16235,9 @@ paths:
- okta.threatInsights.manage
tags:
- ThreatInsight
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/trustedOrigins:
get:
summary: List all Trusted Origins
@@ -13814,6 +16281,9 @@ paths:
- okta.trustedOrigins.read
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Trusted Origin
description: Creates a trusted origin
@@ -13844,17 +16314,16 @@ paths:
- okta.trustedOrigins.manage
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/trustedOrigins/{trustedOriginId}:
+ parameters:
+ - $ref: '#/components/parameters/pathTrustedOriginId'
get:
summary: Retrieve a Trusted Origin
description: Retrieves a trusted origin
operationId: getTrustedOrigin
- parameters:
- - name: trustedOriginId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -13874,16 +16343,13 @@ paths:
- okta.trustedOrigins.read
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Trusted Origin
description: Replaces a trusted origin
operationId: replaceTrustedOrigin
- parameters:
- - name: trustedOriginId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: trustedOrigin
requestBody:
content:
@@ -13912,16 +16378,13 @@ paths:
- okta.trustedOrigins.manage
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Trusted Origin
description: Deletes a trusted origin
operationId: deleteTrustedOrigin
- parameters:
- - name: trustedOriginId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: Success
@@ -13938,17 +16401,16 @@ paths:
- okta.trustedOrigins.manage
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathTrustedOriginId'
post:
summary: Activate a Trusted Origin
description: Activates a trusted origin
operationId: activateTrustedOrigin
- parameters:
- - name: trustedOriginId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -13968,17 +16430,16 @@ paths:
- okta.trustedOrigins.manage
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathTrustedOriginId'
post:
summary: Deactivate a Trusted Origin
description: Deactivates a trusted origin
operationId: deactivateTrustedOrigin
- parameters:
- - name: trustedOriginId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -13998,6 +16459,9 @@ paths:
- okta.trustedOrigins.manage
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users:
get:
summary: List all Users
@@ -14033,6 +16497,7 @@ paths:
type: string
- name: sortOrder
in: query
+ description: Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive.
schema:
type: string
responses:
@@ -14045,7 +16510,7 @@ paths:
items:
$ref: '#/components/schemas/User'
examples:
- User List:
+ UserList:
$ref: '#/components/examples/ListUsersResponse'
'403':
description: Forbidden
@@ -14061,9 +16526,19 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a User
- description: Creates a new user in your Okta organization with or without credentials
+ description: |-
+ Creates a new user in your Okta organization with or without credentials
+ > **Legal Disclaimer**
+ After a user is added to the Okta directory, they receive an activation email. As part of signing up for this service,
+ you agreed not to use Okta's service/product to spam and/or send unsolicited messages.
+ Please refrain from adding unrelated accounts to the directory as Okta is not responsible for, and disclaims any and all
+ liability associated with, the activation email's content. You, and you alone, bear responsibility for the emails sent to any recipients.
operationId: createUser
parameters:
- name: activate
@@ -14125,62 +16600,26 @@ paths:
- okta.users.manage
tags:
- User
- /api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}:
- put:
- summary: Create a Linked Object for two User
- description: Creates a linked object for two users
- operationId: setLinkedObjectForUser
- parameters:
- - name: associatedUserId
- in: path
- required: true
- schema:
- type: string
- - name: primaryRelationshipName
- in: path
- required: true
- schema:
- type: string
- - name: primaryUserId
- in: path
- required: true
- schema:
- type: string
- responses:
- '204':
- description: Success
- content: {}
- '403':
- $ref: '#/components/responses/ErrorAccessDenied403'
- '404':
- $ref: '#/components/responses/ErrorResourceNotFound404'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - oauth2:
- - okta.users.manage
- tags:
- - User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
summary: Retrieve a User
description: Retrieves a user from your Okta organization
operationId: getUser
parameters:
- - $ref: '#/components/parameters/pathUserId'
- - name: expand
- in: query
- description: 'Specifies additional metadata to include in the response. Possible value: `blocks`'
- required: false
- schema:
- type: string
+ - $ref: '#/components/parameters/queryUserExpand'
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/User'
+ $ref: '#/components/schemas/UserGetSingleton'
'403':
description: Forbidden
content:
@@ -14201,12 +16640,15 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update a User
description: Updates a user partially determined by the request parameters
operationId: updateUser
parameters:
- - $ref: '#/components/parameters/pathUserId'
- name: strict
in: query
schema:
@@ -14251,12 +16693,15 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a User
description: Replaces a user's profile and/or credentials using strict-update semantics
operationId: replaceUser
parameters:
- - $ref: '#/components/parameters/pathUserId'
- name: strict
in: query
schema:
@@ -14267,7 +16712,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/UpdateUserRequest'
+ $ref: '#/components/schemas/User'
required: true
responses:
'200':
@@ -14302,12 +16747,15 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a User
description: Deletes a user permanently. This operation can only be performed on users that have a `DEPROVISIONED` status. **This action cannot be recovered!**. Calling this on an `ACTIVE` user will transition the user to `DEPROVISIONED`.
operationId: deleteUser
parameters:
- - $ref: '#/components/parameters/pathUserId'
- name: sendEmail
in: query
schema:
@@ -14344,17 +16792,17 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/appLinks:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
summary: List all Assigned Application Links
description: Lists all appLinks for all direct or indirect (via group membership) assigned applications
operationId: listAppLinks
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -14376,13 +16824,17 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/blocks:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
summary: List all User Blocks
description: Lists information about how the user is blocked from accessing their account
operationId: listUserBlocks
- parameters:
- - $ref: '#/components/parameters/pathUserId'
responses:
'200':
description: Success
@@ -14409,17 +16861,17 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/clients:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
summary: List all Clients
description: Lists all client resources for which the specified user has grants or tokens
operationId: listUserClients
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -14441,22 +16893,19 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/clients/{clientId}/grants:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathClientId'
get:
summary: List all Grants for a Client
description: Lists all grants for a specified user and client
operationId: listGrantsForUserAndClient
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: clientId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -14492,21 +16941,14 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke all Grants for a Client
description: Revokes all grants for the specified user and client
operationId: revokeGrantsForUserAndClient
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: clientId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -14523,22 +16965,19 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/clients/{clientId}/tokens:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathClientId'
get:
summary: List all Refresh Tokens for a Client
description: Lists all refresh tokens issued for the specified User and Client
operationId: listRefreshTokensForUserAndClient
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: clientId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -14574,21 +17013,14 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke all Refresh Tokens for a Client
description: Revokes all refresh tokens issued for the specified User and Client
operationId: revokeTokensForUserAndClient
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: clientId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -14605,27 +17037,20 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathClientId'
+ - $ref: '#/components/parameters/pathTokenId'
get:
summary: Retrieve a Refresh Token for a Client
description: Retrieves a refresh token issued for the specified User and Client
operationId: getRefreshTokenForUserAndClient
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: clientId
- in: path
- required: true
- schema:
- type: string
- - name: tokenId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -14658,26 +17083,14 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke a Token for a Client
description: Revokes the specified refresh token
operationId: revokeTokenForUserAndClient
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: clientId
- in: path
- required: true
- schema:
- type: string
- - name: tokenId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -14694,17 +17107,18 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/credentials/change_password:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Change Password
description: Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential
operationId: changePassword
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: strict
in: query
schema:
@@ -14738,17 +17152,17 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/credentials/change_recovery_question:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Change Recovery Question
description: Changes a user's recovery question & answer credential by validating the user's current password. This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential
operationId: changeRecoveryQuestion
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: userCredentials
requestBody:
content:
@@ -14777,17 +17191,18 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/credentials/forgot_password:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Initiate Forgot Password
description: Initiates the forgot password flow. Generates a one-time token (OTT) that can be used to reset a user's password.
operationId: forgotPassword
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: sendEmail
in: query
required: false
@@ -14813,17 +17228,18 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/credentials/forgot_password_recovery_question:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Reset Password with Recovery Question
description: Resets the user's password to the specified password if the provided answer to the recovery question is correct
operationId: forgotPasswordSetNewPassword
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: sendEmail
in: query
required: false
@@ -14858,17 +17274,17 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
- summary: List all Factors
- description: Lists all the enrolled factors for the specified user
+ summary: List all enrolled Factors
+ description: Lists all enrolled Factors for the specified user
operationId: listFactors
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -14877,35 +17293,35 @@ paths:
schema:
type: array
items:
- oneOf: &ref_12
- - $ref: '#/components/schemas/CallUserFactor'
- - $ref: '#/components/schemas/EmailUserFactor'
- - $ref: '#/components/schemas/PushUserFactor'
- - $ref: '#/components/schemas/SecurityQuestionUserFactor'
- - $ref: '#/components/schemas/SmsUserFactor'
- - $ref: '#/components/schemas/TokenUserFactor'
- - $ref: '#/components/schemas/HardwareUserFactor'
- - $ref: '#/components/schemas/CustomHotpUserFactor'
- - $ref: '#/components/schemas/TotpUserFactor'
- - $ref: '#/components/schemas/U2fUserFactor'
- - $ref: '#/components/schemas/WebUserFactor'
- - $ref: '#/components/schemas/WebAuthnUserFactor'
- discriminator: &ref_13
+ oneOf: &ref_18
+ - $ref: '#/components/schemas/UserFactorCall'
+ - $ref: '#/components/schemas/UserFactorEmail'
+ - $ref: '#/components/schemas/UserFactorPush'
+ - $ref: '#/components/schemas/UserFactorSecurityQuestion'
+ - $ref: '#/components/schemas/UserFactorSMS'
+ - $ref: '#/components/schemas/UserFactorToken'
+ - $ref: '#/components/schemas/UserFactorHardware'
+ - $ref: '#/components/schemas/UserFactorCustomHOTP'
+ - $ref: '#/components/schemas/UserFactorTOTP'
+ - $ref: '#/components/schemas/UserFactorU2F'
+ - $ref: '#/components/schemas/UserFactorWeb'
+ - $ref: '#/components/schemas/UserFactorWebAuthn'
+ discriminator: &ref_19
propertyName: factorType
mapping:
- call: '#/components/schemas/CallUserFactor'
- email: '#/components/schemas/EmailUserFactor'
- push: '#/components/schemas/PushUserFactor'
- question: '#/components/schemas/SecurityQuestionUserFactor'
- sms: '#/components/schemas/SmsUserFactor'
- token: '#/components/schemas/TokenUserFactor'
- token:hardware: '#/components/schemas/HardwareUserFactor'
- token:hotp: '#/components/schemas/CustomHotpUserFactor'
- token:software:totp: '#/components/schemas/TotpUserFactor'
- u2f: '#/components/schemas/U2fUserFactor'
- web: '#/components/schemas/WebUserFactor'
- webauthn: '#/components/schemas/WebAuthnUserFactor'
- hotp: '#/components/schemas/CustomHotpUserFactor'
+ call: '#/components/schemas/UserFactorCall'
+ email: '#/components/schemas/UserFactorEmail'
+ push: '#/components/schemas/UserFactorPush'
+ question: '#/components/schemas/UserFactorSecurityQuestion'
+ sms: '#/components/schemas/UserFactorSMS'
+ token: '#/components/schemas/UserFactorToken'
+ token:hardware: '#/components/schemas/UserFactorHardware'
+ token:hotp: '#/components/schemas/UserFactorCustomHOTP'
+ token:software:totp: '#/components/schemas/UserFactorTOTP'
+ u2f: '#/components/schemas/UserFactorU2F'
+ web: '#/components/schemas/UserFactorWeb'
+ webauthn: '#/components/schemas/UserFactorWebAuthn'
+ hotp: '#/components/schemas/UserFactorCustomHOTP'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -14918,34 +17334,38 @@ paths:
- okta.users.read
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Enroll a Factor
- description: Enrolls a user with a supported factor
+ description: Enrolls a supported Factor for the specified user
operationId: enrollFactor
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: updatePhone
+ description: If `true`, indicates that you'll update the `phoneNumber`. Only used for `sms` Factors that are pending activation.
in: query
schema:
type: boolean
default: false
- name: templateId
in: query
- description: id of SMS template (only for SMS factor)
+ description: ID of an existing custom SMS template. See the [SMS Templates API](../Template). Only used by `sms` Factors.
schema:
type: string
+ example: cstk2flOtuCMDJK4b0g3
- name: tokenLifetimeSeconds
+ description: Defines how long the token remains valid
in: query
schema:
type: integer
format: int32
+ minimum: 1
+ maximum: 86400
default: 300
x-okta-added-version: 1.3.0
- name: activate
+ description: If `true`, the `sms` Factor is immediately activated as part of the enrollment. An activation text message isn't sent to the device.
in: query
schema:
type: boolean
@@ -14957,8 +17377,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_12
- discriminator: *ref_13
+ oneOf: *ref_18
+ discriminator: *ref_19
required: true
responses:
'200':
@@ -14966,8 +17386,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_12
- discriminator: *ref_13
+ oneOf: *ref_18
+ discriminator: *ref_19
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -14982,17 +17402,16 @@ paths:
- okta.users.manage
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/catalog:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
- summary: List all Supported Factors
- description: Lists all the supported factors that can be enrolled for the specified user
+ summary: List all supported Factors
+ description: Lists all the supported Factors that can be enrolled for the specified user
operationId: listSupportedFactors
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -15001,8 +17420,8 @@ paths:
schema:
type: array
items:
- oneOf: *ref_12
- discriminator: *ref_13
+ oneOf: *ref_18
+ discriminator: *ref_19
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -15015,26 +17434,32 @@ paths:
- okta.users.read
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/questions:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
- summary: List all Supported Security Questions
- description: Lists all available security questions for a user's `question` factor
+ summary: List all supported Security Questions
+ description: Lists all available Security Questions for the specified user
operationId: listSupportedSecurityQuestions
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
content:
application/json:
+ example:
+ - question: disliked_food
+ questionText: What is the food you least liked as a child?
+ - question: name_of_first_plush_toy
+ questionText: What is the name of your first stuffed animal?
+ - question: first_award
+ questionText: What did you earn your first medal or award for?
schema:
type: array
items:
- $ref: '#/components/schemas/SecurityQuestion'
+ $ref: '#/components/schemas/UserFactorSecurityQuestionProfile'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -15045,30 +17470,26 @@ paths:
- apiToken: []
tags:
- UserFactor
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/{factorId}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathFactorId'
get:
summary: Retrieve a Factor
- description: Retrieves a factor for the specified user
+ description: Retrieves an existing Factor for the specified user
operationId: getFactor
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: factorId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
content:
application/json:
schema:
- oneOf: *ref_12
- discriminator: *ref_13
+ oneOf: *ref_18
+ discriminator: *ref_19
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -15081,22 +17502,19 @@ paths:
- okta.users.read
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unenroll a Factor
- description: Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor
+ description: |-
+ Unenrolls an existing Factor for the specified user. This allows the user to enroll a new Factor.
+
+ > **Note**: If you unenroll the `push` or the `signed_nonce` Factors, Okta also unenrolls any other `totp`, `signed_nonce`, or Okta Verify `push` Factors associated with the user.
operationId: unenrollFactor
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: factorId
- in: path
- required: true
- schema:
- type: string
- - name: removeEnrollmentRecovery
+ - name: removeRecoveryEnrollment
+ description: If `true`, removes the the phone number as both a recovery method and a Factor. Only used for `sms` and `call` Factors.
in: query
schema:
type: boolean
@@ -15117,37 +17535,88 @@ paths:
- okta.users.manage
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathFactorId'
post:
summary: Activate a Factor
- description: Activates a factor. The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
+ description: |-
+ Activates a Factor. The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
+
+ Okta enforces a rate limit of five activation attempts within five minutes.
+ After a user exceeds the rate limit, Okta returns an error message.
operationId: activateFactor
+ x-codegen-request-body-name: body
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UserFactorActivateRequest'
+ required: false
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ oneOf: *ref_18
+ discriminator: *ref_19
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.users.manage
+ tags:
+ - UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/users/{userId}/factors/{factorId}/resend:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathFactorId'
+ post:
+ summary: Resend a Factor enrollment
+ description: |-
+ Resends an `sms`, `call`, or `email` factor challenge as part of an enrollment flow.
+
+ For `call` and `sms` factors, Okta enforces a rate limit of one OTP challenge per device every 30 seconds. You can configure your `sms` and `call` factors to use a third-party telephony provider. See the [Telephony inline hook reference](https://developer.okta.com/docs/reference/telephony-hook/). Okta round-robins between SMS providers with every resend request to help ensure delivery of an SMS and Call OTPs across different carriers.
+
+ > **Note**: Resend operations aren't allowed after a factor exceeds the activation rate limit. See [Activate a Factor](./#tag/UserFactor/operation/activateFactor).
+ operationId: resendEnrollFactor
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: factorId
- in: path
- required: true
+ - name: templateId
+ in: query
+ description: ID of an existing custom SMS template. See the [SMS Templates API](../Template). Only used by `sms` Factors.
schema:
+ example: cstk2flOtuCMDJK4b0g3
type: string
- x-codegen-request-body-name: body
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/ActivateFactorRequest'
- required: false
+ oneOf: *ref_18
+ discriminator: *ref_19
+ required: true
responses:
'200':
description: Success
content:
application/json:
schema:
- oneOf: *ref_12
- discriminator: *ref_13
+ oneOf: *ref_18
+ discriminator: *ref_19
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -15162,34 +17631,25 @@ paths:
- okta.users.manage
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathFactorId'
+ - $ref: '#/components/parameters/pathTransactionId'
get:
- summary: Retrieve a Factor Transaction Status
- description: Retrieves the factors verification transaction status
+ summary: Retrieve a Factor transaction status
+ description: Retrieves the status of a `push` Factor verification transaction
operationId: getFactorTransactionStatus
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: factorId
- in: path
- required: true
- schema:
- type: string
- - name: transactionId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/VerifyUserFactorResponse'
+ $ref: '#/components/schemas/UserFactorVerifyResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -15202,44 +17662,55 @@ paths:
- okta.users.read
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/{factorId}/verify:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathFactorId'
post:
- summary: Verify an MFA Factor
- description: Verifies an OTP for a `token` or `token:hardware` factor
+ summary: Verify a Factor
+ description: |-
+ Verifies an OTP for a Factor. Some Factors (`call`, `email`, `push`, `sms`, `u2f`, and `webauthn`) require Okta to issue a challenge to initiate the transaction. Do this by making a request without a body. After a challenge is issued, make another request to verify the Factor.
+
+ **Note**: To verify a `push` factor, use the **poll** link returned when you issue the challenge. See [Retrieve a Factor Transaction Status](/openapi/okta-management/management/tag/UserFactor/#tag/UserFactor/operation/getFactorTransactionStatus).
operationId: verifyFactor
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: factorId
- in: path
- required: true
- schema:
- type: string
- name: templateId
+ description: ID of an existing custom SMS template. See the [SMS Templates API](../Template). Only used by `sms` Factors.
in: query
schema:
type: string
+ example: cstk2flOtuCMDJK4b0g3
- name: tokenLifetimeSeconds
+ description: Defines how long the token remains valid
in: query
schema:
type: integer
format: int32
+ minimum: 1
+ maximum: 86400
default: 300
x-okta-added-version: 1.3.0
- name: X-Forwarded-For
+ description: Public IP address for the user agent
in: header
schema:
type: string
x-okta-added-version: 1.11.0
- name: User-Agent
+ description: Type of user agent detected when the request is made
in: header
schema:
type: string
x-okta-added-version: 1.11.0
- name: Accept-Language
+ description: |-
+ Sets a two-letter language code that defines a localized message to send. Only used by the `sms` Factor.
+
+ * If the language code doesn't exist in the SMS template, the message uses the default template.
+ * If the `templateId` doesn't exist, the message is sent using the default template.
in: header
schema:
type: string
@@ -15248,7 +17719,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/VerifyFactorRequest'
+ $ref: '#/components/schemas/UserFactorVerifyRequest'
required: false
responses:
'200':
@@ -15256,7 +17727,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/VerifyUserFactorResponse'
+ $ref: '#/components/schemas/UserFactorVerifyResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -15271,17 +17742,17 @@ paths:
- okta.users.manage
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/grants:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
summary: List all User Grants
description: Lists all grants for the specified user
operationId: listUserGrants
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: scopeId
in: query
schema:
@@ -15321,16 +17792,14 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke all User Grants
description: Revokes all grants for a specified user
operationId: revokeUserGrants
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -15347,22 +17816,19 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/grants/{grantId}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathGrantId'
get:
summary: Retrieve a User Grant
description: Retrieves a grant for the specified user
operationId: getUserGrant
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: grantId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -15386,21 +17852,14 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke a User Grant
description: Revokes one grant for a specified user
operationId: revokeUserGrant
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: grantId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -15417,17 +17876,20 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/groups:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
summary: List all Groups
description: Lists all groups of which the user is a member
operationId: listUserGroups
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
+ - $ref: '#/components/parameters/queryAfter'
+ - $ref: '#/components/parameters/queryLimit'
responses:
'200':
description: Success
@@ -15449,17 +17911,17 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/idps:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
summary: List all Identity Providers
description: Lists the IdPs associated with the user
operationId: listUserIdentityProviders
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -15481,17 +17943,30 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Activate a User
- description: Activates a user. This operation can only be performed on users with a `STAGED` status. Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation. The user will have a status of `ACTIVE` when the activation process is complete.
+ description: |-
+ Activates a user. This operation can only be performed on users with a `STAGED` or `DEPROVISIONED` status.
+ Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus`
+ property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation.
+ The user will have a status of `ACTIVE` when the activation process is complete.
+ > **Multibrand and User activation**
+ If you want to send a branded User Activation email, change the subdomain of your request to the custom domain that's associated with the brand.
+ For example, change `subdomain.okta.com` to `custom.domain.one`. See [Multibrand and custom domains](https://developer.okta.com/docs/concepts/brands/#multibrand-and-custom-domains).
+
+ > **Legal disclaimer**
+ After a user is added to the Okta directory, they receive an activation email. As part of signing up for this service,
+ you agreed not to use Okta's service/product to spam and/or send unsolicited messages.
+ Please refrain from adding unrelated accounts to the directory as Okta is not responsible for, and disclaims any and all
+ liability associated with, the activation email's content. You, and you alone, bear responsibility for the emails sent to any recipients.
operationId: activateUser
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: sendEmail
in: query
description: Sends an activation email to the user if true
@@ -15518,17 +17993,18 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Deactivate a User
description: 'Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user''s `transitioningToStatus` property is `DEPROVISIONED`. The user''s status is `DEPROVISIONED` when the deactivation process is complete.'
operationId: deactivateUser
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: sendEmail
in: query
schema:
@@ -15551,17 +18027,17 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/expire_password:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Expire Password
description: Expires a user's password and transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login
operationId: expirePassword
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -15581,17 +18057,25 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/expire_password_with_temp_password:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Expire Password and Set Temporary Password
description: Expires a user's password and transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login, and also sets the user's password to a temporary password returned in the response
operationId: expirePasswordAndGetTemporaryPassword
parameters:
- - name: userId
- in: path
- required: true
+ - name: revokeSessions
+ description: When set to `true` (and the session is a user session), all user sessions are revoked except the current session.
+ in: query
+ required: false
schema:
- type: string
+ type: boolean
+ default: false
responses:
'200':
description: Success
@@ -15611,17 +18095,18 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/reactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Reactivate a User
description: Reactivates a user. This operation can only be performed on users with a `PROVISIONED` status. This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).
operationId: reactivateUser
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: sendEmail
in: query
description: Sends an activation email to the user if true
@@ -15647,17 +18132,24 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/reset_factors:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Reset all Factors
description: Resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
operationId: resetFactors
parameters:
- - name: userId
- in: path
- required: true
+ - name: removeRecoveryEnrollment
+ description: 'If `true`, removes the phone number as both a recovery method and a Factor. Supported Factors: `sms` and `call`'
+ in: query
schema:
- type: string
+ type: boolean
+ default: false
responses:
'200':
description: OK
@@ -15674,22 +18166,30 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/reset_password:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Generate a Reset Password Token
description: Generates a one-time token (OTT) that can be used to reset a user's password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
operationId: generateResetPasswordToken
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: sendEmail
in: query
required: true
schema:
type: boolean
+ - name: revokeSessions
+ description: When set to `true` (and the session is a user session), all user sessions are revoked except the current session.
+ in: query
+ required: false
+ schema:
+ type: boolean
+ default: false
responses:
'200':
description: Success
@@ -15709,17 +18209,17 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/suspend:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Suspend a User
description: Suspends a user. This operation can only be performed on users with an `ACTIVE` status. The user will have a status of `SUSPENDED` when the process is complete.
operationId: suspendUser
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: OK
@@ -15736,17 +18236,17 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/unlock:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Unlock a User
description: Unlocks a user with a `LOCKED_OUT` status or unlocks a user with an `ACTIVE` status that is blocked from unknown devices. Unlocked users have an `ACTIVE` status and can sign in with their current password.
operationId: unlockUser
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -15763,17 +18263,17 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/unsuspend:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
post:
summary: Unsuspend a User
description: Unsuspends a user and returns them to the `ACTIVE` state. This operation can only be performed on users that have a `SUSPENDED` status.
operationId: unsuspendUser
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -15790,22 +18290,47 @@ paths:
- okta.users.manage
tags:
- User
- /api/v1/users/{userId}/linkedObjects/{relationshipName}:
- get:
- summary: List all Linked Objects
- description: Lists all linked objects for a user, relationshipName can be a primary or associated relationship name
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/users/{userId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathPrimaryRelationshipName'
+ - $ref: '#/components/parameters/pathPrimaryUserId'
+ put:
+ summary: Create a Linked Object for two Users
+ description: Creates a Linked Object for two users
+ operationId: setLinkedObjectForUser
+ responses:
+ '204':
+ description: Success
+ content: {}
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - oauth2:
+ - okta.users.manage
+ tags:
+ - User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/users/{userId}/linkedObjects/{relationshipName}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathRelationshipName'
+ get:
+ summary: List all Linked Objects
+ description: Lists all linked objects for a user, relationshipName can be a primary or associated relationship name
operationId: listLinkedObjectsForUser
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: relationshipName
- in: path
- required: true
- schema:
- type: string
- name: after
in: query
schema:
@@ -15837,21 +18362,14 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Linked Object
description: Deletes linked objects for a user, relationshipName can be ONLY a primary relationship name
operationId: deleteLinkedObjectForUser
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: relationshipName
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -15868,17 +18386,18 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
summary: List all Roles assigned to a User
description: Lists all roles assigned to a user identified by `userId`
operationId: listAssignedRolesForUser
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: expand
in: query
schema:
@@ -15904,16 +18423,14 @@ paths:
- okta.roles.read
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Assign a Role to a User
description: Assigns a role to a user identified by `userId`
operationId: assignRoleToUser
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: disableNotifications
description: Setting this to `true` grants the user third-party admin status
in: query
@@ -15947,22 +18464,17 @@ paths:
- okta.roles.manage
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathRoleId'
get:
summary: Retrieve a Role assigned to a User
description: Retrieves a role identified by `roleId` assigned to a user identified by `userId`
operationId: getUserAssignedRole
- parameters:
- - in: path
- name: userId
- required: true
- schema:
- type: string
- - in: path
- name: roleId
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -15982,21 +18494,13 @@ paths:
- okta.roles.read
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Role from a User
description: Unassigns a role identified by `roleId` from a user identified by `userId`
operationId: unassignRoleFromUser
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -16013,22 +18517,18 @@ paths:
- okta.roles.manage
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathRoleId'
get:
summary: List all Application Targets for Application Administrator Role
description: Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
operationId: listApplicationTargetsForApplicationAdministratorRoleForUser
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- name: after
in: query
schema:
@@ -16060,21 +18560,13 @@ paths:
- okta.roles.read
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Assign all Apps as Target to Role
description: Assigns all Apps as Target to Role
operationId: assignAllAppsAsTargetToRoleForUser
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -16091,27 +18583,18 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathRoleId'
+ - $ref: '#/components/parameters/pathAppName'
put:
summary: Assign an Application Target to Administrator Role
description: Assigns an application target to administrator role
operationId: assignAppTargetToAdminRoleForUser
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: appName
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -16128,26 +18611,13 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign an Application Target from an Application Administrator Role
description: Unassigns an application target from application administrator role
operationId: unassignAppTargetFromAppAdminRoleForUser
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: appName
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -16164,32 +18634,19 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
- /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{appId}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathRoleId'
+ - $ref: '#/components/parameters/pathAppName'
+ - $ref: '#/components/parameters/pathAppId'
put:
summary: Assign an Application Instance Target to an Application Administrator Role
description: Assigns anapplication instance target to appplication administrator role
operationId: assignAppInstanceTargetToAppAdminRoleForUser
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: appName
- in: path
- required: true
- schema:
- type: string
- - name: applicationId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -16206,31 +18663,13 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign an Application Instance Target from an Application Administrator Role
description: Unassigns an application instance target from an application administrator role
operationId: unassignAppInstanceTargetFromAdminRoleForUser
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: appName
- in: path
- required: true
- schema:
- type: string
- - name: applicationId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -16247,22 +18686,18 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}/targets/groups:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathRoleId'
get:
summary: List all Group Targets for Role
description: Lists all group targets for role
operationId: listGroupTargetsForRole
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- name: after
in: query
schema:
@@ -16294,27 +18729,18 @@ paths:
- okta.roles.read
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathRoleId'
+ - $ref: '#/components/parameters/pathGroupId'
put:
summary: Assign a Group Target to Role
description: Assigns a Group Target to Role
operationId: assignGroupTargetToUserRole
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: groupId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -16331,26 +18757,13 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Group Target from Role
description: Unassigns a Group Target from Role
operationId: unassignGroupTargetFromUserAdminRole
- parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- - name: roleId
- in: path
- required: true
- schema:
- type: string
- - name: groupId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -16367,17 +18780,17 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/sessions:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
delete:
summary: Revoke all User Sessions
description: Revokes all active identity provider sessions of the user. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
operationId: revokeUserSessions
parameters:
- - name: userId
- in: path
- required: true
- schema:
- type: string
- name: oauthTokens
in: query
description: Revoke issued OpenID Connect and OAuth refresh and access tokens
@@ -16400,17 +18813,24 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/subscriptions:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
get:
- summary: List all Subscriptions
- description: Lists all subscriptions of a user. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
- operationId: listUserSubscriptions
+ summary: List all Subscriptions for a User
+ description: Lists all subscriptions available to a specified User. Returns an `AccessDeniedException` message if requests are made for another user.
+ operationId: listSubscriptionsUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
+ description: The unique ID of the user
responses:
'200':
description: Success
@@ -16432,22 +18852,25 @@ paths:
- okta.users.read
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/subscriptions/{notificationType}:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathNotificationType'
get:
- summary: List all Subscriptions by type
- description: Lists all the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
- operationId: listUserSubscriptionsByNotificationType
+ summary: Retrieve a Subscription for a User
+ description: Retrieves a subscription by `notificationType` for a specified User. Returns an `AccessDeniedException` message if requests are made for another user.
+ operationId: getSubscriptionsNotificationTypeUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
- - in: path
- name: notificationType
- required: true
- schema:
- type: string
+ description: The unique ID of the user
+ - $ref: '#/components/parameters/pathNotificationType'
responses:
'200':
description: Success
@@ -16467,25 +18890,28 @@ paths:
- okta.users.read
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/subscriptions/{notificationType}/subscribe:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathNotificationType'
post:
- summary: Subscribe to a specific notification type
- description: Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
- operationId: subscribeUserSubscriptionByNotificationType
+ summary: Subscribe a User to a Specific Notification Type
+ description: Subscribes the current user to a specified notification type. Returns an `AccessDeniedException` message if requests are made for another user.
+ operationId: subscribeByNotificationTypeUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
- - in: path
- name: notificationType
- required: true
- schema:
- type: string
+ description: The unique ID of the user
+ - $ref: '#/components/parameters/pathNotificationType'
responses:
'200':
- description: Success
+ description: No Content
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -16498,25 +18924,28 @@ paths:
- okta.users.manage
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe:
+ parameters:
+ - $ref: '#/components/parameters/pathUserId'
+ - $ref: '#/components/parameters/pathNotificationType'
post:
- summary: Unsubscribe from a specific notification type
- description: Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
- operationId: unsubscribeUserSubscriptionByNotificationType
+ summary: Unsubscribe a User from a Specific Notification Type
+ description: Unsubscribes the current user from a specified notification type. Returns an `AccessDeniedException` message if requests are made for another user.
+ operationId: unsubscribeByNotificationTypeUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
- - in: path
- name: notificationType
- required: true
- schema:
- type: string
+ description: The unique ID of the user
+ - $ref: '#/components/parameters/pathNotificationType'
responses:
'200':
- description: Success
+ description: No Content
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -16529,6 +18958,9 @@ paths:
- okta.users.manage
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/zones:
get:
summary: List all Network Zones
@@ -16543,18 +18975,21 @@ paths:
- name: after
in: query
description: Specifies the pagination cursor for the next page of network zones
+ example: 200u7yq5goxNFTiMjW1d7
schema:
type: string
- name: limit
in: query
description: Specifies the number of results for a page
+ example: 5
schema:
type: integer
format: int32
default: -1
- name: filter
in: query
- description: Filters zones by usage or id expression
+ description: Filters zones by usage or ID expression
+ example: filter=%28id+eq+%22nzowc1U5Jh5xuAK0o0g3%22%29
schema:
type: string
responses:
@@ -16566,6 +19001,11 @@ paths:
type: array
items:
$ref: '#/components/schemas/NetworkZone'
+ examples:
+ RetrieveAllZonesWithFilter:
+ $ref: '#/components/examples/RetrieveAllZonesWithFilter'
+ RetrieveAllZones:
+ $ref: '#/components/examples/RetrieveAllZones'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'429':
@@ -16576,6 +19016,9 @@ paths:
- okta.networkZones.read
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Network Zone
description: |-
@@ -16589,6 +19032,11 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/NetworkZone'
+ examples:
+ CreateIPPolicyNetworkZone:
+ $ref: '#/components/examples/CreateIPPolicyNetworkZone'
+ CreateIPPolicyBlocklistNetworkZone:
+ $ref: '#/components/examples/CreateIPPolicyBlockListNetworkZone'
required: true
responses:
'200':
@@ -16597,6 +19045,11 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/NetworkZone'
+ examples:
+ CreateIPPolicyNetworkZone:
+ $ref: '#/components/examples/CreateIPPolicyNetworkZoneResponse'
+ CreateIPPolicyBlocklistNetworkZone:
+ $ref: '#/components/examples/CreateIPPolicyBlockListNetworkZoneResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -16609,17 +19062,16 @@ paths:
- okta.networkZones.manage
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/zones/{zoneId}:
+ parameters:
+ - $ref: '#/components/parameters/pathZoneId'
get:
summary: Retrieve a Network Zone
description: Retrieves a network zone by `zoneId`
operationId: getNetworkZone
- parameters:
- - name: zoneId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -16627,6 +19079,11 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/NetworkZone'
+ examples:
+ RetrieveNetworkZoneIP:
+ $ref: '#/components/examples/RetrieveNetworkZoneIP'
+ RetrieveNetworkZoneDynamic:
+ $ref: '#/components/examples/RetrieveNetworkZoneDynamic'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -16639,24 +19096,24 @@ paths:
- okta.networkZones.read
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Network Zone
description: |-
Replaces a network zone by `zoneId`. The replaced network zone type must be the same as the existing type.
You may replace the usage (`POLICY`, `BLOCKLIST`) of a network zone by updating the `usage` attribute.
operationId: replaceNetworkZone
- parameters:
- - name: zoneId
- in: path
- required: true
- schema:
- type: string
x-codegen-request-body-name: zone
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/NetworkZone'
+ examples:
+ ReplaceNetworkZone:
+ $ref: '#/components/examples/ReplaceNetworkZone'
required: true
responses:
'200':
@@ -16665,6 +19122,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/NetworkZone'
+ examples:
+ ReplaceNetworkZone:
+ $ref: '#/components/examples/ReplaceNetworkZoneResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -16679,16 +19139,13 @@ paths:
- okta.networkZones.manage
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Network Zone
description: Deletes network zone by `zoneId`
operationId: deleteNetworkZone
- parameters:
- - name: zoneId
- in: path
- required: true
- schema:
- type: string
responses:
'204':
description: No Content
@@ -16705,17 +19162,16 @@ paths:
- okta.networkZones.manage
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/zones/{zoneId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathZoneId'
post:
summary: Activate a Network Zone
description: Activates a network zone by `zoneId`
operationId: activateNetworkZone
- parameters:
- - name: zoneId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -16723,6 +19179,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/NetworkZone'
+ examples:
+ ActivateNetworkZone:
+ $ref: '#/components/examples/ActivateNetworkZone'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -16735,17 +19194,16 @@ paths:
- okta.networkZones.manage
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/zones/{zoneId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathZoneId'
post:
summary: Deactivate a Network Zone
description: Deactivates a network zone by `zoneId`
operationId: deactivateNetworkZone
- parameters:
- - name: zoneId
- in: path
- required: true
- schema:
- type: string
responses:
'200':
description: Success
@@ -16753,6 +19211,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/NetworkZone'
+ examples:
+ DeactivateNetworkZone:
+ $ref: '#/components/examples/DeactivateNetworkZone'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -16765,6 +19226,9 @@ paths:
- okta.networkZones.manage
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/attack-protection/api/v1/user-lockout-settings:
get:
summary: Retrieve the User Lockout Settings
@@ -16789,6 +19253,9 @@ paths:
- okta.orgs.read
tags:
- AttackProtection
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the User Lockout Settings
description: Replaces the User Lockout Settings for an org
@@ -16826,442 +19293,4441 @@ paths:
- okta.orgs.manage
tags:
- AttackProtection
-components:
- securitySchemes:
- apiToken:
- description: 'Pass the API token as the Authorization header value prefixed with SSWS: `Authorization: SSWS {API Token}`'
- name: Authorization
- type: apiKey
- in: header
- oauth2:
- type: oauth2
- description: 'Pass the access_token as the value of the Authorization header: `Authorization: Bearer {access_token}`'
- flows:
- authorizationCode:
- authorizationUrl: /oauth2/v1/authorize
- tokenUrl: /oauth2/v1/token
- scopes:
- okta.agentPools.manage: Allows the app to create and manage agent pools in your Okta organization.
- okta.agentPools.read: Allows the app to read agent pools in your Okta organization.
- okta.apiToken.manage: Allows the app to manage API Tokens in your Okta organization.
- okta.apiToken.read: Allows the app to read API Tokens in your Okta organization.
- okta.apps.manage: Allows the app to create and manage Apps in your Okta organization.
- okta.apps.read: Allows the app to read information about Apps in your Okta organization.
- okta.authenticators.manage: Allows the app to manage all authenticators (e.g. enrollments, reset).
- okta.authenticators.read: Allows the app to read org authenticators information.
- okta.authorizationServers.manage: Allows the app to create and manage Authorization Servers in your Okta organization.
- okta.authorizationServers.read: Allows the app to read information about Authorization Servers in your Okta organization.
- okta.behaviors.manage: Allows the app to create and manage behavior detection rules in your Okta organization.
- okta.behaviors.read: Allows the app to read behavior detection rules in your Okta organization.
- okta.brands.manage: Allows the app to create and manage Brands and Themes in your Okta organization.
- okta.brands.read: Allows the app to read information about Brands and Themes in your Okta organization.
- okta.captchas.manage: Allows the app to create and manage CAPTCHAs in your Okta organization.
- okta.captchas.read: Allows the app to read information about CAPTCHAs in your Okta organization.
- okta.deviceAssurance.manage: Allows the app to manage device assurances.
- okta.deviceAssurance.read: Allows the app to read device assurances.
- okta.devices.manage: Allows the app to manage device status transitions and delete a device.
- okta.devices.read: Allows the app to read the existing device's profile and search devices.
- okta.domains.manage: Allows the app to manage custom Domains for your Okta organization.
- okta.domains.read: Allows the app to read information about custom Domains for your Okta organization.
- okta.eventHooks.manage: Allows the app to create and manage Event Hooks in your Okta organization.
- okta.eventHooks.read: Allows the app to read information about Event Hooks in your Okta organization.
- okta.groups.manage: Allows the app to manage existing groups in your Okta organization.
- okta.groups.read: Allows the app to read information about groups and their members in your Okta organization.
- okta.identitySources.manage: Allows the custom identity sources to manage user entities in your Okta organization
- okta.identitySources.read: Allows to read session information for custom identity sources in your Okta organization
- okta.idps.manage: Allows the app to create and manage Identity Providers in your Okta organization.
- okta.idps.read: Allows the app to read information about Identity Providers in your Okta organization.
- okta.inlineHooks.manage: Allows the app to create and manage Inline Hooks in your Okta organization.
- okta.inlineHooks.read: Allows the app to read information about Inline Hooks in your Okta organization.
- okta.linkedObjects.manage: Allows the app to manage linked object definitions in your Okta organization.
- okta.linkedObjects.read: Allows the app to read linked object definitions in your Okta organization.
- okta.logStreams.manage: Allows the app to create and manage log streams in your Okta organization.
- okta.logStreams.read: Allows the app to read information about log streams in your Okta organization.
- okta.logs.read: Allows the app to read information about System Log entries in your Okta organization.
- okta.orgs.manage: Allows the app to manage organization-specific details for your Okta organization.
- okta.orgs.read: Allows the app to read organization-specific details about your Okta organization.
- okta.policies.manage: Allows the app to manage policies in your Okta organization.
- okta.policies.read: Allows the app to read information about policies in your Okta organization.
- okta.principalRateLimits.manage: Allows the app to create and manage Principal Rate Limits in your Okta organization.
- okta.principalRateLimits.read: Allows the app to read information about Principal Rate Limits in your Okta organization.
- okta.profileMappings.manage: Allows the app to manage user profile mappings in your Okta organization.
- okta.profileMappings.read: Allows the app to read user profile mappings in your Okta organization.
- okta.pushProviders.manage: Allows the app to create and manage push notification providers such as APNs and FCM.
- okta.pushProviders.read: Allows the app to read push notification providers such as APNs and FCM.
- okta.rateLimits.manage: Allows the app to create and manage rate limits in your Okta organization.
- okta.rateLimits.read: Allows the app to read information about rate limits in your Okta organization.
- okta.riskEvents.manage: Allows the app to publish risk events to your Okta organization.
- okta.riskProviders.manage: Allows the app to create and manage risk provider integrations in your Okta organization.
- okta.riskProviders.read: Allows the app to read all risk provider integrations in your Okta organization.
- okta.roles.manage: Allows the app to manage administrative role assignments for users in your Okta organization.
- okta.roles.read: Allows the app to read administrative role assignments for users in your Okta organization.
- okta.schemas.manage: Allows the app to create and manage Schemas in your Okta organization.
- okta.schemas.read: Allows the app to read information about Schemas in your Okta organization.
- okta.sessions.manage: Allows the app to manage all sessions in your Okta organization.
- okta.sessions.read: Allows the app to read all sessions in your Okta organization.
- okta.templates.manage: Allows the app to manage all custom templates in your Okta organization.
- okta.templates.read: Allows the app to read all custom templates in your Okta organization.
- okta.trustedOrigins.manage: Allows the app to manage all Trusted Origins in your Okta organization.
- okta.trustedOrigins.read: Allows the app to read all Trusted Origins in your Okta organization.
- okta.userTypes.manage: Allows the app to manage user types in your Okta organization.
- okta.userTypes.read: Allows the app to read user types in your Okta organization.
- okta.users.manage: Allows the app to create new users and to manage all users' profile and credentials information.
- okta.users.read: Allows the app to read the existing users' profiles and credentials.
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /integrations/api/v1/api-services:
+ get:
+ summary: List all API Service Integration instances
+ description: Lists all API Service Integration instances with a pagination option
+ operationId: listApiServiceIntegrationInstances
+ parameters:
+ - $ref: '#/components/parameters/queryAfter'
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ $ref: '#/components/schemas/APIServiceIntegrationInstance'
+ examples:
+ APIServiceIntegrationResponseExample:
+ $ref: '#/components/examples/APIServiceIntegrationListResponse'
+ '401':
+ $ref: '#/components/responses/ErrorInvalidToken401'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.oauthIntegrations.read
+ tags:
+ - ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ post:
+ summary: Create an API Service Integration instance
+ description: Creates and authorizes an API Service Integration instance
+ operationId: createApiServiceIntegrationInstance
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/postAPIServiceIntegrationInstanceRequest'
+ examples:
+ postAPIServiceIntegrationRequestExample:
+ $ref: '#/components/examples/postAPIServiceIntegrationRequest'
+ required: true
+ responses:
+ '201':
+ description: Created
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/postAPIServiceIntegrationInstance'
+ examples:
+ APIServiceIntegrationResponseExample:
+ $ref: '#/components/examples/postAPIServiceIntegrationResponse'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '401':
+ $ref: '#/components/responses/ErrorInvalidToken401'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ tags:
+ - ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /integrations/api/v1/api-services/{apiServiceId}:
+ parameters:
+ - $ref: '#/components/parameters/pathApiServiceId'
+ get:
+ summary: Retrieve an API Service Integration instance
+ description: Retrieves an API Service Integration instance by `id`
+ operationId: getApiServiceIntegrationInstance
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/APIServiceIntegrationInstance'
+ examples:
+ APIServiceIntegrationResponseExample:
+ $ref: '#/components/examples/APIServiceIntegrationResponse'
+ '401':
+ $ref: '#/components/responses/ErrorInvalidToken401'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.oauthIntegrations.read
+ tags:
+ - ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ delete:
+ summary: Delete an API Service Integration instance
+ description: Deletes an API Service Integration instance by `id`. This operation also revokes access to scopes that were previously granted to this API Service Integration instance.
+ operationId: deleteApiServiceIntegrationInstance
+ responses:
+ '204':
+ description: No Content
+ '401':
+ $ref: '#/components/responses/ErrorInvalidToken401'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.oauthIntegrations.manage
+ tags:
+ - ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets:
+ parameters:
+ - $ref: '#/components/parameters/pathApiServiceId'
+ get:
+ summary: List all API Service Integration instance Secrets
+ description: Lists all client secrets for an API Service Integration instance by `apiServiceId`
+ operationId: listApiServiceIntegrationInstanceSecrets
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
+ examples:
+ APIServiceIntegrationResponseExample:
+ $ref: '#/components/examples/APIServiceIntegrationInstanceSecretListResponse'
+ '401':
+ $ref: '#/components/responses/ErrorInvalidToken401'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.oauthIntegrations.read
+ tags:
+ - ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ post:
+ summary: Create an API Service Integration instance Secret
+ description: Creates an API Service Integration instance Secret object with a new active client secret. You can create up to two Secret objects. An error is returned if you attempt to create more than two Secret objects.
+ operationId: createApiServiceIntegrationInstanceSecret
+ responses:
+ '201':
+ description: Created
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
+ examples:
+ newAPIServiceIntegrationInstanceSecretResponse:
+ $ref: '#/components/examples/newAPIServiceIntegrationInstanceSecretResponse'
+ '400':
+ $ref: '#/components/responses/ErrorApiValidationFailed400'
+ '401':
+ $ref: '#/components/responses/ErrorInvalidToken401'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.oauthIntegrations.manage
+ tags:
+ - ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}:
+ parameters:
+ - $ref: '#/components/parameters/pathApiServiceId'
+ - $ref: '#/components/parameters/pathSecretId'
+ delete:
+ summary: Delete an API Service Integration instance Secret
+ description: Deletes an API Service Integration instance Secret by `secretId`. You can only delete an inactive Secret.
+ operationId: deleteApiServiceIntegrationInstanceSecret
+ responses:
+ '204':
+ description: No Content
+ '401':
+ $ref: '#/components/responses/ErrorInvalidToken401'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.oauthIntegrations.manage
+ tags:
+ - ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}/lifecycle/activate:
+ parameters:
+ - $ref: '#/components/parameters/pathApiServiceId'
+ - $ref: '#/components/parameters/pathSecretId'
+ post:
+ summary: Activate an API Service Integration instance Secret
+ description: Activates an API Service Integration instance Secret by `secretId`
+ operationId: activateApiServiceIntegrationInstanceSecret
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
+ examples:
+ activeAPIServiceIntegrationInstanceSecretResponse:
+ $ref: '#/components/examples/activeAPIServiceIntegrationInstanceSecretResponse'
+ '401':
+ $ref: '#/components/responses/ErrorInvalidToken401'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.oauthIntegrations.manage
+ tags:
+ - ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}/lifecycle/deactivate:
+ parameters:
+ - $ref: '#/components/parameters/pathApiServiceId'
+ - $ref: '#/components/parameters/pathSecretId'
+ post:
+ summary: Deactivate an API Service Integration instance Secret
+ description: Deactivates an API Service Integration instance Secret by `secretId`
+ operationId: deactivateApiServiceIntegrationInstanceSecret
+ responses:
+ '200':
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
+ examples:
+ inactiveAPIServiceIntegrationInstanceSecretResponse:
+ $ref: '#/components/examples/inactiveAPIServiceIntegrationInstanceSecretResponse'
+ '401':
+ $ref: '#/components/responses/ErrorInvalidToken401'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.oauthIntegrations.manage
+ tags:
+ - ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /integrations/api/v1/submissions/{submissionId}:
+ parameters:
+ - $ref: '#/components/parameters/pathSubmissionId'
+ /integrations/api/v1/submissions/{submissionId}/submit:
+ parameters:
+ - $ref: '#/components/parameters/pathSubmissionId'
+ /integrations/api/v1/submissions/{submissionId}/testing:
+ parameters:
+ - $ref: '#/components/parameters/pathSubmissionId'
+ /webauthn-registration/api/v1/activate:
+ post:
+ summary: Activate a Preregistered WebAuthn Factor
+ description: Activates a preregistered WebAuthn Factor. As part of this operation, Okta first decrypts and verifies the Factor PIN and enrollment data sent by the fulfillment provider.
+ operationId: activatePreregistrationEnrollment
+ x-codegen-request-body-name: body
+ requestBody:
+ description: Enrollment Activation Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EnrollmentActivationRequest'
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EnrollmentActivationResponse'
+ '400':
+ description: PIN or Cred Requests Generation Failed
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ NoDisable:
+ $ref: '#/components/examples/ErrorPinOrCredResponsesProcessingFailure'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.users.manage
+ tags:
+ - WebAuthnPreregistration
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /webauthn-registration/api/v1/enroll:
+ post:
+ summary: Enroll a Preregistered WebAuthn Factor
+ description: Enrolls a preregistered WebAuthn Factor. This WebAuthn Factor has a longer challenge timeout period to accommodate the fulfillment request process. As part of this operation, Okta generates EC key-pairs used to encrypt the Factor PIN and enrollment data sent by the fulfillment provider.
+ operationId: enrollPreregistrationEnrollment
+ x-codegen-request-body-name: body
+ requestBody:
+ description: Enrollment Initialization Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EnrollmentInitializationRequest'
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/EnrollmentInitializationResponse'
+ '400':
+ description: PIN or Cred Requests Generation Failed
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ NoDisable:
+ $ref: '#/components/examples/ErrorPinOrCredRequestsGenerationFailure'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.users.manage
+ tags:
+ - WebAuthnPreregistration
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /webauthn-registration/api/v1/initiate-fulfillment-request:
+ post:
+ summary: Generate a Fulfillment Request
+ description: Generates a fulfillment request by sending a WebAuthn Preregistration event to start the flow. The Okta Workflows WebAuthn preregistration integration uses this to populate the fulfillment request.
+ operationId: generateFulfillmentRequest
+ x-codegen-request-body-name: body
+ requestBody:
+ description: Fulfillment Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/FulfillmentRequest'
+ responses:
+ '204':
+ description: No Content
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.users.manage
+ tags:
+ - WebAuthnPreregistration
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+components:
examples:
+ APIDevicesListAllResponse:
+ summary: List all devices with embedded users
+ value:
+ - id: guo4a5u7YAHhjXrMK0g4
+ status: CREATED
+ created: '2019-10-02T18:03:07.000Z'
+ lastUpdated: '2019-10-02T18:03:07.000Z'
+ profile:
+ displayName: Example Device name 1
+ platform: WINDOWS
+ serialNumber: XXDDRFCFRGF3M8MD6D
+ sid: S-1-11-111
+ registered: true
+ secureHardwarePresent: false
+ diskEncryptionType: ALL_INTERNAL_VOLUMES
+ resourceType: UDDevice
+ resourceDisplayName:
+ value: Example Device name 1
+ sensitive: false
+ resourceAlternateId: null
+ resourceId: guo4a5u7YAHhjXrMK0g4
+ _links:
+ activate:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ self:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4
+ hints:
+ allow:
+ - GET
+ - PATCH
+ - PUT
+ users:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users
+ hints:
+ allow:
+ - GET
+ _embedded:
+ users: []
+ - id: guo4a5u7YAHhjXrMK0g5
+ status: ACTIVE
+ created: '2023-06-21T23:24:02.000Z'
+ lastUpdated: '2023-06-21T23:24:02.000Z'
+ profile:
+ displayName: Example Device name 2
+ platform: ANDROID
+ manufacturer: Google
+ model: Pixel 6
+ osVersion: 13:2023-05-05
+ registered: true
+ secureHardwarePresent: true
+ diskEncryptionType: USER
+ resourceType: UDDevice
+ resourceDisplayName:
+ value: Example Device name 2
+ sensitive: false
+ resourceAlternateId: null
+ resourceId: guo4a5u7YAHhjXrMK0g5
+ _links:
+ activate:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ self:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5
+ hints:
+ allow:
+ - GET
+ - PATCH
+ - PUT
+ users:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users
+ hints:
+ allow:
+ - GET
+ _embedded:
+ users:
+ - managementStatus: MANAGED
+ created: '2021-10-01T16:52:41.000Z'
+ screenLockType: BIOMETRIC
+ user:
+ id: 00u17vh0q8ov8IU881d7
+ status: ACTIVE
+ created: '2020-08-12T06:46:50.000Z'
+ activated: '2020-08-12T06:46:50.000Z'
+ statusChanged: '2021-01-27T21:05:32.000Z'
+ lastLogin: '2021-10-14T09:04:48.000Z'
+ lastUpdated: '2021-01-27T21:05:32.000Z'
+ passwordChanged: '2020-08-12T06:46:50.000Z'
+ type:
+ id: oty7ut9Uu76oHVUZc0w4
+ profile:
+ firstName: fname
+ lastName: lname
+ mobilePhone: null
+ secondEmail: null
+ login: email@email.com
+ email: email@email.com
+ credentials:
+ password: {}
+ recovery_question:
+ question: What is the food you least liked as a child?
+ provider:
+ type: OKTA
+ name: OKTA
+ _links:
+ suspend:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/suspend
+ method: POST
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/osc7ut9Uu76oHVUZc0w4
+ resetPassword:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_password
+ method: POST
+ forgotPassword:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/forgot_password
+ method: POST
+ expirePassword:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/expire_password
+ method: POST
+ changeRecoveryQuestion:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_recovery_question
+ method: POST
+ self:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7
+ type:
+ href: https://{yourOktaDomain}/api/v1/meta/types/user/oty7ut9Uu76oHVUZc0w4
+ changePassword:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_password
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/deactivate
+ APIDevicesListAllUserSummaryResponse:
+ summary: List all devices with embedded user summaries
+ value:
+ - id: guo4a5u7YAHhjXrMK0g4
+ status: CREATED
+ created: '2019-10-02T18:03:07.000Z'
+ lastUpdated: '2019-10-02T18:03:07.000Z'
+ profile:
+ displayName: Example Device name 1
+ platform: WINDOWS
+ serialNumber: XXDDRFCFRGF3M8MD6D
+ sid: S-1-11-111
+ registered: true
+ secureHardwarePresent: false
+ diskEncryptionType: ALL_INTERNAL_VOLUMES
+ resourceType: UDDevice
+ resourceDisplayName:
+ value: Example Device name 1
+ sensitive: false
+ resourceAlternateId: null
+ resourceId: guo4a5u7YAHhjXrMK0g4
+ _links:
+ activate:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ self:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4
+ hints:
+ allow:
+ - GET
+ - PATCH
+ - PUT
+ users:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users
+ hints:
+ allow:
+ - GET
+ _embedded:
+ users: []
+ - id: guo4a5u7YAHhjXrMK0g5
+ status: ACTIVE
+ created: '2023-06-21T23:24:02.000Z'
+ lastUpdated: '2023-06-21T23:24:02.000Z'
+ profile:
+ displayName: Example Device name 2
+ platform: ANDROID
+ manufacturer: Google
+ model: Pixel 6
+ osVersion: 13:2023-05-05
+ registered: true
+ secureHardwarePresent: true
+ diskEncryptionType: USER
+ resourceType: UDDevice
+ resourceDisplayName:
+ value: Example Device name 2
+ sensitive: false
+ resourceAlternateId: null
+ resourceId: guo4a5u7YAHhjXrMK0g5
+ _links:
+ activate:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ self:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5
+ hints:
+ allow:
+ - GET
+ - PATCH
+ - PUT
+ users:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users
+ hints:
+ allow:
+ - GET
+ _embedded:
+ users:
+ - managementStatus: MANAGED
+ created: '2021-10-01T16:52:41.000Z'
+ screenLockType: BIOMETRIC
+ user:
+ id: 00u17vh0q8ov8IU881d7
+ realmId: 00u17vh0q8ov8IU8T0g5
+ profile:
+ firstName: fname
+ lastName: lname
+ login: email@email.com
+ email: email@email.com
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7
+ APIDevicesListAllUsersResponse:
+ summary: Response example
+ value:
+ - created: '2021-08-20T17:13:35.000Z'
+ managementStatus: NOT_MANAGED
+ screenLockType: BIOMETRIC
+ user:
+ id: 00u17vh0q8ov8IU881d7
+ status: ACTIVE
+ created: '2021-08-20T16:08:25.000Z'
+ activated: null
+ statusChanged: '2021-08-20T16:39:41.000Z'
+ lastLogin: '2023-04-18T17:54:12.000Z'
+ lastUpdated: '2021-12-20T18:27:30.000Z'
+ passwordChanged: '2021-12-20T18:27:30.000Z'
+ type:
+ id: oty17vh0n2EHVnbYF1d7
+ profile:
+ firstName: Bunk
+ lastName: Moreland
+ mobilePhone: null
+ secondEmail: null
+ login: bunk.moreland@example.com
+ email: bunk.moreland@example.com
+ credentials:
+ password: null
+ provider:
+ type: OKTA
+ name: OKTA
+ _links:
+ suspend:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/suspend
+ method: POST
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/osc17vh0n2EHVnbYF1d7
+ resetPassword:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_password
+ method: POST
+ forgotPassword:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/forgot_password
+ method: POST
+ expirePassword:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/expire_password
+ method: POST
+ changeRecoveryQuestion:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_recovery_question
+ method: POST
+ self:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7
+ resetFactors:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_factors
+ method: POST
+ type:
+ href: https://{yourOktaDomain}/api/v1/meta/types/user/oty17vh0n2EHVnbYF1d7
+ changePassword:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_password
+ method: POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/deactivate
+ method: POST
+ APIServiceIntegrationInstanceSecretListResponse:
+ summary: Secrets list response example
+ value:
+ - id: ocs2f4zrZbs8nUa7p0g4
+ status: INACTIVE
+ client_secret: '***DhOW'
+ secret_hash: yk4SVx4sUWVJVbHt6M-UPA
+ created: '2023-02-21T20:08:24.000Z'
+ lastUpdated: '2023-02-21T20:08:24.000Z'
+ _links:
+ activate:
+ href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ delete:
+ href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4
+ hints:
+ allow:
+ - DELETE
+ - id: ocs2f50kZB0cITmYU0g4
+ status: ACTIVE
+ client_secret: '***MQGQ'
+ secret_hash: 0WOOvBSzV9clc4Nr7Rbaug
+ created: '2023-04-06T21:32:33.000Z'
+ lastUpdated: '2023-04-06T21:32:33.000Z'
+ _links:
+ deactivate:
+ href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ APIServiceIntegrationListResponse:
+ summary: List response example
+ value:
+ - id: 0oa72lrepvp4WqEET1d9
+ type: my_app_cie
+ name: My App Cloud Identity Engine
+ createdAt: '2023-02-21T20:08:24.000Z'
+ createdBy: 00uu3u0ujW1P6AfZC2d5
+ configGuideUrl: https://{docDomain}/my-app-cie/configuration-guide
+ grantedScopes:
+ - okta.logs.read
+ - okta.groups.read
+ - okta.users.read
+ _links:
+ self:
+ href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9
+ hints:
+ allow:
+ - GET
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9
+ hints:
+ allow:
+ - GET
+ logo:
+ name: small
+ href: https://{logoDomain}/{logoPath}/my_app_cie_small_logo
+ APIServiceIntegrationResponse:
+ summary: Response example
+ value:
+ id: 0oa72lrepvp4WqEET1d9
+ type: my_app_cie
+ name: My App Cloud Identity Engine
+ createdAt: '2023-02-21T20:08:24.000Z'
+ createdBy: 00uu3u0ujW1P6AfZC2d5
+ configGuideUrl: https://{docDomain}/my-app-cie/configuration-guide
+ grantedScopes:
+ - okta.logs.read
+ - okta.groups.read
+ - okta.users.read
+ _links:
+ self:
+ href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9
+ hints:
+ allow:
+ - GET
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9
+ hints:
+ allow:
+ - GET
+ logo:
+ name: small
+ href: https://{logoDomain}/{logoPath}/my_app_cie_small_logo
+ ActivateNetworkZone:
+ summary: Activated Network Zone response
+ value:
+ type: IP
+ id: nzowc1U5Jh5xuAK0o0g3
+ name: LegacyIpZone
+ status: ACTIVE
+ usage: POLICY
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
+ system: true
+ gateways:
+ - type: CIDR
+ value: 1.2.3.4/24
+ proxies:
+ - type: RANGE
+ value: 3.3.4.5-3.3.4.15
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ AddMappingBody:
+ summary: Update an existing profile mapping by adding one or more properties
+ value:
+ properties:
+ additionalProperties:
+ fullName:
+ expression: user.firstName + user.lastName
+ pushStatus: PUSH
+ nickName:
+ expression: user.nickName
+ pushStatus: PUSH
+ AddMappingResponse:
+ summary: Update an existing profile mapping by adding one or more properties
+ value:
+ id: prm1k47ghydIQOTBW0g4
+ source:
+ id: otysbePhQ3yqt4cVv0g3
+ name: user
+ type: user
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+ target:
+ id: 0oa1qmn4LZQQEH0wZ0g4
+ name: okta_org2org
+ type: appuser
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default
+ properties:
+ fullName:
+ expression: user.firstName + user.lastName
+ pushStatus: PUSH
+ nickName:
+ expression: user.nickName
+ pushStatus: PUSH
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+ AdminConsoleSettingsExample:
+ summary: Default Okta Admin Console Settings
+ value:
+ sessionMaxLifetimeMinutes: 720
+ sessionIdleTimeoutMinutes: 15
+ AllRulesOperationResponse:
+ value:
+ id: rre4mje4ez7B2a7B60g7
+ status: COMPLETED
+ created: '2023-10-25T21:02:54.000Z'
+ started: '2023-10-25T21:02:54.000Z'
+ completed: '2023-10-25T21:02:54.000Z'
+ ruleOperation:
+ numUserMoved: 50
+ configuration:
+ id: ALL
+ name: All Rules
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez7B2a7B60g7
+ method: GET
ApiTokenListMetadataResponse:
value:
- - name: My API Token
- userId: 00uabcdefg1234567890
- tokenWindow: P30D
- id: 00Tabcdefg1234567890
- clientName: Okta API
- expiresAt: 2021-12-11T20:38:10.000Z
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ - name: My API Token
+ userId: 00uabcdefg1234567890
+ tokenWindow: P30D
+ id: 00Tabcdefg1234567890
+ clientName: Okta API
+ expiresAt: '2021-12-11T20:38:10.000Z'
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
+ hints:
+ allow:
+ - GET
+ - DELETE
+ user:
+ href: https://{yourOktaDomain}/api/v1/users/00uabcdefg1234567890
+ hints:
+ allow:
+ - GET
+ - name: Another API Token
+ userId: 00uabcdefg1234567890
+ tokenWindow: PT5M
+ id: 00T1234567890abcdefg
+ clientName: Okta API
+ expiresAt: '2021-11-11T20:43:10.000Z'
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/api-tokens/00T1234567890abcdefg
+ hints:
+ allow:
+ - GET
+ - DELETE
+ user:
+ href: https://{yourOktaDomain}/api/v1/users/00uabcdefg1234567890
+ hints:
+ allow:
+ - GET
+ ApiTokenMetadataResponse:
+ value:
+ name: My API Token
+ userId: 00uXXXXXXXXXXXXXXXXX
+ tokenWindow: P30D
+ id: 00Tabcdefg1234567890
+ clientName: Okta API
+ expiresAt: '2021-12-11T20:38:10.000Z'
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
+ hints:
+ allow:
+ - GET
+ - DELETE
+ user:
+ href: https://{yourOktaDomain}/api/v1/users/00uXXXXXXXXXXXXXXXXX
+ hints:
+ allow:
+ - GET
+ AppFeatureListResponseEx:
+ summary: List app Feature response
+ value:
+ - name: USER_PROVISIONING
+ status: ENABLED
+ description: User provisioning settings from Okta to a downstream application
+ capabilities:
+ create:
+ lifecycleCreate:
+ status: DISABLED
+ update:
+ profile:
+ status: DISABLED
+ lifecycleDeactivate:
+ status: DISABLED
+ password:
+ status: DISABLED
+ seed: RANDOM
+ change: KEEP_EXISTING
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/${appId}/features/USER_PROVISIONING
+ hints:
+ allow:
+ - GET
+ - PUT
+ AppFeatureResponseEx:
+ summary: App Feature response
+ value:
+ name: USER_PROVISIONING
+ status: ENABLED
+ description: User provisioning settings from Okta to a downstream application
+ capabilities:
+ create:
+ lifecycleCreate:
+ status: DISABLED
+ update:
+ profile:
+ status: DISABLED
+ lifecycleDeactivate:
+ status: DISABLED
+ password:
+ status: DISABLED
+ seed: RANDOM
+ change: KEEP_EXISTING
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/${appId}/features/USER_PROVISIONING
+ hints:
+ allow:
+ - GET
+ - PUT
+ AppGrantsEx:
+ summary: App Grants example
+ value:
+ id: oag91n9ruw3dsaXzP0h6
+ status: ACTIVE
+ created: '2023-02-21T16:54:00.000Z'
+ createdBy:
+ id: 00u6eltha0nrSc47i0h7
+ type: User
+ lastUpdated: '2023-02-21T16:54:00.000Z'
+ issuer: '{yourOktaDomain}'
+ clientId: '{clientId}'
+ scopeId: okta.users.read
+ source: ADMIN
+ _embedded:
+ scope:
+ id: okta.users.read
+ _links:
+ app:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}
+ title: Application name
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oag91n9ruw3dsaXzP0h6
+ hints:
+ allow:
+ - GET
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+ title: Client name
+ AppGrantsPostEx:
+ summary: App Grants example
+ value:
+ issuer: '{yourOktaDomain}'
+ scopeId: okta.users.read
+ AppUserSchemaAddRequest:
+ value:
+ definitions:
+ custom:
+ id: '#custom'
+ type: object
+ properties:
+ twitterUserName:
+ title: Twitter username
+ description: User's username for twitter.com
+ type: string
+ required: false
+ minLength: 1
+ maxLength: 20
+ required: []
+ AppUserSchemaResponse:
+ value:
+ id: https://{yourOktaDomain}/meta/schemas/apps/0oa25gejWwdXNnFH90g4/default
+ $schema: http://json-schema.org/draft-04/schema#
+ name: Example App
+ title: Example App User
+ lastUpdated: '2017-07-18T23:18:43.000Z'
+ created: '2017-07-18T22:35:30.000Z'
+ definitions:
+ base:
+ id: '#base'
+ type: object
+ properties:
+ userName:
+ title: Username
+ type: string
+ required: true
+ scope: NONE
+ maxLength: 100
+ required:
+ - userName
+ custom:
+ id: '#custom'
+ type: object
+ properties:
+ twitterUserName:
+ title: Twitter username
+ description: User's username for twitter.com
+ type: string
+ scope: NONE
+ minLength: 1
+ maxLength: 20
+ required: []
+ type: object
+ properties:
+ profile:
+ allOf:
+ - $ref: '#/definitions/base'
+ - $ref: '#/definitions/custom'
+ AssignGroupOwnerRequest:
+ summary: Assign a group owner request example
+ value:
+ id: 00u1cmc03xjzePoWD0h8
+ type: USER
+ AssignGroupOwnerResponse:
+ summary: Assign a group owner response example
+ value:
+ id: 00u1cmc03xjzePoWD0h8
+ type: USER
+ resolved: true
+ originId: null
+ originType: OKTA_DIRECTORY
+ displayName: Oliver Putnam
+ lastUpdated: Wed Mar 29 18:34:31 UTC 2023
+ AuthenticatorRequestDuo:
+ value:
+ key: duo
+ name: Duo Security
+ provider:
+ type: DUO
+ configuration:
+ userNameTemplate:
+ template: oktaId
+ integrationKey: testIntegrationKey
+ secretKey: testSecretKey
+ host: https://api-xxxxxxxx.duosecurity.com
+ AuthenticatorResponseDuo:
+ value:
+ type: app
+ id: aut9gnvcjUHIWb37J0g4
+ key: duo
+ status: ACTIVE
+ name: Duo Security
+ created: '2022-07-15T21:14:02.000Z'
+ lastUpdated: '2022-07-15T21:14:02.000Z'
+ settings: {}
+ provider:
+ type: DUO
+ configuration:
+ host: https://api-xxxxxxxx.duosecurity.com
+ userNameTemplate:
+ template: oktaId
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4/methods
+ hints:
+ allow:
+ - GET
+ AuthenticatorResponseEmail:
+ value:
+ type: email
+ id: aut1nbsPHh7jNjjyP0g4
+ key: okta_email
+ status: ACTIVE
+ name: Email
+ created: '2020-07-26T21:05:23.000Z'
+ lastUpdated: '2020-07-28T21:45:52.000Z'
+ settings:
+ allowedFor: any
+ tokenLifetimeInMinutes: 5
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/methods
+ hints:
+ allow:
+ - GET
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ AuthenticatorResponsePassword:
+ value:
+ type: password
+ id: aut1nbtrJKKA9m45a0g4
+ key: okta_password
+ status: ACTIVE
+ name: Password
+ created: '2020-07-26T21:05:23.000Z'
+ lastUpdated: '2020-07-26T21:05:23.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4/methods
+ hints:
+ allow:
+ - GET
+ AuthenticatorResponsePhone:
+ value:
+ type: phone
+ id: aut1nbuyD8m1ckAYc0g4
+ key: phone_number
+ status: INACTIVE
+ name: Phone
+ created: '2020-07-26T21:05:23.000Z'
+ lastUpdated: '2020-07-29T00:21:29.000Z'
+ settings:
+ allowedFor: none
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/methods
+ hints:
+ allow:
+ - GET
+ activate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ AuthenticatorResponseSecurityQuestion:
+ summary: Security Question
+ value:
+ type: security_question
+ id: aut1nbvIgEenhwE6c0g4
+ key: security_question
+ status: ACTIVE
+ name: Security Question
+ created: '2020-07-26T21:05:23.000Z'
+ lastUpdated: '2020-07-26T21:05:23.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4
+ hints:
+ allow:
+ - GET
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4/methods
+ hints:
+ allow:
+ - GET
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ AuthenticatorResponseWebAuthn:
+ value:
+ type: security_key
+ id: aut1nd8PQhGcQtSxB0g4
+ key: webauthn
+ status: ACTIVE
+ name: Security Key or Biometric
+ created: '2020-07-26T21:16:37.000Z'
+ lastUpdated: '2020-07-27T18:59:30.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods
+ hints:
+ allow:
+ - GET
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ AuthenticatorsResponse:
+ summary: Org Authenticators
+ value:
+ - value:
+ type: email
+ id: aut1nbsPHh7jNjjyP0g4
+ key: okta_email
+ status: ACTIVE
+ name: Email
+ created: '2020-07-26T21:05:23.000Z'
+ lastUpdated: '2020-07-28T21:45:52.000Z'
+ settings:
+ allowedFor: any
+ tokenLifetimeInMinutes: 5
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/methods
+ hints:
+ allow:
+ - GET
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ - value:
+ type: password
+ id: aut1nbtrJKKA9m45a0g4
+ key: okta_password
+ status: ACTIVE
+ name: Password
+ created: '2020-07-26T21:05:23.000Z'
+ lastUpdated: '2020-07-26T21:05:23.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4/methods
+ hints:
+ allow:
+ - GET
+ - value:
+ type: phone
+ id: aut1nbuyD8m1ckAYc0g4
+ key: phone_number
+ status: INACTIVE
+ name: Phone
+ created: '2020-07-26T21:05:23.000Z'
+ lastUpdated: '2020-07-29T00:21:29.000Z'
+ settings:
+ allowedFor: none
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/methods
+ hints:
+ allow:
+ - GET
+ activate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ - value:
+ type: security_key
+ id: aut1nd8PQhGcQtSxB0g4
+ key: webauthn
+ status: ACTIVE
+ name: Security Key or Biometric
+ created: '2020-07-26T21:16:37.000Z'
+ lastUpdated: '2020-07-27T18:59:30.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods
+ hints:
+ allow:
+ - GET
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ BehaviorRuleRequest:
+ value:
+ name: My Behavior Rule
+ type: VELOCITY
+ BehaviorRuleResponse:
+ value:
+ id: abcd1234
+ name: My Behavior Rule
+ type: VELOCITY
+ settings:
+ velocityKph: 805
+ status: ACTIVE
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
+ _link:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/behaviors/abcd1234
+ hints:
+ allow:
+ - GET
+ - POST
+ - PUT
+ - DELETE
+ CAPTCHAInstanceRequestHCaptcha:
+ value:
+ name: myHCaptcha
+ secretKey: xxxxxxxxxxx
+ siteKey: xxxxxxxxxxx
+ type: HCAPTCHA
+ CAPTCHAInstanceRequestReCaptcha:
+ value:
+ name: myReCaptcha
+ secretKey: xxxxxxxxxxx
+ siteKey: yyyyyyyyyyyyyyy
+ type: RECAPTCHA_V2
+ CAPTCHAInstanceResponseHCaptcha:
+ value:
+ id: abcd1234
+ name: myHCaptcha
+ siteKey: xxxxxxxxxxx
+ type: HCAPTCHA
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/captchas/abcd1234
+ hints:
+ allow:
+ - GET
+ - POST
+ - PUT
+ - DELETE
+ CAPTCHAInstanceResponseReCaptcha:
+ value:
+ id: abcd4567
+ name: myReCaptcha
+ siteKey: yyyyyyyyyyyyyyy
+ type: RECAPTCHA_V2
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
+ hints:
+ allow:
+ - GET
+ - POST
+ - PUT
+ - DELETE
+ CreateAnEventHook:
+ summary: Create an event hook
+ value:
+ name: Event Hook Test
+ events:
+ type: EVENT_TYPE
+ items:
+ - group.user_membership.add
+ channel:
+ type: HTTP
+ version: 1.0.0
+ config:
+ uri: https://example_external_service/userAdded
+ headers:
+ - key: X-Other-Header
+ value: my-header-value
+ authScheme:
+ type: HEADER
+ key: Authorization
+ value: my-shared-secret
+ CreateAnEventHookWithFilter:
+ summary: Create an event hook with a filter
+ value:
+ name: Event Hook with Filter
+ description: An event hook using an Okta Expression Language filter
+ events:
+ type: EVENT_TYPE
+ items:
+ - group.user_membership.add
+ filter:
+ type: EXPRESSION_LANGUAGE
+ eventFilterMap:
+ - event: group.user_membership.add
+ condition:
+ expression: event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName eq 'Sales'].size()>0
+ channel:
+ type: HTTP
+ version: 1.0.0
+ config:
+ uri: https://example_external_service/userAdded
+ authScheme:
+ type: HEADER
+ key: Authorization
+ value: my-shared-secret
+ CreateAssocAuthServerBody:
+ summary: Create a trusted relationship between authorization servers
+ value:
+ - trusted: '{authorizationServerId}'
+ CreateAssocAuthServerResponse:
+ summary: Create a trusted relationship between authorization servers
+ value:
+ - id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: CUSTOM_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: AUTO
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ use: sig
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+ hints:
+ allow:
+ - DELETE
+ CreateAuthServerBody:
+ summary: Create a custom authorization server
+ value:
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - api://default
+ CreateAuthServerResponse:
+ summary: Create a custom authorization server
+ value:
+ id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: ORG_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: AUTO
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ _links:
+ scopes:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
+ hints:
+ allow:
+ - GET
+ claims:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
+ hints:
+ allow:
+ - GET
+ policies:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+ hints:
+ allow:
+ - GET
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+ hints:
+ allow:
+ - GET
+ - DELETE
+ - PUT
+ metadata:
+ - name: oauth-authorization-server
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+ hints:
+ allow:
+ - GET
+ - name: openid-configuration
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+ hints:
+ allow:
+ - GET
+ rotateKey:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ CreateBrandRequest:
+ value:
+ name: My Awesome Brand
+ CreateBrandResponse:
+ value:
+ id: bnd114iNkrcN6aR680g5
+ removePoweredByOkta: false
+ customPrivacyPolicyUrl: null
+ name: My Awesome Brand
+ locale: en
+ defaultApp:
+ appInstanceId: 0oa114iNkrcN6aR680g4
+ appLinkName: null
+ classicApplicationUri: null
+ isDefault: false
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g5
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ themes:
+ href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g5/themes
+ hints:
+ allow:
+ - GET
+ CreateCustomTokenClaimBody:
+ summary: Create a custom token Claim
+ value:
+ - alwaysIncludeInToken: true
+ claimType: IDENTITY
+ conditions:
+ scopes:
+ - profile
+ group_filter_type: CONTAINS
+ name: Support
+ status: ACTIVE
+ system: false
+ value: Support
+ valueType: GROUPS
+ CreateCustomTokenClaimResponse:
+ summary: Create a custom token Claim response
+ value:
+ - id: '{claimId}'
+ name: Support
+ status: ACTIVE
+ claimType: IDENTITY
+ valueType: GROUPS
+ value: Support
+ conditions:
+ scopes:
+ - profile
+ system: false
+ alwaysIncludeInToken: true
+ apiResourceId: null
+ group_filter_type: CONTAINS
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ CreateEmailDomainRequest:
+ value:
+ displayName: Admin
+ userName: admin
+ domain: example.com
+ brandId: bnd100iSrkcN6aR680g1
+ validationSubdomain: mail
+ CreateHookKeyResponse:
+ summary: Create a key response example
+ value:
+ id: HKY1p7jWLndGQV9M60g4
+ keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
+ name: My new key
+ created: '2022-08-31T18:09:58.000Z'
+ lastUpdated: '2022-08-31T18:09:58.000Z'
+ isUsed: 'false'
+ _embedded:
+ kty: RSA
+ alg: RSA
+ kid: 7fbc27fd-e3df-4522-86bf-1930110256ad
+ use: 'null'
+ e: AQAB
+ 'n': 2naqCnv6r4xNQs7207lRtKQvdtnlVND-8k5iYBIiqoKGY3CqUmRm1jleoOniiQoMkFX8Wj2DmVqr002efF3vOQ7_gjtTatBTVUNbNIQLybun4dkVoUtfP7pRc5SLpcP3eGPRVar734ZrpQXzmCEdpqBt3jrVjwYjNE5DqOjbYXFJtMsy8CWE9LRJ3kyHEoHPzo22dG_vMrXH0_sAQoCk_4TgNCbvyzVmGVYXI_BkUnp0hv2pR4bQVRYzGB9dKJdctOh8zULqc_EJ8tiYsS05YnF7whrWEyARK0rH-e4d4W-OmBTga_zhY4kJ4NsoQ4PyvcatZkxjPO92QHQOFDnf3w`
+ CreateIPPolicyBlockListNetworkZone:
+ summary: Create an IP Policy Blocklist Network Zone
+ value:
+ type: IP
+ name: newBlockListNetworkZone
+ status: ACTIVE
+ usage: BLOCKLIST
+ gateways:
+ - type: CIDR
+ value: 1.2.3.4/24
+ - type: CIDR
+ value: 2.3.4.5/24
+ proxies: null
+ CreateIPPolicyBlockListNetworkZoneResponse:
+ summary: IP Policy Blocklist Network Zone Response
+ value:
+ type: IP
+ id: nzo1qasnPb1kqEq0e0g4
+ name: newBlockListNetworkzone
+ status: ACTIVE
+ usage: BLOCKLIST
+ created: '2020-10-12T18:58:02.000Z'
+ lastUpdated: '2020-10-12T18:58:02.000Z'
+ system: false
+ gateways:
+ - type: CIDR
+ value: 1.2.3.4/24
+ - type: CIDR
+ value: 2.3.4.5/24
+ proxies: null
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/zones/nzo1qasnPb1kqEq0e0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/zones/nzo1qasnPb1kqEq0e0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ CreateIPPolicyNetworkZone:
+ summary: Create an IP Policy Network Zone
+ value:
+ type: IP
+ name: newNetworkZone
+ gateways:
+ - type: CIDR
+ value: 1.2.3.4/24
+ - type: CIDR
+ value: 2.3.4.5/24
+ proxies:
+ - type: CIDR
+ value: 2.2.3.4/24
+ - type: CIDR
+ value: 3.3.4.5/24
+ CreateIPPolicyNetworkZoneResponse:
+ summary: IP Policy Network Zone Response
+ value:
+ type: IP
+ id: nzowc1U5Jh5xuAK0o0g3
+ name: newNetworkZone
+ status: ACTIVE
+ usage: POLICY
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
+ system: false
+ gateways:
+ - type: CIDR
+ value: 1.2.3.4/24'
+ - type: CIDR
+ value: 2.3.4.5/24
+ proxies:
+ - type: CIDR
+ value: 2.2.3.4/24
+ - type: CIDR
+ value: 3.3.4.5/24
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ CreateSessionBody:
+ summary: Create a new Session with a valid session token
+ value:
+ sessionToken: 00HiohZYpJgMSHwmL9TQy7RRzuY-q9soKp1SPmYYow
+ CreateSessionResponse:
+ summary: Create a new Session with a valid session token
+ value:
+ amr:
+ - pwd
+ createdAt: '2019-08-24T14:15:22Z'
+ expiresAt: '2019-08-24T14:15:22Z'
+ id: l7FbDVqS8zHSy65uJD85
+ idp:
+ id: 01a2bcdef3GHIJKLMNOP
+ type: ACTIVE_DIRECTORY
+ lastFactorVerification: '2019-08-24T14:15:22Z'
+ lastPasswordVerification: '2019-08-24T14:15:22Z'
+ login: user@example.com
+ status: ACTIVE
+ userId: 00u0abcdefGHIJKLMNOP
+ _links:
+ self:
+ hints:
+ allow:
+ - DELETE
+ href: https://{yourOktaDomain}/api/v1/sessions/l7FbDVqS8zHSy65uJD85
+ CreateUISchemaBody:
+ summary: UI Schema body request
+ value:
+ uiSchema:
+ type: Group
+ elements:
+ - type: Control
+ scope: '#/properties/firstName'
+ label: First Name
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/lastName'
+ label: Last Name
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/email'
+ label: Primary email
+ options:
+ format: text
+ buttonLabel: Submit
+ label: Sign in
+ CreateUISchemaResponse:
+ summary: Returns full UI Schema body
+ value:
+ id: uis4a7liocgcRgcxZ0g7
+ uiSchema:
+ type: Group
+ label: Sign in
+ buttonLabel: Submit
+ elements:
+ - type: Control
+ scope: '#/properties/firstName'
+ label: First name
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/lastName'
+ label: Last name
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/email'
+ label: Primary email
+ options:
+ format: text
+ created: '2022-07-25T12:56:31.000Z'
+ lastUpdated: '2022-07-26T11:53:59.000Z'
+ _links:
+ self:
+ href: https://exmaple.com/api/v1/meta/uischemas/uis4a7liocgcRgcxZ0g7
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ CreateUpdateEmailCustomizationRequest:
+ value:
+ language: fr
+ subject: Bienvenue dans ${org.name}!
+ body: Bonjour ${user.profile.firstName}. Activer le compte
+ isDefault: false
+ CreateUpdateEmailCustomizationResponse:
+ value:
+ language: fr
+ subject: Bienvenue dans ${org.name}!
+ body: Bonjour ${user.profile.firstName}. Activer le compte
+ isDefault: false
+ id: oel11u6DqUiMbQkpl0g4
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ template:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+ hints:
+ allow:
+ - GET
+ preview:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
+ hints:
+ allow:
+ - GET
+ test:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+ hints:
+ allow:
+ - POST
+ CreateUpdateIamRolePermissionRequestExample:
+ value:
+ conditions:
+ include:
+ okta:ResourceAttribute/User/Profile:
+ - city
+ - state
+ - zipCode
+ CreateUserRequest:
+ summary: Create a user type request
+ value:
+ description: A new custom user type
+ displayName: New User Type
+ name: newUserType
+ CreateUserResponse:
+ summary: Create a user type response
+ value:
+ id: otyfnly5cQjJT9PnR0g4
+ displayName: New User Type
+ name: newUserType
+ description: A new custom user type
+ createdBy: sprz9fj1ycBcsgopy1d6
+ lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+ created: '2021-07-05T20:40:38.000Z'
+ lastUpdated: '2021-07-05T20:40:38.000Z'
+ default: false
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ DeactivateNetworkZone:
+ summary: Deactivated Network Zone response
+ value:
+ type: IP
+ id: nzowc1U5Jh5xuAK0o0g3
+ name: LegacyIpZone
+ status: INACTIVE
+ usage: POLICY
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
+ system: true
+ gateways:
+ - type: CIDR
+ value: 1.2.3.4/24
+ proxies:
+ - type: RANGE
+ value: 3.3.4.5-3.3.4.15
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ DefaultRealmAssignmentRule:
+ value:
+ id: rul2jy7jLUlnO5ng00g4
+ status: ACTIVE
+ name: Catch-all Rule
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: true
+ conditions:
+ profileSourceId: 0oa4enoRyjwSCy6hx0g4,
+ expression:
+ value: string
+ actions:
+ assignUserToRealm:
+ realmId: 00g1b7rvh0xPLKXFf2g5
+ priority: 499
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realm-rules/rul2jy7jLUlnO5ng00g4
+ method: GET
+ DefaultRealmResponse:
+ value:
+ id: guox9jQ16k9V8IQWL0g3
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: true
+ profile:
+ name: Default Realm
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IQWL0g3
+ method: GET
+ DeviceAssuranceAndroidRequest:
+ summary: Android request
+ value:
+ name: Device Assurance Android
+ osVersion:
+ minimum: 12
+ diskEncryptionType:
+ include:
+ - USER
+ - FULL
+ jailbreak: false
+ platform: ANDROID
+ screenLockType:
+ include:
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceAndroidResponse:
+ summary: Android response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Android
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ minimum: 12.4.5
+ diskEncryptionType:
+ include:
+ - USER
+ - FULL
+ jailbreak: false
+ platform: ANDROID
+ screenLockType:
+ include:
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceAndroidWithDynamicVersionRequirementRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Android with dynamic version requirement request
+ value:
+ name: Device Assurance Android
+ osVersion:
+ dynamicVersionRequirement:
+ type: MINIMUM
+ distanceFromLatestMajor: 0
+ diskEncryptionType:
+ include:
+ - USER
+ - FULL
+ jailbreak: false
+ platform: ANDROID
+ screenLockType:
+ include:
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceAndroidWithDynamicVersionRequirementResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Android with dynamic version requirement response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Android
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ dynamicVersionRequirement:
+ type: MINIMUM
+ distanceFromLatestMajor: 0
+ diskEncryptionType:
+ include:
+ - USER
+ - FULL
+ jailbreak: false
+ platform: ANDROID
+ screenLockType:
+ include:
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: ChromeOS with third-party signal providers request
+ value:
+ name: Device Assurance ChromeOS
+ platform: CHROMEOS
+ thirdPartySignalProviders:
+ dtc:
+ osVersion:
+ minimum: 10.0.19041.1110
+ diskEncrypted: true
+ osFirewall: true
+ screenLockSecured: true
+ allowScreenLock: true
+ browserVersion:
+ minimum: 15393.27.0
+ deviceEnrollmentDomain: testDomain
+ builtInDnsClientEnabled: true
+ chromeRemoteDesktopAppBlocked: true
+ safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+ siteIsolationEnabled: true
+ passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+ realtimeUrlCheckMode: true
+ keyTrustLevel: CHROME_OS_VERIFIED_MODE
+ DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: ChromeOS with third-party signal providers response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance ChromeOS
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ platform: CHROMEOS
+ thirdPartySignalProviders:
+ dtc:
+ osVersion:
+ minimum: 10.0.19041.1110
+ diskEncrypted: true
+ osFirewall: true
+ screenLockSecured: true
+ allowScreenLock: true
+ browserVersion:
+ minimum: 15393.27.0
+ deviceEnrollmentDomain: testDomain
+ builtInDnsClientEnabled: true
+ chromeRemoteDesktopAppBlocked: true
+ safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+ siteIsolationEnabled: true
+ passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+ realtimeUrlCheckMode: true
+ keyTrustLevel: CHROME_OS_VERIFIED_MODE
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceIosRequest:
+ summary: iOS request
+ value:
+ name: Device Assurance iOS
+ osVersion:
+ minimum: 12.4.5
+ jailbreak: false
+ platform: IOS
+ screenLockType:
+ include:
+ - BIOMETRIC
+ DeviceAssuranceIosResponse:
+ summary: iOS response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance iOS
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ minimum: 12.4.5.9
+ jailbroken: false
+ platform: IOS
+ screenLockType:
+ include:
+ - BIOMETRIC
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceIosWithDynamicVersionRequirementRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: iOS with dynamic version requirement request
+ value:
+ name: Device Assurance iOS
+ osVersion:
+ dynamicVersionRequirement:
+ type: EXACT_ANY_SUPPORTED
+ latestSecurityPatch: true
+ jailbreak: false
+ platform: IOS
+ screenLockType:
+ include:
+ - BIOMETRIC
+ DeviceAssuranceIosWithDynamicVersionRequirementResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: iOS with dynamic version requirement response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance iOS
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ dynamicVersionRequirement:
+ type: EXACT_ANY_SUPPORTED
+ latestSecurityPatch: true
+ jailbroken: false
+ platform: IOS
+ screenLockType:
+ include:
+ - BIOMETRIC
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceMacOSRequest:
+ summary: macOS request
+ value:
+ name: Device Assurance macOS
+ osVersion:
+ minimum: 12.4.5
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: MACOS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceMacOSResponse:
+ summary: macOS response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance macOS
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ minimum: 12.4.5
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: MACOS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceMacOSWithDynamicVersionRequirementRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: macOS with dynamic version requirement request
+ value:
+ name: Device Assurance macOS
+ osVersion:
+ dynamicVersionRequirement:
+ type: EXACT
+ distanceFromLatestMajor: 0
+ latestSecurityPatch: true
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: MACOS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceMacOSWithDynamicVersionRequirementResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: macOS with dynamic version requirement response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance macOS
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ dynamicVersionRequirement:
+ type: EXACT
+ distanceFromLatestMajor: 0
+ latestSecurityPatch: true
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: MACOS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: macOS with third-party signal providers request
+ value:
+ name: Device Assurance macOS
+ osVersion:
+ minimum: 12.4.5
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: MACOS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ thirdPartySignalProviders:
+ dtc:
+ osVersion:
+ minimum: 10.0.19041.1110
+ diskEncrypted: true
+ osFirewall: true
+ screenLockSecured: true
+ browserVersion:
+ minimum: 15393.27.0
+ deviceEnrollmentDomain": testDomain
+ builtInDnsClientEnabled": true
+ chromeRemoteDesktopAppBlocked": true
+ safeBrowsingProtectionLevel": true
+ siteIsolationEnabled": true
+ passwordProtectionWarningTrigger": PASSWORD_PROTECTION_OFF
+ realtimeUrlCheckMode": true
+ DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: macOS with third-party signal providers response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance macOS
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ minimum: 12.4.5.9
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: MACOS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ thirdPartySignalProviders:
+ dtc:
+ osVersion:
+ minimum: 10.0.19041.1110
+ diskEncrypted: true
+ osFirewall: true
+ screenLockSecured: true
+ browserVersion:
+ minimum: 15393.27.0
+ deviceEnrollmentDomain: testDomain
+ builtInDnsClientEnabled: true
+ chromeRemoteDesktopAppBlocked: true
+ safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+ siteIsolationEnabled: true
+ passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+ realtimeUrlCheckMode: true
+ keyTrustLevel: CHROME_BROWSER_HW_KEY
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceWindowsRequest:
+ summary: Windows request
+ value:
+ name: Device Assurance Windows
+ osVersion:
+ minimum: 12.4.5.9
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceWindowsResponse:
+ summary: Windows response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Windows
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ minimum: 12.4.5.9
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 and Windows 10 dynamic version requirements request
+ value:
+ name: Device Assurance Windows
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ dynamicVersionRequirement:
+ type: MINIMUM
+ distanceFromLatestMajor: 1
+ latestSecurityPatch: true
+ - majorVersionConstraint: WINDOWS_10
+ dynamicVersionRequirement:
+ type: EXACT_ANY_SUPPORTED
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 and Windows 10 dynamic version requirements response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Windows
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ dynamicVersionRequirement:
+ type: MINIMUM
+ distanceFromLatestMajor: 1
+ latestSecurityPatch: true
+ - majorVersionConstraint: WINDOWS_10
+ dynamicVersionRequirement:
+ type: EXACT_ANY_SUPPORTED
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with third-party signal providers request
+ value:
+ name: Device Assurance Windows
+ osVersion:
+ minimum: 12.4.5.9
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ thirdPartySignalProviders:
+ dtc:
+ osVersion:
+ minimum: 10.0.19041.1110
+ diskEncrypted: true
+ osFirewall: true
+ screenLockSecured: true
+ browserVersion:
+ minimum: 15393.27.0
+ deviceEnrollmentDomain: testDomain
+ builtInDnsClientEnabled: true
+ chromeRemoteDesktopAppBlocked: true
+ safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+ siteIsolationEnabled: true
+ passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+ realtimeUrlCheckMode: true
+ secureBootEnabled: true
+ windowsMachineDomain: testMachineDomain
+ windowsUserDomain: testUserDomain
+ thirdPartyBlockingEnabled: true
+ crowdStrikeCustomerId: testCustomerId
+ crowdStrikeAgentId": testAgentId
+ keyTrustLevel: CHROME_BROWSER_HW_KEY
+ DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with third-party signal providers response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Windows
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersion:
+ minimum: 12.4.5.9
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ thirdPartySignalProviders:
+ dtc:
+ osVersion:
+ minimum: 10.0.19041.1110
+ diskEncrypted: true
+ osFirewall: true
+ screenLockSecured: true
+ browserVersion:
+ minimum: 15393.27.0
+ deviceEnrollmentDomain: testDomain
+ builtInDnsClientEnabled: true
+ chromeRemoteDesktopAppBlocked: true
+ safeBrowsingProtectionLevel: ENHANCED_PROTECTION
+ siteIsolationEnabled: true
+ passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
+ realtimeUrlCheckMode: true
+ secureBootEnabled: true
+ windowsMachineDomain: testMachineDomain
+ windowsUserDomain: testUserDomain
+ thirdPartyBlockingEnabled: true
+ crowdStrikeCustomerId: testCustomerId
+ crowdStrikeAgentId": testAgentId
+ keyTrustLevel: CHROME_BROWSER_HW_KEY
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 dynamic version requirement and Windows 10 minimum version request
+ value:
+ name: Device Assurance Windows
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ dynamicVersionRequirement:
+ type: EXACT
+ distanceFromLatestMajor: 1
+ - majorVersionConstraint: WINDOWS_10
+ minimum: 10.0.19045.0
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 dynamic version requirement and Windows 10 minimum version response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Windows
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ dynamicVersionRequirement:
+ type: EXACT
+ distanceFromLatestMajor: 1
+ - majorVersionConstraint: WINDOWS_10
+ minimum: 10.0.19045.0
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 minimum version and a Windows 10 dynamic version requirement request
+ value:
+ name: Device Assurance Windows
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ minimum: 10.0.22000.0
+ - majorVersionConstraint: WINDOWS_10
+ dynamicVersionRequirement:
+ type: NOT_ALLOWED
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ summary: Windows with Windows 11 minimum version and Windows 10 dynamic version requirement response
+ value:
+ id: dae3m8o4rWhwReDeM1c5
+ name: Device Assurance Windows
+ lastUpdate: '2022-01-01T00:00:00.000Z'
+ createdUpdate: '2022-01-01T00:00:00.000Z'
+ lastUpdatedBy: 00u217pyf72CdUrBt1c5
+ createdBy: 00u217pyf72CdUrBt1c5
+ osVersionConstraints:
+ - majorVersionConstraint: WINDOWS_11
+ minimum: 10.0.22000.0
+ - majorVersionConstraint: WINDOWS_10
+ dynamicVersionRequirement:
+ type: NOT_ALLOWED
+ diskEncryptionType:
+ include:
+ - ALL_INTERNAL_VOLUMES
+ platform: WINDOWS
+ screenLockType:
+ include:
+ - PASSCODE
+ - BIOMETRIC
+ secureHardwarePresent: true
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
+ hints:
+ allow:
+ - DELETE
+ - GET
+ - PUT
+ DeviceResponse:
+ value:
+ id: guo8jx5vVoxfvJeLb0w4
+ status: ACTIVE
+ created: '2020-11-03T21:47:01.000Z'
+ lastUpdated: '2020-11-03T23:46:27.000Z'
+ profile:
+ displayName: DESKTOP-EHAD3IE
+ platform: WINDOWS
+ manufacturer: International Corp
+ model: VMware7,1
+ osVersion: 10.0.18362
+ serialNumber: 56 4d 4f 95 74 c5 d3 e7-fc 3a 57 9c c2 f8 5d ce
+ udid: 954F4D56-C574-E7D3-FC3A-579CC2F85DCE
+ sid: S-1-5-21-3992267483-1860856704-2413701314-500
+ registered: true
+ secureHardwarePresent: false
+ diskEncryptionType: NONE
+ resourceId: guo8jx5vVoxfvJeLb0w4
+ resourceDisplayName:
+ value: DESKTOP-EHAD3IE
+ sensitive: false
+ resourceType: UDDevice
+ resourceAlternateId: null
+ _links:
+ suspend:
+ href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/lifecycle/suspend
+ hints:
+ allow:
+ - POST
+ self:
+ href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4
+ hints:
+ allow:
+ - GET
+ - PATCH
+ - PUT
+ users:
+ href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/users
+ hints:
+ allow:
+ - GET
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ EmailCustomizationResponse:
+ value:
+ language: en
+ isDefault: true
+ subject: Welcome to ${org.name}!
+ body: Hello, ${user.profile.firstName}. Click here to activate your account.
+ id: oel11u6DqUiMbQkpl0g4
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ template:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+ hints:
+ allow:
+ - GET
+ preview:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
+ hints:
+ allow:
+ - GET
+ test:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+ hints:
+ allow:
+ - POST
+ EmailDomainResponse:
+ value:
+ id: OeD114iNkrcN6aR680g4
+ validationStatus: NOT_STARTED
+ displayName: Admin
+ userName: admin
+ domain: example.com
+ validationSubdomain: mail
+ dnsValidationRecords:
+ - recordType: TXT
+ fqdn: _oktaverification.example.com
+ verificationValue: 759080212bda43e3bc825a7d73b4bb64
+ - recordType: CNAME
+ fqdn: mail.example.com
+ verificationValue: u22224444.wl024.sendgrid.net
+ - recordType: CNAME
+ fqdn: t02._domainkey.example.com
+ verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+ - recordType: CNAME
+ fqdn: t022._domainkey.example.com
+ verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+ EmailSettingsResponse:
+ value:
+ recipients: ALL_USERS
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
+ hints:
+ allow:
+ - GET
+ - PUT
+ template:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+ hints:
+ allow:
+ - GET
+ EmailTemplateDefaultContentResponse:
+ value:
+ subject: Welcome to ${org.name}!
+ body:
Hello, ${user.profile.firstName}. Click here to activate your account.
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content
+ hints:
+ allow:
+ - GET
+ template:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+ hints:
+ allow:
+ - GET
+ preview:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content/preview
+ hints:
+ allow:
+ - GET
+ ErrorAccessDenied:
+ summary: Access Denied
+ value:
+ errorCode: E0000006
+ errorSummary: You do not have permission to perform the requested action
+ errorLink: E0000006
+ errorId: sampleNUSD_8fdkFd8fs8SDBK
+ errorCauses: []
+ ErrorApiValidationFailed:
+ summary: API Validation Failed
+ value:
+ errorCode: E0000001
+ errorSummary: 'Api validation failed: {0}'
+ errorLink: E0000001
+ errorId: sampleiCF-8D5rLW6myqiPItW
+ errorCauses: []
+ ErrorAppFeatureAPIValidationFailed:
+ summary: API Validation Failed
+ value:
+ errorCode: E0000001
+ errorSummary: 'Api validation failed: feature'
+ errorLink: E0000001
+ errorId: oaeZLxeiHUUQomPkM8xOqvu1A
+ errorCauses:
+ - errorSummary: Provisioning is not enabled for the app instance.
+ ErrorCAPTCHALimitOfOne:
+ value:
+ errorCode: E0000165
+ errorSummary: CAPTCHA count limit reached. At most one CAPTCHA instance is allowed per Org.
+ errorLink: E0000165
+ errorId: oaejrB1fWL1S7mc-2KcG-SOtw
+ errorCauses: []
+ ErrorCAPTCHAOrgWideSetting:
+ value:
+ errorCode: E0000149
+ errorSummary: Current CAPTCHA is associated with org-wide settings, cannot be removed.
+ errorLink: E0000149
+ errorId: samplezsusshPdiTWiITwqBt8
+ errorCauses: []
+ ErrorCAPTCHAOrgWideSettingNull:
+ summary: captchaId is null, but enabledPages is defined
+ value:
+ errorCode: E0000001
+ errorSummary: 'Api validation failed: captchaId'
+ errorLink: E0000001
+ errorId: oae-hk3rssXQmOWDRsaFfxe8A
+ errorCauses:
+ errorSummary: 'captchaId: Invalid CAPTCHA ID. The value of captchaId cannot be blank when enabledPages is not empty. Please resubmit with an existing CAPTCHA ID or disable CAPTCHA support on all supported pages.'
+ ErrorCreateUserWithExpiredPasswordWithNullPassword:
+ value:
+ errorCode: E0000124
+ errorSummary: Could not create user. To create a user and expire their password immediately, a password must be specified
+ errorLink: E0000124
+ errorId: oaeXxuZgXBySvqi1FvtkwoYCA
+ errorCauses:
+ - errorSummary: Could not create user. To create a user and expire their password immediately, a password must be specified
+ ErrorCreateUserWithExpiredPasswordWithoutActivation:
+ value:
+ errorCode: E0000125
+ errorSummary: Could not create user. To create a user and expire their password immediately, "activate" must be true
+ errorLink: E0000125
+ errorId: oaeDd77L9R-TJaD7j_rXsQ31w
+ errorCauses:
+ - errorSummary: Could not create user. To create a user and expire their password immediately, "activate" must be true
+ ErrorCreateUserWithTooManyManyGroupsResponse:
+ value:
+ errorCode: E0000093
+ errorSummary: Target count limit exceeded
+ errorLink: E0000093
+ errorId: oaePVSLIYnIQsC0B-ptBIllVA
+ errorCauses:
+ - errorSummary: The number of group targets is too large.
+ ErrorDeleteBrandAssociatedWithDomain:
+ value:
+ errorCode: E0000201
+ errorSummary: A brand associated with a domain cannot be deleted
+ errorLink: E0000201
+ errorId: oaeAdRqprFuTyKokyYPbURJkA
+ errorCauses: []
+ ErrorDeleteDefaultBrand:
+ value:
+ errorCode: E0000200
+ errorSummary: A default brand cannot be deleted
+ errorLink: E0000200
+ errorId: oaeAdRqprFuTyKokyYPbURJkA
+ errorCauses: []
+ ErrorDeviceAssuranceInUse:
+ summary: Cannot delete device assurance policy in use by authentication policies
+ value:
+ errorSummary: Device assurance is in use and cannot be deleted.
+ errorId: oaenwA1ra80S9W-pvbh4m6haA
+ errorCauses: []
+ ErrorEmailCustomizationCannotClearDefault:
+ value:
+ errorCode: E0000185
+ errorSummary: The isDefault parameter of the default email template customization can't be set to false.
+ errorLink: E0000185
+ errorId: oaejrB1fWL1S7mc-2KcG-SOtw
+ errorCauses: []
+ ErrorEmailCustomizationCannotDeleteDefault:
+ value:
+ errorCode: E0000184
+ errorSummary: A default email template customization can't be deleted.
+ errorLink: E0000184
+ errorId: oaeAdRqprFuTyKokyYPbURJkA
+ errorCauses: []
+ ErrorEmailCustomizationDefaultAlreadyExists:
+ value:
+ errorCode: E0000182
+ errorSummary: A default email template customization already exists.
+ errorLink: E0000182
+ errorId: oaeXYwTiMvASsC3O4HCzjFaCA
+ errorCauses: []
+ ErrorEmailCustomizationLanguageAlreadyExists:
+ value:
+ errorCode: E0000183
+ errorSummary: An email template customization for that language already exists.
+ errorLink: E0000183
+ errorId: oaeUcGELffqRay0u1OPdnPypw
+ errorCauses: []
+ ErrorEmailDomainAlreadyExists:
+ value:
+ errorCode: E0000197
+ errorSummary: Email domain already exists.
+ errorLink: E0000197
+ errorId: oaeEdRqprFuTyKokyYPbURJkA
+ errorCauses: []
+ ErrorEmailDomainInUse:
+ value:
+ errorCode: E0000216
+ errorSummary: Email domain can't be deleted due to mail provider restrictions.
+ errorLink: E0000216
+ errorId: oaeEdRqprFuTyKokyYPbURJkB
+ errorCauses: []
+ ErrorEmailDomainInvalidStatus:
+ value:
+ errorCode: E0000217
+ errorSummary: Invalid status. Can't validate email domain with current status.
+ errorLink: E0000217
+ errorId: oaeEdRqprFuTyKokyYPbURJkD
+ errorCauses: []
+ ErrorEmailDomainNotVerified:
+ value:
+ errorCode: E0000218
+ errorSummary: Email domain couldn't be verified by mail provider.
+ errorLink: E0000218
+ errorId: oaeEdRqprFuTyKokyYPbURJkC
+ errorCauses: []
+ ErrorInvalidEmailTemplateRecipients:
+ value:
+ errorCode: E0000189
+ errorSummary: This template does not support the recipients value.
+ errorLink: E0000189
+ errorId: oae8L1-UkcNTeGi5xVQ28_lww
+ errorCauses: []
+ ErrorInvalidTokenProvided:
+ summary: Invalid Token Provided
+ value:
+ errorCode: E0000011
+ errorSummary: Invalid token provided
+ errorLink: E0000011
+ errorId: sampleQPivGUj_ND5v78vbYWW
+ errorCauses: []
+ ErrorMissingRequiredParameter:
+ summary: Missing Required Parameter
+ value:
+ errorCode: E0000028
+ errorSummary: The request is missing a required parameter.
+ errorLink: E0000028
+ errorId: sampleiCF-l7mr9XqM1NQ
+ errorCauses: []
+ ErrorPinOrCredRequestsGenerationFailure:
+ summary: PIN or Cred Requests Generation Failed
+ value:
+ errorCode: E0000001
+ errorSummary: 'Api validation failed: pinRequest|credRequests'
+ errorLink: E0000001
+ errorId: oaehk3rssXQmOWDRsaFfxe8A
+ errorCauses:
+ errorSummary: There was a problem generating the pinRequest|credRequests.
+ ErrorPinOrCredResponsesProcessingFailure:
+ summary: PIN or Cred Response Processing Failed
+ value:
+ errorCode: E0000001
+ errorSummary: 'Api validation failed: pinResponse|credResponses'
+ errorLink: E0000001
+ errorId: oaehk3rssXQmOWDRsaFfxe8B
+ errorCauses:
+ errorSummary: There was a problem generating the pinResponse|credResponses.
+ ErrorPushProviderUsedByCustomAppAuthenticator:
+ value:
+ errorCode: E0000187
+ errorSummary: Cannot delete push provider because it is being used by a custom app authenticator.
+ errorLink: E0000187
+ errorId: oaenwA1ra80S9W-pvbh4m6haA
+ errorCauses: []
+ ErrorResourceNotFound:
+ summary: Resource Not Found
+ value:
+ errorCode: E0000007
+ errorSummary: 'Not found: {0}'
+ errorLink: E0000007
+ errorId: sampleMlLvGUj_YD5v16vkYWY
+ errorCauses: []
+ ErrorTooManyRequests:
+ summary: Too Many Requests
+ value:
+ errorCode: E0000047
+ errorSummary: You exceeded the maximum number of requests. Try again in a while.
+ errorLink: E0000047
+ errorId: sampleQPivGUj_ND5v78vbYWW
+ errorCauses: []
+ GetBrandResponse:
+ value:
+ id: bnd114iNkrcN6aR680g4
+ removePoweredByOkta: false
+ customPrivacyPolicyUrl: null
+ name: Okta Default
+ isDefault: true
+ locale: en
+ emailDomainId: OeD114iNkrcN6aR680g4
+ defaultApp:
+ appInstanceId: 0oa114iNkrcN6aR680g4
+ appLinkName: null
+ classicApplicationUri: null
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ themes:
+ href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes
+ hints:
+ allow:
+ - GET
+ GetEmailTemplateResponse:
+ value:
+ name: UserActivation
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+ hints:
+ allow:
+ - GET
+ settings:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
+ hints:
+ allow:
+ - GET
+ - PUT
+ defaultContent:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content
+ hints:
+ allow:
+ - GET
+ customizations:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations
+ hints:
+ allow:
+ - GET
+ - POST
+ - DELETE
+ test:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+ hints:
+ allow:
+ - POST
+ GetRealmAssignmentRuleResponse:
+ value:
+ id: rul2jy7jLUlnO3ng00g4
+ status: ACTIVE
+ name: Realm Assignment Rule 1
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: false
+ conditions:
+ profileSourceId: 0oa4enoRyjwSCy5hx0g4
+ expression:
+ value: string
+ actions:
+ assignUserToRealm:
+ realmId: 00g1b7rvh0xPLKXFf0g5
+ priority: 0
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realm-rules/rul2jy7jLUlnO3ng00g4
+ method: GET
+ GetUserResponse:
+ summary: Retrieve a user type response
+ value:
+ id: otyfnly5cQjJT9PnR0g4
+ displayName: New User Type
+ name: newUserType
+ description: A new custom user type
+ createdBy: sprz9fj1ycBcsgopy1d6
+ lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+ created: '2021-07-05T20:40:38.000Z'
+ lastUpdated: '2021-07-05T20:40:38.000Z'
+ default: false
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ GroupSchemaAddRequest:
+ value:
+ definitions:
+ custom:
+ id: '#custom'
+ type: object
+ properties:
+ groupContact:
+ title: Group administrative contact
+ description: Group administrative contact
+ type: string
+ required: false
+ minLength: 1
+ maxLength: 20
+ permissions:
+ - principal: SELF
+ action: READ_WRITE
+ required: []
+ GroupSchemaResponse:
+ value:
+ $schema: http://json-schema.org/draft-04/schema#
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/group/default
+ method: GET
+ rel: self
+ created: '2021-01-30T00:18:24.000Z'
+ definitions:
+ base:
+ id: '#base'
+ properties: {}
+ required:
+ - name
+ type: object
+ custom:
+ id: '#custom'
+ properties:
+ groupContact:
+ description: Group administrative contact
+ master:
+ type: PROFILE_MASTER
+ mutability: READ_WRITE
+ permissions:
+ - action: READ_WRITE
+ principal: SELF
+ scope: NONE
+ title: Group administrative contact
+ type: string
+ required: []
+ type: object
+ description: Okta group profile template
+ id: https://{yourOktaDomain}/meta/schemas/group/default
+ lastUpdated: '2021-02-25T23:05:31.000Z'
+ name: group
+ properties:
+ profile:
+ allOf:
+ - $ref: '#/definitions/custom'
+ - $ref: '#/definitions/base'
+ title: Okta group
+ type: object
+ ListAllKeysResponse:
+ summary: List All Keys response example
+ value:
+ - id: HKY1i2htmXF5UNQhL0g4
+ keyId: bb5bed7d-6e4d-488f-9c86-59b93a2bb3fb
+ name: My new key
+ created: '2022-08-22T16:34:33.000Z'
+ lastUpdated: '2022-08-22T16:34:33.000Z'
+ isUsed: 'true'
+ - id: HKY1p7jWLndGQV9M60g4
+ keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
+ name: Test key
+ created: '2022-08-31T18:09:58.000Z'
+ lastUpdated: '2022-08-31T18:09:58.000Z'
+ isUsed: 'false'
+ ListAppGrantsEx:
+ summary: List all app Grants example
+ value:
+ - id: oag91n9ruw3dsaXzP0h6
+ status: ACTIVE
+ created: '2023-02-21T16:54:00.000Z'
+ createdBy:
+ id: 00u6eltha0nrSc47i0h7
+ type: User
+ lastUpdated: '2023-02-21T16:54:00.000Z'
+ issuer: '{yourOktaDomain}'
+ clientId: '{clientId}'
+ scopeId: okta.users.read
+ source: ADMIN
+ _embedded:
+ scope:
+ id: okta.users.read
+ _links:
+ app:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}
+ title: Application name
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oag91n9ruw3dsaXzP0h6
+ hints:
+ allow:
+ - GET
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+ title: Client name
+ - id: oaghm3sh9ukdkvDmO0h6
+ status: ACTIVE
+ created: '2023-02-03T21:57:49.000Z'
+ createdBy:
+ id: 00u6eltha0nrSc47i0h7
+ type: User
+ lastUpdated: '2023-02-03T21:57:49.000Z'
+ issuer: '{yourOktaDomain}'
+ clientId: '{clientId}'
+ scopeId: okta.apps.manage
+ source: ADMIN
+ _embedded:
+ scope:
+ id: okta.apps.manage
+ _links:
+ app:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}
+ title: Application name
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oaghm3sh9ukdkvDmO0h6
+ hints:
+ allow:
+ - GET
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+ title: Client name
+ ListAssocAuthServerResponse:
+ summary: List associated Authorization Servers
+ value:
+ - id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: CUSTOM_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: DYNAMIC
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ use: sig
_links:
self:
- href: https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
+ hints:
+ allow:
+ - DELETE
+ ListAuthServersResponse:
+ summary: List all custom authorization servers in your org
+ value:
+ - id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: ORG_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: AUTO
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ _links:
+ scopes:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
+ hints:
+ allow:
+ - GET
+ claims:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
+ hints:
+ allow:
+ - GET
+ policies:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+ hints:
+ allow:
+ - GET
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
hints:
allow:
- GET
- DELETE
- user:
- href: https://{yourOktaDomain}/api/v1/users/00uabcdefg1234567890
+ - PUT
+ metadata:
+ - name: oauth-authorization-server
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+ hints:
+ allow:
+ - GET
+ - name: openid-configuration
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+ hints:
+ allow:
+ - GET
+ rotateKey:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ ListBrandsResponse:
+ value:
+ - id: bnd114iNkrcN6aR680g4
+ name: Okta Default
+ isDefault: true
+ removePoweredByOkta: false
+ customPrivacyPolicyUrl: null
+ locale: en
+ emailDomainId: OeD114iNkrcN6aR680g4
+ defaultApp:
+ appInstanceId: 0oa114iNkrcN6aR680g4
+ appLinkName: null
+ classicApplicationUri: null
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4
hints:
allow:
- GET
- - name: Another API Token
- userId: 00uabcdefg1234567890
- tokenWindow: PT5M
- id: 00T1234567890abcdefg
- clientName: Okta API
- expiresAt: 2021-11-11T20:43:10.000Z
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ - PUT
+ - DELETE
+ themes:
+ href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes
+ hints:
+ allow:
+ - GET
+ ListCustomTokenClaimsResponse:
+ summary: List all custom token Claims for an authorization server
+ value:
+ - id: '{claimId}'
+ name: sub
+ status: ACTIVE
+ claimType: RESOURCE
+ valueType: EXPRESSION
+ value: '(appuser != null) ? appuser.userName : app.clientId'
+ conditions:
+ scopes:
+ - profile
+ system: true
+ alwaysIncludeInToken: true
+ apiResourceId: null
_links:
self:
- href: https://{yourOktaDomain}/api/v1/api-tokens/00T1234567890abcdefg
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
hints:
allow:
- GET
+ - PUT
- DELETE
- user:
- href: https://{yourOktaDomain}/api/v1/users/00uabcdefg1234567890
+ ListEmailCustomizationResponse:
+ value:
+ - language: en
+ isDefault: true
+ subject: Welcome to ${org.name}!
+ body:
Hello, ${user.profile.firstName}. Click here to activate your account.
+ id: oel11u6DqUiMbQkpl0g4
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
hints:
allow:
- GET
- ApiTokenMetadataResponse:
+ - PUT
+ - DELETE
+ template:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+ hints:
+ allow:
+ - GET
+ preview:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
+ hints:
+ allow:
+ - GET
+ test:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+ hints:
+ allow:
+ - POST
+ ListEmailTemplateResponse:
value:
- name: My API Token
- userId: 00uXXXXXXXXXXXXXXXXX
- tokenWindow: P30D
- id: 00Tabcdefg1234567890
- clientName: Okta API
- expiresAt: 2021-12-11T20:38:10.000Z
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
- hints:
- allow:
- - GET
- - DELETE
- user:
- href: https://{yourOktaDomain}/api/v1/users/00uXXXXXXXXXXXXXXXXX
- hints:
- allow:
- - GET
- AppUserSchemaAddRequest:
+ - name: UserActivation
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+ hints:
+ allow:
+ - GET
+ settings:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
+ hints:
+ allow:
+ - GET
+ - PUT
+ defaultContent:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content
+ hints:
+ allow:
+ - GET
+ customizations:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations
+ hints:
+ allow:
+ - GET
+ - POST
+ - DELETE
+ test:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+ hints:
+ allow:
+ - POST
+ ListFeatureDependenciesResponse:
+ summary: List all dependencies for a feature
+ value:
+ - id: ftrZooGoT8b41iWRiQs7
+ description: Example feature description
+ name: Example feature name
+ stage:
+ state: OPEN
+ value: EA
+ status: ENABLED
+ type: self-service
+ _links:
+ self:
+ hints:
+ allow:
+ - POST
+ href: https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7
+ dependents:
+ href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents
+ dependencies:
+ href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies
+ ListFeatureDependentsResponse:
+ summary: List all feature dependents for the specified feature
+ value:
+ - id: ftrZooGoT8b41iWRiQs7
+ description: Example feature description
+ name: Example feature name
+ stage:
+ state: OPEN
+ value: EA
+ status: ENABLED
+ type: self-service
+ _links:
+ self:
+ hints:
+ allow:
+ - POST
+ href: https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7
+ dependents:
+ href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents
+ dependencies:
+ href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies
+ ListFeaturesResponse:
+ summary: List all self-service features for your org
+ value:
+ - id: ftrZooGoT8b41iWRiQs7
+ description: Example feature description
+ name: Example feature name
+ stage:
+ state: CLOSED
+ value: BETA
+ status: DISABLED
+ type: self-service
+ _links:
+ self:
+ hints:
+ allow:
+ - POST
+ href: https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7
+ dependents:
+ href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents
+ dependencies:
+ href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies
+ ListMappingsResponse:
+ summary: List all Profile Mappings response
+ value:
+ - id: prm1k47ghydIQOTBW0g4
+ source:
+ id: otysbePhQ3yqt4cVv0g3
+ name: user
+ type: user
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+ target:
+ id: 0oa1qmn4LZQQEH0wZ0g4
+ name: okta_org2org
+ type: appuser
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+ ListRealmAssignmentRulesResponse:
+ value:
+ - id: rul2jy7jLUlnO3ng00g4
+ status: ACTIVE
+ name: Realm Assignment Rule 1
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: false
+ conditions:
+ profileSourceId: 0oa4enoRyjwSCy5hx0g4
+ expression:
+ value: user.profile.role ==\"Manager\"
+ actions:
+ assignUserToRealm:
+ realmId: 00g1b7rvh0xPLKXFf0g5
+ priority: 0
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realm-rules/rul2jy7jLUlnO3ng00g4
+ method: GET
+ - id: rul2jy7jLUlnO5ng00g4
+ status: ACTIVE
+ name: Catch-all Rule
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: true
+ conditions:
+ profileSourceId: 0oa4enoRyjwSCy6hx0g4,
+ expression:
+ value: string
+ actions:
+ assignUserToRealm:
+ realmId: 00g1b7rvh0xPLKXFf2g5
+ priority: 499
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realm-rules/rul2jy7jLUlnO5ng00g4
+ method: GET
+ ListRealmAwareUsersResponse:
+ summary: List all Users
+ value:
+ - id: 00u118oQYT4TBGuay0g4
+ status: ACTIVE
+ created: '2022-04-04T15:56:05.000Z'
+ activated: null
+ statusChanged: null
+ lastLogin: '2022-05-04T19:50:52.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ passwordChanged: '2022-04-04T16:00:22.000Z'
+ type:
+ id: oty1162QAr8hJjTaq0g4
+ profile:
+ firstName: Alice
+ lastName: Smith
+ mobilePhone: null
+ secondEmail: null
+ login: alice.smith@example.com
+ email: alice.smith@example.com
+ realmId: guo1afiNtSnZYILxO0g4
+ credentials:
+ password: {}
+ provider:
+ type: OKTA
+ name: OKTA
+ _links:
+ self:
+ href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
+ ListRealmsResponse:
+ value:
+ - id: guox9jQ16k9V8IFEL0g3
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: false
+ profile:
+ name: Car Co
+ realmType: PARTNER
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3
+ method: GET
+ ListRiskProviderResponse:
+ summary: List Risk Provider response example
+ value:
+ - id: 00rp12r4skkjkjgsn
+ action: log_only
+ name: Risk-Partner-X
+ clientId: 00ckjsfgjkdkjdkkljjsd
+ created: '2021-01-05 22:18:30'
+ lastUpdated: '2021-01-05 22:18:30'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/risk/providers/00rp12r4skkjkjgsn
+ hints:
+ allow:
+ - GET
+ - PUT
+ ListSessionsResponse:
+ value:
+ - id: uij4ri8ZLk0ywyqxB0g1
+ identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+ status: CREATED
+ importType: INCREMENTAL
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T16:15:44.000Z'
+ ListSessionsResponseForGetSessions:
+ value:
+ - id: uij4ri8ZLk0ywyqxB0g1
+ identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+ status: CREATED
+ importType: INCREMENTAL
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T16:15:44.000Z'
+ - id: uij4ri8ZLk0ywyqxB0g2
+ identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+ status: TRIGGERED
+ importType: INCREMENTAL
+ created: '2022-04-04T16:56:05.000Z'
+ lastUpdated: '2022-05-05T17:15:44.000Z'
+ - id: uij4ri8ZLk0ywyqxB0g3
+ identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+ status: IN_PROGRESS
+ importType: INCREMENTAL
+ created: '2022-04-04T17:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ - id: uij4ri8ZLk0ywyqxB0g4
+ identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+ status: EXPIRED
+ importType: INCREMENTAL
+ created: '2022-04-04T18:56:05.000Z'
+ lastUpdated: '2022-05-05T19:15:44.000Z'
+ - id: uij4ri8ZLk0ywyqxB0g5
+ identitySourceId: 0oa3l6l6WK6h0R0QW0g4
+ status: CLOSED
+ importType: INCREMENTAL
+ created: '2022-04-04T19:56:05.000Z'
+ lastUpdated: '2022-05-05T20:15:44.000Z'
+ ListUISchemaResponse:
+ summary: Lists all UI Schemas response
+ value:
+ - id: uis4a7liocgcRgcxZ0g7
+ uiSchema:
+ type: Group
+ label: Sign in
+ buttonLabel: Submit
+ elements:
+ - type: Control
+ scope: '#/properties/firstName'
+ label: First name
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/lastName'
+ label: Last name
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/email'
+ label: Email
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/countryCode'
+ label: Country code
+ options:
+ format: select
+ - type: Control
+ scope: '#/properties/bool2'
+ label: bool2
+ options:
+ format: checkbox
+ - type: Control
+ scope: '#/properties/date'
+ label: date
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/enum'
+ label: enum
+ options:
+ format: radio
+ created: '2022-07-25T12:56:31.000Z'
+ lastUpdated: '2022-07-26T11:53:59.000Z'
+ _links:
+ self:
+ href: https://example.com/api/v1/meta/uischemas/uis4a7liocgcRgcxZ0g7
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ - id: uis4abjqkkKXVPGAU0g7
+ uiSchema:
+ type: Group
+ label: Sign in 2
+ buttonLabel: Submit
+ elements:
+ - type: Control
+ scope: '#/properties/firstName'
+ label: First name
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/lastName'
+ label: Last name
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/email'
+ label: Email
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/countryCode'
+ label: Country code
+ options:
+ format: select
+ - type: Control
+ scope: '#/properties/bool2'
+ label: bool2
+ options:
+ format: checkbox
+ - type: Control
+ scope: '#/properties/date'
+ label: date
+ - type: Control
+ scope: '#/properties/enum'
+ label: enum
+ options:
+ format: radio
+ created: '2022-07-25T12:56:31.000Z'
+ lastUpdated: '2022-07-26T11:53:59.000Z'
+ _links:
+ self:
+ href: https://example.com/api/v1/meta/uischemas/uis4abjqkkKXVPGAU0g7
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ ListUserBlocksAnyDevicesResponse:
value:
- definitions:
- custom:
- id: '#custom'
- type: object
- properties:
- twitterUserName:
- title: Twitter username
- description: User's username for twitter.com
- type: string
- required: false
- minLength: 1
- maxLength: 20
- required: []
- AppUserSchemaResponse:
+ - type: DEVICE_BASED
+ appliesTo: ANY_DEVICES
+ ListUserBlocksUnknownDevicesResponse:
value:
- id: https://{yourOktaDomain}/meta/schemas/apps/0oa25gejWwdXNnFH90g4/default
- $schema: http://json-schema.org/draft-04/schema#
- name: Example App
- title: Example App User
- lastUpdated: '2017-07-18T23:18:43.000Z'
- created: '2017-07-18T22:35:30.000Z'
- definitions:
- base:
- id: '#base'
- type: object
- properties:
- userName:
- title: Username
- type: string
- required: true
- scope: NONE
- maxLength: 100
- required:
- - userName
- custom:
- id: '#custom'
- type: object
- properties:
- twitterUserName:
- title: Twitter username
- description: User's username for twitter.com
- type: string
- scope: NONE
- minLength: 1
- maxLength: 20
- required: []
- type: object
- properties:
+ - type: DEVICE_BASED
+ appliesTo: UNKNOWN_DEVICES
+ ListUsersResponse:
+ summary: List all Users
+ value:
+ - id: 00u118oQYT4TBTemp0g4
+ status: ACTIVE
+ created: '2022-04-04T15:56:05.000Z'
+ activated: null
+ statusChanged: null
+ lastLogin: '2022-05-04T19:50:52.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ passwordChanged: '2022-04-04T16:00:22.000Z'
+ type:
+ id: oty1162QAr8hJjTaq0g4
profile:
- allOf:
- - $ref: '#/definitions/base'
- - $ref: '#/definitions/custom'
- AuthenticatorRequestDuo:
+ firstName: Alice
+ lastName: Smith
+ mobilePhone: null
+ secondEmail: null
+ login: alice.smith@example.com
+ email: alice.smith@example.com
+ credentials:
+ password: {}
+ provider:
+ type: OKTA
+ name: OKTA
+ _links:
+ self:
+ href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
+ ListsAllUserTypes:
+ summary: Lists all user types
value:
- key: duo
- name: Duo Security
- provider:
- type: DUO
- configuration:
- userNameTemplate:
- template: oktaId
- integrationKey: testIntegrationKey
- secretKey: testSecretKey
- host: https://api-xxxxxxxx.duosecurity.com
- AuthenticatorResponseDuo:
+ - id: otyfnly5cQjJT9PnR0g4
+ displayName: New User Type
+ name: newUserType
+ description: A new custom user type
+ createdBy: sprz9fj1ycBcsgopy1d6
+ lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+ created: '2021-07-05T20:40:38.000Z'
+ lastUpdated: '2021-07-05T20:40:38.000Z'
+ default: false
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ - id: otyz9fj2jMiRBC1ZT1d6
+ displayName: User
+ name: user
+ description: Okta user profile template with default permission settings
+ createdBy: sprz9fj1ycBcsgopy1d6
+ lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+ created: '2021-07-05T20:40:38.000Z'
+ lastUpdated: '2021-07-05T20:40:38.000Z'
+ default: true
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ ListsOwnerOneResponse:
+ summary: Lists a response with one owner
value:
- type: app
- id: aut9gnvcjUHIWb37J0g4
- key: duo
- status: ACTIVE
- name: Duo Security
- created: '2022-07-15T21:14:02.000Z'
- lastUpdated: '2022-07-15T21:14:02.000Z'
- settings: {}
- provider:
- type: DUO
- configuration:
- host: https://api-xxxxxxxx.duosecurity.com
- userNameTemplate:
- template: oktaId
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4
- hints:
- allow:
- - GET
- - PUT
- deactivate:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4/lifecycle/deactivate
- hints:
- allow:
- - POST
- methods:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4/methods
- hints:
- allow:
- - GET
- AuthenticatorResponseEmail: &ref_14
+ - id: 00g1gae1k0znUcLuU0h8
+ type: GROUP
+ resolved: true
+ originId: 'null'
+ originType: OKTA_DIRECTORY
+ displayName: Product & Engineering
+ lastUpdated: '2023-03-29 18:18:37.0'
+ ListsOwnersMultipleResponse:
+ summary: Lists a response with multiple owners
value:
- type: email
- id: aut1nbsPHh7jNjjyP0g4
- key: okta_email
+ - id: 00u1cmbqjkkmFXeqb0h8
+ type: USER
+ resolved: true
+ originId: 'null'
+ originType: OKTA_DIRECTORY
+ displayName: Mabel Mora
+ lastUpdated: '2023-03-29T18:30:58.000Z'
+ - id: 00u1cmc52x5B86cnZ0h8
+ type: USER
+ resolved: true
+ originId: 'null'
+ originType: OKTA_DIRECTORY
+ displayName: Cinda Canning
+ lastUpdated: '2023-03-29T18:30:55.000Z'
+ LogStreamActivateResponse:
+ summary: Activate Log Stream response
+ value:
+ id: 0oa1orqUGCIoCGNxf0g4
+ type: aws_eventbridge
+ name: Example AWS EventBridge
+ lastUpdated: '2023-03-24T21:22:43.000Z'
+ created: '2023-03-24T21:02:43.000Z'
status: ACTIVE
- name: Email
- created: '2020-07-26T21:05:23.000Z'
- lastUpdated: '2020-07-28T21:45:52.000Z'
settings:
- allowedFor: any
- tokenLifetimeInMinutes: 5
+ accountId: '123456789012'
+ eventSourceName: your-event-source-name
+ region: us-east-2
_links:
self:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4
- hints:
- allow:
- - GET
- - PUT
- methods:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/methods
- hints:
- allow:
- - GET
+ href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4
+ method: GET
deactivate:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/lifecycle/deactivate
- hints:
- allow:
- - POST
- AuthenticatorResponsePassword: &ref_15
- value:
- type: password
- id: aut1nbtrJKKA9m45a0g4
- key: okta_password
- status: ACTIVE
- name: Password
- created: '2020-07-26T21:05:23.000Z'
- lastUpdated: '2020-07-26T21:05:23.000Z'
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4
- hints:
- allow:
- - GET
- - PUT
- methods:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4/methods
- hints:
- allow:
- - GET
- AuthenticatorResponsePhone: &ref_16
+ href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
+ method: POST
+ LogStreamDeactivateResponse:
+ summary: Deactivate Log Stream response
value:
- type: phone
- id: aut1nbuyD8m1ckAYc0g4
- key: phone_number
+ id: 0oa7agphh5FT7H521d7
+ type: splunk_cloud_logstreaming
+ name: Splunk Cloud Example
+ lastUpdated: '2023-03-24T21:23:00.000Z'
+ created: '2023-03-24T21:15:13.000Z'
status: INACTIVE
- name: Phone
- created: '2020-07-26T21:05:23.000Z'
- lastUpdated: '2020-07-29T00:21:29.000Z'
settings:
- allowedFor: none
+ edition: aws
+ host: okexample.splunkcloud.com
_links:
self:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4
- hints:
- allow:
- - GET
- - PUT
- methods:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/methods
- hints:
- allow:
- - GET
+ href: http://{yourOktaDomain}/api/v1/logStreams/0oa7agphh5FT7H521d7
+ method: GET
activate:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/lifecycle/activate
- hints:
- allow:
- - POST
- AuthenticatorResponseSecurityQuestion:
+ href: http://{yourOktaDomain}/api/v1/logStreams/0oa7agphh5FT7H521d7/lifecycle/activate
+ method: POST
+ LogStreamGetAllResponse:
+ summary: Lists all Log Streams
value:
- type: security_question
- id: aut1nbvIgEenhwE6c0g4
- key: security_question
+ - id: 0oa1orqUGCIoCGNxf0g4
+ type: aws_eventbridge
+ name: Example AWS EventBridge
+ lastUpdated: '2023-03-24T21:02:43.000Z'
+ created: '2023-03-24T21:02:43.000Z'
+ status: ACTIVE
+ settings:
+ accountId: '123456789012'
+ eventSourceName: your-event-source-name
+ region: us-east-2
+ _links:
+ self:
+ href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4
+ method: GET
+ deactivate:
+ href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
+ method: POST
+ LogStreamPostRequest:
+ summary: Create an AWS EventBridge Log Stream
+ value:
+ type: aws_eventbridge
+ name: Example AWS EventBridge
+ settings:
+ eventSourceName: your-event-source-name
+ accountId: '123456789012'
+ region: us-east-2
+ LogStreamPostResponse:
+ summary: AWS EventBridge Log Stream response
+ value:
+ id: 0oa1orqUGCIoCGNxf0g4
+ type: aws_eventbridge
+ name: Example AWS EventBridge
+ lastUpdated: '2023-03-24T21:02:43.000Z'
+ created: '2023-03-24T21:02:43.000Z'
status: ACTIVE
- name: Security Question
- created: '2020-07-26T21:05:23.000Z'
- lastUpdated: '2020-07-26T21:05:23.000Z'
+ settings:
+ accountId: '123456789012'
+ eventSourceName: your-event-source-name
+ region: us-east-2
_links:
self:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4
- hints:
- allow:
- - GET
- methods:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4/methods
- hints:
- allow:
- - GET
+ href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4
+ method: GET
deactivate:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4/lifecycle/deactivate
- hints:
- allow:
- - POST
- AuthenticatorResponseWebAuthn: &ref_17
+ href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
+ method: POST
+ LogStreamPutRequest:
+ summary: Replace AWS EventBridge name
value:
- type: security_key
- id: aut1nd8PQhGcQtSxB0g4
- key: webauthn
+ type: aws_eventbridge
+ name: Updated AWS EventBridge
+ settings:
+ eventSourceName: your-event-source-name
+ accountId: '123456789012'
+ region: us-east-2
+ LogStreamPutResponse:
+ summary: Replace AWS EventBridge name response
+ value:
+ id: 0oa1orqUGCIoCGNxf0g4
+ type: aws_eventbridge
+ name: Updated AWS EventBridge
+ lastUpdated: '2023-03-24T21:12:43.000Z'
+ created: '2023-03-24T21:02:43.000Z'
status: ACTIVE
- name: Security Key or Biometric
- created: '2020-07-26T21:16:37.000Z'
- lastUpdated: '2020-07-27T18:59:30.000Z'
+ settings:
+ accountId: '123456789012'
+ eventSourceName: your-event-source-name
+ region: us-east-2
_links:
self:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4
- hints:
- allow:
- - GET
- - PUT
- methods:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods
- hints:
- allow:
- - GET
+ href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4
+ method: GET
deactivate:
- href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate
- hints:
- allow:
- - POST
- AuthenticatorsResponse:
+ href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
+ method: POST
+ LogStreamSchemaAws:
value:
- - *ref_14
- - *ref_15
- - *ref_16
- - *ref_17
- BehaviorRuleRequest:
+ $schema: https://json-schema.org/draft/2020-12/schema
+ $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge
+ title: AWS EventBridge
+ type: object
+ properties:
+ settings:
+ description: Configuration properties specific to AWS EventBridge
+ type: object
+ properties:
+ accountId:
+ title: AWS Account ID
+ description: Your Amazon AWS Account ID.
+ type: string
+ writeOnce: true
+ pattern: ^\d{12}$
+ eventSourceName:
+ title: AWS Event Source Name
+ description: An alphanumeric name (no spaces) to identify this event source in AWS EventBridge.
+ type: string
+ writeOnce: true
+ pattern: ^[\.\-_A-Za-z0-9]{1,75}$
+ region:
+ title: AWS Region
+ description: The destination AWS region for your system log events.
+ type: string
+ writeOnce: true
+ oneOf:
+ - title: US East (Ohio)
+ const: us-east-2
+ - title: US East (N. Virginia)
+ const: us-east-1
+ - title: US West (N. California)
+ const: us-west-1
+ - title: US West (Oregon)
+ const: us-west-2
+ - title: Canada (Central)
+ const: ca-central-1
+ - title: Europe (Frankfurt)
+ const: eu-central-1
+ - title: Europe (Ireland)
+ const: eu-west-1
+ - title: Europe (London)
+ const: eu-west-2
+ - title: Europe (Paris)
+ const: eu-west-3
+ - title: Europe (Milan)
+ const: eu-south-1
+ - title: Europe (Stockholm)
+ const: eu-north-1
+ required:
+ - eventSourceName
+ - accountId
+ - region
+ errorMessage:
+ properties:
+ accountId: Account number must be 12 digits.
+ eventSourceName: Event source name can use numbers, letters, the symbols ".", "-" or "_". It must use fewer than 76 characters.
+ name:
+ title: Name
+ description: A name for this log stream in Okta
+ type: string
+ writeOnce: false
+ pattern: ^.{1,100}$
+ required:
+ - name
+ - settings
+ errorMessage:
+ properties:
+ name: Name can't exceed 100 characters.
+ LogStreamSchemaList:
value:
- name: My Behavior Rule
- type: VELOCITY
- BehaviorRuleResponse:
+ - $schema: https://json-schema.org/draft/2020-12/schema
+ $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge
+ title: AWS EventBridge
+ type: object
+ properties:
+ settings:
+ description: Configuration properties specific to AWS EventBridge
+ type: object
+ properties:
+ accountId:
+ title: AWS Account ID
+ description: Your Amazon AWS Account ID.
+ type: string
+ writeOnce: true
+ pattern: ^\d{12}$
+ eventSourceName:
+ title: AWS Event Source Name
+ description: An alphanumeric name (no spaces) to identify this event source in AWS EventBridge.
+ type: string
+ writeOnce: true
+ pattern: ^[\.\-_A-Za-z0-9]{1,75}$
+ region:
+ title: AWS Region
+ description: The destination AWS region for your system log events.
+ type: string
+ writeOnce: true
+ oneOf:
+ - title: US East (Ohio)
+ const: us-east-2
+ - title: US East (N. Virginia)
+ const: us-east-1
+ - title: US West (N. California)
+ const: us-west-1
+ - title: US West (Oregon)
+ const: us-west-2
+ - title: Canada (Central)
+ const: ca-central-1
+ - title: Europe (Frankfurt)
+ const: eu-central-1
+ - title: Europe (Ireland)
+ const: eu-west-1
+ - title: Europe (London)
+ const: eu-west-2
+ - title: Europe (Paris)
+ const: eu-west-3
+ - title: Europe (Milan)
+ const: eu-south-1
+ - title: Europe (Stockholm)
+ const: eu-north-1
+ required:
+ - eventSourceName
+ - accountId
+ - region
+ errorMessage:
+ properties:
+ accountId: Account number must be 12 digits.
+ eventSourceName: Event source name can use numbers, letters, the symbols ".", "-" or "_". It must use fewer than 76 characters.
+ name:
+ title: Name
+ description: A name for this log stream in Okta
+ type: string
+ writeOnce: false
+ pattern: ^.{1,100}$
+ required:
+ - name
+ - settings
+ errorMessage:
+ properties:
+ name: Name can't exceed 100 characters.
+ - $schema: https://json-schema.org/draft/2020-12/schema
+ $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming
+ title: Splunk Cloud
+ type: object
+ properties:
+ settings:
+ description: Configuration properties specific to Splunk Cloud
+ type: object
+ properties:
+ host:
+ title: Host
+ description: 'The domain for your Splunk Cloud instance without http or https. For example: acme.splunkcloud.com'
+ type: string
+ writeOnce: false
+ pattern: ^([a-z0-9]+(-[a-z0-9]+)*){1,100}\.splunkcloud(gc|fed)?\.com$
+ token:
+ title: HEC Token
+ description: The token from your Splunk Cloud HTTP Event Collector (HEC).
+ type: string
+ writeOnce: false
+ pattern: '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'
+ required:
+ - host
+ - token
+ errorMessage:
+ properties:
+ host: 'Host should be a domain without http or https. For example: acme.splunkcloud.com'
+ name:
+ title: Name
+ description: A name for this log stream in Okta
+ type: string
+ writeOnce: false
+ pattern: ^.{1,100}$
+ required:
+ - name
+ - settings
+ errorMessage:
+ properties:
+ name: Name can't exceed 100 characters.
+ LogStreamSchemaSplunk:
value:
- id: abcd1234
- name: My Behavior Rule
- type: VELOCITY
- settings:
- velocityKph: 805
+ $schema: https://json-schema.org/draft/2020-12/schema
+ $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming
+ title: Splunk Cloud
+ type: object
+ properties:
+ settings:
+ description: Configuration properties specific to Splunk Cloud
+ type: object
+ properties:
+ host:
+ title: Host
+ description: 'The domain for your Splunk Cloud instance without http or https. For example: acme.splunkcloud.com'
+ type: string
+ writeOnce: false
+ pattern: ^([a-z0-9]+(-[a-z0-9]+)*){1,100}\.splunkcloud(gc|fed)?\.com$
+ token:
+ title: HEC Token
+ description: The token from your Splunk Cloud HTTP Event Collector (HEC).
+ type: string
+ writeOnce: false
+ pattern: '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'
+ required:
+ - host
+ - token
+ errorMessage:
+ properties:
+ host: 'Host should be a domain without http or https. For example: acme.splunkcloud.com'
+ name:
+ title: Name
+ description: A name for this log stream in Okta
+ type: string
+ writeOnce: false
+ pattern: ^.{1,100}$
+ required:
+ - name
+ - settings
+ errorMessage:
+ properties:
+ name: Name can't exceed 100 characters.
+ OAuth2RefreshTokenResponseEx:
+ summary: OAuth 2.0 refresh token example
+ value:
+ id: oar579Mcp7OUsNTlo0g3
status: ACTIVE
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
- _link:
+ created: '2023-03-09T03:18:06.000Z'
+ lastUpdated: '2023-03-09T03:18:06.000Z'
+ expiresAt: '2023-03-16T03:18:06.000Z'
+ issuer: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7
+ clientId: 0oabskvc6442nkvQO0h7
+ userId: 00u5t60iloOHN9pBi0h7
+ scopes:
+ - offline_access
+ - car:drive
+ _embedded:
+ scopes:
+ - id: scppb56cIl4GvGxy70g3
+ name: offline_access
+ description: Requests a refresh token by default and is used to obtain more access tokens without re-prompting the user for authentication
+ _links:
+ scope:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scppb56cIl4GvGxy70g3
+ title: offline_access
+ - id: scp142iq2J8IGRUCS0g4
+ name: car:drive
+ displayName: Drive car
+ description: Allows the user to drive a car
+ _links:
+ scope:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scp142iq2J8IGRUCS0g4
+ title: Drive car
+ _links:
+ app:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7
+ title: Native
self:
- href: https://your-subdomain.okta.com/api/v1/behaviors/abcd1234
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+ revoke:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
hints:
allow:
- - GET
- - POST
- - PUT
- DELETE
- CAPTCHAInstanceRequestHCaptcha:
- value:
- name: myHCaptcha
- secretKey: xxxxxxxxxxx
- siteKey: xxxxxxxxxxx
- type: HCAPTCHA
- CAPTCHAInstanceRequestReCaptcha:
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/0oabskvc6442nkvQO0h7
+ title: Example Client App
+ user:
+ href: https://{yourOktaDomain}/api/v1/users/00upcgi9dyWEOeCwM0g3
+ title: Saml Jackson
+ authorizationServer:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7
+ title: Example Authorization Server
+ OAuth2RefreshTokenResponseListEx:
+ summary: App refresh token list example
value:
- name: myReCaptcha
- secretKey: xxxxxxxxxxx
- siteKey: yyyyyyyyyyyyyyy
- type: RECAPTCHA_V2
- CAPTCHAInstanceResponseHCaptcha:
+ - id: oar579Mcp7OUsNTlo0g3
+ status: ACTIVE
+ created: '2023-03-09T03:18:06.000Z'
+ lastUpdated: '2023-03-09T03:18:06.000Z'
+ expiresAt: '2023-03-16T03:18:06.000Z'
+ issuer: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7
+ clientId: 0oabskvc6442nkvQO0h7
+ userId: 00u5t60iloOHN9pBi0h7
+ scopes:
+ - offline_access
+ - car:drive
+ _embedded:
+ scopes:
+ - id: scppb56cIl4GvGxy70g3
+ name: offline_access
+ description: Requests a refresh token by default and is used to obtain more access tokens without re-prompting the user for authentication
+ _links:
+ scope:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scppb56cIl4GvGxy70g3
+ title: offline_access
+ - id: scp142iq2J8IGRUCS0g4
+ name: car:drive
+ displayName: Drive car
+ description: Allows the user to drive a car
+ _links:
+ scope:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scp142iq2J8IGRUCS0g4
+ title: Drive car
+ _links:
+ app:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7
+ title: Native
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+ revoke:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+ hints:
+ allow:
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/0oabskvc6442nkvQO0h7
+ title: Example Client App
+ user:
+ href: https://{yourOktaDomain}/api/v1/users/00upcgi9dyWEOeCwM0g3
+ title: Saml Jackson
+ authorizationServer:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7
+ title: Example Authorization Server
+ OperationResponse:
value:
- id: abcd1234
- name: myHCaptcha
- siteKey: xxxxxxxxxxx
- type: HCAPTCHA
+ id: rre4mje4ez6B2a7B60g7
+ status: COMPLETED
+ created: '2023-10-25T21:02:54.000Z'
+ started: '2023-10-25T21:02:54.000Z'
+ completed: '2023-10-25T21:02:54.000Z'
+ ruleOperation:
+ numUserMoved: 50
+ configuration:
+ id: 0pr1b7rxZj2ibQzfP0g5
+ name: Realm Assignment Rule 1
+ conditions:
+ profileSourceId: 0oa4enoRyjwSCy5hx0g4
+ expression:
+ value: string
+ actions:
+ assignUserToRealm:
+ realmId: 00g1b7rvh0xPLKXFf0g5
+ realmName: Realm Name
_links:
self:
- href: https://your-subdomain.okta.com/api/v1/captchas/abcd1234
- hints:
- allow:
- - GET
- - POST
- - PUT
- - DELETE
- CAPTCHAInstanceResponseReCaptcha:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez6B2a7B60g7
+ method: GET
+ OrgCAPTCHASettingsConfigured:
+ summary: Org-wide Captcha Settings are configured
value:
- id: abcd4567
- name: myReCaptcha
- siteKey: yyyyyyyyyyyyyyy
- type: RECAPTCHA_V2
+ captchaId: abcd4567
+ enabledPages:
+ - SSR
+ - SIGN_IN
_links:
self:
href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
@@ -17271,250 +23737,162 @@ components:
- POST
- PUT
- DELETE
- CreateBrandDomainRequest:
+ OrgCAPTCHASettingsDisable:
+ summary: Disable Org-wide Captcha Settings
value:
- domainId: OcD11vyscTlIkpC7i0g4
- CreateBrandRequest:
- value:
- name: My Awesome Brand
- CreateBrandResponse:
+ captchaId: 'null'
+ enabledPages: 'null'
+ OrgCAPTCHASettingsDisabled:
+ summary: Disabled Org-wide Captcha Settings
value:
- id: bnd114iNkrcN6aR680g5
- removePoweredByOkta: false
- customPrivacyPolicyUrl: null
- name: My Awesome Brand
- isDefault: false
+ captchaId: 'null'
+ enabledPages: '[]'
_links:
self:
- href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g5
+ href: https://your-subdomain.okta.com/api/v1/captchas/
hints:
allow:
- GET
- PUT
- - DELETE
- themes:
- href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g5/themes
- hints:
- allow:
- - GET
- CreateUpdateEmailCustomizationRequest:
- value:
- language: fr
- subject: Bienvenue dans ${org.name}!
- body:
Bonjour ${user.profile.firstName}. Activer le compte
- isDefault: false
- CreateUpdateEmailCustomizationResponse:
+ OrgCAPTCHASettingsEmpty:
+ summary: Org-wide Captcha Settings aren't configured
value:
- language: fr
- subject: Bienvenue dans ${org.name}!
- body: Bonjour ${user.profile.firstName}. Activer le compte
- isDefault: false
- id: oel11u6DqUiMbQkpl0g4
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ captchaId: null
+ enabledPages: []
_links:
self:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
+ href: https://your-subdomain.okta.com/api/v1/captchas
hints:
allow:
- GET
+ - POST
- PUT
- DELETE
- template:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
- hints:
- allow:
- - GET
- preview:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
+ OrgCAPTCHASettingsUpdate:
+ summary: Update Org-wide Captcha Settings
+ value:
+ captchaId: abcd4567
+ enabledPages:
+ - SSR
+ - SIGN_IN
+ OrgCAPTCHASettingsUpdated:
+ summary: Updated Org-wide Captcha Settings
+ value:
+ captchaId: abcd4567
+ enabledPages:
+ - SSR
+ - SIGN_IN
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
hints:
allow:
- GET
- test:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
- hints:
- allow:
- POST
- DeviceAssuranceAndroidRequest:
+ - PUT
+ - DELETE
+ PerClientRateLimitSettingsEnforceDefault:
value:
- name: Device Assurance Android
- osVersion:
- minimum: 12.4.5
- diskEncryptionType:
- include:
- - USER
- - FULL
- jailbreak: false
- platform: ANDROID
- screenLockType:
- include:
- - BIOMETRIC
- secureHardwarePresent: true
- DeviceAssuranceIosRequest:
+ defaultMode: ENFORCE
+ PerClientRateLimitSettingsEnforceDefaultWithOverrides:
value:
- name: Device Assurance IOS
- osVersion:
- minimum: 12.4.5
- jailbreak: false
- platform: IOS
- screenLockType:
- include:
- - BIOMETRIC
- DeviceAssuranceMacOSRequest:
+ defaultMode: ENFORCE
+ useCaseModeOverrides:
+ OAUTH2_AUTHORIZE: PREVIEW
+ OIE_APP_INTENT: DISABLE
+ PerClientRateLimitSettingsPreviewDefaultWithOverrides:
value:
- name: Device Assurance macOS
- osVersion:
- minimum: 12.4.5
- diskEncryptionType:
- include:
- - ALL_INTERNAL_VOLUMES
- platform: MACOS
- screenLockType:
- include:
- - PASSCODE
- - BIOMETRIC
- secureHardwarePresent: true
- DeviceAssuranceResponse:
+ defaultMode: PREVIEW
+ useCaseModeOverrides:
+ LOGIN_PAGE: ENFORCE
+ PermissionResponse:
value:
- id: dae3m8o4rWhwReDeM1c5
- name: Device Assurance Example
- lastUpdate: 2022-01-01T00:00:00.000Z
- createdUpdate: 2022-01-01T00:00:00.000Z
- lastUpdatedBy: 00u217pyf72CdUrBt1c5
- createdBy: 00u217pyf72CdUrBt1c5
- osVersion:
- minimum: 12.4.5.9
- diskEncryptionType:
- include:
- - ALL_INTERNAL_VOLUMES
- platform: WINDOWS
- screenLockType:
- include:
- - PASSCODE
- - BIOMETRIC
- secureHardwarePresent: true
+ label: okta.users.manage
+ created: '2021-02-06T16:20:57.000Z'
+ lastUpdated: '2021-02-06T16:20:57.000Z'
_links:
+ role:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
self:
- href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
- hints:
- allow:
- - DELETE
- - GET
- - PUT
- DeviceAssuranceWindowsRequest:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.manage
+ PermissionResponseWithConditions:
value:
- name: Device Assurance Windows
- osVersion:
- minimum: 12.4.5.9
- diskEncryptionType:
- include:
- - ALL_INTERNAL_VOLUMES
- platform: WINDOWS
- screenLockType:
+ label: okta.users.read
+ conditions:
include:
- - PASSCODE
- - BIOMETRIC
- secureHardwarePresent: true
- DeviceResponse:
- value:
- id: guo8jx5vVoxfvJeLb0w4
- status: ACTIVE
- created: '2020-11-03T21:47:01.000Z'
- lastUpdated: '2020-11-03T23:46:27.000Z'
- profile:
- displayName: DESKTOP-EHAD3IE
- platform: WINDOWS
- manufacturer: International Corp
- model: VMware7,1
- osVersion: 10.0.18362
- serialNumber: 56 4d 4f 95 74 c5 d3 e7-fc 3a 57 9c c2 f8 5d ce
- udid: 954F4D56-C574-E7D3-FC3A-579CC2F85DCE
- sid: S-1-5-21-3992267483-1860856704-2413701314-500
- registered: true
- secureHardwarePresent: false
- resourceId: guo8jx5vVoxfvJeLb0w4
- resourceDisplayName:
- value: DESKTOP-EHAD3IE
- sensitive: false
- resourceType: UDDevice
- resourceAlternateId: null
+ okta:ResourceAttribute/User/Profile:
+ - city
+ - state
+ - zipCode
+ created: '2021-02-06T16:20:57.000Z'
+ lastUpdated: '2021-02-06T16:20:57.000Z'
_links:
- suspend:
- href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/lifecycle/suspend
- hints:
- allow:
- - POST
+ role:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
self:
- href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4
- hints:
- allow:
- - GET
- - PATCH
- - PUT
- users:
- href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/users
- hints:
- allow:
- - GET
- deactivate:
- href: https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/lifecycle/deactivate
- hints:
- allow:
- - POST
- EmailCustomizationResponse:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.read
+ PermissionsResponse:
value:
- language: en
- isDefault: true
- subject: Welcome to ${org.name}!
- body: Hello, ${user.profile.firstName}. Click here to activate your account.
- id: oel11u6DqUiMbQkpl0g4
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ permissions:
+ - label: okta.users.create
+ created: '2021-02-06T16:20:57.000Z'
+ lastUpdated: '2021-02-06T16:20:57.000Z'
+ _links:
+ role:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+ self:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.create
+ - label: okta.users.read
+ created: '2021-02-06T16:20:57.000Z'
+ lastUpdated: '2021-02-06T16:20:57.000Z'
+ _links:
+ role:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+ self:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.read
+ - label: okta.groups.read
+ created: '2021-02-06T16:20:57.000Z'
+ lastUpdated: '2021-02-06T16:20:57.000Z'
+ _links:
+ role:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+ self:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.groups.read
+ - label: okta.users.userprofile.manage
+ created: '2021-02-06T16:20:57.000Z'
+ lastUpdated: '2021-02-06T16:20:57.000Z'
+ _links:
+ role:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
+ self:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.userprofile.manage
+ PreviewEmailCustomizationResponse:
+ value:
+ subject: Welcome to Okta!
+ body:
Hello, John. Click here to activate your account.
_links:
self:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel2kk1zYJBJbeaGo0g4/preview
hints:
allow:
- GET
- - PUT
- - DELETE
template:
href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
hints:
allow:
- GET
- preview:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
- hints:
- allow:
- - GET
test:
href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
hints:
allow:
- POST
- EmailSettingsResponse:
- value:
- recipients: ALL_USERS
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
- hints:
- allow:
- - GET
- - PUT
- template:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
- hints:
- allow:
- - GET
- EmailTemplateDefaultContentResponse:
+ PreviewEmailTemplateDefaultContentResponse:
value:
- subject: Welcome to ${org.name}!
- body:
Hello, ${user.profile.firstName}. Click here to activate your account.
+ subject: Welcome to Okta!
+ body:
Hello, John. Click here to activate your account.
_links:
self:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content/preview
hints:
allow:
- GET
@@ -17523,898 +23901,1339 @@ components:
hints:
allow:
- GET
- preview:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content/preview
+ defaultContent:
+ href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test/default-content
hints:
allow:
- - GET
- ErrorAccessDenied:
- value:
- errorCode: E0000006
- errorSummary: You do not have permission to perform the requested action
- errorLink: E0000006
- errorId: sampleNUSD_8fdkFd8fs8SDBK
- errorCauses: []
- ErrorApiValidationFailed:
- value:
- errorCode: E0000001
- errorSummary: 'Api validation failed: {0}'
- errorLink: E0000001
- errorId: sampleiCF-8D5rLW6myqiPItW
- errorCauses: []
- ErrorCAPTCHALimitOfOne:
- value:
- errorCode: E0000165
- errorSummary: CAPTCHA count limit reached. At most one CAPTCHA instance is allowed per Org.
- errorLink: E0000165
- errorId: oaejrB1fWL1S7mc-2KcG-SOtw
- errorCauses: []
- ErrorCAPTCHAOrgWideSetting:
- value:
- errorCode: E0000149
- errorSummary: Current CAPTCHA is associated with org-wide settings, cannot be removed.
- errorLink: E0000149
- errorId: samplezsusshPdiTWiITwqBt8
- errorCauses: []
- ErrorCreateUserWithExpiredPasswordWithNullPassword:
- value:
- errorCode: E0000124
- errorSummary: Could not create user. To create a user and expire their password immediately, a password must be specified
- errorLink: E0000124
- errorId: oaeXxuZgXBySvqi1FvtkwoYCA
- errorCauses:
- - errorSummary: Could not create user. To create a user and expire their password immediately, a password must be specified
- ErrorCreateUserWithExpiredPasswordWithoutActivation:
- value:
- errorCode: E0000125
- errorSummary: Could not create user. To create a user and expire their password immediately, "activate" must be true
- errorLink: E0000125
- errorId: oaeDd77L9R-TJaD7j_rXsQ31w
- errorCauses:
- - errorSummary: Could not create user. To create a user and expire their password immediately, "activate" must be true
- ErrorCreateUserWithTooManyManyGroupsResponse:
- value:
- errorCode: E0000093
- errorSummary: Target count limit exceeded
- errorLink: E0000093
- errorId: oaePVSLIYnIQsC0B-ptBIllVA
- errorCauses:
- - errorSummary: The number of group targets is too large.
- ErrorDeleteBrandAssociatedWithDomain:
- value:
- errorCode: E0000201
- errorSummary: A brand associated with a domain cannot be deleted
- errorLink: E0000201
- errorId: oaeAdRqprFuTyKokyYPbURJkA
- errorCauses: []
- ErrorDeleteDefaultBrand:
- value:
- errorCode: E0000200
- errorSummary: A default brand cannot be deleted
- errorLink: E0000200
- errorId: oaeAdRqprFuTyKokyYPbURJkA
- errorCauses: []
- ErrorDeviceAssuranceInUse:
- value:
- errorSummary: Device assurance is in use and cannot be deleted.
- errorId: oaenwA1ra80S9W-pvbh4m6haA
- errorCauses: []
- ErrorEmailCustomizationCannotClearDefault:
- value:
- errorCode: E0000185
- errorSummary: The isDefault parameter of the default email template customization can't be set to false.
- errorLink: E0000185
- errorId: oaejrB1fWL1S7mc-2KcG-SOtw
- errorCauses: []
- ErrorEmailCustomizationCannotDeleteDefault:
- value:
- errorCode: E0000184
- errorSummary: A default email template customization can't be deleted.
- errorLink: E0000184
- errorId: oaeAdRqprFuTyKokyYPbURJkA
- errorCauses: []
- ErrorEmailCustomizationDefaultAlreadyExists:
- value:
- errorCode: E0000182
- errorSummary: A default email template customization already exists.
- errorLink: E0000182
- errorId: oaeXYwTiMvASsC3O4HCzjFaCA
- errorCauses: []
- ErrorEmailCustomizationLanguageAlreadyExists:
- value:
- errorCode: E0000183
- errorSummary: An email template customization for that language already exists.
- errorLink: E0000183
- errorId: oaeUcGELffqRay0u1OPdnPypw
- errorCauses: []
- ErrorInvalidEmailTemplateRecipients:
- value:
- errorCode: E0000189
- errorSummary: This template does not support the recipients value.
- errorLink: E0000189
- errorId: oae8L1-UkcNTeGi5xVQ28_lww
- errorCauses: []
- ErrorLinkDefaultBrand:
+ - POST
+ PrincipalRateLimitEntityRequestEmptyPercentages:
value:
- errorCode: E0000203
- errorSummary: Failed to associate this domain with the given brandId
- errorLink: E0000203
- errorId: oaeAdRqprFuTyKokyYPbURJkA
- errorCauses:
- - errorSummary: The default brand cannot be mapped to a domain
- ErrorPushProviderUsedByCustomAppAuthenticator:
+ principalId: token1234
+ principalType: SSWS_TOKEN
+ PrincipalRateLimitEntityRequestSSWSToken:
value:
- errorCode: E0000187
- errorSummary: Cannot delete push provider because it is being used by a custom app authenticator.
- errorLink: E0000187
- errorId: oaenwA1ra80S9W-pvbh4m6haA
- errorCauses: []
- ErrorResourceNotFound:
+ principalId: token1234
+ principalType: SSWS_TOKEN
+ defaultPercentage: 50
+ defaultConcurrencyPercentage: 75
+ PrincipalRateLimitEntityResponseSSWSToken:
value:
- errorCode: E0000007
- errorSummary: 'Not found: {0}'
- errorLink: E0000007
- errorId: sampleMlLvGUj_YD5v16vkYWY
- errorCauses: []
- ErrorTooManyRequests:
+ id: abcd1234
+ orgId: org1234
+ principalId: token1234
+ principalType: SSWS_TOKEN
+ defaultPercentage: 50
+ defaultConcurrencyPercentage: 75
+ createdDate: '2022-05-19T20:05:32.720Z'
+ createdBy: user1234
+ lastUpdate: '2022-05-20T21:13:07.410Z'
+ lastUpdatedBy: user4321
+ ProvisioningConnectionOauthRequestEx:
+ summary: Provisioning Connection with OAuth 2.0
value:
- errorCode: E0000047
- errorSummary: You exceeded the maximum number of requests. Try again in a while.
- errorLink: E0000047
- errorId: sampleQPivGUj_ND5v78vbYWW
- errorCauses: []
- GetBrandResponse:
+ profile:
+ authScheme: OAUTH2
+ clientId: 0oa2h6su6bVFyJzIf1d7
+ ProvisioningConnectionOauthResponseEx:
+ summary: Provisioning Connection with OAuth 2.0
value:
- id: bnd114iNkrcN6aR680g4
- removePoweredByOkta: false
- customPrivacyPolicyUrl: null
- name: Okta Default
- isDefault: true
+ authScheme: OAUTH2
+ status: ENABLED
_links:
self:
- href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4
+ href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default
hints:
allow:
- GET
- - PUT
- - DELETE
- themes:
- href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes
+ - POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default/lifecycle/deactivate
hints:
allow:
- - GET
- GetEmailTemplateResponse:
+ - POST
+ ProvisioningConnectionTokenRequestEx:
+ summary: Provisioning Connection with token
value:
- name: UserActivation
+ profile:
+ authScheme: TOKEN
+ token: 00NgAPZqUVy8cX9ehNzzahEE5b-On9sImTcInvWp-x
+ ProvisioningConnectionTokenResponseEx:
+ summary: Provisioning Connection with token
+ value:
+ authScheme: TOKEN
+ status: ENABLED
_links:
self:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+ href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default
hints:
allow:
- GET
- settings:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
+ - POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ PushProviderAPNsRequest:
+ value:
+ name: APNs Example
+ providerType: APNS
+ configuration:
+ keyId: KEY_ID
+ teamId: TEAM_ID
+ tokenSigningKey: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n'
+ fileName: fileName.p8
+ PushProviderAPNsResponse:
+ value:
+ id: ppctekcmngGaqeiBxB0g4
+ name: APNs Example
+ providerType: APNS
+ lastUpdatedDate: '2022-01-01T00:00:00.000Z'
+ configuration:
+ keyId: KEY_ID
+ teamId: TEAM_ID
+ fileName: fileName.p8
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
hints:
allow:
+ - DELETE
- GET
- PUT
- defaultContent:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content
+ PushProviderFCMRequest:
+ value:
+ name: FCM Example
+ providerType: FCM
+ configuration:
+ serviceAccountJson:
+ type: service_account
+ project_id: PROJECT_ID
+ private_key_id: KEY_ID
+ private_key: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n'
+ client_email: SERVICE_ACCOUNT_EMAIL
+ client_id: CLIENT_ID
+ auth_uri: https://accounts.google.com/o/oauth2/auth
+ token_uri: https://accounts.google.com/o/oauth2/token
+ auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
+ client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL
+ fileName: fileName.json
+ PushProviderFCMResponse:
+ value:
+ id: ppctekcmngGaqeiBxB0g4
+ name: FCM Example
+ providerType: FCM
+ lastUpdatedDate: '2022-01-01T00:00:00.000Z'
+ configuration:
+ projectId: PROJECT_ID
+ fileName: fileName.p8
+ _links:
+ self:
+ href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
hints:
allow:
+ - DELETE
- GET
- customizations:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations
+ - PUT
+ RateLimitAdminNotificationsDisabled:
+ value:
+ notificationsEnabled: false
+ RateLimitAdminNotificationsEnabled:
+ value:
+ notificationsEnabled: true
+ RateLimitWarningThresholdValidExample:
+ value:
+ warningThreshold: 66
+ RealmResponse:
+ value:
+ id: guox9jQ16k9V8IFEL0g3
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: false
+ profile:
+ name: Car Co
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3
+ method: GET
+ RefreshCurrentSessionResponse:
+ summary: Refresh current session
+ value:
+ amr:
+ - pwd
+ createdAt: '2019-08-24T14:15:22Z'
+ expiresAt: '2019-08-24T14:15:22Z'
+ id: l7FbDVqS8zHSy65uJD85
+ idp:
+ id: 01a2bcdef3GHIJKLMNOP
+ type: ACTIVE_DIRECTORY
+ lastFactorVerification: '2019-08-24T14:15:22Z'
+ lastPasswordVerification: '2019-08-24T14:15:22Z'
+ login: user@example.com
+ status: ACTIVE
+ userId: 00u0abcdefGHIJKLMNOP
+ _links:
+ self:
hints:
allow:
- GET
- - POST
- DELETE
- test:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+ href: https://{yourOktaDomain}/api/v1/sessions/me
+ refresh:
hints:
allow:
- POST
- GroupSchemaAddRequest:
- value:
- definitions:
- custom:
- id: '#custom'
- type: object
- properties:
- groupContact:
- title: Group administrative contact
- description: Group administrative contact
- type: string
- required: false
- minLength: 1
- maxLength: 20
- permissions:
- - principal: SELF
- action: READ_WRITE
- required: []
- GroupSchemaResponse:
+ href: https://{yourOktaDomain}/api/v1/sessions/me/lifecycle/refresh
+ user:
+ hints:
+ allow:
+ - GET
+ href: https://{yourOktaDomain}/api/v1/users/me
+ name: User Name
+ RefreshSessionResponse:
+ summary: Refresh an existing Session using the session ID
value:
- $schema: http://json-schema.org/draft-04/schema#
+ amr:
+ - pwd
+ createdAt: '2019-08-25T14:17:22Z'
+ expiresAt: '2019-08-25T14:17:22Z'
+ id: l7FbDVqS8zHSy65uJD85
+ idp:
+ id: 01a2bcdef3GHIJKLMNOP
+ type: ACTIVE_DIRECTORY
+ lastFactorVerification: '2019-08-24T14:15:22Z'
+ lastPasswordVerification: '2019-08-24T14:15:22Z'
+ login: user@example.com
+ status: ACTIVE
+ userId: 00u0abcdefGHIJKLMNOP
_links:
self:
- href: https://{yourOktaDomain}/api/v1/meta/schemas/group/default
- method: GET
- rel: self
- created: '2021-01-30T00:18:24.000Z'
- definitions:
- base:
- id: '#base'
- properties: {}
- required:
- - name
- type: object
- custom:
- id: '#custom'
- properties:
- groupContact:
- description: Group administrative contact
- master:
- type: PROFILE_MASTER
- mutability: READ_WRITE
- permissions:
- - action: READ_WRITE
- principal: SELF
- scope: NONE
- title: Group administrative contact
- type: string
- required: []
- type: object
- description: Okta group profile template
- id: https://{yourOktaDomain}/meta/schemas/group/default
- lastUpdated: '2021-02-25T23:05:31.000Z'
- name: group
+ hints:
+ allow:
+ - DELETE
+ href: https://{yourOktaDomain}/api/v1/sessions/l7FbDVqS8zHSy65uJD85
+ RemoveMappingBody:
+ summary: Update an existing profile mapping by removing one or more properties
+ value:
properties:
- profile:
- allOf:
- - $ref: '#/definitions/custom'
- - $ref: '#/definitions/base'
- title: Okta group
- type: object
- LinkBrandDomain:
+ nickName:
+ expression: null
+ pushStatus: null
+ RemoveMappingResponse:
+ summary: Update an existing profile mapping by removing one or more properties
value:
- domainId: OcD11vyscTlIkpC7i0g4
+ id: prm1k47ghydIQOTBW0g4
+ source:
+ id: otysbePhQ3yqt4cVv0g3
+ name: user
+ type: user
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+ target:
+ id: 0oa1qmn4LZQQEH0wZ0g4
+ name: okta_org2org
+ type: appuser
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default
+ properties:
+ fullName:
+ expression: user.firstName + user.lastName
+ pushStatus: PUSH
_links:
self:
- href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/domains/OcD11vyscTlIkpC7i0g4
+ href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+ ReplaceAnEventHookWithFilter:
+ summary: Replace an event hook
+ value:
+ name: Event Hook with Filter
+ description: An event hook using an Okta Expression Language filter
+ events:
+ type: EVENT_TYPE
+ items:
+ - group.user_membership.add
+ filter:
+ type: EXPRESSION_LANGUAGE
+ eventFilterMap:
+ - event: group.user_membership.add
+ condition:
+ expression: event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName eq 'Sales'].size()>0
+ channel:
+ type: HTTP
+ version: 1.0.0
+ config:
+ uri: https://example_external_service/userAdded
+ authScheme:
+ type: HEADER
+ key: Authorization
+ value: my-shared-secret
+ ReplaceAuthServerBody:
+ summary: Replace a custom authorization server
+ value:
+ name: New Authorization Server
+ description: Authorization Server description
+ audiences:
+ - api://default
+ credentials:
+ signing:
+ rotationMode: AUTO
+ use: sig
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: ORG_URL
+ status: ACTIVE
+ ReplaceAuthServerResponse:
+ summary: Replace a custom authorization server
+ value:
+ id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: ORG_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: AUTO
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ _links:
+ scopes:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
hints:
allow:
- - PUT
- - DELETE
- brand:
- href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4
+ - GET
+ claims:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
hints:
allow:
- GET
- - PUT
- - DELETE
- domain:
- href: https://{yourOktaDomain}/api/v1/domains/OcD11vyscTlIkpC7i0g4
+ policies:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
+ hints:
+ allow:
+ - GET
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
hints:
allow:
- GET
- - PUT
- DELETE
- ListBrandsResponse:
- value:
- - id: bnd114iNkrcN6aR680g4
- name: Okta Default
- isDefault: true
- removePoweredByOkta: false
- customPrivacyPolicyUrl: null
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4
+ - PUT
+ metadata:
+ - name: oauth-authorization-server
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
hints:
allow:
- GET
- - PUT
- - DELETE
- themes:
- href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes
+ - name: openid-configuration
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
hints:
allow:
- GET
- ListEmailCustomizationResponse:
+ rotateKey:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ ReplaceCustomTokenClaimBody:
+ summary: Replace a custom token Claim
value:
- - language: en
- isDefault: true
- subject: Welcome to ${org.name}!
- body:
Hello, ${user.profile.firstName}. Click here to activate your account.
- id: oel11u6DqUiMbQkpl0g4
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
- hints:
- allow:
- - GET
- - PUT
- - DELETE
- template:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
- hints:
- allow:
- - GET
- preview:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview
- hints:
- allow:
- - GET
- test:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
- hints:
- allow:
- - POST
- ListEmailTemplateResponse:
+ - alwaysIncludeInToken: true
+ claimType: IDENTITY
+ conditions:
+ scopes:
+ - profile
+ group_filter_type: CONTAINS
+ name: Knowledge_Base
+ status: ACTIVE
+ system: false
+ value: Knowledge Base
+ valueType: GROUPS
+ ReplaceCustomTokenClaimResponse:
+ summary: Replace a custom token Claim response
value:
- - name: UserActivation
+ - id: '{claimId}'
+ name: Knowledge_Base
+ status: ACTIVE
+ claimType: IDENTITY
+ valueType: GROUPS
+ value: Knowledge Base
+ conditions:
+ scopes:
+ - profile
+ system: false
+ alwaysIncludeInToken: true
+ apiResourceId: null
+ group_filter_type: CONTAINS
_links:
self:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
- hints:
- allow:
- - GET
- settings:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
hints:
allow:
- GET
- PUT
- defaultContent:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content
- hints:
- allow:
- - GET
- customizations:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations
- hints:
- allow:
- - GET
- - POST
- DELETE
- test:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
- hints:
- allow:
- - POST
- ListSessionsResponse:
+ ReplaceKeyResponse:
+ summary: Replace a key response example
value:
- - id: uij4ri8ZLk0ywyqxB0g4
- identitySourceId: 0oa3l6l6WK6h0R0QW0g4
- status: CREATED
- importType: INCREMENTAL
- ListUserBlocksAnyDevicesResponse:
+ id: HKY1p7jWLndGQV9M60g4
+ keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
+ name: My updated new key
+ created: '2022-08-31T18:09:58.000Z'
+ lastUpdated: '2022-08-31T18:16:59.000Z'
+ isUsed: 'false'
+ ReplaceNetworkZone:
+ summary: Replace a Network Zone
value:
- - type: DEVICE_BASED
- appliesTo: ANY_DEVICES
- ListUserBlocksUnknownDevicesResponse:
+ type: IP
+ id: nzovw2rFz2YoqmvwZ0g9
+ name: UpdatedNetZone
+ status: ACTIVE
+ usage: POLICY
+ gateways:
+ - type: CIDR
+ value: 10.2.3.4/24
+ - type: CIDR
+ value: 12.2.3.4/24
+ - type: RANGE
+ value: 13.4.5.6-13.4.5.8
+ - type: CIDR
+ value: 14.2.3.4/24
+ proxies:
+ - type: CIDR
+ value: 12.2.3.4/24
+ - type: CIDR
+ value: 13.3.4.5/24
+ - type: RANGE
+ value: 14.4.5.6-14.4.5.8
+ - type: RANGE
+ value: 15.5.6.7/24-15.5.6.9
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/zones/nzovw2rFz2YoqmvwZ0g9
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/zones/nzovw2rFz2YoqmvwZ0g9/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ ReplaceNetworkZoneResponse:
+ summary: Replace Network Zone response
value:
- - type: DEVICE_BASED
- appliesTo: UNKNOWN_DEVICES
- ListUsersResponse:
+ type: IP
+ id: nzovw2rFz2YoqmvwZ0g3
+ name: UpdatedNetZone
+ status: ACTIVE
+ usage: POLICY
+ created: '2019-01-24T19:53:28.000Z'
+ lastUpdated: '2019-02-24T19:53:28.000Z'
+ system: false
+ gateways:
+ - type: CIDR
+ value: 10.2.3.4/24
+ - type: CIDR
+ value: 12.2.3.4/24
+ - type: RANGE
+ value: 13.4.5.6-13.4.5.8
+ - type: CIDR
+ value: 14.2.3.4/24
+ proxies:
+ - type: CIDR
+ value: 12.2.3.4/24
+ - type: CIDR
+ value: 13.3.4.5/24
+ - type: RANGE
+ value: 14.4.5.6-14.4.5.8
+ - type: RANGE
+ value: 15.5.6.7/24-15.5.6.9
+ ReplaceUserTypePutRequest:
+ summary: Replace user type request
value:
- - id: 00u118oQYT4TBGuay0g4
- status: ACTIVE
- created: 2022-04-04T15:56:05.000Z
- activated: null
- statusChanged: null
- lastLogin: 2022-05-04T19:50:52.000Z
- lastUpdated: 2022-05-05T18:15:44.000Z
- passwordChanged: 2022-04-04T16:00:22.000Z
- type:
- id: oty1162QAr8hJjTaq0g4
- profile:
- firstName: Alice
- lastName: Smith
- mobilePhone: null
- secondEmail: null
- login: alice.smith@example.com
- email: alice.smith@example.com
- credentials:
- password: {}
- provider:
- type: OKTA
- name: OKTA
- _links:
- self:
- href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
- LogStreamRequest:
+ displayName: Replacement Display Name
+ description: Replacement description
+ name: newUserType
+ ReplaceUserTypePutResponse:
+ summary: Replace user type response
value:
- type: aws_eventbridge
- name: Example AWS EventBridge
- settings:
- eventSourceName: your-event-source-name
- accountId: '123456789012'
- region: us-east-2
- LogStreamResponse:
+ id: otyfnly5cQjJT9PnR0g4
+ displayName: Replacement Display Name
+ name: newUserType
+ description: Replacement description
+ createdBy: sprz9fj1ycBcsgopy1d6
+ lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+ created: '2021-07-05T20:40:38.000Z'
+ lastUpdated: '2021-07-05T20:40:38.000Z'
+ default: false
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ ResourceSelectorCreateRequestExample:
value:
- id: 0oa1orqUGCIoCGNxf0g4
- type: aws_eventbridge
- name: Example AWS EventBridge
- lastUpdated: '2021-10-21T16:55:30.000Z'
- created: '2021-10-21T16:55:29.000Z'
- status: ACTIVE
- settings:
- accountId: '123456789012'
- eventSourceName: your-event-source-name
- region: us-east-2
+ name: All applications except Workday applications
+ description: All applications except Workday applications
+ schema: /api/v1/apps
+ filter: name ne "workday"
+ ResourceSelectorCreateResponseExample:
+ value:
+ id: rsl1hx31gVEa6x10v0g5
+ name: All applications except Workday applications
+ description: All applications except Workday applications
+ orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5
+ resources:
+ href: https://{yourOktaDomain}/api/v1/apps?filter="name ne "workday""
+ ResourceSelectorPatchRequestExample:
+ value:
+ name: All applications except Facebook applications
+ description: All applications except Facebook applications
+ filter: name ne "facebook"
+ ResourceSelectorPatchResponseExample:
+ value:
+ id: rsl1hx31gVEa6x10v0g5
+ name: All applications except Facebook applications
+ description: All applications except Facebook applications
+ orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
_links:
self:
- href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4
- method: GET
- deactivate:
- href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
- method: POST
- LogStreamSchemaAws:
- value: &ref_18
- $schema: https://json-schema.org/draft/2020-12/schema
- $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge
- title: AWS EventBridge
- type: object
- properties:
- settings:
- description: Configuration properties specific to AWS EventBridge
- type: object
- properties:
- accountId:
- title: AWS Account ID
- description: Your Amazon AWS Account ID.
- type: string
- writeOnce: true
- pattern: ^\d{12}$
- eventSourceName:
- title: AWS Event Source Name
- description: An alphanumeric name (no spaces) to identify this event source in AWS EventBridge.
- type: string
- writeOnce: true
- pattern: ^[\.\-_A-Za-z0-9]{1,75}$
- region:
- title: AWS Region
- description: The destination AWS region for your system log events.
- type: string
- writeOnce: true
- oneOf:
- - title: US East (Ohio)
- const: us-east-2
- - title: US East (N. Virginia)
- const: us-east-1
- - title: US West (N. California)
- const: us-west-1
- - title: US West (Oregon)
- const: us-west-2
- - title: Canada (Central)
- const: ca-central-1
- - title: Europe (Frankfurt)
- const: eu-central-1
- - title: Europe (Ireland)
- const: eu-west-1
- - title: Europe (London)
- const: eu-west-2
- - title: Europe (Paris)
- const: eu-west-3
- - title: Europe (Milan)
- const: eu-south-1
- - title: Europe (Stockholm)
- const: eu-north-1
- required:
- - eventSourceName
- - accountId
- - region
- errorMessage:
- properties:
- accountId: Account number must be 12 digits.
- eventSourceName: Event source name can use numbers, letters, the symbols ".", "-" or "_". It must use fewer than 76 characters.
- name:
- title: Name
- description: A name for this log stream in Okta
- type: string
- writeOnce: false
- pattern: ^.{1,100}$
- required:
- - name
- - settings
- errorMessage:
- properties:
- name: Name can't exceed 100 characters.
- LogStreamSchemaList:
+ href: https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5
+ resources:
+ href: https://{yourOktaDomain}/api/v1/apps?filter="name ne "facebook""
+ ResourceSelectorResponseExample:
value:
- - *ref_18
- - &ref_19
- $schema: https://json-schema.org/draft/2020-12/schema
- $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming
- title: Splunk Cloud
- type: object
- properties:
- settings:
- description: Configuration properties specific to Splunk Cloud
- type: object
- properties:
- host:
- title: Host
- description: 'The domain for your Splunk Cloud instance without http or https. For example: acme.splunkcloud.com'
- type: string
- writeOnce: false
- pattern: ^([a-z0-9]+(-[a-z0-9]+)*){1,100}\.splunkcloud(gc|fed)?\.com$
- token:
- title: HEC Token
- description: The token from your Splunk Cloud HTTP Event Collector (HEC).
- type: string
- writeOnce: false
- pattern: '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'
- required:
- - host
- - token
- errorMessage:
- properties:
- host: 'Host should be a domain without http or https. For example: acme.splunkcloud.com'
- name:
- title: Name
- description: A name for this log stream in Okta
- type: string
- writeOnce: false
- pattern: ^.{1,100}$
- required:
- - name
- - settings
- errorMessage:
- properties:
- name: Name can't exceed 100 characters.
- LogStreamSchemaSplunk:
- value: *ref_19
- PerClientRateLimitSettingsEnforceDefault:
+ id: rsl1hx31gVEa6x10v0g5
+ name: All applications except a specific application
+ description: All applications except a specific application
+ orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5
+ resources:
+ href: https://{yourOktaDomain}/api/v1/apps?filter="id ne 0oafxqAAJWWGELFTYASH"
+ ResourceSelectorsResponseExample:
value:
- defaultMode: ENFORCE
- PerClientRateLimitSettingsEnforceDefaultWithOverrides:
+ resourceSelectors:
+ - id: rsl1hx31gVEa6x10v0g5
+ name: All applications except Workday applications
+ description: All applications except Workday applications
+ orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+ _links:
+ resources:
+ href: http://${yourOktaDomain}/api/v1/apps?filter="id ne 0oafxqCAJWWGELFTYASJ"
+ - id: rsl1hx31gVEa6x10v0g6
+ name: All applications except Facebook applications
+ description: All applications except Facebook applications
+ orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g6:apps
+ _links:
+ resources:
+ href: http://${yourOktaDomain}/api/v1/apps?filter="id ne 0oafxqAAJWWGELFTYASH
+ _links:
+ next:
+ href: https://{yourOktaDomain}/api/v1/resource-selectors?after=rsl1hx31gVEa6x10v0g6
+ ResourceSetBindingAddMembersRequestExample:
value:
- defaultMode: ENFORCE
- useCaseModeOverrides:
- OAUTH2_AUTHORIZE: PREVIEW
- OIE_APP_INTENT: DISABLE
- PerClientRateLimitSettingsPreviewDefaultWithOverrides:
+ additions:
+ - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+ - https://{yourOktaDomain}/api/v1/users/00u67DU2qNCjNZYO0g3
+ ResourceSetBindingCreateRequestExample:
value:
- defaultMode: PREVIEW
- useCaseModeOverrides:
- LOGIN_PAGE: ENFORCE
- PermissionResponse:
+ role: cr0Yq6IJxGIr0ouum0g3
+ members:
+ - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+ ResourceSetBindingMemberResponse:
value:
- label: okta.users.manage
+ id: irb1qe6PGuMc7Oh8N0g4
created: '2021-02-06T16:20:57.000Z'
lastUpdated: '2021-02-06T16:20:57.000Z'
_links:
- role:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
self:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.manage
- PermissionsResponse:
+ href: https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3
+ ResourceSetBindingMembersResponse:
value:
- permissions:
- - label: okta.users.create
+ members:
+ - id: irb1qe6PGuMc7Oh8N0g4
created: '2021-02-06T16:20:57.000Z'
lastUpdated: '2021-02-06T16:20:57.000Z'
_links:
- role:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
self:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.create
- - label: okta.users.read
+ href: https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3
+ - id: irb1q92TFAHzySt3x0g4
created: '2021-02-06T16:20:57.000Z'
lastUpdated: '2021-02-06T16:20:57.000Z'
_links:
- role:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
self:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.read
- - label: okta.groups.read
+ href: https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+ _links:
+ binding:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3
+ next:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3/members?after=0ouRq6IJmGIr3ouum0g3
+ ResourceSetBindingResponseExample:
+ value:
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3
+ bindings:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
+ resource-set:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+ ResourceSetBindingResponseWithIdExample:
+ value:
+ id: cr0Yq6IJxGIr0ouum0g3
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3
+ bindings:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
+ resource-set:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+ ResourceSetBindingsResponse:
+ value:
+ roles:
+ - id: cr0WxyzJxGIr0ouum0g4
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/iam/roles/cr0WxyzJxGIr0ouum0g4
+ members:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0WxyzJxGIr0ouum0g4/members
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
+ resource-set:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+ next:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings?after=cr0WxyzJxGIr0ouum0g4
+ ResourceSetRequest:
+ value:
+ label: SF-IT-People
+ description: People in the IT department of San Francisco
+ resources:
+ - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+ - https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users
+ - https://{yourOktaDomain}/api/v1/users
+ ResourceSetResourcePatchRequestExample:
+ value:
+ additions:
+ - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+ - https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users
+ ResourceSetResourcesResponse:
+ value:
+ resources:
+ - id: ire106sQKoHoXXsAe0g4
+ created: '2021-02-06T16:20:57.000Z'
+ lastUpdated: '2021-02-06T16:20:57.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
+ - id: ire106riDrTYl4qA70g4
+ created: '2021-02-06T16:20:57.000Z'
+ lastUpdated: '2021-02-06T16:20:57.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users
+ - id: irezvo4AwE2ngpMw40g3
+ created: '2021-02-06T16:20:57.000Z'
+ lastUpdated: '2021-02-06T16:20:57.000Z'
+ _links:
+ users:
+ href: https://{yourOktaDomain}/api/v1/users
+ groups:
+ href: https://{yourOktaDomain}/api/v1/groups
+ _links:
+ next:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources?after=irezvn1ZZxLSIBM2J0g3
+ resource-set:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+ ResourceSetResponse:
+ value:
+ id: iamoJDFKaJxGIr0oamd9g
+ label: SF-IT-People
+ description: People in the IT department of San Francisco
+ created: '2021-02-06T16:20:57.000Z'
+ lastUpdated: '2021-02-06T16:20:57.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+ resources:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources
+ bindings:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
+ ResourceSetsResponse:
+ value:
+ resource-sets:
+ - id: iamoJDFKaJxGIr0oamd9g
+ label: SF-IT-1
+ description: First San Francisco IT Resource Set
created: '2021-02-06T16:20:57.000Z'
lastUpdated: '2021-02-06T16:20:57.000Z'
_links:
- role:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
self:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.groups.read
- - label: okta.users.userprofile.manage
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
+ resources:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources
+ bindings:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
+ - id: iamoJDFKaJxGIr0oamd0q
+ label: SF-IT-2
+ description: Second San Francisco IT Resource Set
created: '2021-02-06T16:20:57.000Z'
lastUpdated: '2021-02-06T16:20:57.000Z'
_links:
- role:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3
self:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.userprofile.manage
- PreviewEmailCustomizationResponse:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q
+ resources:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/resources
+ bindings:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/bindings
+ _links:
+ next:
+ href: https://{yourOktaDomain}/api/v1/iam/resource-sets?after=iamoJDFKaJxGIr0oamd0q
+ RetrieveADeactivatedEventHook:
+ summary: Deactivated event hook
value:
- subject: Welcome to Okta!
- body:
Hello, John. Click here to activate your account.
+ id: who8vt36qfNpCGz9H1e6
+ status: INACTIVE
+ verificationStatus: VERIFIED
+ name: Event Hook Test
+ description: null
+ created: '2023-07-07T13:41:56.000Z'
+ createdBy: 00u7xut94qEWYx5ss1e5
+ lastUpdated: '2023-07-07T13:43:03.000Z'
+ events:
+ type: EVENT_TYPE
+ items:
+ - group.user_membership.add
+ filter: null
+ channel:
+ type: HTTP
+ version: 1.0.0
+ config:
+ uri: https://example_external_service/userAdded
+ headers:
+ - key: X-Other-Header
+ value: my-header-value
+ method: POST
+ authScheme:
+ type: HEADER
+ key: authorization
_links:
self:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel2kk1zYJBJbeaGo0g4/preview
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
+ verify:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
hints:
allow:
- - GET
- template:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+ - POST
+ deactivate:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
hints:
allow:
- - GET
- test:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test
+ - POST
+ RetrieveAllEventHooks:
+ summary: Retrieves all event hooks
+ value:
+ - id: who8tsqyrhCdmetzx135
+ status: ACTIVE
+ verificationStatus: VERIFIED
+ name: Event Hook Test
+ description: null
+ created: '2023-07-07T17:41:56.000Z'
+ createdBy: 00u7xut94qEWYx5ss1e5
+ lastUpdated: '2023-07-07T17:43:03.000Z'
+ events:
+ type: EVENT_TYPE
+ items:
+ - user.lifecycle.deactivate
+ - user.lifecycle.activate
+ filter: null
+ channel:
+ type: HTTP
+ version: 1.0.0
+ config:
+ uri: https://example_external_service/userDeactivate
+ headers: []
+ method: POST
+ authScheme:
+ type: HEADER
+ key: authorization
+ _links:
+ self:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135
+ verify:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ - id: who8vt36qfNpCGz9H1e6
+ status: ACTIVE
+ verificationStatus: VERIFIED
+ name: Event Hook with Filter
+ description: An event hook using an Okta Expression Language filter
+ created: '2023-07-07T13:41:56.000Z'
+ createdBy: 00u7xut94qEWYx5ss1e5
+ lastUpdated: '2023-07-07T13:43:03.000Z'
+ events:
+ type: EVENT_TYPE
+ items:
+ - group.user_membership.add
+ filter:
+ type: EXPRESSION_LANGUAGE
+ eventFilterMap:
+ - event: group.user_membership.add
+ condition:
+ version: null
+ expression: event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName eq 'Sales'].size()>0
+ channel:
+ type: HTTP
+ version: 1.0.0
+ config:
+ uri: https://example_external_service/userAdded
+ headers: []
+ method: POST
+ authScheme:
+ type: HEADER
+ key: authorization
+ _links:
+ self:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
+ verify:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ RetrieveAllZones:
+ summary: Retrieves all Network Zones
+ value:
+ - type: IP
+ id: nzowc1U5Jh5xuAK0o0g3
+ name: LegacyIpZone
+ status: ACTIVE
+ usage: POLICY
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
+ system: true
+ gateways:
+ - type: CIDR
+ value: 1.2.3.4/24
+ proxies:
+ - type: RANGE
+ value: 3.3.4.5-3.3.4.15
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ - type: DYNAMIC
+ id: nzowc1U5Jh5xuAK0o0g3
+ name: test
+ status: ACTIVE
+ usage: POLICY
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
+ system: false
+ locations:
+ - country: AF
+ region: AF-BGL
+ proxyType: ANY
+ asns:
+ - '23457'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ RetrieveAllZonesWithFilter:
+ summary: Retrieves Network Zones with filter
+ value:
+ - type: IP
+ id: nzowc1U5Jh5xuAK0o0g3
+ name: LegacyIpZone
+ status: ACTIVE
+ usage: POLICY
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
+ system: true
+ gateways:
+ - type: CIDR
+ value: 1.2.3.4/24
+ proxies:
+ - type: RANGE
+ value: 3.3.4.5-3.3.4.15
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ RetrieveAnEventHook:
+ summary: Retrieve an event hook
+ value:
+ id: who8vt36qfNpCGz9H1e6
+ status: ACTIVE
+ verificationStatus: VERIFIED
+ name: Event Hook Test
+ description: null
+ created: '2023-07-07T13:41:56.000Z'
+ createdBy: 00u7xut94qEWYx5ss1e5
+ lastUpdated: '2023-07-07T13:43:03.000Z'
+ events:
+ type: EVENT_TYPE
+ items:
+ - group.user_membership.add
+ filter: null
+ channel:
+ type: HTTP
+ version: 1.0.0
+ config:
+ uri: https://example_external_service/userAdded
+ headers:
+ - key: X-Other-Header
+ value: my-header-value
+ method: POST
+ authScheme:
+ type: HEADER
+ key: authorization
+ _links:
+ self:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
+ verify:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
hints:
allow:
- POST
- PreviewEmailTemplateDefaultContentResponse:
+ deactivate:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ RetrieveAnEventHookWithFilter:
+ summary: Retrieve an event hook
value:
- subject: Welcome to Okta!
- body:
Hello, John. Click here to activate your account.
+ id: who8vt36qfNpCGz9H1e6
+ status: ACTIVE
+ verificationStatus: VERIFIED
+ name: Event Hook with Filter
+ description: An event hook using an Okta Expression Language filter
+ created: '2023-07-07T13:41:56.000Z'
+ createdBy: 00u7xut94qEWYx5ss1e5
+ lastUpdated: '2023-07-07T13:43:03.000Z'
+ events:
+ type: EVENT_TYPE
+ items:
+ - group.user_membership.add
+ filter:
+ type: EXPRESSION_LANGUAGE
+ eventFilterMap:
+ - event: group.user_membership.add
+ condition:
+ version: null
+ expression: event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName eq 'Sales'].size()>0
+ channel:
+ type: HTTP
+ version: 1.0.0
+ config:
+ uri: https://example_external_service/userAdded
+ method: POST
+ authScheme:
+ type: HEADER
+ key: authorization
_links:
self:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content/preview
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
+ verify:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ RetrieveAuthServerResponse:
+ summary: Retrieve a custom authorization server
+ value:
+ id: '{authorizationServerId}'
+ name: Sample Authorization Server
+ description: Sample Authorization Server description
+ audiences:
+ - https://api.resource.com
+ issuer: https://{yourOktaDomain}/oauth2/{authorizationServerId}
+ issuerMode: ORG_URL
+ status: ACTIVE
+ created: '2023-05-17T22:25:57.000Z'
+ lastUpdated: '2023-05-17T22:25:57.000Z'
+ credentials:
+ signing:
+ rotationMode: AUTO
+ lastRotated: '2023-05-17T22:25:57.000Z'
+ nextRotation: '2023-08-15T22:25:57.000Z'
+ kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
+ _links:
+ scopes:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes
hints:
allow:
- GET
- template:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation
+ claims:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims
hints:
allow:
- GET
- defaultContent:
- href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test/default-content
+ policies:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies
hints:
allow:
- - POST
- PrincipalRateLimitEntityRequestEmptyPercentages:
- value:
- principalId: token1234
- principalType: SSWS_TOKEN
- PrincipalRateLimitEntityRequestSSWSToken:
- value:
- principalId: token1234
- principalType: SSWS_TOKEN
- defaultPercentage: 50
- defaultConcurrencyPercentage: 75
- PrincipalRateLimitEntityResponseSSWSToken:
- value:
- id: abcd1234
- orgId: org1234
- principalId: token1234
- principalType: SSWS_TOKEN
- defaultPercentage: 50
- defaultConcurrencyPercentage: 75
- createdDate: '2022-05-19T20:05:32.720Z'
- createdBy: user1234
- lastUpdate: '2022-05-20T21:13:07.410Z'
- lastUpdatedBy: user4321
- PushProviderAPNsRequest:
- value:
- name: APNs Example
- providerType: APNS
- configuration:
- keyId: KEY_ID
- teamId: TEAM_ID
- tokenSigningKey: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n'
- fileName: fileName.p8
- PushProviderAPNsResponse:
- value:
- id: ppctekcmngGaqeiBxB0g4
- name: APNs Example
- providerType: APNS
- lastUpdatedDate: 2022-01-01T00:00:00.000Z
- configuration:
- keyId: KEY_ID
- teamId: TEAM_ID
- fileName: fileName.p8
- _links:
+ - GET
self:
- href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}
hints:
allow:
- - DELETE
- GET
+ - DELETE
- PUT
- PushProviderFCMRequest:
- value:
- name: FCM Example
- providerType: FCM
- configuration:
- serviceAccountJson:
- type: service_account
- project_id: PROJECT_ID
- private_key_id: KEY_ID
- private_key: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n'
- client_email: SERVICE_ACCOUNT_EMAIL
- client_id: CLIENT_ID
- auth_uri: https://accounts.google.com/o/oauth2/auth
- token_uri: https://accounts.google.com/o/oauth2/token
- auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
- client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL
- fileName: fileName.json
- PushProviderFCMResponse:
+ metadata:
+ - name: oauth-authorization-server
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server
+ hints:
+ allow:
+ - GET
+ - name: openid-configuration
+ href: https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration
+ hints:
+ allow:
+ - GET
+ rotateKey:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate
+ hints:
+ allow:
+ - POST
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ RetrieveCurrentSessionResponse:
+ summary: Retrieve current session
value:
- id: ppctekcmngGaqeiBxB0g4
- name: FCM Example
- providerType: FCM
- lastUpdatedDate: 2022-01-01T00:00:00.000Z
- configuration:
- projectId: PROJECT_ID
- fileName: fileName.p8
+ amr:
+ - pwd
+ createdAt: '2019-08-24T14:15:22Z'
+ expiresAt: '2019-08-24T14:15:22Z'
+ id: l7FbDVqS8zHSy65uJD85
+ idp:
+ id: 01a2bcdef3GHIJKLMNOP
+ type: ACTIVE_DIRECTORY
+ lastFactorVerification: '2019-08-24T14:15:22Z'
+ lastPasswordVerification: '2019-08-24T14:15:22Z'
+ login: user@example.com
+ status: ACTIVE
+ userId: 00u0abcdefGHIJKLMNOP
_links:
self:
- href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
hints:
allow:
- - DELETE
- GET
- - PUT
- RateLimitAdminNotificationsDisabled:
- value:
- notificationsEnabled: false
- RateLimitAdminNotificationsEnabled:
- value:
- notificationsEnabled: true
- ResourceSetBindingAddMembersRequestExample:
- value:
- additions:
- - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
- - https://{yourOktaDomain}/api/v1/users/00u67DU2qNCjNZYO0g3
- ResourceSetBindingCreateRequestExample:
+ - DELETE
+ href: https://{yourOktaDomain}/api/v1/sessions/me
+ refresh:
+ hints:
+ allow:
+ - POST
+ href: https://{yourOktaDomain}/api/v1/sessions/me/lifecycle/refresh
+ user:
+ hints:
+ allow:
+ - GET
+ href: https://{yourOktaDomain}/api/v1/users/me
+ name: User Name
+ RetrieveCustomTokenClaimResponse:
+ summary: Retrieve a custom token Claim response
value:
- role: cr0Yq6IJxGIr0ouum0g3
- members:
- - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
- ResourceSetBindingMemberResponse:
+ - id: '{claimId}'
+ name: Support
+ status: ACTIVE
+ claimType: IDENTITY
+ valueType: GROUPS
+ value: Support
+ conditions:
+ scopes:
+ - profile
+ system: false
+ alwaysIncludeInToken: true
+ apiResourceId: null
+ group_filter_type: CONTAINS
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ RetrieveFeaturesResponse:
+ summary: Retrieve a feature by ID
value:
- id: irb1qe6PGuMc7Oh8N0g4
- created: '2021-02-06T16:20:57.000Z'
- lastUpdated: '2021-02-06T16:20:57.000Z'
+ id: ftrZooGoT8b41iWRiQs7
+ description: Example feature description
+ name: Example feature name
+ stage:
+ state: CLOSED
+ value: BETA
+ status: DISABLED
+ type: self-service
_links:
self:
- href: https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3
- ResourceSetBindingMembersResponse:
+ hints:
+ allow:
+ - POST
+ href: https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7
+ dependents:
+ href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents
+ dependencies:
+ href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies
+ RetrieveKeyResponse:
+ summary: Retrieve a key by hookKeyId response example
value:
- members:
- - id: irb1qe6PGuMc7Oh8N0g4
- created: '2021-02-06T16:20:57.000Z'
- lastUpdated: '2021-02-06T16:20:57.000Z'
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3
- - id: irb1q92TFAHzySt3x0g4
- created: '2021-02-06T16:20:57.000Z'
- lastUpdated: '2021-02-06T16:20:57.000Z'
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
- _links:
- binding:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3
- next:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3/members?after=0ouRq6IJmGIr3ouum0g3
- ResourceSetBindingResponseExample:
+ id: HKY1p7jWLndGQV9M60g4
+ keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
+ name: My new key
+ created: '2022-08-31T18:09:58.000Z'
+ lastUpdated: '2022-08-31T18:09:58.000Z'
+ isUsed: 'false'
+ RetrieveMappingsResponse:
+ summary: Retrieve a single Profile Mapping
value:
+ id: prm1k47ghydIQOTBW0g4
+ source:
+ id: otysbePhQ3yqt4cVv0g3
+ name: user
+ type: user
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+ target:
+ id: 0oa1qmn4LZQQEH0wZ0g4
+ name: okta_org2org
+ type: appuser
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default
+ properties:
+ firstName:
+ expression: user.firstName
+ pushStatus: PUSH
+ lastName:
+ expression: user.lastName
+ pushStatus: PUSH
_links:
self:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3
- bindings:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
- resource-set:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
- ResourceSetBindingResponseWithIdExample:
+ href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+ RetrieveNetworkZoneDynamic:
+ summary: Dynamic Network Zone response
value:
- id: cr0Yq6IJxGIr0ouum0g3
+ type: DYNAMIC
+ id: nzowc1U5Jh5xuAK0o0g3
+ name: test
+ status: ACTIVE
+ usage: POLICY
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
+ system: false
+ locations:
+ - country: AF
+ region: AF-BGL
+ proxyType: ANY
+ asns:
+ - '23457'
_links:
self:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3
- bindings:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
- resource-set:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
- ResourceSetBindingsResponse:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ RetrieveNetworkZoneIP:
+ summary: IP Network Zone response
value:
- roles:
- - id: cr0WxyzJxGIr0ouum0g4
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/iam/roles/cr0WxyzJxGIr0ouum0g4
- members:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0WxyzJxGIr0ouum0g4/members
+ type: IP
+ id: nzowc1U5Jh5xuAK0o0g3
+ name: LegacyIpZone
+ status: ACTIVE
+ usage: POLICY
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
+ system: true
+ gateways:
+ - type: CIDR
+ value: 1.2.3.4/24
+ proxies:
+ - type: RANGE
+ value: 3.3.4.5-3.3.4.15
_links:
self:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
- resource-set:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
- next:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings?after=cr0WxyzJxGIr0ouum0g4
- ResourceSetRequest:
- value:
- label: SF-IT-People
- description: People in the IT department of San Francisco
- resources:
- - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
- - https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users
- - https://{yourOktaDomain}/api/v1/users
- ResourceSetResourcePatchRequestExample:
- value:
- additions:
- - https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
- - https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users
- ResourceSetResourcesResponse:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ RetrievePublicKeyResponse:
+ summary: Retrieve Public Key response example
value:
- resources:
- - id: ire106sQKoHoXXsAe0g4
- created: '2021-02-06T16:20:57.000Z'
- lastUpdated: '2021-02-06T16:20:57.000Z'
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3
- - id: ire106riDrTYl4qA70g4
- created: '2021-02-06T16:20:57.000Z'
- lastUpdated: '2021-02-06T16:20:57.000Z'
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users
- - id: irezvo4AwE2ngpMw40g3
- created: '2021-02-06T16:20:57.000Z'
- lastUpdated: '2021-02-06T16:20:57.000Z'
- _links:
- users:
- href: https://{yourOktaDomain}/api/v1/users
- groups:
- href: https://{yourOktaDomain}/api/v1/groups
- _links:
- next:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources?after=irezvn1ZZxLSIBM2J0g3
- resource-set:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
- ResourceSetResponse:
+ _embedded:
+ kty: RSA
+ alg: RSA
+ kid: 7fbc27fd-e3df-4522-86bf-1930110256ad
+ use: null
+ e: AQAB
+ 'n': 2naqCnv6r4xNQs7207lRtKQvdtnlVND-8k5iYBIiqoKGY3CqUmRm1jleoOniiQoMkFX8Wj2DmVqr002efF3vOQ7_gjtTatBTVUNbNIQLybun4dkVoUtfP7pRc5SLpcP3eGPRVar734ZrpQXzmCEdpqBt3jrVjwYjNE5DqOjbYXFJtMsy8CWE9LRJ3kyHEoHPzo22dG_vMrXH0_sAQoCk_4TgNCbvyzVmGVYXI_BkUnp0hv2pR4bQVRYzGB9dKJdctOh8zULqc_EJ8tiYsS05YnF7whrWEyARK0rH-e4d4W-OmBTga_zhY4kJ4NsoQ4PyvcatZkxjPO92QHQOFDnf3w`
+ RetrieveSessionResponse:
+ summary: Retrieve Session information for a single session ID
value:
- id: iamoJDFKaJxGIr0oamd9g
- label: SF-IT-People
- description: People in the IT department of San Francisco
- created: '2021-02-06T16:20:57.000Z'
- lastUpdated: '2021-02-06T16:20:57.000Z'
+ amr:
+ - pwd
+ createdAt: '2019-08-24T14:15:22Z'
+ expiresAt: '2019-08-24T14:15:22Z'
+ id: l7FbDVqS8zHSy65uJD85
+ idp:
+ id: 01a2bcdef3GHIJKLMNOP
+ type: ACTIVE_DIRECTORY
+ lastFactorVerification: '2019-08-24T14:15:22Z'
+ lastPasswordVerification: '2019-08-24T14:15:22Z'
+ login: user@example.com
+ status: ACTIVE
+ userId: 00u0abcdefGHIJKLMNOP
_links:
self:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
- resources:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources
- bindings:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
- ResourceSetsResponse:
+ hints:
+ allow:
+ - DELETE
+ href: https://{yourOktaDomain}/api/v1/sessions/l7FbDVqS8zHSy65uJD85
+ RetrieveUISchemaResponse:
+ summary: Retrieves a UI Schema response
value:
- resource-sets:
- - id: iamoJDFKaJxGIr0oamd9g
- label: SF-IT-1
- description: First San Francisco IT Resource Set
- created: '2021-02-06T16:20:57.000Z'
- lastUpdated: '2021-02-06T16:20:57.000Z'
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g
- resources:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources
- bindings:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings
- - id: iamoJDFKaJxGIr0oamd0q
- label: SF-IT-2
- description: Second San Francisco IT Resource Set
- created: '2021-02-06T16:20:57.000Z'
- lastUpdated: '2021-02-06T16:20:57.000Z'
- _links:
- self:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q
- resources:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/resources
- bindings:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/bindings
+ id: uis4a7liocgcRgcxZ0g7
+ uiSchema:
+ type: Group
+ label: Sign in
+ buttonLabel: Submit
+ elements:
+ - type: Control
+ scope: '#/properties/firstName'
+ label: First name
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/lastName'
+ label: Last name
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/email'
+ label: Email
+ options:
+ format: text
+ - type: Control
+ scope: '#/properties/countryCode'
+ label: Country code
+ options:
+ format: select
+ - type: Control
+ scope: '#/properties/bool2'
+ label: bool2
+ options:
+ format: checkbox
+ - type: Control
+ scope: '#/properties/date'
+ label: date
+ - type: Control
+ scope: '#/properties/enum'
+ label: enum
+ options:
+ format: radio
+ created: '2022-07-25T12:56:31.000Z'
+ lastUpdated: '2022-07-26T11:53:59.000Z'
_links:
- next:
- href: https://{yourOktaDomain}/api/v1/iam/resource-sets?after=iamoJDFKaJxGIr0oamd0q
- RiskEventsRequest:
+ self:
+ href: https://exmaple.com/api/v1/meta/uischemas/uis4a7liocgcRgcxZ0g7
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ RiskEventsRequestExample:
+ summary: Risk Events payload example
value:
- timestamp: '2021-01-20T00:00:00.001Z'
subjects:
@@ -18429,19 +25248,43 @@ components:
riskLevel: LOW
- ip: 2.2.2.2
riskLevel: HIGH
+ RiskProviderPutRequest:
+ summary: Replace Risk Provider request example
+ value:
+ name: Risk-Partner-Y
+ action: enforce_and_log
+ clientId: 00ckjsfgjkdkjdkkljjsd
+ RiskProviderPutResponse:
+ summary: Replace Risk Provider response example
+ value:
+ id: 00rp12r4skkjkjgsn
+ action: enforce_and_log
+ name: Risk-Partner-Y
+ clientId: 00ckjsfgjkdkjdkkljjsd
+ created: '2021-01-05 22:18:30'
+ lastUpdated: '2021-01-05 23:18:30'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/risk/providers/00rp12r4skkjkjgsn
+ hints:
+ allow:
+ - GET
+ - PUT
RiskProviderRequest:
+ summary: Risk Provider payload example
value:
name: Risk-Partner-X
action: log_only
clientId: 00ckjsfgjkdkjdkkljjsd
RiskProviderResponse:
+ summary: Risk Provider response example
value:
id: 00rp12r4skkjkjgsn
action: log_only
name: Risk-Partner-X
clientId: 00ckjsfgjkdkjdkkljjsd
created: '2021-01-05 22:18:30'
- lastUpdated: '2021-01-05 21:23:10'
+ lastUpdated: '2021-01-05 22:18:30'
_links:
self:
href: https://{yourOktaDomain}/api/v1/risk/providers/00rp12r4skkjkjgsn
@@ -18449,6 +25292,19 @@ components:
allow:
- GET
- PUT
+ RoleAssignedUsersResponseExample:
+ value:
+ value:
+ - id: 00u118oQYT4TBGuay0g4
+ orn: orn:okta:00o5rb5mt2H3d1TJd0h7:users:00u118oQYT4TBGuay0g4
+ _links:
+ self:
+ href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
+ roles:
+ href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4/roles
+ _links:
+ next:
+ href: http://your-subdomain.okta.com/api/v1/iam/assignees/users?after=00u118oQYT4TBGuay0g4&limit=1
RoleRequest:
value:
label: UserCreator
@@ -18496,18 +25352,334 @@ components:
_links:
next:
href: https://{yourOktaDomain}/api/v1/iam/roles?after=cr0Fw7HKcWIroo88m3r1
+ SimulatePolicyBody:
+ summary: Simulate policy request body
+ description: Simulate policy request body
+ value:
+ policyType:
+ - OKTA_SIGN_ON
+ - MFA_ENROLL
+ appInstance: 0oa4eroj3nYCIJIW70g7
+ policyContext:
+ groups:
+ ids:
+ - 00g4eralvekR5RLuS0g7
+ - 00g4eralvekR5RLuS0g8
+ risk:
+ level: LOW
+ zones:
+ ids:
+ - nzo4eralxcRnbIHYJ0g7
+ device:
+ platform: IOS
+ registered: true
+ managed: true
+ SimulatePolicyResponse:
+ summary: Simulate policy response body
+ description: Simulate policy response body
+ value:
+ evaluation:
+ - status: null
+ policyType: OkTA_SIGN_ON
+ result:
+ policies:
+ - id: 00p4eromwukk6qUku0g7
+ - name: test policy
+ - status: MATCH
+ - conditions: []
+ - rules:
+ - id: 0pr4erof85nGcyC7Y0g7
+ - name: test rule
+ - status: MATCH
+ - conditions:
+ - type: people.groups.include
+ - status: MATCH
+ undefined:
+ policies: null
+ evaluated:
+ policies: null
+ - status: null
+ policyType: ACCESS_POLICY
+ result:
+ policies:
+ - id: rst4eram06ZKZewEe0g7
+ - name: Any two factors
+ - status: MATCH
+ - conditions: []
+ - rules:
+ - id: rul4eram07VsWgybo0g7
+ - name: Catch-all rule
+ - status: MATCH
+ - conditions: []
+ undefined:
+ policies: null
+ evaluated:
+ policies: null
+ - status: null
+ policyType: PROFILE_ENROLLMENT
+ result:
+ policies:
+ - id: rst4eram08ZSjPTOl0g7
+ - name: Default Policy
+ - status: MATCH
+ - conditions: []
+ - rules:
+ - id: rul4eram094PrQ2BX0g7
+ - name: Catch-all rule
+ - status: MATCH
+ - conditions: []
+ undefined:
+ policies: null
+ evaluated:
+ policies: null
+ SubmissionOidcRequest:
+ summary: Submission OIDC request example
+ value:
+ name: Strawberry Central
+ description: Your one source for in-season strawberry deals
+ logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ sso:
+ oidc:
+ redirectUris:
+ - https://${org.subdomain}.example.com/strawberry/oidc/login
+ initiateLoginUri: https://${org.subdomain}.example.com/strawberry/oidc/sp-init
+ postLogoutUris:
+ - https://${org.subdomain}.example.com/strawberry/oidc/logged-out
+ doc: https://example.com/strawberry/help/oidcSetup
+ config:
+ - name: subdomain
+ label: Subdomain
+ SubmissionOidcResponse:
+ summary: Submission OIDC response example
+ value:
+ id: acme_strawberrycentral_1
+ name: Strawberry Central
+ description: Your one source for in-season strawberry deals
+ logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ sso:
+ oidc:
+ redirectUris:
+ - https://${org.subdomain}.example.com/strawberry/oidc/login
+ initiateLoginUri: https://${org.subdomain}.example.com/strawberry/oidc/sp-init
+ postLogoutUris:
+ - https://${org.subdomain}.example.com/strawberry/oidc/logged-out
+ doc: https://example.com/strawberry/help/oidcSetup
+ config:
+ - name: subdomain
+ label: Subdomain
+ status: New
+ lastUpdated: '2023-08-24T14:15:22.000Z'
+ lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
+ lastPublished: '2023-09-01T13:23:45.000Z'
+ SubmissionSamlRequest:
+ summary: Submission SAML request example
+ value:
+ name: Strawberry Central
+ description: Your one source for in-season strawberry deals
+ logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ sso:
+ saml:
+ acs:
+ - url: https://${org.subdomain}.example.com/saml/login
+ entityId: https://${org.subdomain}.example.com
+ doc: https://example.com/strawberry/help/samlSetup
+ config:
+ - name: subdomain
+ label: Subdomain
+ SubmissionSamlResponse:
+ summary: Submission SAML response example
+ value:
+ id: acme_strawberrycentral_1
+ name: Strawberry Central
+ description: Your one source for in-season strawberry deals
+ logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ sso:
+ saml:
+ acs:
+ - url: https://${org.subdomain}.example.com/saml/login
+ entityId: https://${org.subdomain}.example.com
+ doc: https://example.com/strawberry/help/samlSetup
+ config:
+ - name: subdomain
+ label: Subdomain
+ status: To be reviewed by Okta
+ lastUpdated: '2023-08-24T14:15:22.000Z'
+ lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
+ lastPublished: null
+ SubmissionsResponse:
+ summary: Submission list example
+ value:
+ - id: acme_strawberrycentral_1
+ name: Strawberry Central
+ description: Your one source for in-season strawberry deals
+ logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ sso:
+ saml:
+ acs:
+ - url: https://${org.subdomain}.example.com/saml/login
+ entityId: https://${org.subdomain}.example.com
+ doc: https://example.com/strawberry/help/samlSetup
+ config:
+ - name: subdomain
+ label: Subdomain
+ status: Complete
+ lastUpdated: '2023-08-24T14:15:22.000Z'
+ lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
+ lastPublished: '2023-09-01T13:23:45.000Z'
+ TestInfoOidcRequest:
+ summary: OIDC SSO Submission Testing Information request
+ value:
+ testAccount:
+ url: https://example.com/strawberry/login
+ username: test@example.com
+ password: sUperP@ssw0rd
+ instructions: Go to your app URL from a browser and enter your credentials
+ escalationSupportContact: strawberry.support@example.com
+ oidcTestConfiguration:
+ jit: false
+ spInitiateUrl: https://test.example.com/strawberry/oidc/sp-init
+ TestInfoOidcResponse:
+ summary: OIDC SSO Submission Testing Information response
+ value:
+ testAccount:
+ url: https://example.com/strawberry/login
+ username: test@example.com
+ password: sUperP@ssw0rd
+ instructions: Go to your app URL from a browser and enter your credentials
+ escalationSupportContact: strawberry.support@example.com
+ oidcTestConfiguration:
+ idp: true
+ sp: true
+ jit: false
+ spInitiateUrl: https://test.example.com/strawberry/oidc/sp-init
+ TestInfoSamlRequest:
+ summary: SAML SSO Submission Testing Information request
+ value:
+ testAccount:
+ url: https://example.com/strawberry/login
+ username: test@example.com
+ password: sUperP@ssw0rd
+ instructions: Go to your app URL from a browser and enter your credentials
+ escalationSupportContact: strawberry.support@example.com
+ samlTestConfiguration:
+ idp: true
+ sp: true
+ jit: false
+ spInitiateUrl: https://test.example.com/strawberry/saml/sp-init
+ spInitiateDescription: Go to the app URL from a browser and enter your username
+ TestInfoSamlResponse:
+ summary: SAML SSO Submission Testing Information response
+ value:
+ testAccount:
+ url: https://example.com/strawberry/login
+ username: test@example.com
+ password: sUperP@ssw0rd
+ instructions: Go to your app URL from a browser and enter your credentials
+ escalationSupportContact: strawberry.support@example.com
+ samlTestConfiguration:
+ idp: true
+ sp: true
+ jit: false
+ spInitiateUrl: https://test.example.com/strawberry/saml/sp-init
+ spInitiateDescription: Go to the app URL from a browser and enter your username
+ ThreatInsightResponseExample:
+ summary: ThreatInsight response
+ value:
+ action: none
+ excludeZones: []
+ created: '2020-08-05T22:18:30.629Z'
+ lastUpdated: '2020-08-05T22:18:30.629Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/threats/configuration
+ hints:
+ allow:
+ - GET
+ - POST
+ ThreatInsightUpdateRequestExample:
+ summary: ThreatInsight update request
+ value:
+ action: audit
+ excludeZones:
+ - nzo1q7jEOsoCnoKcj0g4
+ - nzouagptWUz5DlLfM0g3
+ ThreatInsightUpdateResponseExample:
+ summary: ThreatInsight update response
+ value:
+ action: audit
+ excludeZones:
+ - nzo1q7jEOsoCnoKcj0g4
+ - nzouagptWUz5DlLfM0g3
+ created: '2020-08-05T22:18:30.629Z'
+ lastUpdated: '2020-10-13T21:23:10.178Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/threats/configuration
+ hints:
+ allow:
+ - GET
+ - POST
TriggerSessionResponse:
value:
- id: uij4ri8ZLk0ywyqxB0g4
identitySourceId: 0oa3l6l6WK6h0R0QW0g4
status: TRIGGERED
importType: INCREMENTAL
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ UpdateAppFeatureRequestEx:
+ summary: Update USER_PROVISIONING request
+ value:
+ create:
+ lifecycleCreate:
+ status: ENABLED
+ update:
+ lifecycleDeactivate:
+ status: ENABLED
+ profile:
+ status: ENABLED
+ password:
+ status: ENABLED
+ seed: RANDOM
+ change: CHANGE
+ UpdateAppFeatureResponseEx:
+ summary: Update USER_PROVISIONING response
+ value:
+ name: USER_PROVISIONING
+ status: ENABLED
+ description: User provisioning settings from Okta to a downstream application
+ capabilities:
+ create:
+ lifecycleCreate:
+ status: ENABLED
+ update:
+ lifecycleDeactivate:
+ status: ENABLED
+ profile:
+ status: ENABLED
+ password:
+ status: ENABLED
+ seed: RANDOM
+ change: CHANGE
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/${appId}/features/USER_PROVISIONING
+ hints:
+ allow:
+ - GET
+ - PUT
UpdateBrandRequest:
value:
customPrivacyPolicyUrl: https://www.someHost.com/privacy-policy
agreeToCustomPrivacyPolicy: true
removePoweredByOkta: true
name: New Name For Brand
+ emailDomainId: OeD114iNkrcN6aR680g4
+ locale: en
+ defaultApp:
+ appInstanceId: 0oa114iNkrcN6aR680g4
+ appLinkName: null
+ classicApplicationUri: null
UpdateBrandResponse:
value:
id: bnd114iNkrcN6aR680g4
@@ -18516,6 +25688,12 @@ components:
name: New Name For Brand
isDefault: true
customPrivacyPolicyUrl: https://www.someHost.com/privacy-policy
+ emailDomainId: OeD114iNkrcN6aR680g4
+ defaultApp:
+ appInstanceId: 0oa114iNkrcN6aR680g4
+ appLinkName: null
+ classicApplicationUri: null
+ locale: en
_links:
self:
href: https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4
@@ -18529,6 +25707,112 @@ components:
hints:
allow:
- GET
+ UpdateEmailDomainRequest:
+ value:
+ displayName: IT Admin
+ userName: noreply
+ UpdateFeatureLifecycleResponse:
+ summary: Update the feature lifecycle status
+ value:
+ description: Example feature description
+ id: ftrZooGoT8b41iWRiQs7
+ name: Example feature name
+ stage:
+ state: OPEN
+ value: BETA
+ status: DISABLED
+ type: self-service
+ _links:
+ self:
+ hints:
+ allow:
+ - POST
+ href: https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7
+ dependents:
+ href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents
+ dependencies:
+ href: https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies
+ UpdateMappingBody:
+ summary: Update an existing profile mapping by updating one or more properties
+ value:
+ properties:
+ nickName:
+ expression: user.honorificPrefix + user.displayName
+ pushStatus: DONT_PUSH
+ UpdateMappingResponse:
+ summary: Update an existing profile mapping by updating one or more properties
+ value:
+ id: prm1k47ghydIQOTBW0g4
+ source:
+ id: otysbePhQ3yqt4cVv0g3
+ name: user
+ type: user
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3
+ target:
+ id: 0oa1qmn4LZQQEH0wZ0g4
+ name: okta_org2org
+ type: appuser
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default
+ properties:
+ fullName:
+ expression: user.firstName + user.lastName
+ pushStatus: PUSH
+ nickName:
+ expression: user.honorificPrefix + user.displayName
+ pushStatus: DONT_PUSH
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+ UpdateUserTypePostRequest:
+ summary: Update user type request
+ value:
+ displayName: Updated Display Name
+ UpdateUserTypePostResponse:
+ summary: Update user type response
+ value:
+ id: otyfnly5cQjJT9PnR0g4
+ displayName: Updated Display Name
+ name: newUserType
+ description: A new custom user type
+ createdBy: sprz9fj1ycBcsgopy1d6
+ lastUpdatedBy: sprz9fj1ycBcsgopy1d6
+ created: '2021-07-05T20:40:38.000Z'
+ lastUpdated: '2021-07-05T20:40:38.000Z'
+ default: false
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ schema:
+ href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ UpdatedEmailDomainResponse:
+ value:
+ id: OeD114iNkrcN6aR680g4
+ validationStatus: NOT_STARTED
+ displayName: IT Admin
+ userName: noreply
+ domain: example.com
+ validationSubdomain: mail
+ dnsValidationRecords:
+ - recordType: TXT
+ fqdn: _oktaverification.example.com
+ verificationValue: 759080212bda43e3bc825a7d73b4bb64
+ - recordType: CNAME
+ fqdn: mail.example.com
+ verificationValue: u22224444.wl024.sendgrid.net
+ - recordType: CNAME
+ fqdn: t02._domainkey.example.com
+ verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+ - recordType: CNAME
+ fqdn: t022._domainkey.example.com
+ verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
UserSchemaAddRequest:
value:
definitions:
@@ -18621,6 +25905,27 @@ components:
allOf:
- $ref: '#/definitions/base'
- $ref: '#/definitions/custom'
+ VerifiedEmailDomainResponse:
+ value:
+ id: OeD114iNkrcN6aR680g4
+ validationStatus: VERIFIED
+ displayName: IT Admin
+ userName: noreply
+ domain: example.com
+ validationSubdomain: mail
+ dnsValidationRecords:
+ - recordType: TXT
+ fqdn: _oktaverification.example.com
+ verificationValue: 759080212bda43e3bc825a7d73b4bb64
+ - recordType: CNAME
+ fqdn: mail.example.com
+ verificationValue: u22224444.wl024.sendgrid.net
+ - recordType: CNAME
+ fqdn: t02._domainkey.example.com
+ verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
+ - recordType: CNAME
+ fqdn: t022._domainkey.example.com
+ verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
WellKnownOrgMetadataResponseClassic:
value:
id: 00o5rb5mt2H3d1TJd0h7
@@ -18636,16 +25941,707 @@ components:
value:
id: 00o47wwoytgsDqEtz0g7
_links:
- organization:
- href: https://{{yourSubdomain}}.okta.com
- alternate:
- href: https://{{yourCustomDomain}}
- pipeline: idx
- settings:
- analyticsCollectionEnabled: false
- bugReportingEnabled: true
- omEnabled: false
+ organization:
+ href: https://{{yourSubdomain}}.okta.com
+ alternate:
+ href: https://{{yourCustomDomain}}
+ pipeline: idx
+ settings:
+ analyticsCollectionEnabled: false
+ bugReportingEnabled: true
+ omEnabled: false
+ activeAPIServiceIntegrationInstanceSecretResponse:
+ summary: Activate Secret response example
+ value:
+ id: ocs2f50kZB0cITmYU0g4
+ status: ACTIVE
+ client_secret: '***MQGQ'
+ secret_hash: 0WOOvBSzV9clc4Nr7Rbaug
+ created: '2023-04-06T21:32:33.000Z'
+ lastUpdated: '2023-04-06T21:32:33.000Z'
+ _links:
+ deactivate:
+ href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ idp-discovery-dynamic-routing-rule:
+ summary: IdP discovery policy - Dynamic routing rule
+ description: This routing rule uses a dynamic Identity Provider.
+ value:
+ name: Dynamic routing rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ network:
+ connection: ANYWHERE
+ actions:
+ idp:
+ providers: []
+ idpSelectionType: DYNAMIC
+ matchCriteria:
+ - providerExpression: login.identifier.substringAfter('@')
+ propertyName: name
+ system: false
+ type: IDP_DISCOVERY
+ idp-discovery-dynamic-routing-rule-response:
+ summary: IdP discovery policy - Dynamic routing rule
+ value:
+ id: ruleId
+ _links:
+ self:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ name: Dynamic routing rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ network:
+ connection: ANYWHERE
+ actions:
+ idp:
+ providers: []
+ idpSelectionType: DYNAMIC
+ matchCriteria:
+ - providerExpression: login.identifier.substringAfter('@')
+ propertyName: name
+ system: false
+ type: IDP_DISCOVERY
+ idp-discovery-specific-routing-rule:
+ summary: IdP discovery policy - Specific routing rule
+ description: This routing rule uses a specific Identity Provider.
+ value:
+ name: Specific routing rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ network:
+ connection: ANYWHERE
+ actions:
+ idp:
+ providers:
+ - type: GOOGLE
+ id: 0oa5ks3WmHLRh8Ivr0g4
+ idpSelectionType: SPECIFIC
+ system: false
+ type: IDP_DISCOVERY
+ idp-discovery-specific-routing-rule-response:
+ summary: IdP discovery policy - Specific routing rule
+ value:
+ id: ruleId
+ _links:
+ self:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ name: Specific routing rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ network:
+ connection: ANYWHERE
+ actions:
+ idp:
+ providers:
+ - type: GOOGLE
+ id: 0oa5ks3WmHLRh8Ivr0g4
+ idpSelectionType: SPECIFIC
+ system: false
+ type: IDP_DISCOVERY
+ inactiveAPIServiceIntegrationInstanceSecretResponse:
+ summary: Deactivate Secret response example
+ value:
+ id: ocs2f4zrZbs8nUa7p0g4
+ status: INACTIVE
+ client_secret: '***DhOW'
+ secret_hash: yk4SVx4sUWVJVbHt6M-UPA
+ created: '2023-02-21T20:08:24.000Z'
+ lastUpdated: '2023-02-21T20:08:24.000Z'
+ _links:
+ activate:
+ href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ delete:
+ href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4
+ hints:
+ allow:
+ - DELETE
+ newAPIServiceIntegrationInstanceSecretResponse:
+ summary: New secret response example
+ value:
+ id: ocs2f50kZB0cITmYU0g4
+ status: ACTIVE
+ client_secret: DRUFXGF9XbLnS9k-Sla3x3POBiIxDreBCdZuFs5B
+ secret_hash: FpCwXwSjTRQNtEI11I00-g
+ created: '2023-04-06T21:32:33.000Z'
+ lastUpdated: '2023-04-06T21:32:33.000Z'
+ _links:
+ deactivate:
+ href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ postAPIServiceIntegrationRequest:
+ value:
+ type: my_app_cie
+ grantedScopes:
+ - okta.logs.read
+ - okta.groups.read
+ - okta.users.read
+ postAPIServiceIntegrationResponse:
+ summary: Post response example
+ value:
+ id: 0oa72lrepvp4WqEET1d9
+ type: my_app_cie
+ name: My App Cloud Identity Engine
+ createdAt: '2023-02-21T20:08:24.000Z'
+ createdBy: 00uu3u0ujW1P6AfZC2d5
+ clientSecret: CkF69kXtag0q0P4pXU8OnP5IAzgGlwx6eqGy7Fmg
+ configGuideUrl: https://{docDomain}/my-app-cie/configuration-guide
+ grantedScopes:
+ - okta.logs.read
+ - okta.groups.read
+ - okta.users.read
+ _links:
+ self:
+ href: https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9
+ hints:
+ allow:
+ - GET
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9
+ hints:
+ allow:
+ - GET
+ logo:
+ name: small
+ href: https://{logoDomain}/{logoPath}/my_app_cie_small_logo
+ sspr-enabled-no-step-up:
+ summary: Password policy - SSPR with no step up
+ description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators with no secondary authentication required.
+ value:
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - sms
+ - email
+ stepUp:
+ required: false
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-no-step-up-response:
+ summary: Password policy - SSPR with no step up
+ value:
+ id: ruleId
+ _links:
+ self:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - sms
+ - email
+ stepUp:
+ required: false
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-no-step-up-update:
+ summary: Password policy - SSPR with no step up
+ description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators with no secondary authentication required.
+ value:
+ id: ruleId
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - sms
+ - email
+ stepUp:
+ required: false
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-sq-step-up:
+ summary: Password policy - SSPR with security question as step-up auth
+ description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are the initial authenticators, and the secondary authentication is a security question.
+ value:
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ stepUp:
+ required: true
+ methods:
+ - security_question
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-sq-step-up-response:
+ summary: Password policy - SSPR with security question as step up
+ value:
+ id: ruleId
+ _links:
+ self:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ stepUp:
+ required: true
+ methods:
+ - security_question
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-sq-step-up-update:
+ summary: Password policy - SSPR with security question as step up
+ description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are initial authenticators, and the secondary authentication is a security question.
+ value:
+ id: ruleId
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ stepUp:
+ required: true
+ methods:
+ - security_question
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-sso-step-up:
+ summary: Password policy - SSPR with any SSO authenticator as step up
+ description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators. The step-up authentication required is any active SSO authenticator.
+ value:
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ stepUp:
+ required: true
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-sso-step-up-response:
+ summary: Password policy - SSPR with any SSO authenticator as step up
+ value:
+ id: ruleId
+ _links:
+ self:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ stepUp:
+ required: true
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-sso-step-up-update:
+ summary: Password policy - SSPR with any SSO authenticator as step up
+ description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators. The step-up authentication required is any active SSO authenticator.
+ value:
+ id: ruleId
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ stepUp:
+ required: true
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-sso-step-up-with-constraints:
+ summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
+ description: This password policy permits self-service password change, reset, and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators. The secondary authentication required is any SSO authenticator. The `methodConstraints` property limits OTP authenticators to Google.
+ value:
+ id: ruleId
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ - otp
+ methodConstraints:
+ - method: otp
+ allowedAuthenticators:
+ - key: google_otp
+ stepUp:
+ required: true
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-sso-step-up-with-constraints-response:
+ summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
+ value:
+ id: ruleId
+ _links:
+ self:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
+ hints:
+ allow:
+ - GET
+ - PUT
+ - DELETE
+ deactivate:
+ href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ - otp
+ methodConstraints:
+ - method: otp
+ allowedAuthenticators:
+ - key: google_otp
+ stepUp:
+ required: true
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ sspr-enabled-sso-step-up-with-constraints-update:
+ summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
+ description: This password policy permits self-service password change, reset, and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators. The secondary authentication required is any SSO authenticator. The `methodConstraints` property limits OTP authenticators to Google.
+ value:
+ id: ruleId
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ - otp
+ methodConstraints:
+ - method: otp
+ allowedAuthenticators:
+ - key: google_otp
+ stepUp:
+ required: true
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
+ twofa-enabled-disallow-password-allow-phishing:
+ summary: Authentication policy - 2FA with granular authentication
+ description: This two-factor authentication policy uses a rule to disallow passwords and require phishing resistance for possession authenticators for authentication.
+ value:
+ name: Passwordless 2FA
+ actions:
+ appSignOn:
+ access: ALLOW
+ verificationMethod:
+ factorMode: 2FA
+ type: ASSURANCE
+ reauthenticateIn: PT0S
+ constraints:
+ knowledge:
+ excludedAuthenticationMethods:
+ key: okta_password
+ possession:
+ deviceBound: REQUIRED
+ phishingREsistant: REQUIRED
+ type: ACCESS_POLICY
+ twofa-enabled-disallow-password-allow-phishing-response:
+ summary: Authentication policy - 2FA with granular authentication
+ description: The rule from a two-factor authentication policy that disallows passwords and requires phishing resistance
+ value:
+ id: rul7yut96gmsOzKAA1d6
+ status: ACTIVE
+ name: Passwordless 2FA
+ priority: 0
+ created: '2023-05-01T21:13:15.000Z'
+ lastUpdated: '2023-05-01T21:13:15.000Z'
+ system: false
+ conditions: null
+ actions:
+ appSignOn:
+ access: ALLOW
+ verificationMethod:
+ factorMode: 2FA
+ type: ASSURANCE
+ reauthenticateIn: PT0S
+ constraints:
+ knowledge:
+ excludedAuthenticationMethods:
+ key: okta_password
+ required: false
+ possession:
+ deviceBound: REQUIRED
+ phishingREsistant: REQUIRED
+ required: true
+ type: ACCESS_POLICY
+ _links:
+ self:
+ href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
+ hints:
+ allow:
+ - GET
+ - PUT
parameters:
+ UISchemaId:
+ name: id
+ description: The unique ID of the UI Schema
+ in: path
+ required: true
+ schema:
+ type: string
+ example: uis4a7liocgcRgcxZ0g7
+ authenticatorEnrollmentId:
+ name: authenticatorEnrollmentId
+ in: path
+ required: true
+ description: ID for a WebAuthn Preregistration Factor in Okta
+ schema:
+ type: string
+ pathApiServiceId:
+ name: apiServiceId
+ in: path
+ schema:
+ type: string
+ required: true
+ description: '`id` of the API Service Integration instance'
+ example: 000lr2rLjZ6NsGn1P0g3
pathApiTokenId:
name: apiTokenId
in: path
@@ -18654,6 +26650,45 @@ components:
example: 00Tabcdefg1234567890
required: true
description: id of the API Token
+ pathAppId:
+ name: appId
+ description: Application ID
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 0oafxqCAJWWGELFTYASJ
+ pathAppName:
+ name: appName
+ in: path
+ required: true
+ schema:
+ type: string
+ example: oidc_client
+ pathAssociatedServerId:
+ name: associatedServerId
+ description: '`id` of the associated Authorization Server'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: aus6xt9jKPmCyn6kg0g4
+ pathAuthServerId:
+ name: authServerId
+ description: '`id` of the Authorization Server'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: GeGRTEr7f3yu2n7grw22
+ pathAuthenticatorId:
+ name: authenticatorId
+ description: '`id` of the Authenticator'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: aut1nd8PQhGcQtSxB0g4
pathBehaviorId:
name: behaviorId
in: path
@@ -18668,22 +26703,59 @@ components:
required: true
schema:
type: string
- description: The ID of the brand.
+ description: The ID of the brand
pathCaptchaId:
name: captchaId
in: path
schema:
type: string
- example: abcd1234
required: true
- description: id of the CAPTCHA
+ description: The unique key used to identify your CAPTCHA instance
+ pathClaimId:
+ name: claimId
+ description: '`id` of Claim'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: hNJ3Uk76xLagWkGx5W3N
+ pathClientId:
+ name: clientId
+ description: '`client_id` of the app'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
+ pathContactType:
+ name: contactType
+ in: path
+ required: true
+ schema:
+ type: string
+ pathCredentialKeyId:
+ name: keyId
+ description: '`id` of the certificate key'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: P7jXpG-LG2ObNgY9C0Mn2uf4InCQTmRZMDCZoVNxdrk
+ pathCsrId:
+ name: csrId
+ description: '`id` of the CSR'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: fd7x1h7uTcZFx22rU1f7
pathCustomizationId:
name: customizationId
in: path
required: true
schema:
type: string
- description: The ID of the email customization.
+ description: The ID of the email customization
pathDeviceAssuranceId:
in: path
name: deviceAssuranceId
@@ -18701,11 +26773,12 @@ components:
description: '`id` of the device'
pathDomainId:
name: domainId
+ description: '`id` of the Domain'
in: path
required: true
schema:
type: string
- description: The ID of the domain.
+ example: OmWNeywfTzElSLOBMZsL
pathEmailDomainId:
name: emailDomainId
in: path
@@ -18713,20 +26786,172 @@ components:
schema:
type: string
description: The ID of the email domain.
+ pathEmailServerId:
+ name: emailServerId
+ in: path
+ required: true
+ schema:
+ type: string
+ description: ID of your SMTP Server configuration
+ pathEventHookId:
+ name: eventHookId
+ description: '`id` of the Event Hook'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: who8vt36qfNpCGz9H1e6
+ pathFactorId:
+ name: factorId
+ description: ID of an existing User Factor
+ in: path
+ required: true
+ schema:
+ type: string
+ example: zAgrsaBe0wVGRugDYtdv
+ pathFeatureId:
+ name: featureId
+ description: '`id` of the feature'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: R5HjqNn1pEqWGy48E9jg
+ pathFeatureName:
+ name: featureName
+ description: Name of the Feature
+ in: path
+ required: true
+ schema:
+ $ref: '#/components/schemas/ApplicationFeatureType'
+ example: USER_PROVISIONING
+ pathFirstPartyAppName:
+ name: appName
+ description: '`appName` of the application'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: admin-console
+ pathGrantId:
+ name: grantId
+ description: Grant ID
+ in: path
+ required: true
+ schema:
+ type: string
+ example: iJoqkwx50mrgX4T9LcaH
+ pathGroupId:
+ name: groupId
+ description: The `id` of the group
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 00g1emaKYZTWRYYRRTSK
+ pathGroupRuleId:
+ name: groupRuleId
+ description: The `id` of the group rule
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 0pr3f7zMZZHPgUoWO0g4
+ pathHookKeyId:
+ name: hookKeyId
+ description: '`id` of the Hook Key'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: XreKU5laGwBkjOTehusG
pathIdentitySourceId:
name: identitySourceId
in: path
required: true
schema:
type: string
+ pathIdentitySourceSessionId:
+ name: sessionId
+ in: path
+ required: true
+ schema:
+ type: string
+ pathIdpCsrId:
+ name: idpCsrId
+ description: '`id` of the IdP CSR'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 1uEhyE65oV3H6KM9gYcN
+ pathIdpId:
+ name: idpId
+ description: '`id` of IdP'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: SVHoAOh0l8cPQkVX1LRl
+ pathIdpKeyId:
+ name: idpKeyId
+ description: '`id` of IdP Key'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: KmMo85SSsU7TZzOShcGb
+ pathInlineHookId:
+ name: inlineHookId
+ description: '`id` of the Inline Hook'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: Y7Rzrd4g4xj6WdKzrBHH
+ pathKeyId:
+ name: keyId
+ description: ID of the Key Credential for the application
+ in: path
+ required: true
+ schema:
+ type: string
+ example: sjP9eiETijYz110VkhHN
+ pathLifecycle:
+ name: lifecycle
+ description: Whether to `ENABLE` or `DISABLE` the feature
+ in: path
+ required: true
+ schema:
+ $ref: '#/components/schemas/FeatureLifecycle'
+ pathLinkedObjectName:
+ name: linkedObjectName
+ in: path
+ required: true
+ schema:
+ type: string
pathLogStreamId:
name: logStreamId
in: path
schema:
type: string
- example: abcd1234
+ example: 0oa1orzg0CHSgPcjZ0g4
+ required: true
+ description: Unique identifier for the Log Stream
+ pathLogStreamType:
+ name: logStreamType
+ in: path
+ required: true
+ schema:
+ $ref: '#/components/schemas/LogStreamType'
+ pathMappingId:
+ name: mappingId
+ description: '`id` of the Mapping'
+ in: path
required: true
- description: id of the log stream
+ schema:
+ type: string
+ example: cB6u7X8mptebWkffatKA
pathMemberId:
name: memberId
in: path
@@ -18735,6 +26960,33 @@ components:
example: irb1qe6PGuMc7Oh8N0g4
required: true
description: '`id` of a member'
+ pathMethodType:
+ name: methodType
+ description: Type of the authenticator method
+ in: path
+ required: true
+ schema:
+ $ref: '#/components/schemas/AuthenticatorMethodType'
+ pathNotificationType:
+ name: notificationType
+ in: path
+ required: true
+ schema:
+ $ref: '#/components/schemas/NotificationType'
+ pathOperation:
+ name: operation
+ in: path
+ required: true
+ schema:
+ type: string
+ pathOwnerId:
+ description: The `id` of the group owner
+ name: ownerId
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 00u1emaK22TWRYd3TtG
pathPermissionType:
name: permissionType
in: path
@@ -18743,6 +26995,22 @@ components:
example: okta.users.manage
required: true
description: An okta permission type
+ pathPolicyId:
+ name: policyId
+ description: '`id` of the Policy'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 00plrilJ7jZ66Gn0X0g3
+ pathPolicyMappingId:
+ name: mappingId
+ description: '`id` of the policy resource Mapping'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: maplr2rLjZ6NsGn1P0g3
pathPoolId:
name: poolId
in: path
@@ -18750,6 +27018,20 @@ components:
schema:
type: string
required: true
+ pathPrimaryRelationshipName:
+ name: primaryRelationshipName
+ in: path
+ required: true
+ schema:
+ type: string
+ pathPrimaryUserId:
+ name: primaryUserId
+ description: '`id` of primary User'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: ctxeQ5JnAVdGFBB7Zr7W
pathPrincipalRateLimitId:
name: principalRateLimitId
in: path
@@ -18758,6 +27040,14 @@ components:
example: abcd1234
required: true
description: id of the Principal Rate Limit
+ pathPublicKeyId:
+ name: publicKeyId
+ description: '`id` of the Public Key'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: FcH2P9Eg7wr0o8N2FuV0
pathPushProviderId:
in: path
name: pushProviderId
@@ -18765,6 +27055,20 @@ components:
description: Id of the push provider
schema:
type: string
+ pathRealmId:
+ name: realmId
+ description: '`id` of the Realm'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: vvrcFogtKCrK9aYq3fgV
+ pathRelationshipName:
+ name: relationshipName
+ in: path
+ required: true
+ schema:
+ type: string
pathResourceId:
name: resourceId
in: path
@@ -18773,6 +27077,14 @@ components:
example: ire106sQKoHoXXsAe0g4
required: true
description: '`id` of a resource'
+ pathResourceSelectorId:
+ name: resourceSelectorId
+ in: path
+ schema:
+ type: string
+ example: rsl1hx31gVEa6x10v0g5
+ required: true
+ description: '`id` of a Resource Selector'
pathResourceSetId:
name: resourceSetId
in: path
@@ -18780,43 +27092,155 @@ components:
type: string
example: iamoJDFKaJxGIr0oamd9g
required: true
- description: '`id` of a resource set'
+ description: '`id` of a Resource Set'
pathRiskProviderId:
name: riskProviderId
in: path
schema:
type: string
- example: 00rp12r4skkjkjgsn
- required: true
- description: '`id` of the risk provider'
- pathRoleIdOrLabel:
- name: roleIdOrLabel
+ example: 00rp12r4skkjkjgsn
+ required: true
+ description: '`id` of the Risk Provider object'
+ pathRoleId:
+ name: roleId
+ description: '`id` of the Role'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 3Vg1Pjp3qzw4qcCK5EdO
+ pathRoleIdOrLabel:
+ name: roleIdOrLabel
+ in: path
+ schema:
+ type: string
+ example: cr0Yq6IJxGIr0ouum0g3
+ required: true
+ description: '`id` or `label` of the role'
+ pathRoleRef:
+ name: roleRef
+ in: path
+ description: A reference to an existing role. Standard roles require a `roleType`, while Custom Roles require a `roleId`. See [Standard Role Types](https://developer.okta.com/docs/concepts/role-assignment/#standard-role-types).
+ required: true
+ schema:
+ oneOf:
+ - title: roleType
+ type: string
+ $ref: '#/components/schemas/RoleType'
+ - title: roleId
+ type: string
+ pathRuleId:
+ name: ruleId
+ description: '`id` of the Policy Rule'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: ruld3hJ7jZh4fn0st0g3
+ pathSchemaId:
+ name: schemaId
+ in: path
+ required: true
+ schema:
+ type: string
+ pathScopeId:
+ name: scopeId
+ description: '`id` of Scope'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 0TMRpCWXRKFjP7HiPFNM
+ pathSecretId:
+ name: secretId
+ in: path
+ schema:
+ type: string
+ required: true
+ description: '`id` of the API Service Integration instance Secret'
+ example: ocs2f4zrZbs8nUa7p0g4
+ pathSection:
+ name: section
+ in: path
+ required: true
+ schema:
+ type: string
+ pathSessionId:
+ name: sessionId
+ description: '`id` of the Session'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: l7FbDVqS8zHSy65uJD85
+ pathSubmissionId:
+ name: submissionId
+ description: OIN Integration ID
+ in: path
+ required: true
+ schema:
+ type: string
+ example: acme_submissionapp_1
+ pathTargetGroupId:
+ name: targetGroupId
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 00g1e9dfjHeLAsdX983d
+ pathTemplateId:
+ name: templateId
+ description: '`id` of the Template'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: 6NQUJ5yR3bpgEiYmq8IC
+ pathTemplateName:
+ name: templateName
+ in: path
+ required: true
+ schema:
+ type: string
+ description: The name of the email template
+ pathThemeId:
+ name: themeId
in: path
+ required: true
schema:
type: string
- example: cr0Yq6IJxGIr0ouum0g3
+ description: The ID of the theme
+ pathTokenId:
+ name: tokenId
+ description: '`id` of Token'
+ in: path
required: true
- description: '`id` or `label` of the role'
- pathSessionId:
- name: sessionId
+ schema:
+ type: string
+ example: sHHSth53yJAyNSTQKDJZ
+ pathTransactionId:
+ name: transactionId
+ description: ID of an existing Factor verification transaction
in: path
required: true
schema:
type: string
- pathTemplateName:
- name: templateName
+ example: gPAQcN3NDjSGOCAeG2Jv
+ pathTrustedOriginId:
+ name: trustedOriginId
+ description: '`id` of the Trusted Origin'
in: path
required: true
schema:
type: string
- description: The name of the email template.
- pathThemeId:
- name: themeId
+ example: 7j2PkU1nyNIDe26ZNufR
+ pathTypeId:
+ name: typeId
in: path
required: true
schema:
type: string
- description: The ID of the theme.
+ description: The unique key for the User Type
pathUpdateId:
name: updateId
in: path
@@ -18826,16 +27250,81 @@ components:
required: true
pathUserId:
name: userId
+ description: ID of an existing Okta user
in: path
required: true
schema:
type: string
+ pathZoneId:
+ name: zoneId
+ in: path
+ schema:
+ type: string
+ required: true
+ description: '`id` of the Network Zone'
+ example: nzowc1U5Jh5xuAK0o0g3
queryAfter:
name: after
in: query
schema:
type: string
- description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information.
+ description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination).
+ queryAppAfter:
+ name: after
+ in: query
+ description: The cursor to use for pagination. It's an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination).
+ schema:
+ type: string
+ example: 16275000448691
+ queryAppExpand:
+ name: expand
+ in: query
+ description: 'An optional parameter to include scope details in the `_embedded` attribute. Valid value: `scope`'
+ schema:
+ type: string
+ example: scope
+ queryExpandAuthenticator:
+ name: expand
+ in: query
+ style: form
+ explode: false
+ required: false
+ schema:
+ type: array
+ items:
+ type: string
+ enum:
+ - methods
+ - authenticationPolicy
+ description: Specifies additional metadata for the response
+ queryExpandBrand:
+ name: expand
+ in: query
+ style: form
+ explode: false
+ required: false
+ schema:
+ type: array
+ items:
+ type: string
+ enum:
+ - themes
+ - domains
+ - emailDomain
+ description: Specifies additional metadata to be included in the response
+ queryExpandEmailDomain:
+ name: expand
+ in: query
+ style: form
+ explode: false
+ required: false
+ schema:
+ type: array
+ items:
+ type: string
+ enum:
+ - brands
+ description: Specifies additional metadata to be included in the response
queryExpandEmailTemplate:
name: expand
in: query
@@ -18849,7 +27338,7 @@ components:
enum:
- settings
- customizationCount
- description: Specifies additional metadata to be included in the response.
+ description: Specifies additional metadata to be included in the response
queryExpandPageRoot:
name: expand
in: query
@@ -18866,7 +27355,13 @@ components:
- customizedUrl
- preview
- previewUrl
- description: Specifies additional metadata to be included in the response.
+ description: Specifies additional metadata to be included in the response
+ queryFilter:
+ name: q
+ in: query
+ description: Searches the records for matching value
+ schema:
+ type: string
queryLanguage:
name: language
schema:
@@ -18881,7 +27376,7 @@ components:
minimum: 1
maximum: 200
default: 20
- description: A limit on the number of objects to return.
+ description: A limit on the number of objects to return
queryLimitPerPoolType:
name: limitPerPoolType
in: query
@@ -18904,7 +27399,222 @@ components:
schema:
type: boolean
required: false
+ queryUserExpand:
+ name: expand
+ in: query
+ description: 'An optional parameter to include metadata in the `_embedded` attribute. Valid value: `blocks`'
+ required: false
+ schema:
+ type: string
+ example: blocks
+ ruleId:
+ name: ruleId
+ description: '`id` of the Realm Assignment Rule'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: rul2jy7jLUlnO3ng00g4
+ simulateParameter:
+ name: expand
+ description: Use `expand=EVALUATED` to include a list of evaluated but not matched policies and policy rules. Use `expand=RULE` to include details about why a rule condition was (not) matched.
+ in: query
+ schema:
+ type: string
+ example: expand=EVALUATED&expand=RULE
+ requestBodies:
+ AuthenticatorRequestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Authenticator'
+ examples:
+ Duo:
+ $ref: '#/components/examples/AuthenticatorRequestDuo'
+ required: true
+ responses:
+ ErrorApiValidationFailed400:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ APIValidationFailed:
+ $ref: '#/components/examples/ErrorApiValidationFailed'
+ ErrorMissingRequiredParameter400:
+ description: Bad Request
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ MissingRequiredParameter:
+ $ref: '#/components/examples/ErrorMissingRequiredParameter'
+ ErrorInvalidToken401:
+ description: Unauthorized
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ InvalidTokenProvided:
+ $ref: '#/components/examples/ErrorInvalidTokenProvided'
+ ErrorAccessDenied403:
+ description: Forbidden
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ AccessDenied:
+ $ref: '#/components/examples/ErrorAccessDenied'
+ ErrorResourceNotFound404:
+ description: Not Found
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ ResourceNotFound:
+ $ref: '#/components/examples/ErrorResourceNotFound'
+ ErrorTooManyRequests429:
+ description: Too Many Requests
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Error'
+ examples:
+ TooManyRequests:
+ $ref: '#/components/examples/ErrorTooManyRequests'
+ AuthenticatorResponse:
+ description: OK
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Authenticator'
+ examples:
+ Duo:
+ $ref: '#/components/examples/AuthenticatorResponseDuo'
+ Email:
+ $ref: '#/components/examples/AuthenticatorResponseEmail'
+ Password:
+ $ref: '#/components/examples/AuthenticatorResponsePassword'
+ Phone:
+ $ref: '#/components/examples/AuthenticatorResponsePhone'
+ WebAuthn:
+ $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
+ SecurityQuestion:
+ $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
schemas:
+ APIServiceIntegrationInstance:
+ type: object
+ properties:
+ configGuideUrl:
+ type: string
+ description: The URL to the API service integration configuration guide
+ example: https://{docDomain}/my-app-cie/configuration-guide
+ readOnly: true
+ createdAt:
+ type: string
+ description: Timestamp when the API Service Integration instance was created
+ example: '2023-02-21T20:08:24.000Z'
+ readOnly: true
+ createdBy:
+ type: string
+ description: The user ID of the API Service Integration instance creator
+ example: 00uu3u0ujW1P6AfZC2d5
+ readOnly: true
+ grantedScopes:
+ type: array
+ description: The list of Okta management scopes granted to the API Service Integration instance. See [Okta management OAuth 2.0 scopes](/oauth2/#okta-admin-management).
+ items:
+ type: string
+ example:
+ - okta.logs.read
+ id:
+ type: string
+ description: The ID of the API Service Integration instance
+ readOnly: true
+ example: 0oa72lrepvp4WqEET1d9
+ name:
+ type: string
+ description: The name of the API service integration that corresponds with the `type` property. This is the full name of the API service integration listed in the Okta Integration Network (OIN) catalog.
+ readOnly: true
+ example: My App Cloud Identity Engine
+ type:
+ type: string
+ description: The type of the API service integration. This string is an underscore-concatenated, lowercased API service integration name. For example, `my_api_log_integration`.
+ example: my_app_cie
+ _links:
+ $ref: '#/components/schemas/APIServiceIntegrationLinks'
+ readOnly: true
+ APIServiceIntegrationInstanceSecret:
+ type: object
+ properties:
+ client_secret:
+ type: string
+ description: The OAuth 2.0 client secret string. The client secret string is returned in the response of a Secret creation request. In other responses (such as list, activate, or deactivate requests), the client secret is returned as an undisclosed hashed value.
+ example: DRUFXGF9XbLnS9k-Sla3x3POBiIxDreBCdZuFs5B
+ readOnly: true
+ created:
+ type: string
+ description: Timestamp when the API Service Integration instance Secret was created
+ example: '2023-02-21T20:08:24.000Z'
+ readOnly: true
+ id:
+ type: string
+ description: The ID of the API Service Integration instance Secret
+ example: ocs2f4zrZbs8nUa7p0g4
+ readOnly: true
+ lastUpdated:
+ type: string
+ description: Timestamp when the API Service Integration instance Secret was updated
+ example: '2023-02-21T20:08:24.000Z'
+ readOnly: true
+ secret_hash:
+ type: string
+ description: OAuth 2.0 client secret string hash
+ example: yk4SVx4sUWVJVbHt6M-UPA
+ readOnly: true
+ status:
+ type: string
+ enum:
+ - ACTIVE
+ - INACTIVE
+ description: Status of the API Service Integration instance Secret
+ example: ACTIVE
+ _links:
+ $ref: '#/components/schemas/APIServiceIntegrationSecretLinks'
+ readOnly: true
+ required:
+ - id
+ - status
+ - client_secret
+ - created
+ - lastUpdated
+ - secret_hash
+ - _links
+ APIServiceIntegrationLinks:
+ description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+ properties:
+ client:
+ $ref: '#/components/schemas/HrefObjectClientLink'
+ logo:
+ $ref: '#/components/schemas/HrefObjectLogoLink'
+ self:
+ $ref: '#/components/schemas/HrefObjectSelfLink'
+ readOnly: true
+ APIServiceIntegrationSecretLinks:
+ description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+ properties:
+ activate:
+ $ref: '#/components/schemas/HrefObjectActivateLink'
+ deactivate:
+ $ref: '#/components/schemas/HrefObjectDeactivateLink'
+ delete:
+ $ref: '#/components/schemas/HrefObjectDeleteLink'
+ readOnly: true
APNSConfiguration:
properties:
fileName:
@@ -18937,15 +27647,67 @@ components:
AccessPolicyConstraint:
type: object
properties:
+ authenticationMethods:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ description:
This property specifies the precise authenticator and method for authentication.
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticationMethodObject'
+ excludedAuthenticationMethods:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ description:
This property specifies the precise authenticator and method to exclude from authentication.
+ items:
+ $ref: '#/components/schemas/AuthenticationMethodObject'
methods:
+ description: The Authenticator methods that are permitted
items:
type: string
+ enum:
+ - PASSWORD
+ - SECURITY_QUESTION
+ - SMS
+ - VOICE
+ - EMAIL
+ - PUSH
+ - SIGNED_NONCE
+ - OTP
+ - TOTP
+ - WEBAUTHN
+ - DUO
+ - IDP
+ - CERT
type: array
reauthenticateIn:
+ description: The duration after which the user must re-authenticate regardless of user activity. This re-authentication interval overrides the Verification Method object's `reauthenticateIn` interval. The supported values use ISO 8601 period format for recurring time intervals (for example, `PT1H`).
type: string
+ required:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ description:
This property indicates whether the knowledge or possession factor is required by the assurance. It's optional in the request, but is always returned in the response. By default, this field is `true`. If the knowledge or possession constraint has values for`excludedAuthenticationMethods` the `required` value is false.
+ type: boolean
types:
+ description: The Authenticator types that are permitted
items:
type: string
+ enum:
+ - SECURITY_KEY
+ - PHONE
+ - EMAIL
+ - PASSWORD
+ - SECURITY_QUESTION
+ - APP
+ - FEDERATED
type: array
AccessPolicyConstraints:
type: object
@@ -18993,25 +27755,43 @@ components:
condition:
type: string
AcsEndpoint:
+ description: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
type: object
properties:
index:
type: integer
+ description: Index of the URL in the array of ACS endpoints
+ example: 0
url:
type: string
- ActivateFactorRequest:
+ description: URL of the ACS
+ maxLength: 1024
+ example: https://www.example.com/sso/saml
+ required:
+ - url
+ - index
+ Actions:
type: object
properties:
- attestation:
- type: string
- clientData:
- type: string
- passCode:
- type: string
- registrationData:
- type: string
- stateToken:
- type: string
+ assignUserToRealm:
+ $ref: '#/components/schemas/AssignUserToRealm'
+ AdminConsoleSettings:
+ title: Okta Admin Console Settings
+ description: Settings specific to the Okta Admin Console
+ type: object
+ properties:
+ sessionIdleTimeoutMinutes:
+ description: The absolute maximum session lifetime of the Okta Admin Console. Must be no more than 12 hours.
+ type: integer
+ minimum: 5
+ maximum: 720
+ default: 15
+ sessionMaxLifetimeMinutes:
+ description: The absolute maximum session lifetime of the Okta Admin Console. Must be no more than 7 days.
+ type: integer
+ minimum: 5
+ maximum: 10080
+ default: 720
Agent:
description: Agent details
type: object
@@ -19041,7 +27821,7 @@ components:
version:
type: string
_links:
- $ref: '#/components/schemas/HrefObject'
+ $ref: '#/components/schemas/LinksSelf'
AgentPool:
description: An AgentPool is a collection of agents that serve a common purpose. An AgentPool has a unique ID within an org, and contains a collection of agents disjoint to every other AgentPool (i.e. no two AgentPools share an Agent).
type: object
@@ -19089,7 +27869,7 @@ components:
targetVersion:
type: string
_links:
- $ref: '#/components/schemas/HrefObject'
+ $ref: '#/components/schemas/LinksSelf'
AgentPoolUpdateSetting:
description: Setting for auto-update
type: object
@@ -19177,11 +27957,7 @@ components:
userId:
type: string
_link:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
required:
- name
AppAndInstanceConditionEvaluatorAppOrInstance:
@@ -19189,9 +27965,11 @@ components:
properties:
id:
type: string
+ description: ID of the app
readOnly: true
name:
type: string
+ description: Name of the app type
type:
$ref: '#/components/schemas/AppAndInstanceType'
AppAndInstancePolicyRuleCondition:
@@ -19206,10 +27984,34 @@ components:
items:
$ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
AppAndInstanceType:
+ description: Type of app
type: string
x-okta-known-values:
- APP
- APP_TYPE
+ AppCustomHrefObject:
+ type: object
+ properties:
+ hints:
+ type: object
+ description: Describes allowed HTTP verbs for the `href`
+ properties:
+ allow:
+ type: array
+ items:
+ type: string
+ href:
+ type: string
+ description: Link URI
+ title:
+ type: string
+ description: Link name
+ type:
+ type: string
+ description: The media type of the link. If omitted, it is implicitly `application/json`.
+ required:
+ - href
+ readOnly: true
AppInstancePolicyRuleCondition:
type: object
properties:
@@ -19255,74 +28057,167 @@ components:
type: integer
readOnly: true
AppUser:
+ title: Application User
+ description: The App User object defines a user's app-specific profile and credentials for an app.
type: object
- properties:
- created:
- type: string
- format: date-time
- readOnly: true
+ properties:
+ created:
+ allOf:
+ - $ref: '#/components/schemas/createdProperty'
+ - example: '2014-06-24T15:27:59.000Z'
credentials:
$ref: '#/components/schemas/AppUserCredentials'
externalId:
type: string
+ description: |-
+ The ID of the user in the target app that's linked to the Okta App User object.
+ This value is the native app-specific identifier or primary key for the user in the target app.
+
+ The `externalId` is set during import when the user is confirmed (reconciled) or during provisioning when the user has been successfully created in the target app.
+ This value isn't populated for SSO app assignments (for example, SAML or SWA) because it isn't synchronized with a target app.
readOnly: true
+ example: 70c14cc17d3745e8a9f98d599a68329c
id:
type: string
- readOnly: false
+ description: Unique identifier of the App User object (only required for apps with `signOnMode` or authentication schemes that don't require credentials)
+ example: 00u11z6WHMYCGPCHCRFK
lastSync:
type: string
+ description: Timestamp of the last synchronization operation. This value is only updated for apps with the `IMPORT_PROFILE_UPDATES` or `PUSH PROFILE_UPDATES` feature.
format: date-time
readOnly: true
+ example: '2014-06-24T15:27:59.000Z'
lastUpdated:
- type: string
- format: date-time
- readOnly: true
+ allOf:
+ - $ref: '#/components/schemas/lastUpdatedProperty'
+ - example: '2014-06-24T15:28:14.000Z'
passwordChanged:
type: string
+ description: Timestamp when the App User password was last changed
format: date-time
readOnly: true
+ nullable: true
+ example: '2014-06-24T15:27:59.000Z'
profile:
- type: object
- additionalProperties:
- type: object
- properties: {}
+ $ref: '#/components/schemas/AppUserProfile'
scope:
type: string
+ description: Toggles the assignment between user or group scope
+ enum:
+ - USER
+ - GROUP
+ example: USER
status:
- type: string
- readOnly: true
+ $ref: '#/components/schemas/AppUserStatus'
statusChanged:
type: string
+ description: Timestamp when the App User status was last changed
format: date-time
readOnly: true
+ example: '2014-06-24T15:28:14.000Z'
syncState:
- type: string
- readOnly: true
+ $ref: '#/components/schemas/AppUserSyncState'
_embedded:
type: object
+ description: Embedded resources related to the App User using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
additionalProperties:
type: object
properties: {}
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksAppAndUser'
+ required:
+ - created
+ - lastUpdated
+ - scope
+ - status
+ - statusChanged
+ - _links
AppUserCredentials:
+ description: Specifies a user's credentials for the app. The authentication scheme of the app determines whether a username or password can be assigned to a user.
type: object
properties:
password:
$ref: '#/components/schemas/AppUserPasswordCredential'
userName:
type: string
+ description: Username for the app
+ minLength: 1
+ maxLength: 100
+ example: testuser
AppUserPasswordCredential:
+ description: Specifies a password for a user. This is a write-only property. An empty `password` object is returned to indicate that a password value exists.
type: object
properties:
value:
+ description: Password value
type: string
format: password
+ writeOnly: true
+ AppUserProfile:
+ description: |-
+ App user profiles are app-specific and can be customized by the Profile Editor in the Admin Console.
+ SSO apps typically don't support app user profiles, while apps with user provisioning features have app-specific profiles.
+ Properties that are visible in the Admin Console for an app assignment can also be assigned through the API.
+ Some properties are reference properties that are imported from the target app and can't be configured.
+ additionalProperties:
+ type: object
+ properties: {}
+ type: object
+ AppUserStatus:
+ description: Status of an App User
+ example: ACTIVE
+ type: string
+ x-enumDescriptions:
+ ACTIVE: The App User is provisioned and is enabled to use the app. This status also occurs if the app has the `IMPORT_PROFILE_UPDATES` feature enabled and user import is confirmed, or if the app doesn't have provisioning enabled.
+ INACTIVE: The App User is provisioned, but isn't enabled to use the app. App Users in this status can be reactivated with a password reset or permanently deleted.
+ IMPORTED: The App User is created based on imported data.
+ MATCHED: The imported user is matched with an existing App User.
+ UNASSIGNED: The App User was imported, but the user-matching operation was skipped.
+ SUSPENDED: The App User is provisioned, but isn't enabled to use the app. App Users in this status can be reactivated without a password reset.
+ PENDING: The App User is provisioned, but in a pending state and can't use the app. The status moves to `ACTIVE` when the App User is activated.
+ APPROVED: The App User was created but not provisioned. This status can occur when manual provisioning acknowledgment is required.
+ REVOKED: The App User is disabled and waiting for deprovisioning acknowledgment. The App User can be deleted after deprovisioning acknowledgment.
+ IMPLICIT: The App User is now migrated to use implicit app assignment.
+ STAGED: The App User doesn't have `externalId` set and the background provisioning operation is queued. This applies to apps with the `PUSH_NEW_USERS` feature enabled.
+ PROVISIONED: The background provisioning operation completed and the App User was assigned an `externalId` successfully.
+ DEPROVISIONED: The user was removed by the provisioning operation and the `externalId` property is unassigned.
+ readOnly: true
+ x-okta-known-values:
+ - ACTIVE
+ - APPROVED
+ - DEPROVISIONED
+ - IMPLICIT
+ - IMPORTED
+ - INACTIVE
+ - MATCHED
+ - PENDING
+ - PROVISIONED
+ - REVOKED
+ - STAGED
+ - SUSPENDED
+ - UNASSIGNED
+ AppUserSyncState:
+ description: |-
+ The synchronization state for the App User.
+ The App User's `syncState` depends on whether the `PROFILE_MASTERING` feature is enabled for the app.
+
+ > **Note:** User provisioning currently must be configured through the Admin Console.
+ example: SYNCHRONIZED
+ type: string
+ x-enumDescriptions:
+ DISABLED: The provisioning feature is disabled for the app (`PROFILE_MASTERING` feature is disabled).
+ OUT_OF_SYNC: The App User has changes that haven't been pushed to the target app.
+ SYNCING: A background provisioning operation is running to update the user's profile in the target app.
+ SYNCHRONIZED: All changes to the App User profile have successfully been synchronized with the target app.
+ ERROR: A background provisioning operation failed to update the user's profile in the target app. You must resolve the provisioning task in the Admin Console before you retry the operation.
+ readOnly: true
+ x-okta-known-values:
+ - DISABLED
+ - ERROR
+ - OUT_OF_SYNC
+ - SYNCHRONIZED
+ - SYNCING
Application:
type: object
properties:
@@ -19332,26 +28227,28 @@ components:
type: string
format: date-time
readOnly: true
+ description: Timestamp when the Application object was created
features:
type: array
+ description: Enabled app features
items:
type: string
id:
type: string
readOnly: true
+ description: Unique ID for the app instance
label:
$ref: '#/components/schemas/ApplicationLabel'
lastUpdated:
type: string
format: date-time
readOnly: true
+ description: Timestamp when the Application object was last updated
licensing:
$ref: '#/components/schemas/ApplicationLicensing'
profile:
type: object
- additionalProperties:
- type: object
- properties: {}
+ description: Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps)
signOnMode:
$ref: '#/components/schemas/ApplicationSignOnMode'
status:
@@ -19368,15 +28265,20 @@ components:
$ref: '#/components/schemas/ApplicationLinks'
discriminator: *ref_1
ApplicationAccessibility:
+ description: Specifies access settings for the app
type: object
properties:
errorRedirectUrl:
type: string
+ description: Custom error page URL for the app
loginRedirectUrl:
type: string
+ description: Custom login page URL for the app
selfService:
type: boolean
+ description: Represents whether the app can be self-assignable by users
ApplicationCredentials:
+ description: Credentials for the specified `signOnMode`
type: object
properties:
signing:
@@ -19392,6 +28294,9 @@ components:
type: string
client_secret:
type: string
+ pkce_required:
+ type: boolean
+ description: Require Proof Key for Code Exchange (PKCE) for additional verification
token_endpoint_auth_method:
$ref: '#/components/schemas/OAuthEndpointAuthenticationMethod'
ApplicationCredentialsScheme:
@@ -19435,21 +28340,42 @@ components:
userSuffix:
type: string
ApplicationFeature:
+ description: |
+ The Feature object is used to configure application feature settings.
type: object
properties:
- capabilities:
- $ref: '#/components/schemas/CapabilitiesObject'
description:
type: string
+ description: Description of the feature
+ example: Settings for provisioning users from Okta to a downstream application
+ readOnly: true
name:
- type: string
+ $ref: '#/components/schemas/ApplicationFeatureType'
+ readOnly: true
status:
- $ref: '#/components/schemas/EnabledStatus'
+ allOf:
+ - $ref: '#/components/schemas/EnabledStatus'
+ - default: DISABLED
+ - example: ENABLED
+ - readOnly: true
_links:
- additionalProperties:
- type: object
- readOnly: true
- type: object
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - readOnly: true
+ discriminator: *ref_3
+ ApplicationFeatureType:
+ description: |
+ Identifying name of the feature
+
+ | Value | Description |
+ | --------- | ------------- |
+ | USER_PROVISIONING | Represents the **To App** provisioning feature setting in the Admin Console |
+ example: USER_PROVISIONING
+ type: string
+ x-enumDescriptions:
+ USER_PROVISIONING: Represents the **To App** provisioning feature setting in the Admin Console
+ x-okta-known-values:
+ - USER_PROVISIONING
ApplicationGroupAssignment:
type: object
properties:
@@ -19474,12 +28400,9 @@ components:
properties: {}
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
ApplicationLabel:
+ description: User-defined display name for app
type: string
ApplicationLayout:
type: object
@@ -19488,7 +28411,7 @@ components:
type: array
items:
type: object
- additionalProperties: true
+ additionalProperties: {}
label:
type: string
options:
@@ -19513,12 +28436,31 @@ components:
additionalProperties: {}
scope:
type: string
+ ApplicationLayouts:
+ type: object
+ properties:
+ _links:
+ type: object
+ properties:
+ general:
+ $ref: '#/components/schemas/ApplicationLayoutsLinksItem'
+ signOn:
+ $ref: '#/components/schemas/ApplicationLayoutsLinksItem'
+ provisioning:
+ $ref: '#/components/schemas/ApplicationLayoutsLinksItem'
+ readOnly: true
+ ApplicationLayoutsLinksItem:
+ items:
+ $ref: '#/components/schemas/HrefObject'
+ type: array
ApplicationLicensing:
type: object
properties:
seatCount:
type: integer
+ description: Number of licenses purchased for the app
ApplicationLifecycleStatus:
+ description: App instance status
type: string
readOnly: true
x-okta-known-values:
@@ -19526,15 +28468,14 @@ components:
- DELETED
- INACTIVE
ApplicationLinks:
- additionalProperties: true
- type: object
+ description: Discoverable resources related to the app
properties:
accessPolicy:
$ref: '#/components/schemas/HrefObject'
activate:
- $ref: '#/components/schemas/HrefObject'
+ $ref: '#/components/schemas/HrefObjectActivateLink'
deactivate:
- $ref: '#/components/schemas/HrefObject'
+ $ref: '#/components/schemas/HrefObjectDeactivateLink'
groups:
$ref: '#/components/schemas/HrefObject'
logo:
@@ -19544,11 +28485,11 @@ components:
metadata:
$ref: '#/components/schemas/HrefObject'
self:
- $ref: '#/components/schemas/HrefObject'
+ $ref: '#/components/schemas/HrefObjectSelfLink'
users:
$ref: '#/components/schemas/HrefObject'
- readOnly: true
ApplicationSettings:
+ description: App settings
type: object
properties:
identityStoreId:
@@ -19596,6 +28537,7 @@ components:
items:
type: string
ApplicationSignOnMode:
+ description: Authentication mode for the app
type: string
x-okta-known-values:
- AUTO_LOGIN
@@ -19612,35 +28554,119 @@ components:
properties:
appLinks:
type: object
+ description: Links or icons that appear on the End-User Dashboard when they're assigned to the app
additionalProperties:
type: boolean
autoLaunch:
type: boolean
+ description: Automatically signs in to the app when user signs into Okta
autoSubmitToolbar:
type: boolean
+ description: Automatically sign in when user lands on the sign-in page
hide:
$ref: '#/components/schemas/ApplicationVisibilityHide'
ApplicationVisibilityHide:
+ description: Hides the app for specific end-user apps
type: object
properties:
iOS:
type: boolean
web:
type: boolean
+ AssignGroupOwnerRequestBody:
+ type: object
+ properties:
+ id:
+ description: The `id` of the group owner
+ type: string
+ type:
+ $ref: '#/components/schemas/GroupOwnerType'
AssignRoleRequest:
type: object
properties:
type:
$ref: '#/components/schemas/RoleType'
+ AssignUserToRealm:
+ type: object
+ properties:
+ realmId:
+ type: string
+ AssociatedServerMediated:
+ type: object
+ properties:
+ trusted:
+ type: array
+ description: A list of the authorization server IDs
+ items:
+ type: string
+ AttackProtectionAuthenticatorSettings:
+ type: object
+ properties:
+ verifyKnowledgeSecondWhen2faRequired:
+ type: boolean
+ description: If true, requires users to verify a possession factor before verifying a knowledge factor when the assurance requires two-factor authentication (2FA).
+ default: false
+ AuthServerLinks:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ claims:
+ allOf:
+ - description: Link to the authorization server claims
+ - $ref: '#/components/schemas/HrefObject'
+ deactivate:
+ allOf:
+ - $ref: '#/components/schemas/HrefObjectDeactivateLink'
+ metadata:
+ description: Link to the authorization server metadata
+ type: array
+ items:
+ $ref: '#/components/schemas/HrefObject'
+ policies:
+ allOf:
+ - description: Link to the authorization server policies
+ - $ref: '#/components/schemas/HrefObject'
+ rotateKey:
+ allOf:
+ - description: Link to the authorization server key rotation
+ - $ref: '#/components/schemas/HrefObject'
+ scopes:
+ allOf:
+ - description: Link to the authorization server scopes
+ - $ref: '#/components/schemas/HrefObject'
+ AuthenticationMethodObject:
+ type: object
+ properties:
+ key:
+ type: string
+ description: A label that identifies the authenticator
+ method:
+ type: string
+ description: Specifies the method used for the authenticator
AuthenticationProvider:
+ description: |-
+ Specifies the authentication provider that validates the user's password credential. The user's current provider
+ is managed by the Delegated Authentication settings for your organization. The provider object is read-only.
type: object
properties:
name:
type: string
+ description: The name of the authentication provider
+ readOnly: true
type:
$ref: '#/components/schemas/AuthenticationProviderType'
AuthenticationProviderType:
+ description: The type of authentication provider
type: string
+ x-enumDescriptions:
+ ACTIVE_DIRECTORY: Specifies the directory instance name as the `name` property
+ FEDERATION: Doesn't support a `password` or `recovery question` credential and must authenticate through a trusted Identity Provider
+ IMPORT: Specifies a hashed password that was imported from an external source
+ LDAP: Specifies the directory instance name as the `name` property
+ OKTA: Specifies the Okta Identity Provider
+ SOCIAL: Doesn't support a `password` or `recovery question` credential and must authenticate through a trusted Identity Provider
+ readOnly: true
x-okta-known-values:
- ACTIVE_DIRECTORY
- FEDERATION
@@ -19671,14 +28697,191 @@ components:
settings:
$ref: '#/components/schemas/AuthenticatorSettings'
status:
- $ref: '#/components/schemas/AuthenticatorStatus'
+ $ref: '#/components/schemas/LifecycleStatus'
type:
$ref: '#/components/schemas/AuthenticatorType'
- _links:
- additionalProperties:
- type: object
- readOnly: true
+ _embedded:
type: object
+ properties:
+ methods:
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticatorMethodBase'
+ policies:
+ type: array
+ items:
+ $ref: '#/components/schemas/Policy'
+ _links:
+ $ref: '#/components/schemas/AuthenticatorLinks'
+ AuthenticatorIdentity:
+ description: Represents a particular authenticator serving as a constraint on a method
+ type: object
+ properties:
+ key:
+ type: string
+ AuthenticatorLinks:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelfAndLifecycle'
+ - type: object
+ properties:
+ methods:
+ description: Link to Authenticator methods
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ AuthenticatorMethodAlgorithm:
+ description: The encryption algorithm for this authenticator method
+ type: string
+ x-okta-known-values:
+ - ES256
+ - RS256
+ AuthenticatorMethodBase:
+ type: object
+ properties:
+ status:
+ $ref: '#/components/schemas/LifecycleStatus'
+ type:
+ $ref: '#/components/schemas/AuthenticatorMethodType'
+ _links:
+ $ref: '#/components/schemas/LinksSelfAndLifecycle'
+ discriminator: *ref_5
+ AuthenticatorMethodConstraint:
+ description: 'Limits the authenticators that can be used for a given method. Currently, only the `otp` method supports constraints, and Google authenticator (key : ''google_otp'') is the only allowed authenticator.'
+ type: object
+ properties:
+ allowedAuthenticators:
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticatorIdentity'
+ method:
+ enum:
+ - otp
+ AuthenticatorMethodOtp:
+ allOf:
+ - $ref: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
+ - type: object
+ properties:
+ acceptableAdjacentIntervals:
+ type: integer
+ minimum: 0
+ maximum: 10
+ algorithm:
+ $ref: '#/components/schemas/OtpTotpAlgorithm'
+ encoding:
+ $ref: '#/components/schemas/OtpTotpEncoding'
+ factorProfileId:
+ type: string
+ passCodeLength:
+ type: integer
+ minimum: 6
+ maximum: 10
+ multipleOf: 2
+ protocol:
+ $ref: '#/components/schemas/OtpProtocol'
+ timeIntervalInSeconds:
+ type: integer
+ AuthenticatorMethodProperty:
+ type: string
+ x-okta-known-values:
+ - DEVICE_BOUND
+ - HARDWARE_PROTECTED
+ - PHISHING_RESISTANT
+ - USER_PRESENCE
+ - USER_VERIFYING
+ AuthenticatorMethodPush:
+ allOf:
+ - $ref: '#/components/schemas/AuthenticatorMethodBase'
+ - type: object
+ properties:
+ settings:
+ type: object
+ properties:
+ algorithms:
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticatorMethodAlgorithm'
+ keyProtection:
+ $ref: '#/components/schemas/PushMethodKeyProtection'
+ transactionTypes:
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticatorMethodTransactionType'
+ AuthenticatorMethodSignedNonce:
+ allOf:
+ - $ref: '#/components/schemas/AuthenticatorMethodBase'
+ - type: object
+ properties:
+ settings:
+ type: object
+ properties:
+ algorithms:
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticatorMethodAlgorithm'
+ keyProtection:
+ $ref: '#/components/schemas/PushMethodKeyProtection'
+ showSignInWithOV:
+ $ref: '#/components/schemas/ShowSignInWithOV'
+ AuthenticatorMethodSimple:
+ allOf:
+ - $ref: '#/components/schemas/AuthenticatorMethodBase'
+ AuthenticatorMethodTotp:
+ allOf:
+ - $ref: '#/components/schemas/AuthenticatorMethodBase'
+ - type: object
+ properties:
+ settings:
+ type: object
+ properties:
+ timeIntervalInSeconds:
+ type: integer
+ encoding:
+ type: string
+ algorithm:
+ type: string
+ passCodeLength:
+ type: integer
+ AuthenticatorMethodTransactionType:
+ type: string
+ x-okta-known-values:
+ - CIBA
+ - LOGIN
+ AuthenticatorMethodType:
+ type: string
+ x-okta-known-values:
+ - cert
+ - duo
+ - email
+ - idp
+ - otp
+ - password
+ - push
+ - security_question
+ - signed_nonce
+ - sms
+ - totp
+ - voice
+ - webauthn
+ AuthenticatorMethodWebAuthn:
+ allOf:
+ - $ref: '#/components/schemas/AuthenticatorMethodBase'
+ - type: object
+ properties:
+ settings:
+ type: object
+ properties:
+ userVerification:
+ $ref: '#/components/schemas/UserVerificationEnum'
+ attachment:
+ $ref: '#/components/schemas/WebAuthnAttachment'
+ AuthenticatorMethodWithVerifiableProperties:
+ allOf:
+ - $ref: '#/components/schemas/AuthenticatorMethodBase'
+ - type: object
+ properties:
+ verifiableProperties:
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticatorMethodProperty'
AuthenticatorProvider:
properties:
configuration:
@@ -19716,11 +28919,6 @@ components:
type: integer
userVerification:
$ref: '#/components/schemas/UserVerificationEnum'
- AuthenticatorStatus:
- type: string
- x-okta-known-values:
- - ACTIVE
- - INACTIVE
AuthenticatorType:
type: string
x-okta-known-values:
@@ -19736,6 +28934,7 @@ components:
properties:
audiences:
type: array
+ description: The recipients that the tokens are intended for. This becomes the `aud` claim in an access token. Okta currently supports only one audience.
items:
type: string
created:
@@ -19746,33 +28945,46 @@ components:
$ref: '#/components/schemas/AuthorizationServerCredentials'
description:
type: string
+ description: The description of the custom authorization server
id:
type: string
+ description: The ID of the custom authorization server
readOnly: true
issuer:
type: string
+ description: The complete URL for the custom authorization server. This becomes the `iss` claim in an access token.
issuerMode:
- $ref: '#/components/schemas/IssuerMode'
+ type: string
+ description: |-
+ Indicates which value is specified in the issuer of the tokens that a custom authorization server returns: the Okta org domain URL or a custom domain URL.
+
+ `issuerMode` is visible if you have a custom URL domain configured or the Dynamic Issuer Mode feature enabled. If you have a custom URL domain configured, you can set a custom domain URL in a custom authorization server, and this property is returned in the appropriate responses.
+
+ When set to `ORG_URL`, then in responses, `issuer` is the Okta org domain URL: `https://${yourOktaDomain}`.
+
+ When set to `CUSTOM_URL`, then in responses, `issuer` is the custom domain URL configured in the administration user interface.
+
+ When set to `DYNAMIC`, then in responses, `issuer` is the custom domain URL if the OAuth 2.0 request was sent to the custom domain, or is the Okta org's domain URL if the OAuth 2.0 request was sent to the original Okta org domain.
+
+ After you configure a custom URL domain, all new custom authorization servers use `CUSTOM_URL` by default. If the Dynamic Issuer Mode feature is enabled, then all new custom authorization servers use `DYNAMIC` by default. All existing custom authorization servers continue to use the original value until they're changed using the Admin Console or the API. This way, existing integrations with the client and resource server continue to work after the feature is enabled.
lastUpdated:
type: string
format: date-time
readOnly: true
name:
type: string
+ description: The name of the custom authorization server
status:
$ref: '#/components/schemas/LifecycleStatus'
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/AuthServerLinks'
AuthorizationServerCredentials:
type: object
properties:
signing:
$ref: '#/components/schemas/AuthorizationServerCredentialsSigningConfig'
AuthorizationServerCredentialsRotationMode:
+ description: The Key rotation mode for the authorization server
type: string
x-okta-known-values:
- AUTO
@@ -19782,12 +28994,16 @@ components:
properties:
kid:
type: string
+ description: The ID of the JSON Web Key used for signing tokens issued by the authorization server
+ readOnly: true
lastRotated:
type: string
+ description: The timestamp when the authorization server started using the `kid` for signing tokens
format: date-time
readOnly: true
nextRotation:
type: string
+ description: The timestamp when the authorization server changes the Key for signing tokens. This is only returned when `rotationMode` is set to `AUTO`.
format: date-time
readOnly: true
rotationMode:
@@ -19795,6 +29011,7 @@ components:
use:
$ref: '#/components/schemas/AuthorizationServerCredentialsUse'
AuthorizationServerCredentialsUse:
+ description: How the key is used
type: string
x-okta-known-values:
- sig
@@ -19804,7 +29021,12 @@ components:
- type: object
properties:
conditions:
- $ref: '#/components/schemas/PolicyRuleConditions'
+ $ref: '#/components/schemas/AuthorizationServerPolicyConditions'
+ AuthorizationServerPolicyConditions:
+ type: object
+ properties:
+ clients:
+ $ref: '#/components/schemas/ClientPolicyCondition'
AuthorizationServerPolicyRule:
allOf:
- $ref: '#/components/schemas/PolicyRule'
@@ -19822,18 +29044,16 @@ components:
token:
$ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleAction'
AuthorizationServerPolicyRuleConditions:
- allOf:
- - $ref: '#/components/schemas/PolicyRuleConditions'
- - type: object
- properties:
- clients:
- $ref: '#/components/schemas/ClientPolicyCondition'
- grantTypes:
- $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
- people:
- $ref: '#/components/schemas/PolicyPeopleCondition'
- scopes:
- $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
+ type: object
+ properties:
+ clients:
+ $ref: '#/components/schemas/ClientPolicyCondition'
+ grantTypes:
+ $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
+ people:
+ $ref: '#/components/schemas/PolicyPeopleCondition'
+ scopes:
+ $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
AutoLoginApplication:
allOf:
- $ref: '#/components/schemas/Application'
@@ -19843,6 +29063,7 @@ components:
$ref: '#/components/schemas/SchemeApplicationCredentials'
name:
type: string
+ description: Unique key for the application definition
settings:
$ref: '#/components/schemas/AutoLoginApplicationSettings'
AutoLoginApplicationSettings:
@@ -19857,8 +29078,10 @@ components:
properties:
loginUrl:
type: string
+ description: Primary URL of the sign-in page for this app
redirectUrl:
type: string
+ description: Secondary URL of the sign-in page for this app
AutoUpdateSchedule:
description: The schedule of auto-update configured by admin.
type: object
@@ -19877,17 +29100,36 @@ components:
format: date-time
timezone:
type: string
+ AwsAccountId:
+ description: Your AWS account ID
+ minLength: 12
+ maxLength: 12
+ example: 123456789012
+ type: string
+ AwsEventSourceName:
+ description: An alphanumeric name (no spaces) to identify this event source in AWS EventBridge
+ minLength: 1
+ maxLength: 75
+ example: your-event-source-name
+ type: string
+ pattern: ^[a-zA-Z0-9.\-_]$
AwsRegion:
- description: An AWS region
+ description: The destination AWS region where your event source is located
type: string
x-okta-known-values:
+ - ap-northeast-1
+ - ap-northeast-2
+ - ap-northeast-3
+ - ap-south-1
+ - ap-southeast-1
+ - ap-southeast-2
- ca-central-1
- eu-central-1
- eu-north-1
- - eu-south-1
- eu-west-1
- eu-west-2
- eu-west-3
+ - sa-east-1
- us-east-1
- us-east-2
- us-west-1
@@ -19902,6 +29144,28 @@ components:
required:
- displayName
- userName
+ BaseEmailServer:
+ type: object
+ properties:
+ alias:
+ type: string
+ description: Human-readable name for your SMTP server
+ example: CustomServer1
+ enabled:
+ type: boolean
+ description: If `true`, routes all email traffic through your SMTP server
+ host:
+ type: string
+ description: Hostname or IP address of your SMTP server
+ example: 192.168.160.1
+ port:
+ type: integer
+ description: Port number of your SMTP server
+ example: 587
+ username:
+ type: string
+ description: Username used to access your SMTP server
+ example: aUser
BasicApplicationSettings:
allOf:
- $ref: '#/components/schemas/ApplicationSettings'
@@ -19927,6 +29191,7 @@ components:
$ref: '#/components/schemas/SchemeApplicationCredentials'
name:
type: string
+ description: Unique key for the app definition
default: template_basic_auth
settings:
$ref: '#/components/schemas/BasicApplicationSettings'
@@ -19960,15 +29225,11 @@ components:
type:
$ref: '#/components/schemas/BehaviorRuleType'
_link:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
required:
- name
- type
- discriminator: *ref_3
+ discriminator: *ref_7
BehaviorRuleAnomalousDevice:
allOf:
- $ref: '#/components/schemas/BehaviorRule'
@@ -20071,6 +29332,7 @@ components:
$ref: '#/components/schemas/ApplicationCredentials'
name:
type: string
+ description: Unique key for the app definition
default: bookmark
settings:
$ref: '#/components/schemas/BookmarkApplicationSettings'
@@ -20117,12 +29379,9 @@ components:
customPrivacyPolicyUrl:
type: string
defaultApp:
- type: object
- properties:
- appInstanceId:
- type: string
- appLinkName:
- type: string
+ $ref: '#/components/schemas/DefaultApp'
+ emailDomainId:
+ type: string
id:
readOnly: true
type: string
@@ -20135,31 +29394,6 @@ components:
type: string
removePoweredByOkta:
type: boolean
- _links:
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- themes:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- type: object
- BrandDomain:
- type: object
- properties:
- domainId:
- type: string
- readOnly: true
- _links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- brand:
- $ref: '#/components/schemas/HrefObject'
- domain:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- description: Links to resources related to this brand domain
BrandDomains:
title: BrandDomains
items:
@@ -20172,10 +29406,41 @@ components:
type: boolean
customPrivacyPolicyUrl:
type: string
+ defaultApp:
+ $ref: '#/components/schemas/DefaultApp'
+ emailDomainId:
+ type: string
+ locale:
+ $ref: '#/components/schemas/Language'
name:
type: string
removePoweredByOkta:
type: boolean
+ BrandWithEmbedded:
+ allOf:
+ - $ref: '#/components/schemas/Brand'
+ type: object
+ properties:
+ _embedded:
+ type: object
+ properties:
+ themes:
+ type: array
+ items:
+ $ref: '#/components/schemas/ThemeResponse'
+ domains:
+ items:
+ $ref: '#/components/schemas/DomainResponse'
+ type: array
+ emailDomain:
+ $ref: '#/components/schemas/EmailDomainResponse'
+ readOnly: true
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ themes:
+ $ref: '#/components/schemas/HrefObject'
BrowserPluginApplication:
allOf:
- $ref: '#/components/schemas/Application'
@@ -20185,6 +29450,7 @@ components:
$ref: '#/components/schemas/SchemeApplicationCredentials'
name:
type: string
+ description: Unique key for the app definition
settings:
$ref: '#/components/schemas/SwaApplicationSettings'
BulkDeleteRequestBody:
@@ -20215,48 +29481,81 @@ components:
type: object
properties:
id:
+ description: The unique key for the CAPTCHA instance
type: string
readOnly: true
name:
+ description: The name of the CAPTCHA instance
type: string
secretKey:
+ description: The secret key issued from the CAPTCHA provider to perform server-side validation for a CAPTCHA token
type: string
writeOnly: true
siteKey:
+ description: The site key issued from the CAPTCHA provider to render a CAPTCHA on a page
type: string
type:
$ref: '#/components/schemas/CAPTCHAType'
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
CAPTCHAType:
+ description: The type of CAPTCHA provider
type: string
x-okta-known-values:
- HCAPTCHA
- RECAPTCHA_V2
- CallUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/CallUserFactorProfile'
- CallUserFactorProfile:
- type: object
- properties:
- phoneExtension:
- type: string
- phoneNumber:
- type: string
CapabilitiesCreateObject:
+ description: |
+ Determines whether Okta assigns a new application account to each user managed by Okta.
+
+ Okta doesn't create a new account if it detects that the username specified in Okta already exists in the application.
+ The user's Okta username is assigned by default.
type: object
properties:
lifecycleCreate:
$ref: '#/components/schemas/LifecycleCreateSettingObject'
+ CapabilitiesImportRulesObject:
+ description: Defines user import rules
+ type: object
+ properties:
+ userCreateAndMatch:
+ $ref: '#/components/schemas/CapabilitiesImportRulesUserCreateAndMatchObject'
+ CapabilitiesImportRulesUserCreateAndMatchObject:
+ description: Rules for matching and creating users
+ type: object
+ properties:
+ allowPartialMatch:
+ type: boolean
+ description: Allows user import upon partial matching. Partial matching occurs when the first and last names of an imported user match those of an existing Okta user, even if the username or email attributes don't match.
+ autoActivateNewUsers:
+ type: boolean
+ description: If set to `true`, imported new users are automatically activated.
+ autoConfirmExactMatch:
+ type: boolean
+ description: If set to `true`, exact-matched users are automatically confirmed on activation. If set to `false`, exact-matched users need to be confirmed manually.
+ autoConfirmNewUsers:
+ type: boolean
+ description: If set to `true`, imported new users are automatically confirmed on activation. This doesn't apply to imported users that already exist in Okta.
+ autoConfirmPartialMatch:
+ type: boolean
+ description: If set to `true`, partially matched users are automatically confirmed on activation. If set to `false`, partially matched users need to be confirmed manually.
+ exactMatchCriteria:
+ type: string
+ description: Determines the attribute to match users
+ enum:
+ - EMAIL
+ - USERNAME
+ CapabilitiesImportSettingsObject:
+ description: Defines import settings
+ type: object
+ properties:
+ schedule:
+ $ref: '#/components/schemas/ImportScheduleObject'
+ username:
+ $ref: '#/components/schemas/ImportUsernameObject'
CapabilitiesObject:
+ title: USER_PROVISIONING
+ description: Defines the configurations for the USER_PROVISIONING feature
type: object
properties:
create:
@@ -20264,6 +29563,7 @@ components:
update:
$ref: '#/components/schemas/CapabilitiesUpdateObject'
CapabilitiesUpdateObject:
+ description: Determines whether updates to a user's profile are pushed to the application
type: object
properties:
lifecycleDeactivate:
@@ -20305,17 +29605,16 @@ components:
website:
type: string
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
CatalogApplicationStatus:
type: string
x-okta-known-values:
- ACTIVE
- INACTIVE
ChangeEnum:
+ description: Determines whether a change in a user's password also updates the user's password in the application
+ default: KEEP_EXISTING
+ example: CHANGE
type: string
x-okta-known-values:
- CHANGE
@@ -20327,6 +29626,8 @@ components:
$ref: '#/components/schemas/PasswordCredential'
oldPassword:
$ref: '#/components/schemas/PasswordCredential'
+ revokeSessions:
+ type: boolean
ChannelBinding:
type: object
properties:
@@ -20334,18 +29635,53 @@ components:
$ref: '#/components/schemas/RequiredEnum'
style:
type: string
+ ChromeBrowserVersion:
+ description: Current version of the Chrome Browser
+ type: object
+ properties:
+ minimum:
+ type: string
ClientPolicyCondition:
+ description: Specifies which clients are included in the Policy
type: object
properties:
include:
type: array
+ description: Which clients are included in the Policy
items:
type: string
+ ClientPrivilegesSetting:
+ description: The org setting that assigns the super admin role by default to a public client app
+ type: object
+ properties:
+ clientPrivilegesSetting:
+ type: boolean
Compliance:
type: object
properties:
fips:
$ref: '#/components/schemas/FipsEnum'
+ Conditions:
+ type: object
+ properties:
+ expression:
+ $ref: '#/components/schemas/Expression'
+ profileSourceId:
+ type: string
+ ContentSecurityPolicySetting:
+ type: object
+ properties:
+ mode:
+ type: string
+ enum:
+ - enforced
+ - report_only
+ reportUri:
+ type: string
+ srcList:
+ type: array
+ items:
+ type: string
ContextPolicyRuleCondition:
allOf:
- $ref: '#/components/schemas/DevicePolicyRuleCondition'
@@ -20353,23 +29689,78 @@ components:
properties:
expression:
type: string
- CreateBrandDomainRequest:
- title: CreateBrandDomainRequest
+ CreateBrandRequest:
+ title: CreateBrandRequest
type: object
properties:
- domainId:
+ name:
type: string
- CreateBrandRequest:
- title: CreateBrandRequest
+ required:
+ - name
+ CreateIamRoleRequest:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the role
+ label:
+ type: string
+ description: Unique label for the role
+ permissions:
+ type: array
+ description: Array of permissions that the role will grant. See [Permission Types](https://developer.okta.com/docs/concepts/role-assignment/#permission-types).
+ items:
+ $ref: '#/components/schemas/RolePermissionType'
+ required:
+ - label
+ - description
+ - permissions
+ CreateRealmAssignmentRuleRequest:
type: object
properties:
+ actions:
+ $ref: '#/components/schemas/Actions'
+ conditions:
+ $ref: '#/components/schemas/Conditions'
name:
type: string
+ priority:
+ type: integer
+ CreateRealmRequest:
+ type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/RealmProfile'
+ CreateResourceSetRequest:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Resource Set
+ label:
+ type: string
+ description: Unique label for the Resource Set
+ resources:
+ type: array
+ items:
+ type: string
CreateSessionRequest:
type: object
properties:
sessionToken:
type: string
+ description: The session token obtained during authentication
+ CreateUISchema:
+ description: The request body properties for the new UI Schema
+ type: object
+ properties:
+ uiSchema:
+ $ref: '#/components/schemas/UISchemaObject'
+ CreateUpdateIamRolePermissionRequest:
+ type: object
+ properties:
+ conditions:
+ $ref: '#/components/schemas/PermissionConditions'
CreateUserRequest:
type: object
properties:
@@ -20382,16 +29773,22 @@ components:
profile:
$ref: '#/components/schemas/UserProfile'
type:
- $ref: '#/components/schemas/UserType'
+ type: object
+ description: |-
+ The ID of the user type. Add this value if you want to create a user with a non-default [user type](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/).
+ The user type determines which [schema](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/) applies to that user. After a user has been created, the user can
+ only be assigned a different user type by an administrator through a full replacement (`PUT`) operation.
+ properties:
+ id:
+ type: string
+ description: The ID of the user type
required:
- profile
Csr:
type: object
properties:
created:
- type: string
- format: date-time
- readOnly: true
+ $ref: '#/components/schemas/createdProperty'
csr:
type: string
readOnly: true
@@ -20430,43 +29827,184 @@ components:
type: array
items:
type: string
- CustomHotpUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- factorProfileId:
- type: string
- profile:
- $ref: '#/components/schemas/CustomHotpUserFactorProfile'
- CustomHotpUserFactorProfile:
- type: object
- properties:
- sharedSecret:
- type: string
CustomizablePage:
type: object
properties:
pageContent:
type: string
DNSRecord:
+ description: DNS TXT and CNAME records to be registered for the Domain
type: object
properties:
expiration:
+ description: DNS TXT record expiration
type: string
fqdn:
+ description: DNS record name
type: string
+ example: _oktaverification.login.example.com
recordType:
$ref: '#/components/schemas/DNSRecordType'
values:
+ description: DNS record value
type: array
items:
type: string
+ example:
+ - 79496f234c814638b1cc44f51a782781
DNSRecordType:
+ example: TXT
type: string
x-okta-known-values:
- CNAME
- TXT
+ DTCChromeOS:
+ description: Google Chrome Device Trust Connector provider
+ type: object
+ properties:
+ allowScreenLock:
+ description: Indicates whether the AllowScreenLock enterprise policy is enabled
+ type: boolean
+ browserVersion:
+ $ref: '#/components/schemas/ChromeBrowserVersion'
+ builtInDnsClientEnabled:
+ description: Indicates if a software stack is used to communicate with the DNS server
+ type: boolean
+ chromeRemoteDesktopAppBlocked:
+ description: Indicates whether access to the Chrome Remote Desktop application is blocked through a policy
+ type: boolean
+ deviceEnrollmentDomain:
+ description: Enrollment domain of the customer that is currently managing the device
+ type: string
+ diskEncrypted:
+ description: Indicates whether the main disk is encrypted
+ type: boolean
+ keyTrustLevel:
+ $ref: '#/components/schemas/KeyTrustLevelOSMode'
+ managedDevice:
+ description: Indicates whether the device is enrolled in ChromeOS device management
+ type: boolean
+ osFirewall:
+ description: Indicates whether a firewall is enabled at the OS-level on the device
+ type: boolean
+ osVersion:
+ $ref: '#/components/schemas/OSVersionFourComponents'
+ passwordProtectionWarningTrigger:
+ $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
+ realtimeUrlCheckMode:
+ description: Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
+ type: boolean
+ safeBrowsingProtectionLevel:
+ $ref: '#/components/schemas/SafeBrowsingProtectionLevel'
+ screenLockSecured:
+ description: Indicates whether the device is password-protected
+ type: boolean
+ siteIsolationEnabled:
+ description: Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled
+ type: boolean
+ DTCMacOS:
+ description: Google Chrome Device Trust Connector provider
+ type: object
+ properties:
+ browserVersion:
+ $ref: '#/components/schemas/ChromeBrowserVersion'
+ builtInDnsClientEnabled:
+ description: Indicates if a software stack is used to communicate with the DNS server
+ type: boolean
+ chromeRemoteDesktopAppBlocked:
+ description: Indicates whether access to the Chrome Remote Desktop application is blocked through a policy
+ type: boolean
+ deviceEnrollmentDomain:
+ description: Enrollment domain of the customer that is currently managing the device
+ type: string
+ diskEncrypted:
+ description: Indicates whether the main disk is encrypted
+ type: boolean
+ keyTrustLevel:
+ $ref: '#/components/schemas/KeyTrustLevelBrowserKey'
+ osFirewall:
+ description: Indicates whether a firewall is enabled at the OS-level on the device
+ type: boolean
+ osVersion:
+ $ref: '#/components/schemas/OSVersionThreeComponents'
+ passwordProtectionWarningTrigger:
+ $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
+ realtimeUrlCheckMode:
+ description: Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
+ type: boolean
+ safeBrowsingProtectionLevel:
+ $ref: '#/components/schemas/SafeBrowsingProtectionLevel'
+ screenLockSecured:
+ description: Indicates whether the device is password-protected
+ type: boolean
+ siteIsolationEnabled:
+ description: Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled
+ type: boolean
+ DTCWindows:
+ description: Google Chrome Device Trust Connector provider
+ type: object
+ properties:
+ browserVersion:
+ $ref: '#/components/schemas/ChromeBrowserVersion'
+ builtInDnsClientEnabled:
+ description: Indicates if a software stack is used to communicate with the DNS server
+ type: boolean
+ chromeRemoteDesktopAppBlocked:
+ description: Indicates whether access to the Chrome Remote Desktop application is blocked through a policy
+ type: boolean
+ crowdStrikeAgentId:
+ description: Agent ID of an installed CrowdStrike agent
+ type: string
+ crowdStrikeCustomerId:
+ description: Customer ID of an installed CrowdStrike agent
+ type: string
+ deviceEnrollmentDomain:
+ description: Enrollment domain of the customer that is currently managing the device
+ type: string
+ diskEncrypted:
+ description: Indicates whether the main disk is encrypted
+ type: boolean
+ keyTrustLevel:
+ $ref: '#/components/schemas/KeyTrustLevelBrowserKey'
+ osFirewall:
+ description: Indicates whether a firewall is enabled at the OS-level on the device
+ type: boolean
+ osVersion:
+ $ref: '#/components/schemas/OSVersionFourComponents'
+ passwordProtectionWarningTrigger:
+ $ref: '#/components/schemas/PasswordProtectionWarningTrigger'
+ realtimeUrlCheckMode:
+ description: Indicates whether enterprise-grade (custom) unsafe URL scanning is enabled
+ type: boolean
+ safeBrowsingProtectionLevel:
+ $ref: '#/components/schemas/SafeBrowsingProtectionLevel'
+ screenLockSecured:
+ description: Indicates whether the device is password-protected
+ type: boolean
+ secureBootEnabled:
+ description: Indicates whether the device's startup software has its Secure Boot feature enabled
+ type: boolean
+ siteIsolationEnabled:
+ description: Indicates whether the Site Isolation (also known as **Site Per Process**) setting is enabled
+ type: boolean
+ thirdPartyBlockingEnabled:
+ description: Indicates whether Chrome is blocking third-party software injection
+ type: boolean
+ windowsMachineDomain:
+ description: Windows domain that the current machine has joined
+ type: string
+ windowsUserDomain:
+ description: Windows domain for the current OS user
+ type: string
+ DefaultApp:
+ type: object
+ properties:
+ appInstanceId:
+ type: string
+ appLinkName:
+ type: string
+ classicApplicationUri:
+ type: string
Device:
type: object
properties:
@@ -20482,7 +30020,7 @@ components:
lastUpdated:
type: string
format: date-time
- description: Timestamp when the device was last updated
+ description: Timestamp when the device record was last updated. Updates occur when Okta collects and saves device signals during authentication, and when the lifecycle state of the device changes.
readOnly: true
profile:
$ref: '#/components/schemas/DeviceProfile'
@@ -20502,26 +30040,14 @@ components:
status:
$ref: '#/components/schemas/DeviceStatus'
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- users:
- $ref: '#/components/schemas/HrefObject'
- activate:
- $ref: '#/components/schemas/HrefObject'
- deactivate:
- $ref: '#/components/schemas/HrefObject'
- suspend:
- $ref: '#/components/schemas/HrefObject'
- unsuspend:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
+ $ref: '#/components/schemas/LinksSelfAndFullUsersLifecycle'
DeviceAccessPolicyRuleCondition:
allOf:
- $ref: '#/components/schemas/DevicePolicyRuleCondition'
- type: object
properties:
+ assurance:
+ $ref: '#/components/schemas/DevicePolicyRuleConditionAssurance'
managed:
type: boolean
registered:
@@ -20536,53 +30062,185 @@ components:
createdDate:
type: string
readOnly: true
- diskEncryptionType:
- type: object
- properties:
- include:
- type: array
- items:
- $ref: '#/components/schemas/DiskEncryptionType'
id:
type: string
readOnly: true
- jailbreak:
- type: boolean
+ lastUpdate:
+ type: string
+ readOnly: true
lastUpdatedBy:
type: string
readOnly: true
- lastUpdatedDate:
- type: string
- readOnly: true
name:
type: string
description: Display name of the Device Assurance Policy
- osVersion:
- $ref: '#/components/schemas/VersionObject'
platform:
$ref: '#/components/schemas/Platform'
- screenLockType:
- type: object
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ discriminator: *ref_9
+ DeviceAssuranceAndroidPlatform:
+ allOf:
+ - $ref: '#/components/schemas/DeviceAssurance'
+ - type: object
+ properties:
+ diskEncryptionType:
+ type: object
+ properties:
+ include:
+ type: array
+ items:
+ $ref: '#/components/schemas/DiskEncryptionTypeAndroid'
+ jailbreak:
+ type: boolean
+ osVersion:
+ $ref: '#/components/schemas/OSVersion'
+ screenLockType:
+ type: object
+ properties:
+ include:
+ type: array
+ items:
+ $ref: '#/components/schemas/ScreenLockType'
+ secureHardwarePresent:
+ type: boolean
+ DeviceAssuranceChromeOSPlatform:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
+ allOf:
+ - $ref: '#/components/schemas/DeviceAssurance'
+ - type: object
+ properties:
+ thirdPartySignalProviders:
+ type: object
+ description: Settings for third-party signal providers (based on the `CHROMEOS` platform)
+ properties:
+ dtc:
+ $ref: '#/components/schemas/DTCChromeOS'
+ DeviceAssuranceIOSPlatform:
+ allOf:
+ - $ref: '#/components/schemas/DeviceAssurance'
+ - type: object
+ properties:
+ jailbreak:
+ type: boolean
+ osVersion:
+ $ref: '#/components/schemas/OSVersion'
+ screenLockType:
+ type: object
+ properties:
+ include:
+ type: array
+ items:
+ $ref: '#/components/schemas/ScreenLockType'
+ DeviceAssuranceMacOSPlatform:
+ allOf:
+ - $ref: '#/components/schemas/DeviceAssurance'
+ - type: object
+ properties:
+ diskEncryptionType:
+ type: object
+ properties:
+ include:
+ type: array
+ items:
+ $ref: '#/components/schemas/DiskEncryptionTypeDesktop'
+ osVersion:
+ $ref: '#/components/schemas/OSVersion'
+ screenLockType:
+ type: object
+ properties:
+ include:
+ type: array
+ items:
+ $ref: '#/components/schemas/ScreenLockType'
+ secureHardwarePresent:
+ type: boolean
+ thirdPartySignalProviders:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
+ type: object
+ description: Settings for third-party signal providers (based on the `MACOS` platform)
+ properties:
+ dtc:
+ $ref: '#/components/schemas/DTCMacOS'
+ DeviceAssuranceWindowsPlatform:
+ allOf:
+ - $ref: '#/components/schemas/DeviceAssurance'
+ - type: object
properties:
- include:
+ diskEncryptionType:
+ type: object
+ properties:
+ include:
+ type: array
+ items:
+ $ref: '#/components/schemas/DiskEncryptionTypeDesktop'
+ osVersion:
+ $ref: '#/components/schemas/OSVersionFourComponents'
+ osVersionConstraints:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
type: array
+ description: |
+
Specifies the Windows version requirements for the assurance policy. Each requirement must correspond to a different major version (Windows 11 or Windows 10). If a requirement isn't specified for a major version, then devices on that major version satisfy the condition.
+
+ There are two types of OS requirements:
+ * **Static**: A specific Windows version requirement that doesn't change until you update the policy. A static OS Windows requirement is specified with `majorVersionConstraint` and `minimum`.
+ * **Dynamic**: A Windows version requirement that is relative to the latest major release and security patch. A dynamic OS Windows requirement is specified with `majorVersionConstraint` and `dynamicVersionRequirement`.
+
+ > **Note:** Dynamic OS requirements are available only if the **Dynamic OS version compliance** [self-service EA](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature is enabled. The `osVersionConstraints` property is only supported for the Windows platform. You can't specify both `osVersion.minimum` and `osVersionConstraints` properties at the same time.
items:
- $ref: '#/components/schemas/ScreenLockType'
- secureHardwarePresent:
- type: boolean
- _links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
+ $ref: '#/components/schemas/OSVersionConstraint'
+ minItems: 1
+ maxItems: 2
+ screenLockType:
+ type: object
+ properties:
+ include:
+ type: array
+ items:
+ $ref: '#/components/schemas/ScreenLockType'
+ secureHardwarePresent:
+ type: boolean
+ thirdPartySignalProviders:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
+ type: object
+ description: Settings for third-party signal providers (based on the `WINDOWS` platform)
+ properties:
+ dtc:
+ $ref: '#/components/schemas/DTCWindows'
DeviceDisplayName:
+ description: Display name of the device
type: object
properties:
sensitive:
type: boolean
value:
type: string
+ DeviceList:
+ allOf:
+ - $ref: '#/components/schemas/Device'
+ - properties:
+ _embedded:
+ type: object
+ description: List of associated users for the device if the `expand=user` query parameter is specified in the request. Use `expand=userSummary` to get only a summary of each associated user for the device.
+ properties:
+ users:
+ description: Users for the device
+ type: array
+ items:
+ $ref: '#/components/schemas/DeviceUser'
+ readOnly: true
DevicePlatform:
description: OS platform of the device
type: string
@@ -20615,6 +30273,13 @@ components:
type: boolean
trustLevel:
$ref: '#/components/schemas/DevicePolicyTrustLevel'
+ DevicePolicyRuleConditionAssurance:
+ type: object
+ properties:
+ include:
+ type: array
+ items:
+ type: string
DevicePolicyRuleConditionPlatform:
type: object
properties:
@@ -20634,6 +30299,8 @@ components:
DeviceProfile:
type: object
properties:
+ diskEncryptionType:
+ $ref: '#/components/schemas/DiskEncryptionTypeDef'
displayName:
type: string
description: Display name of the device
@@ -20641,9 +30308,12 @@ components:
maxLength: 255
imei:
type: string
- description: International Mobile Equipment Identity of the device
+ description: International Mobile Equipment Identity (IMEI) of the device
minLength: 14
maxLength: 17
+ integrityJailbreak:
+ type: boolean
+ description: Indicates if the device is jailbroken or rooted. Only applicable to `IOS` and `ANDROID` platforms
manufacturer:
type: string
description: Name of the manufacturer of the device
@@ -20667,7 +30337,7 @@ components:
description: Indicates if the device is registered at Okta
secureHardwarePresent:
type: boolean
- description: Indicates if the device constains a secure hardware functionality
+ description: Indicates if the device contains a secure hardware functionality
serialNumber:
type: string
description: Serial number of the device
@@ -20678,7 +30348,7 @@ components:
maxLength: 256
tpmPublicKeyHash:
type: string
- description: Windows Trsted Platform Module hash value
+ description: Windows Trusted Platform Module hash value
udid:
type: string
description: macOS Unique Device identifier of the device
@@ -20688,89 +30358,170 @@ components:
- platform
- registered
DeviceStatus:
+ description: The state object of the device
type: string
+ x-enumDescriptions:
+ ACTIVE: Use activated devices to create and delete Device user links
+ DEACTIVATED: Deactivation causes a Device to lose all device user links. Set the Device status to DEACTIVATED before deleting it.
+ SUSPENDED: Use suspended devices to create and delete device user links. You can only unsuspend or deactivate suspended devices.
+ UNSUSPENDED: Returns a suspended Device to ACTIVE.
x-okta-known-values:
- ACTIVE
- - CREATED
- DEACTIVATED
- SUSPENDED
- DiskEncryptionType:
- type: string
- x-okta-known-values:
- - ALL_INTERNAL_VOLUMES
- - FULL
- - USER
- Domain:
+ - UNSUSPENDED
+ DeviceUser:
type: object
properties:
- brandId:
+ created:
type: string
- certificateSourceType:
- $ref: '#/components/schemas/DomainCertificateSourceType'
- dnsRecords:
- type: array
- items:
- $ref: '#/components/schemas/DNSRecord'
- domain:
+ description: Timestamp when device was created
+ managementStatus:
type: string
- id:
+ description: The management status of the device
+ enum:
+ - MANAGED
+ - NOT_MANAGED
+ x-enumDescriptions:
+ MANAGED: The device has management software installed
+ NOT_MANAGED: The device doesn't have management software installed
+ screenLockType:
type: string
- publicCertificate:
- $ref: '#/components/schemas/DomainCertificateMetadata'
- validationStatus:
- $ref: '#/components/schemas/DomainValidationStatus'
+ description: Screen lock type of the device
+ enum:
+ - NONE
+ - PASSCODE
+ - BIOMETRIC
+ user:
+ $ref: '#/components/schemas/User'
+ DigestAlgorithm:
+ description: Algorithm used to generate the key. Only required for the PBKDF2 algorithm.
+ type: string
+ x-okta-known-values:
+ - SHA256_HMAC
+ - SHA512_HMAC
+ DiskEncryptionTypeAndroid:
+ type: string
+ x-okta-known-values:
+ - FULL
+ - USER
+ DiskEncryptionTypeDef:
+ description: |-
+ Type of encryption used on the device
+ > **Note:** The following values map to Disk Encryption ON: `FULL`, `USER`, `ALL_INTERNAL_VOLUMES`. All other values map to Disk Encryption OFF.
+ type: string
+ x-enumDescriptions:
+ NONE: No encryption has been set.
+ FULL: Disk is fully encrypted. Only applicable to `IOS` and `ANDROID` platforms.
+ USER: Encryption key is tied to the user or profile. Only applicable to `ANDROID` platform.
+ ALL_INTERNAL_VOLUMES: All internal disks are encrypted. Only applicable to `WINDOWS` and `MACOS` platforms.
+ SYSTEM_VOLUME: Only the system volume is encrypted. Only applicable to `WINDOWS` and `MACOS` platforms.
+ x-okta-known-values:
+ - ALL_INTERNAL_VOLUMES
+ - FULL
+ - NONE
+ - SYSTEM_VOLUME
+ - USER
+ DiskEncryptionTypeDesktop:
+ type: string
+ x-okta-known-values:
+ - ALL_INTERNAL_VOLUMES
DomainCertificate:
+ description: Defines the properties of the certificate
type: object
properties:
certificate:
+ description: Certificate content
type: string
+ example: '"-----BEGIN CERTIFICATE-----\nMIIFNzCCBB+gAwIBAgHTAAXomJWRama3ypu8TIxdA9wzMA0GCSqGSIb3DQEBCwUA\nMDIzCzAJCgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTAyMTAwNTEzMDVaFw0yMTA1MTEwNTEzMDVaMCQxIjAgBgNVBAMT\nGWFuaXRhdGVzdC5zaWdtYW5ldGNvcnAudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQC5cyk6x63iBJSWvtgsOBqIxfO8euPHcRnyWsL9dsvnbNyOnyvc\nqFWxdiW3sh2cItzYtoN1Zfgj5lWGOVXbHxP0VaNG9fHVX3+NHP6LFHQz92BzAYQm\npqi9zaP/aKJklk6LdPFbVLGhuZfm34+ijW9YsgLTKR2WTaZJK5QtamVVmP+VsSCl\na2ifFzjz2FCkMMEc/Y0zUyP+en/mbL71K+VnpZdlEC1s38EvjRTFKFZTKVw5wpWg\nCZQq/AZYj9RxR23IIuRcUJ8TQ2pyoc3kIXPWjiIarSgBlA8G9kCsxgzXP2RyLwKr\nIBIo+qyHweifpPYW28ipdSbPjiypAMdpbGLDAgMBAAGjggJTMIICTzAOBgNVHQ8B\nAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB\n/wQCMAAwHQYDVR0OBBYEFPVZKiovtIK4Av/IBUQeLUs29pT6MB8GA1UdIwQYMBaA\nFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcw\nAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMu\naS5sZW5jci5vcmcvMCQGA1UdEQQdMBuCGWFuaXRhdGVzdC5zaWdtYW5ldGNvcnAu\ndXMwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEF\nBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQC\nBIH0BIHxAO8AdgBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXeK\nkmOsAAAEAwBHMEUCIQDSudPEWXk969BT8yz3ag6BJWCMRU5tefEw9nXEQMsh5gIg\nUmfGIuUlcNNI5PydVIHj+zns+SR8P7zfd3FIxW4gK0QAdQD2XJQv0XcwIhRUGAgw\nlFaO400TGTO/3wwvIAvMTvFk4wAAAXeKkmOlAAAEAwBGMEQCIHQkr2qOGuInvonv\nW4vvdI61nraax5V6SC3E0D2JSO91AiBVhpX4BBafRAh36r7l8LrxAfxBM3CjBmAC\nq8fUrWfIWDANBgkqhkiG9w0BAQsFAAOCAQEAgGDMKXofKpDdv5kkID3s5GrKdzaj\njFmb/6kyqd1E6eGXZAewCP1EF5BVvR6lBP2aRXiZ6sJVZktoIfztZnbxBGgbPHfv\nR3iXIG6fxkklzR9Y8puPMBFadANE/QV78tIRAlyaqeSNsoxHi7ssQjHTP111B2lf\n3KmuTpsruut1UesEJcPReLk/1xTkRx262wAncach5Wp+6GWWduTZYJbsNFyrK1RP\nYQ0qYpP9wt2qR+DGaRUBG8i1XLnZS8pkyxtKhVw/a5Fowt+NqCpEBjjJiWJRSGnG\nNSgRtSXq11j8O4JONi8EXe7cEtvzUiLR5PL3itsK2svtrZ9jIwQ95wOPaA==\n-----END CERTIFICATE-----",'
certificateChain:
+ description: Certificate chain
type: string
+ example: '"-----BEGIN CERTIFICATE-----\nMIIFPjCCBCbjAwIBAgISA7RikMltj36DkLk1DUzjwfYBMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTEwMTExOTQ3MjRaFw0yMjAxMDkxOTQ3MjNaMCgxJjAkBgNVBAMT\nHWFuaXRhdGVzdHJhaW4uc2lnbWFuZXRjb3JwLnVzMIIBIjANBgkqhkiG9w0BAQEF\nAAOCAQ8AMIIBCgKCAQEA40EsG7YrFlsH3XdZKirdKKOC7/cca5g9L4rwyA/PlfeU\nB7mJhbQI/a3yZbtY+GjHmedBx15aPtyq+NFZLOkiRCXx0k2zNIJB4yC6Jr/Yp8C2\nrXO6mrCcuqpX7SuDPBtrfdYcIg8G6m0wjj1V1p2/XR8G//CBe8I2XTaTpHsx/VC8\nMNOAA27aSbeX4Nz6TQ69rFuxRG+neUbcz2hQKwroCsCHi6iBmqRkg19Uh8315Cx2\nBUqY0JecpP42KMiktzIoSlqS9yZSuNQh1kP1tPwkEzbs/t3FrfCnnRx5RDr2pJpV\nnonL3sB3TVotS3nFgPNHCfp65O0Bg/3ZpU9IvUpcdQIDAQABo4ICVjCCAlIwDgYD\nVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV\nHRMBAf8EAjAAMB0GA1UdDgQWBBSzWt3Dvp71cKA2Z54ESjjyM4dp+jAfBgNVHSME\nGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB\nBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov\nL3IzLmkubGVuY3Iub3JnLzAoBgNVHREEITAfgh1hbml0YXRlc3RyYWluLnNpZ21h\nbmV0Y29ycC51czBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo\nMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQIGCisG\nAQQB1nkCBAIEgfMEgfAA7gB1AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgia\nN9kTAAABfHEcLqAAAAQDAEYwRAIgMlyQ61FjuIKDfATjz0wfkskChD0csVe0TStq\nmC7NbLACICp3CYMvvDiWt1pr5pzCwTQO8F6v0/qNjmH4mjCutAgyAHUARqVV63X6\nkSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF8cRwvRAAABAMARjBEAiAZd6Vn\n7MLXT7JeIxZrfbNARrf5oCM4UAVjjJeaUhB1MwIgSLW5cVAZvkiwbQW+vIutFjBz\na8cNb/i+nM7RxFW+JPgwDQYJKoZIhvcNAQELBQADggEBAIlHZiHIuOvYFteqpwvR\n0ElqinIpkYsfI+0O5FwHBXz7vMCPGtfdlcX5M10eW3aEBo9lR59mjDMsMufbTb60\nJuSnguelkUoq4WzqjZI+2uy/FTztI5GPpXmXW3IyzbqmCWQt7u8N607g1TYLBaLL\nrbFIhl+LbTJAa//mxI6bb4l/86j/kSjht6U0OIde7ylscb+3MHobbpIWJYp8Jr1D\nubm/0glL46ExnuLbIKojLhDBnG/wHVunB0rJxGh1vPvwD75O1nSIdxuNlVcGwws+\n7wsOyPA1s0VWzrMN1olLMyIPFCwPvfCm1E8Dje1AXMpmyDlqjEoQsoMUH//GKF0S\nTgM=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\nWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\nRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\nR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\nsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\nNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\nZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\nAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\nFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\nAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\nOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\ngt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\nPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\nikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\nCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\nlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\navAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\nyJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\nyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\nhCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\nHlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\nMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\nnLRbwHOoq7hHwg==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"'
privateKey:
+ description: Certificate private key
type: string
+ example: '"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0AAQEFAASCBKgwghSkAgEAAoIBAQC5cyk6y63iBJSW\nstgsOBqIxfO8euPHcRnyWsL9dsvnbNyOnyvcqFWxdiW3sh2cItzYtoN1Zfgj5lWG\nOVXbHxP0VaNG9fHVX3+NHP6LFHQz92BzAYQmpqi9zaP/aKJklk6LdPFbVLGhuZfm\n34+ijW9YsgLTKR2WTaZJK5QtamVVmP+VsSCla2ifFzjz2FCkMMEc/Y0zUyP+en/m\nbL71K+VnpZdlEC1s38EvjRTFKFZTKVw5wpWgCZQq/AZYj9RxR23IIuRcUJ8TQ2py\noc3kIXPWjiIarSgBlA8G9kCsxgzXP2RyLwKrIBIo+qyHweifpPYW28ipdSbPjiyp\nAMdpbGLDAgMBAAECggEAUXVfT91z6IqghhKwO8QtC5T/+fN06B8rCYSKj/FFoZL0\n0oTiLFuYwImoCadoUDQUE/Efj0rKE2LSgFHg/44IItQXE01m+5WmHmL1ADxsyoLH\nz9yDosKj7jNM7RyV8F8Bg0pL1hU+rU4rhhL/MaS0mx4eFYjC4UmcWBmXTdelSVJa\nkvXvQLT5y86bqh7tqMjM/kALTWRz5CgNJFk/ONA1yo5RTX9S7SIXimBgAvuGqP8i\nMPEhJou7U3DfzXVfvP8byqNdsZs6ZNhG3wXspl61mRyrY+51SOaNLA7Bkji7x4bH\nNw6mJI0IJTAP9oc1Z8fYeMuxT1bfuD7VOupSP0mAMQKBgQDk+KuyQkmPymeP/Wwu\nII4DUpleVzxTK9obMQQoCEEElbQ6+jTb+8ixP0bWLvBXg/rX734j7OWfn/bljWLH\nXLrSoqQZF1+XMVeY4g4wx9UuTK/D2n791zdOgQivxbIPdWL3a4ap86ar8uyMgJu8\nBLXfFBAOc+9myqUkbeO7wt0e6QKBgQDPV04jPtIJoMrggpQDNreGrANKOmsXWxj4\nOHW13QNdJ2KGQpoTdoqQ8ZmlxuA8Bf2RjHsnB2kgGVTVQR74zRib4MByhvsdhvVm\nF2LNsJoIDfqtv3c+oj13VonRUGuzUeJpwT/snyaL+jQ/ZZcYz0jDgDhIODTcFYj8\nDMSD5SHgywKBgHH6MwWuJ44TNBAiF2qyu959jGjAxf+k0ZI9iRMgYLUWjDvbdtqW\ncCWDGRDfFraJtSEuTz003GzkJPPJuIUC7OCTI1p2HxhU8ITi6itwHfdJJyk4J4TW\nT+qdIqTUpTk6tsPw23zYE3x+lS+viVZDhgEArKl1HpOthh0nMnixnH6ZAoGBAKGn\nV+xy1h9bldFk/TFkP8Jn6ki9MzGKfPVKT7vzDORcCJzU4Hu8OFy5gSmW3Mzvfrsz\n4/CR/oxgM5vwoc0pWr5thJ3GT5K93iYypX3o6q7M91zvonDa3UFl3x2qrc2pUfVS\nDhzWGJ+Z+5JSCnP1aK3EEh18dPoCcELTUYPj6X3xAoGBALAllTb3RCIaqIqk+s3Y\n6KDzikgwGM6j9lmOI2MH4XmCVym4Z40YGK5nxulDh2Ihn/n9zm13Z7ul2DJwgQSO\n0zBc7/CMOsMEBaNXuKL8Qj4enJXMtub4waQ/ywqHIdc50YaPI5Ax8dD/10h9M6Qc\nnUFLNE8pXSnsqb0eOL74f3uQ\n-----END PRIVATE KEY-----"'
type:
$ref: '#/components/schemas/DomainCertificateType'
+ required:
+ - certificate
+ - certificateChain
+ - privateKey
+ - type
DomainCertificateMetadata:
+ description: Certificate metadata for the domain
type: object
properties:
expiration:
+ description: Certificate expiration
type: string
+ example: '2021-05-11T05:13:05.000Z'
fingerprint:
+ description: Certificate fingerprint
type: string
+ example: 73:68:82:7B:83:2E:48:29:A5:5E:E8:40:41:80:B3:AA:03:C4:42:43:05:73:45:BC:AA:47:00:23:A3:70:E5:C4
subject:
+ description: Certificate subject
type: string
+ example: CN=login.example.com
DomainCertificateSourceType:
+ description: Certificate source type that indicates whether the certificate is provided by the user or Okta.
type: string
x-okta-known-values:
- MANUAL
- OKTA_MANAGED
DomainCertificateType:
+ description: Certificate type
type: string
x-okta-known-values:
- PEM
DomainLinks:
- type: object
- properties:
- brand:
- $ref: '#/components/schemas/HrefObject'
- certificate:
- $ref: '#/components/schemas/HrefObject'
- self:
- $ref: '#/components/schemas/HrefObject'
- verify:
- $ref: '#/components/schemas/HrefObject'
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ brand:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: The associated brand
+ certificate:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: The certificate link references the domain certificate
+ verify:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: The verify link verifies the domain and transitions the domain status to `VERIFIED`
DomainListResponse:
+ description: Defines a list of domains with a subset of the properties for each domain.
type: object
properties:
domains:
+ description: Each element of the array defines an individual domain.
type: array
items:
$ref: '#/components/schemas/DomainResponse'
+ DomainRequest:
+ type: object
+ properties:
+ certificateSourceType:
+ $ref: '#/components/schemas/DomainCertificateSourceType'
+ domain:
+ description: Custom domain name
+ type: string
+ example: login.example.com
+ required:
+ - certificateSourceType
+ - domain
DomainResponse:
+ description: The properties that define an individual domain.
type: object
properties:
brandId:
+ description: The ID number of the brand
type: string
+ example: bndul904tTZ6kWVhP0g3
certificateSourceType:
$ref: '#/components/schemas/DomainCertificateSourceType'
dnsRecords:
@@ -20778,9 +30529,13 @@ components:
items:
$ref: '#/components/schemas/DNSRecord'
domain:
+ description: Custom domain name
type: string
+ example: login.example.com
id:
+ description: Unique ID of the domain
type: string
+ example: OcDz6iRyjkaCTXkdo0g3
publicCertificate:
$ref: '#/components/schemas/DomainCertificateMetadata'
validationStatus:
@@ -20788,6 +30543,8 @@ components:
_links:
$ref: '#/components/schemas/DomainLinks'
DomainValidationStatus:
+ description: Status of the domain
+ example: VERIFIED
type: string
x-okta-known-values:
- COMPLETED
@@ -20801,15 +30558,65 @@ components:
type: integer
unit:
type: string
+ ECKeyJWK:
+ description: Elliptic Curve Key in JWK format, currently used during enrollment to encrypt fulfillment requests to Yubico, or during activation to verify Yubico's JWS objects in fulfillment responses. The currently agreed protocol uses P-384.
+ type: object
+ properties:
+ crv:
+ type: string
+ enum:
+ - P-384
+ kid:
+ type: string
+ description: The unique identifier of the key
+ kty:
+ type: string
+ enum:
+ - EC
+ description: The type of public key
+ use:
+ type: string
+ description: The intended use for the key. The ECKeyJWK is always `enc` because Okta uses it to encrypt requests to Yubico.
+ enum:
+ - enc
+ x:
+ type: string
+ description: The public x coordinate for the elliptic curve point
+ 'y':
+ type: string
+ description: The public y coordinate for the elliptic curve point
+ required:
+ - x
+ - 'y'
+ - kty
+ - crv
+ - use
+ - kid
EmailContent:
type: object
properties:
body:
type: string
- description: The email's HTML body. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+ description: |
+ The HTML body of the email. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+
+ Not required if Custom languages for Okta Email Templates is enabled. A `null` body is replaced with a default value from one of the following in priority order:
+
+ 1. An existing default email customization, if one exists
+ 2. Okta-provided translated content for the specified language, if one exists
+ 3. Okta-provided translated content for the brand locale, if it's set
+ 4. Okta-provided content in English
subject:
type: string
- description: The email's subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+ description: |
+ The email subject. May contain [variable references](https://velocity.apache.org/engine/1.7/user-guide.html#references).
+
+ Not required if Custom languages for Okta Email Templates is enabled. A `null` subject is replaced with a default value from one of the following in priority order:
+
+ 1. An existing default email customization, if one exists
+ 2. Okta-provided translated content for the specified language, if one exists
+ 3. Okta-provided translated content for the brand locale, if it's set
+ 4. Okta-provided content in English
required:
- subject
- body
@@ -20826,7 +30633,7 @@ components:
id:
type: string
readOnly: true
- description: A unique identifier for this email customization.
+ description: A unique identifier for this email customization
isDefault:
type: boolean
description: Whether this is the default customization for the email template. Each customized email template must have exactly one default customization. Defaults to `true` for the first customization and `false` thereafter.
@@ -20838,18 +30645,17 @@ components:
readOnly: true
description: The UTC time at which this email customization was last updated.
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- template:
- $ref: '#/components/schemas/HrefObject'
- preview:
- $ref: '#/components/schemas/HrefObject'
- test:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- description: Links to resources related to this email customization.
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ self:
+ $ref: '#/components/schemas/HrefObject'
+ template:
+ $ref: '#/components/schemas/HrefObject'
+ preview:
+ $ref: '#/components/schemas/HrefObject'
+ test:
+ $ref: '#/components/schemas/HrefObject'
required:
- language
EmailDefaultContent:
@@ -20859,33 +30665,45 @@ components:
properties:
_links:
type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- template:
- $ref: '#/components/schemas/HrefObject'
- preview:
- $ref: '#/components/schemas/HrefObject'
- test:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- description: Links to resources related to this email template's default content.
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ template:
+ $ref: '#/components/schemas/HrefObject'
+ preview:
+ $ref: '#/components/schemas/HrefObject'
+ test:
+ $ref: '#/components/schemas/HrefObject'
EmailDomain:
allOf:
- $ref: '#/components/schemas/BaseEmailDomain'
type: object
properties:
+ brandId:
+ type: string
domain:
type: string
+ validationSubdomain:
+ type: string
+ description: Subdomain for the email sender's custom mail domain. Specify your subdomain when you configure a custom mail domain.
+ default: mail
required:
- domain
- EmailDomainListResponse:
+ - brandId
+ EmailDomainDNSRecord:
type: object
properties:
- email-domains:
- type: array
- items:
- $ref: '#/components/schemas/EmailDomainResponse'
+ fqdn:
+ type: string
+ recordType:
+ $ref: '#/components/schemas/EmailDomainDNSRecordType'
+ verificationValue:
+ type: string
+ EmailDomainDNSRecordType:
+ type: string
+ x-okta-known-values:
+ - CNAME
+ - TXT
EmailDomainResponse:
allOf:
- $ref: '#/components/schemas/BaseEmailDomain'
@@ -20894,13 +30712,42 @@ components:
dnsValidationRecords:
type: array
items:
- $ref: '#/components/schemas/DNSRecord'
+ $ref: '#/components/schemas/EmailDomainDNSRecord'
+ domain:
+ type: string
+ id:
+ type: string
+ validationStatus:
+ $ref: '#/components/schemas/EmailDomainStatus'
+ validationSubdomain:
+ type: string
+ description: The subdomain for the email sender's custom mail domain
+ default: mail
+ EmailDomainResponseWithEmbedded:
+ type: object
+ properties:
+ displayName:
+ type: string
+ userName:
+ type: string
+ dnsValidationRecords:
+ type: array
+ items:
+ $ref: '#/components/schemas/EmailDomainDNSRecord'
domain:
type: string
id:
type: string
validationStatus:
$ref: '#/components/schemas/EmailDomainStatus'
+ _embedded:
+ type: object
+ properties:
+ brands:
+ type: array
+ items:
+ $ref: '#/components/schemas/Brand'
+ readOnly: true
EmailDomainStatus:
type: string
x-okta-known-values:
@@ -20915,26 +30762,53 @@ components:
body:
type: string
readOnly: true
- description: The email's HTML body.
+ description: The email's HTML body
subject:
type: string
readOnly: true
- description: The email's subject.
+ description: The email's subject
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- contentSource:
- $ref: '#/components/schemas/HrefObject'
- template:
- $ref: '#/components/schemas/HrefObject'
- test:
- $ref: '#/components/schemas/HrefObject'
- defaultContent:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- description: Links to resources related to this email preview.
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ contentSource:
+ $ref: '#/components/schemas/HrefObject'
+ template:
+ $ref: '#/components/schemas/HrefObject'
+ test:
+ $ref: '#/components/schemas/HrefObject'
+ defaultContent:
+ $ref: '#/components/schemas/HrefObject'
+ EmailServerListResponse:
+ type: object
+ properties:
+ email-servers:
+ type: array
+ items:
+ $ref: '#/components/schemas/EmailServerResponse'
+ EmailServerPost:
+ allOf:
+ - $ref: '#/components/schemas/EmailServerRequest'
+ - required:
+ - host
+ - port
+ - username
+ - password
+ - alias
+ EmailServerRequest:
+ allOf:
+ - $ref: '#/components/schemas/BaseEmailServer'
+ - properties:
+ password:
+ type: string
+ description: Password used to access your SMTP server
+ EmailServerResponse:
+ allOf:
+ - $ref: '#/components/schemas/BaseEmailServer'
+ - properties:
+ id:
+ type: string
+ description: ID of your SMTP server
EmailSettings:
type: object
properties:
@@ -20952,7 +30826,7 @@ components:
name:
type: string
readOnly: true
- description: The name of this email template.
+ description: The name of this email template
_embedded:
type: object
properties:
@@ -20962,38 +30836,38 @@ components:
type: integer
readOnly: true
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- settings:
- $ref: '#/components/schemas/HrefObject'
- defaultContent:
- $ref: '#/components/schemas/HrefObject'
- customizations:
- $ref: '#/components/schemas/HrefObject'
- test:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- description: Links to resources related to this email template.
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ settings:
+ $ref: '#/components/schemas/HrefObject'
+ defaultContent:
+ $ref: '#/components/schemas/HrefObject'
+ customizations:
+ $ref: '#/components/schemas/HrefObject'
+ test:
+ $ref: '#/components/schemas/HrefObject'
EmailTemplateTouchPointVariant:
type: string
x-okta-known-values:
- FULL_THEME
- OKTA_DEFAULT
- EmailUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/EmailUserFactorProfile'
- EmailUserFactorProfile:
+ EmailTestAddresses:
type: object
properties:
- email:
+ from:
+ type: string
+ description: Email address that sends test emails
+ example: sender@host.com
+ to:
type: string
+ description: Email address that receives test emails
+ example: receiver@host.com
+ required:
+ - from
+ - to
EnabledStatus:
+ description: Setting status
type: string
x-okta-known-values:
- DISABLED
@@ -21005,6 +30879,93 @@ components:
- LOGO_ON_FULL_WHITE_BACKGROUND
- OKTA_DEFAULT
- WHITE_LOGO_BACKGROUND
+ EnrollmentActivationRequest:
+ description: Enrollment Initialization Request
+ type: object
+ properties:
+ credResponses:
+ description: List of credential responses from the fulfillment provider
+ type: array
+ items:
+ $ref: '#/components/schemas/WebAuthnCredResponse'
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ pinResponseJwe:
+ description: Encrypted JWE of PIN response from the fulfillment provider
+ type: string
+ serial:
+ description: Serial number of the YubiKey
+ type: string
+ userId:
+ description: ID of an existing Okta user
+ type: string
+ version:
+ description: Firmware version of the YubiKey
+ type: string
+ yubicoSigningJwks:
+ description: List of usable signing keys from Yubico (in JWKS format) used to verify the JWS inside the JWE
+ type: array
+ items:
+ $ref: '#/components/schemas/ECKeyJWK'
+ EnrollmentActivationResponse:
+ description: Enrollment Initialization Response
+ type: object
+ properties:
+ authenticatorEnrollmentIds:
+ description: List of IDs for preregistered WebAuthn Factors in Okta
+ type: array
+ items:
+ type: string
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ userId:
+ description: ID of an existing Okta user
+ type: string
+ EnrollmentInitializationRequest:
+ description: Enrollment Initialization Request
+ type: object
+ properties:
+ enrollmentRpIds:
+ description: List of Relying Party hostnames to register on the YubiKey.
+ type: array
+ items:
+ type: string
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ userId:
+ description: ID of an existing Okta user
+ type: string
+ yubicoTransportKeyJWK:
+ $ref: '#/components/schemas/ECKeyJWK'
+ EnrollmentInitializationResponse:
+ description: Yubico Transport Key in the form of a JWK, used to encrypt our fulfillment request to Yubico. The currently agreed protocol uses P-384.
+ type: object
+ properties:
+ credRequests:
+ description: List of credential requests for the fulfillment provider
+ type: array
+ items:
+ $ref: '#/components/schemas/WebAuthnCredRequest'
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ pinRequestJwe:
+ description: Encrypted JWE of PIN request for the fulfillment provider
+ type: string
+ userId:
+ description: ID of an existing Okta user
+ type: string
Error:
title: Error
type: object
@@ -21028,6 +30989,13 @@ components:
errorSummary:
type: string
description: A short description of what caused this error. Sometimes this contains dynamically-generated information about your specific error.
+ ErrorPage:
+ allOf:
+ - $ref: '#/components/schemas/CustomizablePage'
+ - type: object
+ properties:
+ contentSecurityPolicySetting:
+ $ref: '#/components/schemas/ContentSecurityPolicySetting'
ErrorPageTouchPointVariant:
type: string
x-okta-known-values:
@@ -21040,32 +31008,53 @@ components:
channel:
$ref: '#/components/schemas/EventHookChannel'
created:
+ description: Timestamp of the event hook creation
type: string
format: date-time
readOnly: true
createdBy:
+ description: The ID of the user who created the event hook
+ type: string
+ readOnly: true
+ description:
+ description: Description of the event hook
type: string
+ nullable: true
events:
$ref: '#/components/schemas/EventSubscriptions'
id:
type: string
+ description: Unique key for the event hook
readOnly: true
lastUpdated:
+ description: Date of the last event hook update
type: string
format: date-time
readOnly: true
name:
+ description: Display name for the event hook
type: string
status:
- $ref: '#/components/schemas/LifecycleStatus'
+ description: Status of the event hook
+ type: string
+ enum:
+ - ACTIVE
+ - INACTIVE
+ readOnly: true
verificationStatus:
$ref: '#/components/schemas/EventHookVerificationStatus'
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ deactivate:
+ $ref: '#/components/schemas/HrefObject'
+ verify:
+ $ref: '#/components/schemas/HrefObject'
+ required:
+ - name
+ - events
+ - channel
EventHookChannel:
type: object
properties:
@@ -21074,63 +31063,152 @@ components:
type:
$ref: '#/components/schemas/EventHookChannelType'
version:
+ description: Version of the channel. Currently the only supported version is `1.0.0``.
type: string
+ required:
+ - type
+ - config
+ - version
EventHookChannelConfig:
type: object
properties:
authScheme:
$ref: '#/components/schemas/EventHookChannelConfigAuthScheme'
headers:
+ description: |-
+ Optional list of key/value pairs for headers that can be sent with the request to the external service. For example,
+ `X-Other-Header` is an example of an optional header, with a value of `my-header-value`, that you want Okta to pass to your
+ external service.
type: array
items:
$ref: '#/components/schemas/EventHookChannelConfigHeader'
+ method:
+ description: The method of the Okta event hook request
+ type: string
+ readOnly: true
uri:
+ description: The external service endpoint called to execute the event hook handler
type: string
+ required:
+ - uri
EventHookChannelConfigAuthScheme:
+ description: |-
+ The authentication scheme used for this request.
+
+ To use Basic Auth for authentication, set `type` to `HEADER`,
+ `key` to `Authorization`, and `value` to the Base64-encoded string of "username:password". Ensure that you include
+ the scheme (including space) as part of the `value` parameter. For example, `Basic YWRtaW46c3VwZXJzZWNyZXQ=`. See
+ [HTTP Basic Authentication](/books/api-security/authn/api-authentication-options/#http-basic-authentication).
type: object
properties:
key:
+ description: The name for the authorization header
type: string
type:
$ref: '#/components/schemas/EventHookChannelConfigAuthSchemeType'
value:
+ description: |-
+ The header value. This secret key is passed to your external service endpoint for security verification.
+ This property is not returned in the response.
type: string
+ writeOnly: true
EventHookChannelConfigAuthSchemeType:
+ description: The authentication scheme type. Currently only supports `HEADER`.
type: string
x-okta-known-values:
- HEADER
EventHookChannelConfigHeader:
+ nullable: true
type: object
properties:
key:
+ description: The optional field or header name
type: string
value:
+ description: The value for the key
type: string
EventHookChannelType:
+ description: The channel type. Currently supports `HTTP`.
type: string
x-okta-known-values:
- HTTP
+ EventHookFilterMap:
+ description: The object that maps the filter to the event type
+ items:
+ $ref: '#/components/schemas/EventHookFilterMapObject'
+ type: array
+ EventHookFilterMapObject:
+ type: object
+ properties:
+ condition:
+ $ref: '#/components/schemas/EventHookFilterMapObjectCondition'
+ event:
+ type: string
+ description: The filtered event type
+ EventHookFilterMapObjectCondition:
+ type: object
+ properties:
+ expression:
+ type: string
+ description: The Okta Expression language statement that filters the event type
+ version:
+ type: string
+ nullable: true
+ description: Internal field
+ readOnly: true
+ EventHookFilters:
+ nullable: true
+ description: |-
+ The optional filter defined on a specific event type
+
+ > **Note:** Event hook filters is a [self-service Early Access (EA)](/docs/concepts/feature-lifecycle-management/#self-service-features) feature. See [Manage Early Access and Beta features](https://help.okta.com/okta_help.htm?id=ext_secur_manage_ea_bata) to enable.
+ If you want to disable this feature, it's recommended to first remove all event filters.
+ type: object
+ properties:
+ eventFilterMap:
+ $ref: '#/components/schemas/EventHookFilterMap'
+ type:
+ type: string
+ description: The type of filter. Currently only supports `EXPRESSION_LANGUAGE`
+ readOnly: true
+ EventHookSubscribedEventTypes:
+ description: |-
+ The subscribed event types that trigger the event hook. When you register an event hook
+ you need to specify which events you want to subscribe to. To see the list of event types
+ currently eligible for use in event hooks, use the [Event Types catalog](/docs/reference/api/event-types/#catalog)
+ and search with the parameter `event-hook-eligible`.
+ items:
+ type: string
+ type: array
EventHookVerificationStatus:
+ description: Verification status of the event hook. `UNVERIFIED` event hooks won't receive any events.
type: string
+ readOnly: true
x-okta-known-values:
- UNVERIFIED
- VERIFIED
EventSubscriptionType:
+ description: The events object type. Currently supports `EVENT_TYPE`.
type: string
x-okta-known-values:
- EVENT_TYPE
- - FLOW_EVENT
EventSubscriptions:
type: object
properties:
+ filter:
+ $ref: '#/components/schemas/EventHookFilters'
items:
- type: array
- items:
- type: string
+ $ref: '#/components/schemas/EventHookSubscribedEventTypes'
type:
$ref: '#/components/schemas/EventSubscriptionType'
- discriminator:
- propertyName: type
+ required:
+ - type
+ - items
+ Expression:
+ type: object
+ properties:
+ value:
+ type: string
FCMConfiguration:
properties:
fileName:
@@ -21151,66 +31229,20 @@ components:
properties:
configuration:
$ref: '#/components/schemas/FCMConfiguration'
- FactorProvider:
- type: string
- x-okta-known-values:
- - CUSTOM
- - DUO
- - FIDO
- - GOOGLE
- - OKTA
- - RSA
- - SYMANTEC
- - YUBICO
- FactorResultType:
- type: string
- x-okta-known-values:
- - CANCELLED
- - CHALLENGE
- - ERROR
- - FAILED
- - PASSCODE_REPLAYED
- - REJECTED
- - SUCCESS
- - TIMEOUT
- - TIME_WINDOW_EXCEEDED
- - WAITING
- FactorStatus:
- type: string
- x-okta-known-values:
- - ACTIVE
- - DISABLED
- - ENROLLED
- - EXPIRED
- - INACTIVE
- - NOT_SETUP
- - PENDING_ACTIVATION
- FactorType:
- type: string
- x-okta-known-values:
- - call
- - email
- - hotp
- - push
- - question
- - sms
- - token
- - token:hardware
- - token:hotp
- - token:software:totp
- - u2f
- - web
- - webauthn
Feature:
+ description: Specifies feature release cycle information
type: object
properties:
description:
type: string
+ description: Brief description of the feature and what it provides
id:
type: string
+ description: Unique identifier for this feature
readOnly: true
name:
type: string
+ description: Name of the feature
stage:
$ref: '#/components/schemas/FeatureStage'
status:
@@ -21218,12 +31250,40 @@ components:
type:
$ref: '#/components/schemas/FeatureType'
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ dependents:
+ description: Link to feature dependents
+ type: object
+ readOnly: true
+ properties:
+ href:
+ description: Link URI
+ type: string
+ readOnly: true
+ dependencies:
+ description: Link to feature dependencies
+ type: object
+ readOnly: true
+ properties:
+ href:
+ description: Link URI
+ type: string
+ readOnly: true
+ FeatureLifecycle:
+ example: ENABLE
+ type: string
+ x-okta-known-values:
+ - DISABLE
+ - ENABLE
FeatureStage:
+ description: |-
+ Current release cycle stage of a feature
+
+ If a feature's stage value is `EA`, the state is `null` and not returned. If the value is `BETA`, the state is `OPEN` or `CLOSED` depending on whether the `BETA` feature is manageable.
+
+ > **Note:** If a feature's stage is `OPEN BETA`, you can update it only in Preview cells. If a feature's stage is `CLOSED BETA`, you can disable it only in Preview cells.
type: object
properties:
state:
@@ -21231,16 +31291,19 @@ components:
value:
$ref: '#/components/schemas/FeatureStageValue'
FeatureStageState:
+ description: Indicates the release state of the feature
type: string
x-okta-known-values:
- CLOSED
- OPEN
FeatureStageValue:
+ description: Current release stage of the feature
type: string
x-okta-known-values:
- BETA
- EA
FeatureType:
+ description: Type of feature
type: string
x-okta-known-values:
- self-service
@@ -21255,16 +31318,69 @@ components:
resetPasswordUrl:
type: string
readOnly: true
+ FulfillmentData:
+ description: Fulfillment provider details
+ type: object
+ properties:
+ customizationId:
+ description: ID for the set of custom configurations of the requested Factor
+ type: string
+ inventoryProductId:
+ description: ID for the specific inventory bucket of the requested Factor
+ type: string
+ productId:
+ description: ID for the make and model of the requested Factor
+ type: string
+ FulfillmentRequest:
+ description: Fulfillment Request
+ type: object
+ properties:
+ fulfillmentData:
+ $ref: '#/components/schemas/FulfillmentData'
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ userId:
+ description: ID of an existing Okta user
+ type: string
+ GoogleApplicationSettings:
+ allOf:
+ - $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
+ - type: object
+ - required:
+ - app
+ properties:
+ app:
+ $ref: '#/components/schemas/GoogleApplicationSettingsApplication'
+ GoogleApplicationSettingsApplication:
+ description: Google app instance properties
+ type: object
+ properties:
+ domain:
+ type: string
+ description: Your Google Apps company domain
+ rpId:
+ type: string
+ description: RPID
+ required:
+ - domain
GrantOrTokenStatus:
+ description: Status
+ example: ACTIVE
type: string
+ readOnly: true
x-okta-known-values:
- ACTIVE
- REVOKED
GrantTypePolicyRuleCondition:
+ description: Array of grant types that this condition includes. Determines the mechanism that Okta uses to authorize the creation of the tokens.
type: object
properties:
include:
type: array
+ description: Array of grant types thagt this condition includes.
items:
type: string
Group:
@@ -21301,76 +31417,86 @@ components:
properties: {}
readOnly: true
_links:
- type: object
- properties:
- apps:
- $ref: '#/components/schemas/HrefObject'
- logo:
- type: array
- items:
- $ref: '#/components/schemas/HrefObject'
- self:
- $ref: '#/components/schemas/HrefObject'
- source:
- $ref: '#/components/schemas/HrefObject'
- users:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ apps:
+ $ref: '#/components/schemas/HrefObject'
+ logo:
+ type: array
+ items:
+ $ref: '#/components/schemas/HrefObject'
+ source:
+ $ref: '#/components/schemas/HrefObject'
+ users:
+ $ref: '#/components/schemas/HrefObject'
GroupCondition:
+ description: Specifies a set of Groups whose Users are to be included or excluded
type: object
properties:
exclude:
type: array
+ description: Groups to be excluded
items:
type: string
include:
type: array
+ description: Groups to be included
items:
type: string
GroupOwner:
type: object
properties:
displayName:
+ description: The display name of the group owner
type: string
readOnly: true
id:
+ description: The `id` of the group owner
type: string
- readOnly: true
lastUpdated:
+ description: Timestamp when the group owner was last updated
type: string
format: date-time
readOnly: true
originId:
+ description: The ID of the app instance if the `originType` is `APPLICATION`. This value is `NULL` if `originType` is `OKTA_DIRECTORY`.
type: string
originType:
$ref: '#/components/schemas/GroupOwnerOriginType'
resolved:
+ description: If `originType`is APPLICATION, this parameter is set to `FALSE` until the owner’s `originId` is reconciled with an associated Okta ID.
type: boolean
type:
$ref: '#/components/schemas/GroupOwnerType'
GroupOwnerOriginType:
+ description: The source where group ownership is managed
type: string
x-okta-known-values:
- APPLICATION
- OKTA_DIRECTORY
GroupOwnerType:
+ description: The entity type of the owner
type: string
x-okta-known-values:
- GROUP
- - UNKNOWN
- USER
GroupPolicyRuleCondition:
+ description: Specifies a set of Groups whose Users are to be included or excluded
type: object
properties:
exclude:
type: array
+ description: Groups to be excluded
items:
type: string
include:
type: array
+ description: Groups to be included
items:
type: string
GroupProfile:
+ additionalProperties: true
type: object
properties:
description:
@@ -21493,10 +31619,7 @@ components:
readOnly: true
type: string
_links:
- additionalProperties:
- type: object
- readOnly: true
- type: object
+ $ref: '#/components/schemas/LinksSelf'
x-okta-allow-null-property-value-for-updates: true
GroupSchemaAttribute:
type: object
@@ -21591,40 +31714,34 @@ components:
- APP_GROUP
- BUILT_IN
- OKTA_GROUP
- HardwareUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/HardwareUserFactorProfile'
- HardwareUserFactorProfile:
- type: object
- properties:
- credentialId:
- type: string
HookKey:
type: object
properties:
created:
type: string
format: date-time
+ description: Timestamp when the key was created.
readOnly: true
id:
type: string
+ description: The unique identifier for the key.
readOnly: true
isUsed:
type: string
format: boolean
+ description: Whether this key is currently in use by other hooks.
keyId:
type: string
+ description: The alias of the public key.
readOnly: true
lastUpdated:
type: string
format: date-time
+ description: Timestamp when the key was updated.
readOnly: true
name:
type: string
+ description: Display name of the key.
readOnly: false
_embedded:
$ref: '#/components/schemas/JsonWebKey'
@@ -21644,11 +31761,11 @@ components:
- OKTA_DEFAULT
HrefObject:
title: Link Object
- description: Singular link objected returned in HAL `_links` object.
type: object
properties:
hints:
type: object
+ description: Describes allowed HTTP verbs for the `href`
properties:
allow:
type: array
@@ -21656,13 +31773,56 @@ components:
$ref: '#/components/schemas/HttpMethod'
href:
type: string
+ description: Link URI
name:
type: string
+ description: Link name
type:
type: string
description: The media type of the link. If omitted, it is implicitly `application/json`.
required:
- href
+ readOnly: true
+ HrefObjectActivateLink:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to activate the resource
+ HrefObjectAppLink:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to the app resource
+ HrefObjectClientLink:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to the client resource
+ HrefObjectDeactivateLink:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to deactivate the resource
+ HrefObjectDeleteLink:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to delete the resource
+ HrefObjectLogoLink:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to the logo resource
+ HrefObjectSelfLink:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to the resource (self)
+ HrefObjectSuspendLink:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to suspend the resource
+ HrefObjectUnsuspendLink:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to unsuspend the resource
+ HrefObjectUserLink:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to the user resource
HttpMethod:
type: string
x-okta-known-values:
@@ -21693,23 +31853,15 @@ components:
format: date-time
description: Timestamp when the role was last updated
readOnly: true
- permissions:
- type: array
- description: Array of permissions that the role will grant. See [Permission Types](https://developer.okta.com/docs/concepts/role-assignment/#permission-types).
- items:
- $ref: '#/components/schemas/RolePermissionType'
- _links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- permissions:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ permissions:
+ $ref: '#/components/schemas/HrefObject'
required:
- label
- description
- - permissions
IamRoles:
type: object
properties:
@@ -21718,11 +31870,7 @@ components:
items:
$ref: '#/components/schemas/IamRole'
_links:
- type: object
- properties:
- next:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
+ $ref: '#/components/schemas/LinksNext'
IdentityProvider:
type: object
properties:
@@ -21744,6 +31892,8 @@ components:
type: string
policy:
$ref: '#/components/schemas/IdentityProviderPolicy'
+ properties:
+ $ref: '#/components/schemas/IdentityProviderProperties'
protocol:
$ref: '#/components/schemas/Protocol'
status:
@@ -21751,11 +31901,7 @@ components:
type:
$ref: '#/components/schemas/IdentityProviderType'
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
IdentityProviderApplicationUser:
type: object
properties:
@@ -21780,11 +31926,7 @@ components:
properties: {}
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
IdentityProviderCredentials:
type: object
properties:
@@ -21801,6 +31943,9 @@ components:
type: string
client_secret:
type: string
+ pkce_required:
+ type: boolean
+ description: Require Proof Key for Code Exchange (PKCE) for additional verification
IdentityProviderCredentialsSigning:
type: object
properties:
@@ -21827,13 +31972,19 @@ components:
- OCSP
IdentityProviderPolicy:
allOf:
- - $ref: '#/components/schemas/Policy'
- type: object
properties:
accountLink:
$ref: '#/components/schemas/PolicyAccountLink'
- conditions:
- $ref: '#/components/schemas/PolicyRuleConditions'
+ mapAMRClaims:
+ type: boolean
+ description:
Enable mapping AMR from IdP to Okta to downstream apps
+ default: false
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
maxClockSkew:
type: integer
provisioning:
@@ -21855,6 +32006,15 @@ components:
type: string
provider:
$ref: '#/components/schemas/IdentityProviderPolicyProvider'
+ IdentityProviderProperties:
+ nullable: true
+ type: object
+ properties:
+ additionalAmr:
+ type: array
+ nullable: true
+ items:
+ type: string
IdentityProviderType:
type: string
x-okta-known-values:
@@ -21871,6 +32031,10 @@ components:
IdentitySourceSession:
type: object
properties:
+ created:
+ type: string
+ format: date-time
+ readOnly: true
id:
type: string
readOnly: true
@@ -21880,6 +32044,10 @@ components:
importType:
type: string
readOnly: true
+ lastUpdated:
+ type: string
+ format: date-time
+ readOnly: true
status:
$ref: '#/components/schemas/IdentitySourceSessionStatus'
IdentitySourceSessionStatus:
@@ -21890,6 +32058,7 @@ components:
- CREATED
- ERROR
- EXPIRED
+ - IN_PROGRESS
- TRIGGERED
IdentitySourceUserProfileForDelete:
type: object
@@ -21898,7 +32067,7 @@ components:
type: string
maxLength: 512
IdentitySourceUserProfileForUpsert:
- additionalProperties: true
+ additionalProperties: {}
type: object
properties:
email:
@@ -21932,21 +32101,75 @@ components:
userName:
type: string
maxLength: 100
+ IdpDiscoveryPolicy:
+ allOf:
+ - $ref: '#/components/schemas/Policy'
+ IdpDiscoveryPolicyRule:
+ allOf:
+ - $ref: '#/components/schemas/PolicyRule'
+ - type: object
+ properties:
+ actions:
+ $ref: '#/components/schemas/IdpPolicyRuleAction'
+ conditions:
+ $ref: '#/components/schemas/IdpDiscoveryPolicyRuleCondition'
+ IdpDiscoveryPolicyRuleCondition:
+ allOf:
+ - type: object
+ properties:
+ app:
+ $ref: '#/components/schemas/AppAndInstancePolicyRuleCondition'
+ network:
+ $ref: '#/components/schemas/PolicyNetworkCondition'
+ userIdentifier:
+ $ref: '#/components/schemas/UserIdentifierPolicyRuleCondition'
+ platform:
+ $ref: '#/components/schemas/PlatformPolicyRuleCondition'
IdpPolicyRuleAction:
type: object
properties:
- providers:
- items:
- $ref: '#/components/schemas/IdpPolicyRuleActionProvider'
- type: array
+ idp:
+ type: object
+ properties:
+ providers:
+ items:
+ $ref: '#/components/schemas/IdpPolicyRuleActionProvider'
+ type: array
+ description: List of configured Identity Providers that a given Rule can route to. Ability to define multiple providers is a part of the Okta Identity Engine. This allows users to choose a Provider when they sign in. Contact support for information on the Identity Engine.
+ idpSelectionType:
+ description: Determines whether the rule should use expression language or a specific IdP
+ $ref: '#/components/schemas/IdpSelectionType'
+ matchCriteria:
+ items:
+ $ref: '#/components/schemas/IdpPolicyRuleActionMatchCriteria'
+ type: array
+ description: Required if `idpSelectionType` is set to `DYNAMIC`
+ IdpPolicyRuleActionMatchCriteria:
+ type: object
+ properties:
+ propertyName:
+ type: string
+ description: The IdP property that the evaluated string should match to
+ providerExpression:
+ type: string
+ description: |
+ You can provide an Okta Expression Language expression with the Login Context that's evaluated with the IdP. For example, the value `login.identifier` refers to the user's username. If the user is signing in with the username `john.doe@mycompany.com`, the expression `login.identifier.substringAfter(@))` is evaluated to the domain name of the user, for example: `mycompany.com`.
IdpPolicyRuleActionProvider:
type: object
properties:
id:
- readOnly: true
type: string
- type:
+ description: IdP types of `OKTA`, `AgentlessDSSO`, and `IWA` don't require an ID.
+ name:
type: string
+ description: Provider `name` in Okta. Optional. Supported in `IDENTITY ENGINE`.
+ type:
+ $ref: '#/components/schemas/IdentityProviderType'
+ IdpSelectionType:
+ type: string
+ x-okta-known-values:
+ - DYNAMIC
+ - SPECIFIC
IframeEmbedScopeAllowedApps:
type: string
x-okta-known-values:
@@ -21957,6 +32180,51 @@ components:
url:
readOnly: true
type: string
+ ImportScheduleObject:
+ description: Import schedule configuration
+ type: object
+ properties:
+ fullImport:
+ allOf:
+ - $ref: '#/components/schemas/ImportScheduleSettings'
+ - description: Determines the full import schedule
+ incrementalImport:
+ allOf:
+ - $ref: '#/components/schemas/ImportScheduleSettings'
+ - description: Determines the incremental import schedule
+ status:
+ $ref: '#/components/schemas/EnabledStatus'
+ ImportScheduleSettings:
+ type: object
+ properties:
+ expression:
+ type: string
+ description: The import schedule in UNIX cron format
+ example: 00 21 * * Mon,Thu,Fri,Sat
+ timezone:
+ type: string
+ description: The import schedule time zone in Internet Assigned Numbers Authority (IANA) time zone name format
+ minLength: 1
+ maxLength: 64
+ example: America/Los_Angeles
+ required:
+ - expression
+ ImportUsernameObject:
+ description: Determines the Okta username for the imported user
+ type: object
+ properties:
+ userNameExpression:
+ type: string
+ description: For `usernameFormat=CUSTOM`, specifies the Okta Expression Language statement for a username format that imported users use to sign in to Okta
+ usernameFormat:
+ type: string
+ description: Determines the username format when users sign in to Okta
+ default: EMAIL
+ enum:
+ - EMAIL
+ - CUSTOM
+ required:
+ - usernameFormat
InactivityPolicyRuleCondition:
type: object
properties:
@@ -21964,6 +32232,11 @@ components:
type: integer
unit:
type: string
+ InboundProvisioningApplicationFeature:
+ allOf:
+ - $ref: '#/components/schemas/ApplicationFeature'
+ - type: object
+ - {}
InlineHook:
type: object
properties:
@@ -21989,11 +32262,7 @@ components:
version:
type: string
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
InlineHookChannel:
type: object
properties:
@@ -22142,48 +32411,69 @@ components:
type: object
properties:
alg:
+ description: 'The algorithm used with the Key. Valid value: `RS256`'
type: string
created:
- type: string
- format: date-time
+ $ref: '#/components/schemas/createdProperty'
e:
+ description: RSA key value (public exponent) for Key binding
type: string
+ readOnly: true
expiresAt:
+ description: Timestamp when the certificate expires
type: string
format: date-time
+ readOnly: true
key_ops:
+ description: Identifies the operation(s) for which the key is intended to be used
type: array
items:
type: string
kid:
+ description: Unique identifier for the certificate
type: string
+ readOnly: true
kty:
+ description: 'Cryptographic algorithm family for the certificate''s keypair. Valid value: `RSA`'
type: string
+ readOnly: true
lastUpdated:
type: string
format: date-time
+ $ref: '#/components/schemas/lastUpdatedProperty'
'n':
+ description: RSA modulus value that is used by both the public and private keys and provides a link between them
type: string
status:
+ description: |-
+ An `ACTIVE` Key is used to sign tokens issued by the authorization server. Supported values: `ACTIVE`, `NEXT`, or `EXPIRED`
+ A `NEXT` Key is the next Key that the authorization server uses to sign tokens when Keys are rotated. The `NEXT` Key might not be listed if it hasn't been generated yet.
+ An `EXPIRED` Key is the previous Key that the authorization server used to sign tokens. The `EXPIRED` Key might not be listed if no Key has expired or the expired Key was deleted.
type: string
use:
+ description: 'Acceptable use of the certificate. Valid value: `sig`'
type: string
+ readOnly: true
x5c:
+ description: X.509 certificate chain that contains a chain of one or more certificates
type: array
items:
type: string
+ readOnly: true
x5t:
+ description: X.509 certificate SHA-1 thumbprint, which is the base64url-encoded SHA-1 thumbprint (digest) of the DER encoding of an X.509 certificate
type: string
+ readOnly: true
x5t#S256:
+ description: X.509 certificate SHA-256 thumbprint, which is the base64url-encoded SHA-256 thumbprint (digest) of the DER encoding of an X.509 certificate
type: string
+ readOnly: true
x5u:
+ description: A URI that refers to a resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS (JSON Web Signature)
type: string
- _links:
- type: object
- additionalProperties:
- type: object
- properties: {}
readOnly: true
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
JwkUse:
type: object
properties:
@@ -22198,22 +32488,48 @@ components:
properties:
name:
type: string
+ KeyTrustLevelBrowserKey:
+ description: Represents the attestation strength used by the Chrome Verified Access API
+ example: CHROME_BROWSER_HW_KEY
+ type: string
+ x-enumDescriptions:
+ CHROME_BROWSER_HW_KEY: Identity of the device was attested using a key pair that is OS encapsulated by a hardware layer
+ CHROME_BROWSER_OS_KEY: Identity of the device was attested using a key pair that is simply stored on the device but not in any specific hardware layer
+ x-okta-known-values:
+ - CHROME_BROWSER_HW_KEY
+ - CHROME_BROWSER_OS_KEY
+ KeyTrustLevelOSMode:
+ description: Represents the attestation strength used by the Chrome Verified Access API
+ example: CHROME_OS_VERIFIED_MODE
+ type: string
+ x-enumDescriptions:
+ CHROME_OS_VERIFIED_MODE: Identity of the device was attested using an enterprise-emitted certificate, and the device is in Verified mode
+ CHROME_OS_DEVELOPER_MODE: Identity of the device was attested using an enterprise-emitted certificate, and the device is in Developer mode
+ x-okta-known-values:
+ - CHROME_OS_DEVELOPER_MODE
+ - CHROME_OS_VERIFIED_MODE
KnowledgeConstraint:
allOf:
- $ref: '#/components/schemas/AccessPolicyConstraint'
Language:
- description: The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646).
+ description: The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646)
type: string
LifecycleCreateSettingObject:
+ description: Determines whether to update a user in the application when a user in Okta is updated
type: object
properties:
status:
- $ref: '#/components/schemas/EnabledStatus'
+ allOf:
+ - $ref: '#/components/schemas/EnabledStatus'
+ - default: DISABLED
LifecycleDeactivateSettingObject:
+ description: Determines whether deprovisioning occurs when the app is unassigned
type: object
properties:
status:
- $ref: '#/components/schemas/EnabledStatus'
+ allOf:
+ - $ref: '#/components/schemas/EnabledStatus'
+ - default: DISABLED
LifecycleExpirationPolicyRuleCondition:
type: object
properties:
@@ -22236,11 +32552,7 @@ components:
primary:
$ref: '#/components/schemas/LinkedObjectDetails'
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
LinkedObjectDetails:
type: object
properties:
@@ -22256,6 +32568,79 @@ components:
type: string
x-okta-known-values:
- USER
+ LinksAppAndUser:
+ description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of resources related to the App User.
+ type: object
+ properties:
+ app:
+ $ref: '#/components/schemas/HrefObjectAppLink'
+ user:
+ $ref: '#/components/schemas/HrefObjectUserLink'
+ readOnly: true
+ LinksNext:
+ description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. Use the `LinksNext` object for dynamic discovery of related resources and lifecycle operations.
+ type: object
+ properties:
+ next:
+ $ref: '#/components/schemas/HrefObject'
+ readOnly: true
+ LinksSelf:
+ description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+ type: object
+ properties:
+ self:
+ $ref: '#/components/schemas/HrefObjectSelfLink'
+ readOnly: true
+ LinksSelfAndFullUsersLifecycle:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelfAndLifecycle'
+ - type: object
+ properties:
+ suspend:
+ $ref: '#/components/schemas/HrefObjectSuspendLink'
+ unsuspend:
+ $ref: '#/components/schemas/HrefObjectUnsuspendLink'
+ users:
+ description: Link to Device users
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ LinksSelfAndLifecycle:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ activate:
+ $ref: '#/components/schemas/HrefObjectActivateLink'
+ deactivate:
+ $ref: '#/components/schemas/HrefObjectDeactivateLink'
+ LinksSelfAndRoles:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ roles:
+ $ref: '#/components/schemas/HrefObject'
+ LinksSelfLifecycleAndAuthorize:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelfAndLifecycle'
+ - type: object
+ ListProfileMappings:
+ description: |-
+ A collection of the profile mappings that include a subset of the profile mapping object's properties. The Profile Mapping object describes a mapping between an Okta User's and an App User's properties using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
+
+ > **Note:** Same type source/target mappings aren't supported by this API. Profile mappings must either be Okta->App or App->Okta.
+ type: object
+ properties:
+ id:
+ type: string
+ description: Unique identifier for profile mapping
+ readOnly: true
+ source:
+ $ref: '#/components/schemas/ProfileMappingSource'
+ target:
+ $ref: '#/components/schemas/ProfileMappingTarget'
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
LoadingPageTouchPointVariant:
type: string
x-okta-known-values:
@@ -22274,7 +32659,7 @@ components:
alternateId:
type: string
readOnly: true
- detail:
+ detailEntry:
type: object
additionalProperties:
type: object
@@ -22511,35 +32896,46 @@ components:
created:
type: string
format: date-time
- description: Timestamp when the Log Stream was created
+ description: Timestamp when the Log Stream object was created
readOnly: true
+ example: '2022-10-21T16:59:59.000Z'
id:
type: string
- description: Unique key for the Log Stream
+ description: Unique identifier for the Log Stream
readOnly: true
+ example: 0oa1orzg0CHSgPcjZ0g4
lastUpdated:
type: string
format: date-time
- description: Timestamp when the Log Stream was last updated
+ description: Timestamp when the Log Stream object was last updated
readOnly: true
+ example: '2022-10-21T17:15:10.000Z'
name:
- type: string
- description: Unique name for the Log Stream
+ $ref: '#/components/schemas/LogStreamName'
status:
- $ref: '#/components/schemas/LifecycleStatus'
+ type: string
+ description: Lifecycle status of the Log Stream object
+ enum:
+ - ACTIVE
+ - INACTIVE
+ readOnly: true
type:
$ref: '#/components/schemas/LogStreamType'
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- activate:
- $ref: '#/components/schemas/HrefObject'
- deactivate:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- discriminator: *ref_5
+ $ref: '#/components/schemas/LogStreamLinksSelfAndLifecycle'
+ required:
+ - created
+ - id
+ - lastUpdated
+ - name
+ - status
+ - type
+ - _links
+ discriminator: *ref_11
+ LogStreamActivateLink:
+ allOf:
+ - $ref: '#/components/schemas/LogStreamLinkObject'
+ - description: Link to activate the resource
LogStreamAws:
allOf:
- $ref: '#/components/schemas/LogStream'
@@ -22547,6 +32943,65 @@ components:
properties:
settings:
$ref: '#/components/schemas/LogStreamSettingsAws'
+ required:
+ - settings
+ LogStreamAwsPutSchema:
+ allOf:
+ - $ref: '#/components/schemas/LogStreamPutSchema'
+ - type: object
+ properties:
+ settings:
+ $ref: '#/components/schemas/LogStreamSettingsAws'
+ required:
+ - settings
+ LogStreamDeactivateLink:
+ allOf:
+ - $ref: '#/components/schemas/LogStreamLinkObject'
+ - description: Link to deactivate the resource
+ LogStreamLinkObject:
+ title: Log Stream Link object
+ type: object
+ properties:
+ href:
+ type: string
+ description: The URI of the resource
+ method:
+ type: string
+ description: HTTP method allowed for the resource
+ enum:
+ - GET
+ - POST
+ required:
+ - href
+ readOnly: true
+ LogStreamLinksSelfAndLifecycle:
+ description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+ type: object
+ properties:
+ activate:
+ $ref: '#/components/schemas/LogStreamActivateLink'
+ deactivate:
+ $ref: '#/components/schemas/LogStreamDeactivateLink'
+ self:
+ $ref: '#/components/schemas/LogStreamSelfLink'
+ required:
+ - self
+ readOnly: true
+ LogStreamName:
+ description: Unique name for the Log Stream object
+ example: My AWS EventBridge log stream
+ type: string
+ LogStreamPutSchema:
+ type: object
+ properties:
+ name:
+ $ref: '#/components/schemas/LogStreamName'
+ type:
+ $ref: '#/components/schemas/LogStreamType'
+ required:
+ - name
+ - type
+ discriminator: *ref_20
LogStreamSchema:
type: object
properties:
@@ -22579,47 +33034,50 @@ components:
type: string
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
- LogStreamSettings:
- type: object
- LogStreamSettingsAws:
+ $ref: '#/components/schemas/LinksSelf'
+ LogStreamSelfLink:
allOf:
- - $ref: '#/components/schemas/LogStreamSettings'
- - description: The AWS EventBridge Settings object specifies the configuration for the `aws_eventbridge` Log Stream type. This can't be modified after creation.
- type: object
- properties:
- accountId:
- type: string
- description: Your AWS account ID
- minLength: 12
- maxLength: 12
- eventSourceName:
- type: string
- description: An alphanumeric name (no spaces) to identify this event source in AWS EventBridge
- pattern: ^[a-zA-Z0-9.\-_]$
- minLength: 1
- maxLength: 75
- region:
- $ref: '#/components/schemas/AwsRegion'
+ - $ref: '#/components/schemas/LogStreamLinkObject'
+ - description: Link to the resource (self)
+ LogStreamSettingsAws:
+ description: Specifies the configuration for the `aws_eventbridge` Log Stream type. This configuration can't be modified after creation.
+ type: object
+ properties:
+ accountId:
+ $ref: '#/components/schemas/AwsAccountId'
+ eventSourceName:
+ $ref: '#/components/schemas/AwsEventSourceName'
+ region:
+ $ref: '#/components/schemas/AwsRegion'
+ required:
+ - accountId
+ - eventSourceName
+ - region
LogStreamSettingsSplunk:
- allOf:
- - $ref: '#/components/schemas/LogStreamSettings'
- - description: The Splunk Cloud Settings object specifies the configuration for the `splunk_cloud_logstreaming` Log Stream type.
- type: object
- properties:
- host:
- type: string
- description: 'The domain name for your Splunk Cloud instance. Don''t include `http` or `https` in the string. For example: `acme.splunkcloud.com`'
- minLength: 17
- maxLength: 116
- token:
- type: string
- description: The HEC token for your Splunk Cloud HTTP Event Collector
- pattern: (?i)^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$
+ description: Specifies the configuration for the `splunk_cloud_logstreaming` Log Stream type.
+ type: object
+ properties:
+ edition:
+ $ref: '#/components/schemas/SplunkEdition'
+ host:
+ $ref: '#/components/schemas/SplunkHost'
+ token:
+ $ref: '#/components/schemas/SplunkToken'
+ required:
+ - edition
+ - host
+ - token
+ LogStreamSettingsSplunkPut:
+ description: Specifies the configuration for the `splunk_cloud_logstreaming` Log Stream type.
+ type: object
+ properties:
+ edition:
+ $ref: '#/components/schemas/SplunkEdition'
+ host:
+ $ref: '#/components/schemas/SplunkHost'
+ required:
+ - edition
+ - host
LogStreamSplunk:
allOf:
- $ref: '#/components/schemas/LogStream'
@@ -22627,8 +33085,26 @@ components:
properties:
settings:
$ref: '#/components/schemas/LogStreamSettingsSplunk'
+ required:
+ - settings
+ LogStreamSplunkPutSchema:
+ allOf:
+ - $ref: '#/components/schemas/LogStreamPutSchema'
+ - type: object
+ properties:
+ settings:
+ $ref: '#/components/schemas/LogStreamSettingsSplunkPut'
+ required:
+ - settings
LogStreamType:
- description: The Log Stream type specifies the streaming provider used. Okta supports [AWS EventBridge](https://aws.amazon.com/eventbridge/) and [Splunk Cloud](https://www.splunk.com/en_us/software/splunk-cloud-platform.html).
+ description: |-
+ Specifies the streaming provider used
+
+ Supported providers:
+ * `aws_eventbridge` ([AWS EventBridge](https://aws.amazon.com/eventbridge))
+ * `splunk_cloud_logstreaming` ([Splunk Cloud](https://www.splunk.com/en_us/software/splunk-cloud-platform.html))
+
+ Select the provider type to see provider-specific configurations in the `settings` property:
type: string
x-okta-known-values:
- aws_eventbridge
@@ -22705,6 +33181,20 @@ components:
MultifactorEnrollmentPolicyAuthenticatorSettings:
type: object
properties:
+ constraints:
+ nullable: true
+ minimum: 0
+ type: object
+ properties:
+ aaguidGroups:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
enroll:
type: object
properties:
@@ -22756,80 +33246,88 @@ components:
type: array
items:
type: string
- description: 'Format of each array value: a string representation of an ASN numeric value'
+ description: 'Dynamic network zone property: An array of strings that represent an ASN numeric value'
maximum: 75
- example:
- - 23457
created:
type: string
format: date-time
+ description: Timestamp when the network zone was created
readOnly: true
gateways:
type: array
items:
$ref: '#/components/schemas/NetworkZoneAddress'
description: |-
- IP addresses (range or CIDR form) of this Zone.
+ IP network zone property: the IP addresses (range or CIDR form) of this zone.
The maximum array length is 150 entries for admin-created IP zones, 1000 entries for IP blocklist zones, and 5000 entries for the default system IP Zone.
id:
type: string
+ description: Unique identifier for the network zone
readOnly: true
lastUpdated:
type: string
format: date-time
+ description: Timestamp when the network zone was last modified
readOnly: true
locations:
type: array
items:
$ref: '#/components/schemas/NetworkZoneLocation'
- description: The geolocations of this Zone
+ description: 'Dynamic network zone property: an array of geolocations of this network zone'
maximum: 75
name:
type: string
- description: Unique name for this Zone. Maximum of 128 characters.
- example: newNetworkZone
+ description: Unique name for this network zone. Maximum of 128 characters.
proxies:
type: array
items:
$ref: '#/components/schemas/NetworkZoneAddress'
+ nullable: true
description: |-
- IP address (range or CIDR form) that are allowed to forward a request from gateway addresses.
+ IP network zone property: the IP addresses (range or CIDR form) that are allowed to forward a request from gateway addresses
These proxies are automatically trusted by Threat Insights, and used to identify the client IP of a request.
The maximum array length is 150 entries for admin-created zones and 5000 entries for the default system IP Zone.
proxyType:
type: string
- description: 'One of: `""` or `null` (when not specified), `Any` (meaning any proxy), `Tor`, or `NotTorAnonymizer`'
- example: ANY
+ description: 'Dynamic network zone property: the proxy type used'
+ enum:
+ - 'null'
+ - Any
+ - Tor
+ - NotTorAnonymizer
+ x-enumDescriptions:
+ 'null': (Or `""`) No proxy used
+ Any: Use any proxy type for the dynamic zone.
+ Tor: Use TorAnonymizer as the proxy type for the dynamic zone.
+ NotTorAnonymizer: Use NotTorAnonymizer as the proxy type for the dynamic zone.
status:
$ref: '#/components/schemas/NetworkZoneStatus'
system:
type: boolean
description: |-
- Indicates if this is a system Network Zone. For admin-created zones, this is always `false`.
+ Indicates if this is a system network zone. For admin-created zones, this is always `false`.
The system IP Policy Network Zone (`LegacyIpZone`) is included by default in your Okta org. Notice that `system=true` for the `LegacyIpZone` object. Admin users can modify the name of this default system Zone and can add up to 5000 gateway or proxy IP entries.
type:
$ref: '#/components/schemas/NetworkZoneType'
- description: 'Type of Zone: `IP` or `DYNAMIC`'
usage:
$ref: '#/components/schemas/NetworkZoneUsage'
- description: 'Usage of Zone: `POLICY` or `BLOCKLIST`'
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ deactivate:
+ $ref: '#/components/schemas/HrefObject'
NetworkZoneAddress:
description: Specifies the value of an IP address expressed using either `range` or `CIDR` form.
- example: 1.2.3.4/24
type: object
properties:
type:
$ref: '#/components/schemas/NetworkZoneAddressType'
value:
type: string
+ description: Value in CIDR/range form depending on the type specified
NetworkZoneAddressType:
- example: CIDR
+ description: Format of the value
type: string
x-okta-known-values:
- CIDR
@@ -22850,27 +33348,44 @@ components:
Do not use continent codes as they are treated as generic codes for undesignated regions.
example: US-CA
NetworkZoneStatus:
- example: ACTIVE
+ description: Network zone status
type: string
x-okta-known-values:
- ACTIVE
- INACTIVE
NetworkZoneType:
- example: IP
+ description: The type of network zone
type: string
x-okta-known-values:
- DYNAMIC
- IP
NetworkZoneUsage:
- example: BLOCKLIST
+ description: The usage of the network zone
type: string
x-okta-known-values:
- BLOCKLIST
- POLICY
NotificationType:
+ description: The type of notification
type: string
+ x-enumDescriptions:
+ AD_AGENT: System notification sent when an AD agent disconnects or reconnects
+ AGENT_AUTO_UPDATE_NOTIFICATION: System notification sent when an agent automatically updates
+ APP_IMPORT: System notification sent with the status of an app user import
+ CONNECTOR_AGENT: System notification sent when an on-premises provisioning or Okta on-prem MFA agent disconnects or reconnects
+ IWA_AGENT: System notification sent when an IGA agent disconnects or reconnects
+ LDAP_AGENT: System notification sent when an LDAP agent disconnects or reconnects
+ OKTA_ANNOUNCEMENT: Okta communication sent for announcements and release notes
+ OKTA_ISSUE: Okta communication sent for trust incident alerts and updates
+ OKTA_UPDATE: Okta communication sent for scheduled system updates
+ RATELIMIT_NOTIFICATION: System notification sent when an org reaches rate limit warning or violation thresholds
+ REPORT_SUSPICIOUS_ACTIVITY: System notification sent when a user reports suspicious activity
+ USER_DEPROVISION: System notification sent when a user is deprovisioned from apps
+ USER_LOCKED_OUT: System notification sent when a user is locked out from logging in to Okta
x-okta-known-values:
- AD_AGENT
+ - AGENT_AUTO_UPDATE_NOTIFICATION
+ - AGENT_AUTO_UPDATE_NOTIFICATION_LDAP
- APP_IMPORT
- CONNECTOR_AGENT
- IWA_AGENT
@@ -22883,18 +33398,24 @@ components:
- USER_DEPROVISION
- USER_LOCKED_OUT
OAuth2Actor:
+ description: User that created the object
type: object
properties:
id:
type: string
+ description: User ID
readOnly: true
type:
type: string
+ description: Type of user
+ example: User
+ readOnly: true
OAuth2Claim:
type: object
properties:
alwaysIncludeInToken:
type: boolean
+ description: Specifies whether to include Claims in the token. The value is always `TRUE` for access token Claims. If the value is set to `FALSE` for an ID token claim, the Claim isn't included in the ID token when the token is requested with the access token or with the `authorization_code`. The client instead uses the access token to get Claims from the `/userinfo` endpoint.
claimType:
$ref: '#/components/schemas/OAuth2ClaimType'
conditions:
@@ -22903,24 +33424,25 @@ components:
$ref: '#/components/schemas/OAuth2ClaimGroupFilterType'
id:
type: string
+ description: ID of the Claim
readOnly: true
name:
type: string
+ description: Name of the Claim
status:
$ref: '#/components/schemas/LifecycleStatus'
system:
+ description: When `true`, indicates that Okta created the Claim
type: boolean
value:
+ description: Specifies the value of the Claim. This value must be a string literal if `valueType` is `GROUPS`, and the string literal is matched with the selected `group_filter_type`. The value must be an Okta EL expression if `valueType` is `EXPRESSION`.
type: string
valueType:
$ref: '#/components/schemas/OAuth2ClaimValueType'
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
OAuth2ClaimConditions:
+ description: Specifies the scopes for the Claim
type: object
properties:
scopes:
@@ -22928,18 +33450,31 @@ components:
items:
type: string
OAuth2ClaimGroupFilterType:
+ description: |-
+ Specifies the type of group filter if `valueType` is `GROUPS`
+
+ If `valueType` is `GROUPS`, then the groups returned are filtered according to the value of `group_filter_type`.
+
+ If you have complex filters for Groups, you can [create a Groups allowlist](https://developer.okta.com/docs/guides/customize-tokens-groups-claim/main/) to put them all in a Claim.
type: string
+ x-enumDescriptions:
+ STARTS_WITH: Group names start with `value` (not case-sensitive). For example, if `value` is `group1`, then `group123` and `Group123` are included.
+ EQUALS: Group name is the same as `value` (not case-sensitive). For example, if `value` is `group1`, then `group1` and `Group1` are included, but `group123` isn't.
+ CONTAINS: Group names contain `value` (not case-sensitive). For example, if `value` is `group1`, then `MyGroup123` and `group1` are included.
+ REGEX: Group names match the regular expression in `value` (case-sensitive). For example if `value` is `/^[a-z0-9_-]{3,16}$/`, then any Group name that has at least three letters, no more than 16, and contains lowercase letters, a hyphen, or numbers is a match.
x-okta-known-values:
- CONTAINS
- EQUALS
- REGEX
- STARTS_WITH
OAuth2ClaimType:
+ description: Specifies whether the Claim is for an access token (`RESOURCE`) or an ID token (`IDENTITY`)
type: string
x-okta-known-values:
- IDENTITY
- RESOURCE
OAuth2ClaimValueType:
+ description: Specifies whether the Claim is an Okta Expression Language (EL) expression (`EXPRESSION`), a set of groups (`GROUPS`), or a system claim (`SYSTEM`)
type: string
x-okta-known-values:
- EXPRESSION
@@ -22949,67 +33484,121 @@ components:
type: object
properties:
client_id:
+ description: Unique key for the client application. The `client_id` is immutable
type: string
readOnly: true
client_name:
+ description: Human-readable string name of the client application
type: string
readOnly: true
client_uri:
type: string
readOnly: true
logo_uri:
+ description: URL string that references a logo for the client consent dialog (not the sign-in dialog)
type: string
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
OAuth2RefreshToken:
type: object
properties:
clientId:
type: string
+ description: Client ID
created:
- type: string
- format: date-time
- readOnly: true
- createdBy:
- $ref: '#/components/schemas/OAuth2Actor'
+ $ref: '#/components/schemas/createdProperty'
expiresAt:
type: string
+ description: Expiration time of the OAuth 2.0 Token
format: date-time
readOnly: true
id:
type: string
+ description: ID of the Token object
readOnly: true
issuer:
type: string
+ description: The complete URL of the authorization server that issued the Token
lastUpdated:
- type: string
- format: date-time
- readOnly: true
+ $ref: '#/components/schemas/lastUpdatedProperty'
scopes:
type: array
+ description: The scope names attached to the Token
items:
type: string
status:
$ref: '#/components/schemas/GrantOrTokenStatus'
userId:
type: string
+ description: The ID of the user associated with the Token
_embedded:
type: object
- additionalProperties:
- type: object
- properties: {}
+ description: The embedded resources related to the object if the `expand` query parameter is specified
+ properties:
+ scopes:
+ type: array
+ description: The scope objects attached to the Token
+ items:
+ $ref: '#/components/schemas/OAuth2RefreshTokenScope'
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ app:
+ description: Link to the app resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ revoke:
+ description: Link to revoke the refresh Token
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ - properties:
+ hints:
+ properties:
+ allow:
+ items:
+ enum:
+ - DELETE
+ default: DELETE
+ client:
+ description: Link to the client resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ user:
+ description: Link to the user resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ authorizationServer:
+ description: Link to the Token authorization server resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ OAuth2RefreshTokenScope:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Scope
+ displayName:
+ type: string
+ description: Name of the end user displayed in a consent dialog
+ id:
+ type: string
+ description: Scope object ID
readOnly: true
+ name:
+ type: string
+ description: Scope name
+ _links:
+ description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+ type: object
+ properties:
+ scope:
+ description: Link to Scope resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
OAuth2Scope:
type: object
properties:
@@ -23017,76 +33606,116 @@ components:
$ref: '#/components/schemas/OAuth2ScopeConsentType'
default:
type: boolean
+ description: Indicates if this Scope is a default scope
description:
type: string
+ description: Description of the Scope
displayName:
type: string
+ description: Name of the end user displayed in a consent dialog
id:
type: string
+ description: Scope object ID
readOnly: true
metadataPublish:
$ref: '#/components/schemas/OAuth2ScopeMetadataPublish'
name:
type: string
+ description: Scope name
+ optional:
+ type: boolean
system:
type: boolean
+ description: Indicates if Okta created the Scope
OAuth2ScopeConsentGrant:
+ description: Grant object that represents an app consent scope grant
type: object
properties:
clientId:
type: string
- created:
- type: string
- format: date-time
+ description: Client ID of the app integration
readOnly: true
+ created:
+ $ref: '#/components/schemas/createdProperty'
createdBy:
$ref: '#/components/schemas/OAuth2Actor'
id:
type: string
+ description: ID of the Grant object
readOnly: true
issuer:
type: string
+ description: The issuer of your org authorization server. This is typically your Okta domain.
+ example: https://my_test_okta_org.oktapreview.com
lastUpdated:
- type: string
- format: date-time
- readOnly: true
+ $ref: '#/components/schemas/lastUpdatedProperty'
scopeId:
type: string
+ description: The name of the [Okta scope](https://developer.okta.com/docs/api/oauth2/#oauth-20-scopes) for which consent is granted
+ example: okta.users.read
source:
$ref: '#/components/schemas/OAuth2ScopeConsentGrantSource'
status:
$ref: '#/components/schemas/GrantOrTokenStatus'
userId:
type: string
+ description: User ID that granted consent (if `source` is `END_USER`)
+ readOnly: true
_embedded:
type: object
- additionalProperties:
- type: object
- properties: {}
+ description: Embedded resources related to the Grant
+ properties:
+ scope:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The name of the Okta scope for which consent is granted
+ example: okta.users.read
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ app:
+ description: Link to the app resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ client:
+ description: Link to the client resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ - readOnly: true
+ required:
+ - issuer
+ - scopeId
OAuth2ScopeConsentGrantSource:
+ description: User type source that granted consent
+ example: ADMIN
type: string
+ readOnly: true
x-okta-known-values:
- ADMIN
- END_USER
OAuth2ScopeConsentType:
+ description: Indicates whether a consent dialog is needed for the Scope
+ default: IMPLICIT
type: string
x-okta-known-values:
- ADMIN
+ - FLEXIBLE
- IMPLICIT
- REQUIRED
OAuth2ScopeMetadataPublish:
+ description: Indicates whether the Scope is included in the metadata
+ default: NO_CLIENTS
type: string
x-okta-known-values:
- ALL_CLIENTS
- NO_CLIENTS
OAuth2ScopesMediationPolicyRuleCondition:
+ description: Array of scopes that the condition includes
type: object
properties:
include:
@@ -23098,25 +33727,28 @@ components:
properties:
clientId:
type: string
- created:
- type: string
- format: date-time
+ description: Client ID
+ example: 0oabskvc6442nkvQO0h7
readOnly: true
+ created:
+ $ref: '#/components/schemas/createdProperty'
expiresAt:
type: string
+ description: Expiration time of the OAuth 2.0 Token
format: date-time
readOnly: true
id:
type: string
+ description: ID of the Token object
readOnly: true
issuer:
type: string
+ description: The complete URL of the authorization server that issued the Token
lastUpdated:
- type: string
- format: date-time
- readOnly: true
+ $ref: '#/components/schemas/lastUpdatedProperty'
scopes:
type: array
+ description: Name of scopes attached to the Token
items:
type: string
status:
@@ -23125,16 +33757,13 @@ components:
type: string
_embedded:
type: object
+ description: Embedded resources related to the object if the `expand` query parameter is specified
additionalProperties:
type: object
properties: {}
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
OAuthApplicationCredentials:
allOf:
- $ref: '#/components/schemas/ApplicationCredentials'
@@ -23157,10 +33786,10 @@ components:
- client_credentials
- implicit
- interaction_code
- - interaction_code
- password
- refresh_token
- urn:ietf:params:oauth:grant-type:device_code
+ - urn:ietf:params:oauth:grant-type:jwt-bearer
- urn:ietf:params:oauth:grant-type:saml2-bearer
- urn:ietf:params:oauth:grant-type:token-exchange
OAuthResponseType:
@@ -23169,6 +33798,324 @@ components:
- code
- id_token
- token
+ OINApplication:
+ type: object
+ properties:
+ accessibility:
+ $ref: '#/components/schemas/ApplicationAccessibility'
+ created:
+ type: string
+ format: date-time
+ readOnly: true
+ description: Timestamp when the Application object was created
+ credentials:
+ $ref: '#/components/schemas/SchemeApplicationCredentials'
+ features:
+ type: array
+ description: Enabled app features
+ items:
+ type: string
+ id:
+ type: string
+ readOnly: true
+ description: Unique ID for the app instance
+ label:
+ $ref: '#/components/schemas/ApplicationLabel'
+ lastUpdated:
+ type: string
+ format: date-time
+ readOnly: true
+ description: Timestamp when the Application object was last updated
+ licensing:
+ $ref: '#/components/schemas/ApplicationLicensing'
+ name:
+ type: string
+ description: Unique key for the app definition
+ profile:
+ type: object
+ description: Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps)
+ additionalProperties:
+ type: object
+ properties: {}
+ settings:
+ $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
+ signOnMode:
+ $ref: '#/components/schemas/ApplicationSignOnMode'
+ status:
+ $ref: '#/components/schemas/ApplicationLifecycleStatus'
+ visibility:
+ $ref: '#/components/schemas/ApplicationVisibility'
+ _embedded:
+ type: object
+ additionalProperties:
+ type: object
+ properties: {}
+ readOnly: true
+ _links:
+ $ref: '#/components/schemas/ApplicationLinks'
+ OINApplicationSettingsSignOn:
+ description: Base sign-in setting schema for an OIN app
+ type: object
+ properties:
+ signOnMode:
+ $ref: '#/components/schemas/ApplicationSignOnMode'
+ discriminator:
+ propertyName: signOnMode
+ mapping:
+ AUTO_LOGIN: '#/components/schemas/OINAutoLoginApplicationSettingsSignOn'
+ SAML_1_1: '#/components/schemas/OINSaml11ApplicationSettingsSignOn'
+ SAML_2_0: '#/components/schemas/OINSaml20ApplicationSettingsSignOn'
+ OINAutoLoginApplicationSettingsSignOn:
+ allOf:
+ - $ref: '#/components/schemas/OINApplicationSettingsSignOn'
+ - type: object
+ - description: Contains the sign-in attributes available when configuring an app with `AUTO_LOGIN` as the `signOnMode`
+ - required:
+ - loginUrl
+ properties:
+ signOnMode:
+ default: AUTO_LOGIN
+ loginUrl:
+ type: string
+ description: Primary URL of the sign-in page for this app
+ redirectUrl:
+ type: string
+ description: Secondary URL of the sign-in page for this app
+ OINBaseSignOnModeApplicationSettings:
+ allOf:
+ - $ref: '#/components/schemas/ApplicationSettings'
+ - type: object
+ properties:
+ app:
+ type: object
+ nullable: true
+ additionalProperties:
+ type: string
+ properties: {}
+ signOn:
+ $ref: '#/components/schemas/OINApplicationSettingsSignOn'
+ OINSaml11ApplicationSettingsSignOn:
+ allOf:
+ - $ref: '#/components/schemas/OINApplicationSettingsSignOn'
+ - type: object
+ - description: Contains the sign-in attributes available when configuring an app with `SAML_1_1` as the `signOnMode`
+ properties:
+ signOnMode:
+ default: SAML_1_1
+ defaultRelayState:
+ type: string
+ description: Identifies a specific application resource in an IDP-initiated SSO scenario
+ ssoAcsUrlOverride:
+ type: string
+ description: Assertion Consumer Service URL override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm)
+ audienceOverride:
+ type: string
+ description: Audience override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm)
+ recipientOverride:
+ type: string
+ description: Recipient override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm)
+ OINSaml20ApplicationSettingsSignOn:
+ description: Contains the sign-in attributes available when configuring an app with `SAML_2_0` as the `signOnMode`
+ allOf:
+ - $ref: '#/components/schemas/OINSaml11ApplicationSettingsSignOn'
+ - type: object
+ - required:
+ - destinationOverride
+ properties:
+ signOnMode:
+ default: SAML_2_0
+ destinationOverride:
+ type: string
+ description: Destination override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm)
+ honorForceAuthn:
+ type: boolean
+ description: Set to `true` to prompt users for their credentials when a SAML request has the `ForceAuthn` attribute set to `true`
+ configuredAttributeStatements:
+ type: array
+ items:
+ $ref: '#/components/schemas/SamlAttributeStatement'
+ OSVersion:
+ description: |
+ Specifies the OS requirement for the policy.
+
+ There are two types of OS requirements:
+
+ * **Static**: A specific OS version requirement that doesn't change until you update the policy. A static OS requirement is specified with the `osVersion.minimum` property.
+ * **Dynamic**: An OS version requirement that is relative to the latest major OS release and security patch. A dynamic OS requirement is specified with the `osVersion.dynamicVersionRequirement` property.
+ > **Note:** Dynamic OS requirements are available only if the **Dynamic OS version compliance** [self-service EA](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature is enabled. You can't specify both `osVersion.minimum` and `osVersion.dynamicVersionRequirement` properties at the same time.
+ type: object
+ properties:
+ dynamicVersionRequirement:
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
+ description:
Contains the necessary properties for a dynamic version requirement
+ type: object
+ properties:
+ type:
+ type: string
+ description: Indicates the type of the dynamic OS version requirement
+ enum:
+ - MINIMUM
+ - EXACT
+ - EXACT_ANY_SUPPORTED
+ x-enumDescriptions:
+ MINIMUM: The device version must be equal to or newer than the dynamically determined version. `distanceFromLatestMajor` must be specified for this type.
+ EXACT: The device version must be on the same major version as the dynamically determined version. `distanceFromLatestMajor` must be specified for this type.
+ EXACT_ANY_SUPPORTED: The device version must be on a major version which is supported. You can't specify `distanceFromLatestMajor` for this type.
+ distanceFromLatestMajor:
+ description: Indicates the distance from the latest major version
+ type: integer
+ minimum: 0
+ maximum: 1
+ latestSecurityPatch:
+ description: Indicates whether the device needs to be on the latest security patch
+ type: boolean
+ minimum:
+ description: The device version must be equal to or newer than the specified version string (maximum of three components for iOS and macOS, and maximum of four components for Android)
+ type: string
+ example: 12.4.5
+ OSVersionConstraint:
+ type: object
+ properties:
+ dynamicVersionRequirement:
+ type: object
+ description: Contains the necessary properties for a dynamic Windows version requirement
+ properties:
+ type:
+ type: string
+ description: Indicates the type of the dynamic Windows version requirement
+ enum:
+ - MINIMUM
+ - EXACT
+ - EXACT_ANY_SUPPORTED
+ - NOT_ALLOWED
+ x-enumDescriptions:
+ MINIMUM: The device version must be equal to or newer than the dynamically determined Windows version. `distanceFromLatestMajor` must be specified for this type.
+ EXACT: The device version must be on the same major version as the dynamically determined Windows version. `distanceFromLatestMajor` must be specified for this type.
+ EXACT_ANY_SUPPORTED: The device version must be on a Windows major version which is supported. You can't specify `distanceFromLatestMajor` for this type.
+ NOT_ALLOWED: The device version isn't allowed. You can't specify `distanceFromLatestMajor` or `latestSecurityPatch` for this type.
+ distanceFromLatestMajor:
+ description: Indicates the distance from the latest Windows major version
+ type: integer
+ minimum: 0
+ maximum: 1
+ latestSecurityPatch:
+ description: Indicates whether the policy requires Windows devices to be on the latest security patch
+ type: boolean
+ majorVersionConstraint:
+ type: string
+ description: Indicates the Windows major version
+ enum:
+ - WINDOWS_11
+ - WINDOWS_10
+ x-enumDescriptions:
+ WINDOWS_11: The device is on Windows 11
+ WINDOWS_10: The device is on Windows 10 or an older Windows version
+ minimum:
+ description: The Windows device version must be equal to or newer than the specified version
+ type: string
+ example: 12.4.5.9
+ required:
+ - majorVersionConstraint
+ OSVersionFourComponents:
+ description: Current version of the operating system (maximum of four components in the versioning scheme)
+ type: object
+ properties:
+ minimum:
+ type: string
+ example: 12.4.5.9
+ OSVersionThreeComponents:
+ description: Current version of the operating system (maximum of three components in the versioning scheme)
+ type: object
+ properties:
+ minimum:
+ type: string
+ example: 12.4.5
+ Office365ApplicationSettings:
+ allOf:
+ - $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
+ - type: object
+ - required:
+ - app
+ properties:
+ app:
+ $ref: '#/components/schemas/Office365ApplicationSettingsApplication'
+ Office365ApplicationSettingsApplication:
+ description: Office365 app instance properties
+ type: object
+ properties:
+ domain:
+ type: string
+ description: The domain for your Office 365 account
+ domains:
+ description: List of Office 365 domains
+ type: array
+ items:
+ $ref: '#/components/schemas/Office365Domain'
+ msftTenant:
+ type: string
+ description: Microsoft tenant name
+ required:
+ - msftTenant
+ - domain
+ Office365Domain:
+ type: object
+ properties:
+ index:
+ type: integer
+ name:
+ type: string
+ description: The domain for your Office 365 account
+ Office365ProvisioningSettings:
+ title: office365
+ description: Settings required for the Office 365 provisioning connection
+ type: object
+ properties:
+ adminPassword:
+ type: string
+ description: Office 365 global administrator password
+ adminUsername:
+ type: string
+ description: Office 365 global administrator user name
+ required:
+ - adminUsername
+ - adminPassword
+ Oidc:
+ description: OIDC configuration details
+ type: object
+ properties:
+ doc:
+ type: string
+ format: uri
+ description: The URL to your customer-facing instructions for configuring your OIDC integration. See [Customer configuration document guidelines](https://developer.okta.com/docs/guides/submit-app-prereq/main/#customer-configuration-document-guidelines).
+ example: https://example.com/strawberry/help/oidcSetup
+ initiateLoginUri:
+ type: string
+ format: uri
+ description: The URL to redirect users when they click on your app from their Okta End-User Dashboard
+ example: https://${org.subdomain}.example.com/strawberry/oidc/sp-init
+ postLogoutUris:
+ type: array
+ description: The sign-out redirect URIs for your app. You can send a request to `/v1/logout` to sign the user out and redirect them to one of these URIs.
+ items:
+ type: string
+ format: uri
+ description: 'A sign-out redirect URI. You can use the org properties you defined in the `config` array as variables in your URI. For example: `https://${org.subdomain}.example.com/strawberry/oidc/logged-out`'
+ example: https://${org.subdomain}.example.com/strawberry/oidc/logged-out
+ redirectUris:
+ type: array
+ minItems: 1
+ description: List of sign-in redirect URIs
+ items:
+ type: string
+ format: uri
+ description: Sign-in redirect URI
+ example: https://${org.subdomain}.example.com/strawberry/oidc/login
+ required:
+ - redirectUris
+ - doc
OktaSignOnPolicy:
allOf:
- $ref: '#/components/schemas/Policy'
@@ -23254,6 +34201,7 @@ components:
$ref: '#/components/schemas/OAuthApplicationCredentials'
name:
type: string
+ description: Unique key for the app definition
default: oidc_client
settings:
$ref: '#/components/schemas/OpenIdConnectApplicationSettings'
@@ -23293,6 +34241,19 @@ components:
type: string
consent_method:
$ref: '#/components/schemas/OpenIdConnectApplicationConsentMethod'
+ dpop_bound_access_tokens:
+ type: boolean
+ description: Indicates that the client application uses Demonstrating Proof-of-Possession (DPoP) for token requests. If `true`, the authorization server rejects token requests from this client that don't contain the DPoP header.
+ default: false
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ frontchannel_logout_session_required:
+ description: Include user session details.
+ type: boolean
+ frontchannel_logout_uri:
+ description: URL where Okta sends the logout request.
+ type: string
grant_types:
type: array
items:
@@ -23305,8 +34266,14 @@ components:
$ref: '#/components/schemas/OpenIdConnectApplicationIssuerMode'
jwks:
$ref: '#/components/schemas/OpenIdConnectApplicationSettingsClientKeys'
+ jwks_uri:
+ description: URL string that references a JSON Web Key Set for validating JWTs presented to Okta.
+ type: string
logo_uri:
type: string
+ participate_slo:
+ description: Allows the app to participate in front-channel single logout.
+ type: boolean
policy_uri:
type: string
post_logout_redirect_uris:
@@ -23335,12 +34302,28 @@ components:
items:
$ref: '#/components/schemas/JsonWebKey'
OpenIdConnectApplicationSettingsRefreshToken:
+ description: |
+ Refresh token configuration for an OAuth 2.0 client
+
+ When you create or update an OAuth 2.0 client, you can configure refresh token rotation by setting the `rotation_type` and `leeway` properties. If you don't set these properties when you create an app integration, the default values are used.
+ When you update an app integration, your previously configured values are used.
type: object
properties:
leeway:
type: integer
+ minimum: 0
+ maximum: 60
+ description: |
+ The leeway, in seconds, allowed for the OAuth 2.0 client.
+ After the refresh token is rotated, the previous token remains valid for the specified period of time so clients can get the new token.
+
+ > **Note:** A leeway of 0 doesn't necessarily mean that the previous token is immediately invalidated. The previous token is invalidated after the new token is generated and returned in the response.
+ default: 30
+ example: 20
rotation_type:
$ref: '#/components/schemas/OpenIdConnectRefreshTokenRotationType'
+ required:
+ - rotation_type
OpenIdConnectApplicationType:
type: string
x-okta-known-values:
@@ -23349,10 +34332,79 @@ components:
- service
- web
OpenIdConnectRefreshTokenRotationType:
+ description: The refresh token rotation mode for the OAuth 2.0 client
+ example: STATIC
type: string
+ x-enumDescriptions:
+ ROTATE: The default rotation type for single-page apps (SPAs)
+ STATIC: The default rotation type for all clients, except SPAs
x-okta-known-values:
- ROTATE
- STATIC
+ OperationRequest:
+ type: object
+ properties:
+ ruleId:
+ type: string
+ OperationResponse:
+ type: object
+ properties:
+ completed:
+ type: string
+ format: date-time
+ readOnly: true
+ created:
+ type: string
+ format: date-time
+ readOnly: true
+ id:
+ type: string
+ readOnly: true
+ numUserMoved:
+ type: number
+ readOnly: true
+ realmId:
+ type: string
+ readOnly: true
+ realmName:
+ type: string
+ readOnly: true
+ ruleOperation:
+ type: object
+ properties:
+ configuration:
+ type: object
+ properties:
+ actions:
+ type: object
+ properties:
+ assignUserToRealm:
+ type: object
+ properties:
+ realmId:
+ type: string
+ realmName:
+ type: string
+ conditions:
+ $ref: '#/components/schemas/Conditions'
+ id:
+ type: string
+ name:
+ type: string
+ started:
+ type: string
+ format: date-time
+ readOnly: true
+ status:
+ type: string
+ readOnly: true
+ enum:
+ - COMPLETED
+ - SCHEDULED
+ - IN_PROGRESS
+ - FAILED
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
OperationalStatus:
description: Operational status of a given agent
type: string
@@ -23361,6 +34413,26 @@ components:
- DISRUPTED
- INACTIVE
- OPERATIONAL
+ OrgCAPTCHASettings:
+ title: OrgCAPTCHASettings
+ description: ''
+ type: object
+ properties:
+ captchaId:
+ description: The unique key of the associated CAPTCHA instance
+ type: string
+ enabledPages:
+ description: An array of pages that have CAPTCHA enabled
+ type: array
+ items:
+ $ref: '#/components/schemas/enabledPagesType'
+ _links:
+ type: object
+ description: Link relations for the CAPTCHA settings object
+ properties:
+ self:
+ $ref: '#/components/schemas/HrefObject'
+ readOnly: true
OrgContactType:
type: string
x-okta-known-values:
@@ -23372,18 +34444,14 @@ components:
contactType:
$ref: '#/components/schemas/OrgContactType'
_links:
- additionalProperties:
- type: object
+ $ref: '#/components/schemas/LinksSelf'
OrgContactUser:
type: object
properties:
userId:
type: string
_links:
- additionalProperties:
- type: object
- readOnly: true
- type: object
+ $ref: '#/components/schemas/LinksSelf'
OrgOktaCommunicationSetting:
type: object
properties:
@@ -23391,8 +34459,7 @@ components:
type: boolean
readOnly: true
_links:
- additionalProperties:
- type: object
+ $ref: '#/components/schemas/LinksSelf'
OrgOktaSupportSetting:
type: string
x-okta-known-values:
@@ -23408,8 +34475,7 @@ components:
support:
$ref: '#/components/schemas/OrgOktaSupportSetting'
_links:
- additionalProperties:
- type: object
+ $ref: '#/components/schemas/LinksSelf'
OrgPreferences:
type: object
properties:
@@ -23417,8 +34483,7 @@ components:
type: boolean
readOnly: true
_links:
- additionalProperties:
- type: object
+ $ref: '#/components/schemas/LinksSelf'
OrgSetting:
type: object
properties:
@@ -23466,8 +34531,26 @@ components:
website:
type: string
_links:
- additionalProperties:
- type: object
+ $ref: '#/components/schemas/LinksSelf'
+ OtpProtocol:
+ type: string
+ x-okta-known-values:
+ - SYMANTEC
+ - TOTP
+ - YUBICO
+ OtpTotpAlgorithm:
+ description: HMAC algorithm
+ type: string
+ x-okta-known-values:
+ - HMacSHA1
+ - HMacSHA256
+ - HMacSHA512
+ OtpTotpEncoding:
+ type: string
+ x-okta-known-values:
+ - base32
+ - base64
+ - hexadecimal
PageRoot:
type: object
properties:
@@ -23488,18 +34571,21 @@ components:
format: uri
readOnly: true
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- default:
- $ref: '#/components/schemas/HrefObject'
- customized:
- $ref: '#/components/schemas/HrefObject'
- preview:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ default:
+ $ref: '#/components/schemas/HrefObject'
+ customized:
+ $ref: '#/components/schemas/HrefObject'
+ preview:
+ $ref: '#/components/schemas/HrefObject'
PasswordCredential:
+ description: |-
+ When a user has a valid password, imported hashed password, or password hook, and a response object contains
+ a password credential, then the password object is a bare object without the value property defined (for example, `password: {}`). This
+ indicates that a password value exists. You can modify password policy requirements in the Admin Console by editing the Password
+ authenticator: **Security** > **Authenticators** > **Password** (or for Okta Classic orgs, use **Security** > **Authentication** > **Password**).
type: object
properties:
hash:
@@ -23508,33 +34594,69 @@ components:
$ref: '#/components/schemas/PasswordCredentialHook'
value:
type: string
+ writeOnly: true
+ description: Specifies the password for a user. The Password Policy validates this password.
format: password
PasswordCredentialHash:
+ description: |-
+ Specifies a hashed password to import into Okta. This allows an existing password to be imported into Okta directly
+ from some other store. Okta supports the BCRYPT, SHA-512, SHA-256, SHA-1, MD5, and PBKDF2 hash functions for password import.
+ A hashed password may be specified in a Password object when creating or updating a user, but not for other operations.
+ See [Create User with Imported Hashed Password](https://developer.okta.com/docs/reference/api/users/#create-user-with-imported-hashed-password)
+ for information on using this object when creating a user. When updating a user with a hashed password, the user must be in the `STAGED` status.
type: object
properties:
algorithm:
$ref: '#/components/schemas/PasswordCredentialHashAlgorithm'
+ digestAlgorithm:
+ $ref: '#/components/schemas/DigestAlgorithm'
+ iterationCount:
+ type: integer
+ description: The number of iterations used when hashing passwords using PBKDF2. Must be >= 4096. Only required for PBKDF2 algorithm.
+ keySize:
+ type: integer
+ description: Size of the derived key in bytes. Only required for PBKDF2 algorithm.
salt:
+ description: |-
+ Only required for salted hashes. For BCRYPT, this specifies Radix-64 as the encoded salt used to generate the hash,
+ which must be 22 characters long. For other salted hashes, this specifies the Base64-encoded salt used to
+ generate the hash.
type: string
saltOrder:
type: string
+ description: Specifies whether salt was pre- or postfixed to the password before hashing. Only required for salted algorithms.
value:
+ description: |-
+ For SHA-512, SHA-256, SHA-1, MD5, and PBKDF2, this is the actual base64-encoded hash of the password (and salt, if used).
+ This is the Base64-encoded `value` of the SHA-512/SHA-256/SHA-1/MD5/PBKDF2 digest that was computed by either pre-fixing or post-fixing
+ the `salt` to the `password`, depending on the `saltOrder`. If a `salt` was not used in the `source` system, then this should just be
+ the Base64-encoded `value` of the password's SHA-512/SHA-256/SHA-1/MD5/PBKDF2 digest. For BCRYPT, this is the actual Radix-64 encoded hashed password.
type: string
workFactor:
type: integer
+ description: Governs the strength of the hash and the time required to compute it. Only required for BCRYPT algorithm.
+ minimum: 1
+ maximum: 20
PasswordCredentialHashAlgorithm:
+ description: The algorithm used to generate the hash using the password (and salt, when applicable).
type: string
x-okta-known-values:
- BCRYPT
- MD5
+ - PBKDF2
- SHA-1
- SHA-256
- SHA-512
PasswordCredentialHook:
+ description: |-
+ Specify a [password import inline hook](https://developer.okta.com/docs/reference/password-hook/) to trigger verification of the user's password
+ the first time the user logs in. This allows an existing password to be imported into Okta directly from some other store.
+ See [Create User with Password Hook](https://developer.okta.com/docs/reference/api/users/#create-user-with-password-import-inline-hook) for information on using this object when creating a user.
type: object
properties:
type:
type: string
+ description: The type of password inline hook. Currently, must be set to default.
PasswordDictionary:
type: object
properties:
@@ -23730,7 +34852,7 @@ components:
passwordChange:
$ref: '#/components/schemas/PasswordPolicyRuleAction'
selfServicePasswordReset:
- $ref: '#/components/schemas/PasswordPolicyRuleAction'
+ $ref: '#/components/schemas/SelfServicePasswordResetAction'
selfServiceUnlock:
$ref: '#/components/schemas/PasswordPolicyRuleAction'
PasswordPolicyRuleConditions:
@@ -23751,7 +34873,20 @@ components:
$ref: '#/components/schemas/PasswordPolicyPasswordSettings'
recovery:
$ref: '#/components/schemas/PasswordPolicyRecoverySettings'
+ PasswordProtectionWarningTrigger:
+ description: Indicates whether the Password Protection Warning feature is enabled
+ example: PHISHING_REUSE
+ type: string
+ x-enumDescriptions:
+ PASSWORD_PROTECTION_OFF: Password protection warning is off
+ PASSWORD_REUSE: Password protection warning is triggered by password reuse
+ PHISHING_REUSE: Password protection warning is triggered by password reuse on a phishing page
+ x-okta-known-values:
+ - PASSWORD_PROTECTION_OFF
+ - PASSWORD_REUSE
+ - PHISHING_REUSE
PasswordSettingObject:
+ description: Determines whether Okta creates and pushes a password in the application for each assigned user
type: object
properties:
change:
@@ -23759,7 +34894,10 @@ components:
seed:
$ref: '#/components/schemas/SeedEnum'
status:
- $ref: '#/components/schemas/EnabledStatus'
+ allOf:
+ - $ref: '#/components/schemas/EnabledStatus'
+ - default: DISABLED
+ - example: ENABLED
PerClientRateLimitMode:
type: string
x-okta-known-values:
@@ -23789,6 +34927,8 @@ components:
Permission:
type: object
properties:
+ conditions:
+ $ref: '#/components/schemas/PermissionConditions'
created:
type: string
format: date-time
@@ -23804,13 +34944,18 @@ components:
description: Timestamp when the role was last updated
readOnly: true
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- role:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ role:
+ $ref: '#/components/schemas/HrefObject'
+ PermissionConditions:
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ description: Conditions for further restricting a permission
+ nullable: true
+ type: object
Permissions:
type: object
properties:
@@ -23818,6 +34963,21 @@ components:
type: array
items:
$ref: '#/components/schemas/Permission'
+ PinRequest:
+ description: Pin Request
+ type: object
+ properties:
+ authenticatorEnrollmentId:
+ description: ID for a WebAuthn Preregistration Factor in Okta
+ type: string
+ fulfillmentProvider:
+ description: Name of the fulfillment provider for the WebAuthn Preregistration Factor
+ type: string
+ enum:
+ - yubico
+ userId:
+ description: ID of an existing Okta user
+ type: string
PipelineType:
description: The authentication pipeline of the org. `idx` means the org is using the Identity Engine, while `v1` means the org is using the Classic authentication pipeline.
type: string
@@ -23828,6 +34988,7 @@ components:
type: string
x-okta-known-values:
- ANDROID
+ - CHROMEOS
- IOS
- MACOS
- WINDOWS
@@ -23874,27 +35035,36 @@ components:
type: object
properties:
created:
+ description: Timestamp when the Policy was created
type: string
format: date-time
readOnly: true
description:
+ description: Policy description
type: string
id:
+ description: Policy ID
type: string
readOnly: true
lastUpdated:
+ description: Timestamp when the Policy was last updated
type: string
format: date-time
readOnly: true
name:
+ description: Policy name
type: string
priority:
+ description: Specifies the order in which this Policy is evaluated in relation to the other policies in a custom authorization server.
type: integer
status:
+ description: Specifies whether requests have access to this Policy
$ref: '#/components/schemas/LifecycleStatus'
system:
+ description: Specifies whether Okta created the Policy
type: boolean
type:
+ description: Indicates that the Policy is an authorization server policy (`OAUTH_AUTHORIZATION_POLICY`)
$ref: '#/components/schemas/PolicyType'
_embedded:
type: object
@@ -23903,12 +35073,8 @@ components:
properties: {}
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
- discriminator: *ref_7
+ $ref: '#/components/schemas/LinksSelf'
+ discriminator: *ref_13
PolicyAccess:
type: string
x-okta-known-values:
@@ -23938,6 +35104,96 @@ components:
type: array
items:
type: string
+ PolicyContext:
+ type: object
+ properties:
+ device:
+ type: object
+ properties:
+ platform:
+ type: string
+ description: The platform of the device, for example, IOS.
+ registered:
+ type: boolean
+ description: If the device is registered
+ managed:
+ type: boolean
+ description: If the device is managed
+ groups:
+ type: object
+ description: An array of Group IDs for the simulate operation. Only user IDs or Group IDs are allowed, not both.
+ properties:
+ ids:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ required:
+ - ids
+ ip:
+ type: string
+ description: The network rule condition, zone, or IP address
+ risk:
+ type: object
+ description: The risk rule condition level
+ properties:
+ level:
+ type: string
+ enum:
+ - LOW
+ - MEDIUM
+ - HIGH
+ user:
+ type: object
+ description: The user ID for the simulate operation. Only user IDs or Group IDs are allowed, not both.
+ properties:
+ id:
+ type: string
+ description: The unique ID number for the user.
+ required:
+ - id
+ zones:
+ type: object
+ properties:
+ ids:
+ type: array
+ items:
+ type: string
+ required:
+ - user
+ - groups
+ PolicyMapping:
+ type: object
+ properties:
+ id:
+ type: string
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ application:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to the mapped application
+ authenticator:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to the mapped authenticator
+ policy:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to the mapped policy
+ PolicyMappingRequest:
+ type: object
+ properties:
+ resourceId:
+ type: string
+ resourceType:
+ $ref: '#/components/schemas/PolicyMappingResourceType'
+ PolicyMappingResourceType:
+ type: string
+ x-okta-known-values:
+ - APP
PolicyNetworkCondition:
type: object
properties:
@@ -23952,11 +35208,13 @@ components:
items:
type: string
PolicyNetworkConnection:
+ description: Network selection mode
type: string
x-okta-known-values:
- ANYWHERE
- ZONE
PolicyPeopleCondition:
+ description: Identifies Users and Groups that are used together
type: object
properties:
groups:
@@ -23984,43 +35242,36 @@ components:
properties:
created:
type: string
+ description: Timestamp when the rule was created
format: date-time
readOnly: true
nullable: true
id:
type: string
+ description: Identifier for the rule
lastUpdated:
type: string
+ description: Timestamp when the rule was last modified
format: date-time
readOnly: true
nullable: true
name:
type: string
+ description: Name of the rule
priority:
type: integer
+ description: Priority of the rule
status:
$ref: '#/components/schemas/LifecycleStatus'
system:
type: boolean
+ description: Specifies whether Okta created the Policy Rule (`system=true`). You can't delete Policy Rules that have `system` set to `true`.
default: false
type:
$ref: '#/components/schemas/PolicyRuleType'
- discriminator: *ref_9
+ discriminator: *ref_15
PolicyRuleActions:
type: object
- properties:
- enroll:
- $ref: '#/components/schemas/PolicyRuleActionsEnroll'
- idp:
- $ref: '#/components/schemas/IdpPolicyRuleAction'
- passwordChange:
- $ref: '#/components/schemas/PasswordPolicyRuleAction'
- selfServicePasswordReset:
- $ref: '#/components/schemas/PasswordPolicyRuleAction'
- selfServiceUnlock:
- $ref: '#/components/schemas/PasswordPolicyRuleAction'
- signon:
- $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonActions'
PolicyRuleActionsEnroll:
type: object
properties:
@@ -24088,6 +35339,7 @@ components:
userStatus:
$ref: '#/components/schemas/UserStatusPolicyRuleCondition'
PolicyRuleType:
+ description: Rule type
type: string
x-okta-known-values:
- ACCESS_POLICY
@@ -24120,12 +35372,12 @@ components:
- USERNAME
- USERNAME_OR_EMAIL
PolicyType:
+ description: All Okta orgs contain only one IdP Discovery Policy with an immutable default Rule routing to your org's sign-in page. Creating or replacing a policy with `IDP_DISCOVERY` type isn't supported.
type: string
x-okta-known-values:
- ACCESS_POLICY
- IDP_DISCOVERY
- MFA_ENROLL
- - OAUTH_AUTHORIZATION_POLICY
- OKTA_SIGN_ON
- PASSWORD
- PROFILE_ENROLLMENT
@@ -24152,12 +35404,39 @@ components:
properties:
deviceBound:
type: string
+ description: Indicates if device-bound Factors are required. This property is only set for `POSSESSION` constraints.
+ enum:
+ - OPTIONAL
+ - REQUIRED
+ default: OPTIONAL
hardwareProtection:
type: string
+ description: Indicates if any secrets or private keys used during authentication must be hardware protected and not exportable. This property is only set for `POSSESSION` constraints.
+ enum:
+ - OPTIONAL
+ - REQUIRED
+ default: OPTIONAL
phishingResistant:
type: string
+ description: Indicates if phishing-resistant Factors are required. This property is only set for `POSSESSION` constraints.
+ enum:
+ - OPTIONAL
+ - REQUIRED
+ default: OPTIONAL
userPresence:
type: string
+ description: Indicates if the user needs to approve an Okta Verify prompt or provide biometrics (meets NIST AAL2 requirements). This property is only set for `POSSESSION` constraints.
+ enum:
+ - OPTIONAL
+ - REQUIRED
+ default: REQUIRED
+ userVerification:
+ type: string
+ description: Indicates the user interaction requirement (PIN or biometrics) to ensure verification of a possession factor
+ enum:
+ - OPTIONAL
+ - REQUIRED
+ default: OPTIONAL
PreRegistrationInlineHook:
type: object
properties:
@@ -24236,12 +35515,20 @@ components:
items:
$ref: '#/components/schemas/ProfileEnrollmentPolicyRuleProfileAttribute'
type: array
+ progressiveProfilingAction:
+ type: string
+ enum:
+ - ENABLED
+ - DISABLED
targetGroupIds:
items:
type: string
type: array
unknownUserAction:
type: string
+ enum:
+ - DENY
+ - REGISTER
ProfileEnrollmentPolicyRuleActions:
allOf:
- $ref: '#/components/schemas/PolicyRuleActions'
@@ -24264,61 +35551,113 @@ components:
required:
type: boolean
ProfileMapping:
+ description: |-
+ The Profile Mapping object describes a mapping between an Okta User's and an App User's properties using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
+
+ > **Note:** Same type source/target mappings aren't supported by this API. Profile mappings must either be Okta->App or App->Okta.
type: object
properties:
id:
type: string
+ description: Unique identifier for a profile mapping
readOnly: true
properties:
type: object
additionalProperties:
$ref: '#/components/schemas/ProfileMappingProperty'
- readOnly: true
+ readOnly: false
source:
$ref: '#/components/schemas/ProfileMappingSource'
target:
- $ref: '#/components/schemas/ProfileMappingSource'
+ $ref: '#/components/schemas/ProfileMappingTarget'
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
ProfileMappingProperty:
+ description: A target property, in string form, that maps to a valid [JSON Schema Draft](https://tools.ietf.org/html/draft-zyp-json-schema-04) document.
type: object
properties:
expression:
+ description: Combination or single source properties that are mapped to the target property
type: string
pushStatus:
$ref: '#/components/schemas/ProfileMappingPropertyPushStatus'
ProfileMappingPropertyPushStatus:
+ description: |-
+ Indicates whether to update target properties for user create and update or just for user create.
+
+ Having a pushStatus of `PUSH` causes properties in the target to be updated on create and update. Having a pushStatus of `DONT_PUSH` causes properties in the target to be updated only on create.
type: string
x-okta-known-values:
- DONT_PUSH
- PUSH
+ ProfileMappingRequest:
+ description: The updated request body properties
+ type: object
+ properties:
+ properties:
+ type: object
+ additionalProperties:
+ $ref: '#/components/schemas/ProfileMappingProperty'
+ required:
+ - properties
+ - additionalProperties
+ - expression
+ - pushStatus
ProfileMappingSource:
+ description: |-
+ The parameter is the source of a profile mapping and is a valid [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04) document with the following properties. The data type can be an app instance or an Okta object.
+
+ > **Note:** If the source is Okta and the UserTypes feature isn't enabled, then the source `_links` only has a link to the schema.
type: object
properties:
id:
type: string
+ description: Unique identifier for the application instance or userType
readOnly: true
name:
type: string
+ description: Variable name of the application instance or name of the referenced UserType
readOnly: true
type:
type: string
+ description: Type of user referenced in the mapping
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
+ $ref: '#/components/schemas/SourceLinks'
+ ProfileMappingTarget:
+ description: |-
+ The parameter is the target of a profile mapping and is a valid [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04) document with the following properties. The data type can be an app instance or an Okta object.
+
+ > **Note:** If the target is Okta and the UserTypes feature isn't enabled, then the target `_links` only has a link to the schema.
+ type: object
+ properties:
+ id:
+ type: string
+ description: Unique identifier for the application instance or UserType
+ readOnly: true
+ name:
+ type: string
+ description: Variable name of the application instance or name of the referenced userType
+ readOnly: true
+ type:
+ type: string
+ description: Type of user referenced in the mapping
readOnly: true
+ _links:
+ $ref: '#/components/schemas/SourceLinks'
ProfileSettingObject:
+ description: |
+ This setting determines whether a user in the application gets updated when they're updated in Okta.
+
+ If enabled, Okta updates a user's attributes in the application when the application is assigned.
+ Future changes made to the Okta user's profile automatically overwrite the corresponding attribute value in the application.
type: object
properties:
status:
- $ref: '#/components/schemas/EnabledStatus'
+ allOf:
+ - $ref: '#/components/schemas/EnabledStatus'
+ - example: DISABLED
+ - default: DISABLED
Protocol:
type: object
properties:
@@ -24466,33 +35805,117 @@ components:
status:
$ref: '#/components/schemas/ProvisioningConnectionStatus'
_links:
- additionalProperties:
- type: object
- readOnly: true
- type: object
+ $ref: '#/components/schemas/LinksSelfLifecycleAndAuthorize'
+ required:
+ - authScheme
+ - status
+ discriminator: *ref_21
ProvisioningConnectionAuthScheme:
+ description: Defines the method of authentication
type: string
+ x-enumDescriptions:
+ TOKEN: A token is used to authenticate with the app.
+ OAUTH2: OAuth 2.0 is used to authenticate with the app.
+ UNKNOWN: The authentication scheme used by the app isn't supported, or the app doesn't support provisioning.
x-okta-known-values:
+ - OAUTH2
- TOKEN
- UNKNOWN
+ ProvisioningConnectionOauth:
+ allOf:
+ - $ref: '#/components/schemas/ProvisioningConnection'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/ProvisioningConnectionProfileOauth'
+ ProvisioningConnectionOauthRequest:
+ type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/ProvisioningConnectionProfileOauth'
+ required:
+ - profile
ProvisioningConnectionProfile:
+ description: |
+ The profile used to configure the connection method of authentication and the credentials.
+ Currently, token-based and OAuth 2.0-based authentication are supported.
type: object
properties:
authScheme:
$ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
- token:
- type: string
- ProvisioningConnectionRequest:
- type: object
- properties:
- profile:
- $ref: '#/components/schemas/ProvisioningConnectionProfile'
+ required:
+ - authScheme
+ ProvisioningConnectionProfileOauth:
+ description: |
+ The app provisioning connection profile used to configure the method of authentication and the credentials.
+ Currently, token-based and OAuth 2.0-based authentication are supported.
+ allOf:
+ - $ref: '#/components/schemas/ProvisioningConnectionProfile'
+ - type: object
+ properties:
+ clientId:
+ type: string
+ description: Unique client identifier for the OAuth 2.0 service app from the target org
+ required:
+ - authScheme
+ ProvisioningConnectionProfileOauthSettings:
+ title: Generic
+ description: Specific settings aren't defined for generic OAuth 2.0 provisioning connections
+ additionalProperties:
+ type: string
+ type: object
+ ProvisioningConnectionProfileToken:
+ description: |
+ The app provisioning connection profile used to configure the method of authentication and the credentials.
+ Currently, token-based and OAuth 2.0-based authentication are supported.
+ allOf:
+ - $ref: '#/components/schemas/ProvisioningConnectionProfile'
+ - type: object
+ properties:
+ token:
+ type: string
+ description: Token used to authenticate with the app
+ required:
+ - authScheme
+ - token
+ ProvisioningConnectionProfileUnknown:
+ description: Unknown provisioning connection
+ allOf:
+ - $ref: '#/components/schemas/ProvisioningConnectionProfile'
+ - type: object
ProvisioningConnectionStatus:
+ description: Provisioning connection status
+ default: DISABLED
type: string
+ x-enumDescriptions:
+ DISABLED: The provisioning connection is disabled.
+ ENABLED: The provisioning connection is enabled.
+ UNKNOWN: Provisioning isn't supported by the app, or the authentication method is unknown.
x-okta-known-values:
- DISABLED
- ENABLED
- UNKNOWN
+ ProvisioningConnectionToken:
+ allOf:
+ - $ref: '#/components/schemas/ProvisioningConnection'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/ProvisioningConnectionProfileToken'
+ ProvisioningConnectionTokenRequest:
+ type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/ProvisioningConnectionProfileToken'
+ required:
+ - profile
+ ProvisioningConnectionUnknown:
+ allOf:
+ - $ref: '#/components/schemas/ProvisioningConnection'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/ProvisioningConnectionProfileUnknown'
ProvisioningDeprovisionedAction:
type: string
x-okta-known-values:
@@ -24535,6 +35958,11 @@ components:
properties:
action:
$ref: '#/components/schemas/ProvisioningSuspendedAction'
+ PushMethodKeyProtection:
+ type: string
+ x-okta-known-values:
+ - ANY
+ - HARDWARE
PushProvider:
title: PushProvider
type: object
@@ -24551,76 +35979,345 @@ components:
providerType:
$ref: '#/components/schemas/ProviderType'
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- discriminator: *ref_11
- PushUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- expiresAt:
- type: string
- format: date-time
- factorResult:
- $ref: '#/components/schemas/FactorResultType'
- profile:
- $ref: '#/components/schemas/PushUserFactorProfile'
- PushUserFactorProfile:
+ $ref: '#/components/schemas/LinksSelf'
+ discriminator: *ref_17
+ RateLimitAdminNotifications:
+ title: RateLimitAdminNotifications
+ description: ''
type: object
properties:
- credentialId:
+ notificationsEnabled:
+ type: boolean
+ required:
+ - notificationsEnabled
+ RateLimitWarningThresholdRequest:
+ title: RateLimitWarningThreshold
+ description: ''
+ type: object
+ properties:
+ warningThreshold:
+ description: The threshold value (percentage) of a rate limit that, when exceeded, triggers a warning notification. By default, this value is 90 for Workforce orgs and 60 for CIAM orgs.
+ type: integer
+ minimum: 30
+ maximum: 90
+ required:
+ - warningThreshold
+ RateLimitWarningThresholdResponse:
+ title: RateLimitWarningThreshold
+ description: ''
+ type: object
+ properties:
+ warningThreshold:
+ description: The threshold value (percentage) of a rate limit that, when exceeded, triggers a warning notification. By default, this value is 90 for Workforce orgs and 60 for CIAM orgs.
+ type: integer
+ minimum: 30
+ maximum: 90
+ Realm:
+ type: object
+ properties:
+ created:
type: string
- deviceToken:
+ format: date-time
+ description: Timestamp when the Realm was created
+ readOnly: true
+ id:
type: string
- deviceType:
+ description: Unique key for the Realm
+ readOnly: true
+ isDefault:
+ type: boolean
+ description: Conveys whether the Realm is the default
+ readOnly: true
+ lastUpdated:
type: string
- name:
+ format: date-time
+ description: Timestamp when the Realm was last updated
+ readOnly: true
+ profile:
+ $ref: '#/components/schemas/RealmProfile'
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ RealmAssignmentRule:
+ type: object
+ properties:
+ actions:
+ $ref: '#/components/schemas/Actions'
+ conditions:
+ $ref: '#/components/schemas/Conditions'
+ created:
type: string
- platform:
+ format: date-time
+ readOnly: true
+ id:
type: string
- version:
+ readOnly: true
+ isDefault:
+ type: boolean
+ readOnly: true
+ lastUpdated:
type: string
- RateLimitAdminNotifications:
- title: RateLimitAdminNotifications
- description: ''
+ format: date-time
+ readOnly: true
+ name:
+ type: string
+ priority:
+ type: integer
+ status:
+ $ref: '#/components/schemas/LifecycleStatus'
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ RealmProfile:
type: object
properties:
- notificationsEnabled:
- type: boolean
+ name:
+ type: string
+ description: Name of a Realm
+ realmType:
+ type: string
+ description: An optional parameter to specify type of a Realm (Only applicable for Partner use-case)
+ enum:
+ - PARTNER
+ - OTHER
+ x-enumDescriptions:
+ PARTNER: Realm with external partner portal
+ OTHER: Other
required:
- - notificationsEnabled
+ - name
RecoveryQuestionCredential:
+ description: |-
+ Specifies a secret question and answer that's validated (case insensitive) when a user forgets their
+ password or unlocks their account. The answer property is write-only.
+ type: object
+ properties:
+ answer:
+ type: string
+ description: The recovery question answer
+ minimum: 1
+ maximum: 100
+ writeOnly: true
+ question:
+ type: string
+ description: The recovery question
+ minimum: 1
+ maximum: 100
+ ReleaseChannel:
+ description: Release channel for auto-update
+ type: string
+ x-okta-known-values:
+ - BETA
+ - EA
+ - GA
+ - TEST
+ RequiredEnum:
+ type: string
+ x-okta-known-values:
+ - ALWAYS
+ - HIGH_RISK_ONLY
+ - NEVER
+ ResetPasswordToken:
+ type: object
+ properties:
+ resetPasswordUrl:
+ type: string
+ readOnly: true
+ ResourceSelectorCreateRequestSchema:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Resource Selector
+ filter:
+ type: string
+ description: SCIM filter of the Resource Selector
+ name:
+ type: string
+ description: Name of the Resource Selector
+ schema:
+ type: string
+ description: Schema of the Resource Selector
+ ResourceSelectorPatchRequestSchema:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Resource Selector
+ filter:
+ type: string
+ description: SCIM filter of the Resource Selector
+ name:
+ type: string
+ description: Name of the Resource Selector
+ ResourceSelectorResponseSchema:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Resource Selector
+ id:
+ type: string
+ description: Unique key for the Resource Selector
+ name:
+ type: string
+ description: Name of the Resource Selector
+ orn:
+ type: string
+ description: An Okta resource name
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ resources:
+ $ref: '#/components/schemas/HrefObject'
+ ResourceSelectorResponseWithoutSelfLinkSchema:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Resource Selector
+ id:
+ type: string
+ description: Unique key for the Resource Selector
+ name:
+ type: string
+ description: Name of the Resource Selector
+ orn:
+ type: string
+ description: An Okta resource name
+ _links:
+ allOf:
+ - properties:
+ resources:
+ $ref: '#/components/schemas/HrefObject'
+ ResourceSelectorsSchema:
+ type: object
+ properties:
+ resourceSelectors:
+ type: array
+ items:
+ $ref: '#/components/schemas/ResourceSelectorResponseWithoutSelfLinkSchema'
+ _links:
+ $ref: '#/components/schemas/LinksNext'
+ ResourceSet:
+ type: object
+ properties:
+ created:
+ type: string
+ format: date-time
+ description: Timestamp when the role was created
+ readOnly: true
+ description:
+ type: string
+ description: Description of the Resource Set
+ id:
+ type: string
+ description: Unique key for the role
+ readOnly: true
+ label:
+ type: string
+ description: Unique label for the Resource Set
+ lastUpdated:
+ type: string
+ format: date-time
+ description: Timestamp when the role was last updated
+ readOnly: true
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ resources:
+ $ref: '#/components/schemas/HrefObject'
+ bindings:
+ $ref: '#/components/schemas/HrefObject'
+ ResourceSetBindingAddMembersRequest:
+ type: object
+ properties:
+ additions:
+ type: array
+ items:
+ type: string
+ ResourceSetBindingCreateRequest:
+ type: object
+ properties:
+ members:
+ type: array
+ items:
+ type: string
+ role:
+ type: string
+ description: Unique key for the role
+ ResourceSetBindingMember:
+ type: object
+ properties:
+ created:
+ type: string
+ format: date-time
+ description: Timestamp when the role was created
+ readOnly: true
+ id:
+ type: string
+ description: Unique key for the role
+ readOnly: true
+ lastUpdated:
+ type: string
+ format: date-time
+ description: Timestamp when the role was last updated
+ readOnly: true
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ ResourceSetBindingMembers:
+ type: object
+ properties:
+ members:
+ type: array
+ items:
+ $ref: '#/components/schemas/ResourceSetBindingMember'
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksNext'
+ - properties:
+ binding:
+ $ref: '#/components/schemas/HrefObject'
+ ResourceSetBindingResponse:
+ type: object
+ properties:
+ id:
+ type: string
+ description: '`id` of the role'
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ bindings:
+ $ref: '#/components/schemas/HrefObject'
+ resource-set:
+ $ref: '#/components/schemas/HrefObject'
+ ResourceSetBindingRole:
type: object
properties:
- answer:
- type: string
- question:
+ id:
type: string
- ReleaseChannel:
- description: Release channel for auto-update
- type: string
- x-okta-known-values:
- - BETA
- - EA
- - GA
- - TEST
- RequiredEnum:
- type: string
- x-okta-known-values:
- - ALWAYS
- - HIGH_RISK_ONLY
- - NEVER
- ResetPasswordToken:
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ members:
+ $ref: '#/components/schemas/HrefObject'
+ ResourceSetBindings:
type: object
properties:
- resetPasswordUrl:
- type: string
- readOnly: true
- ResourceSet:
+ roles:
+ type: array
+ items:
+ $ref: '#/components/schemas/ResourceSetBindingRole'
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ bindings:
+ $ref: '#/components/schemas/HrefObject'
+ resource-set:
+ $ref: '#/components/schemas/HrefObject'
+ ResourceSetResource:
type: object
properties:
created:
@@ -24630,1117 +36327,2182 @@ components:
readOnly: true
description:
type: string
- description: Description of the resource set
+ description: Description of the Resource Set
id:
type: string
description: Unique key for the role
readOnly: true
- label:
- type: string
- description: Unique label for the resource set
lastUpdated:
type: string
format: date-time
description: Timestamp when the role was last updated
readOnly: true
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- resources:
- $ref: '#/components/schemas/HrefObject'
- bindings:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- ResourceSetBindingAddMembersRequest:
+ $ref: '#/components/schemas/LinksSelf'
+ ResourceSetResourcePatchRequest:
type: object
properties:
additions:
type: array
items:
type: string
- ResourceSetBindingCreateRequest:
+ ResourceSetResources:
type: object
properties:
- members:
+ resources:
type: array
items:
- type: string
- role:
+ $ref: '#/components/schemas/ResourceSetResource'
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksNext'
+ - properties:
+ resource-set:
+ $ref: '#/components/schemas/HrefObject'
+ ResourceSets:
+ type: object
+ properties:
+ resource-sets:
+ type: array
+ items:
+ $ref: '#/components/schemas/ResourceSet'
+ _links:
+ $ref: '#/components/schemas/LinksNext'
+ ResponseLinks:
+ type: object
+ RiskEvent:
+ type: object
+ properties:
+ expiresAt:
type: string
- description: Unique key for the role
- ResourceSetBindingMember:
+ format: date-time
+ description: 'Timestamp at which the event expires (expressed as a UTC time zone using ISO 8601 format: yyyy-MM-dd`T`HH:mm:ss.SSS`Z`). If this optional field is not included, Okta automatically expires the event 24 hours after the event is consumed.'
+ subjects:
+ type: array
+ description: List of Risk Event Subjects
+ items:
+ $ref: '#/components/schemas/RiskEventSubject'
+ timestamp:
+ type: string
+ format: date-time
+ description: 'Timestamp of when the event is produced (expressed as a UTC time zone using ISO 8601 format: yyyy-MM-dd`T`HH:mm:ss.SSS`Z`)'
+ required:
+ - subjects
+ RiskEventSubject:
+ type: object
+ properties:
+ ip:
+ type: string
+ description: The risk event subject IP address (either an IPv4 or IPv6 address)
+ message:
+ type: string
+ description: Additional reasons for the risk level of the IP
+ maxLength: 512
+ pattern: ^[a-zA-Z0-9 .\-_]*$
+ riskLevel:
+ $ref: '#/components/schemas/RiskEventSubjectRiskLevel'
+ required:
+ - ip
+ - riskLevel
+ RiskEventSubjectRiskLevel:
+ description: The risk level associated with the IP
+ type: string
+ x-okta-known-values:
+ - HIGH
+ - LOW
+ - MEDIUM
+ RiskPolicyRuleCondition:
+ type: object
+ properties:
+ behaviors:
+ uniqueItems: true
+ type: array
+ items:
+ type: string
+ RiskProvider:
type: object
properties:
+ action:
+ $ref: '#/components/schemas/RiskProviderAction'
+ clientId:
+ type: string
+ description: The ID of the [OAuth service app](https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/main/#create-a-service-app-and-grant-scopes) that is used to send risk events to Okta
+ example: 00cjkjjkkgjkdkjdkkljjsd
created:
type: string
format: date-time
- description: Timestamp when the role was created
+ description: Timestamp when the Risk Provider object was created
readOnly: true
+ example: '2021-01-05 22:18:30'
id:
type: string
- description: Unique key for the role
+ description: The ID of the Risk Provider object
readOnly: true
+ example: 00rp12r4skkjkjgsn
lastUpdated:
type: string
format: date-time
- description: Timestamp when the role was last updated
+ description: Timestamp when the Risk Provider object was last updated
readOnly: true
+ example: '2021-01-05 22:18:30'
+ name:
+ type: string
+ description: Name of the risk provider
+ maxLength: 50
+ example: Risk-Partner-X
_links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- ResourceSetBindingMembers:
+ $ref: '#/components/schemas/LinksSelf'
+ required:
+ - name
+ - clientId
+ - action
+ - id
+ - _links
+ RiskProviderAction:
+ description: Action taken by Okta during authentication attempts based on the risk events sent by this provider
+ default: log_only
+ type: string
+ x-enumDescriptions:
+ log_only: Include risk event information in the System Log
+ none: No action
+ enforce_and_log: Use risk event information to evaluate risks during authentication attempts and include risk event information in the System Log
+ x-okta-known-values:
+ - enforce_and_log
+ - log_only
+ - none
+ RiskScorePolicyRuleCondition:
type: object
properties:
- members:
- type: array
- items:
- $ref: '#/components/schemas/ResourceSetBindingMember'
- _links:
+ level:
+ type: string
+ Role:
+ type: object
+ properties:
+ assignmentType:
+ $ref: '#/components/schemas/RoleAssignmentType'
+ created:
+ type: string
+ format: date-time
+ readOnly: true
+ description:
+ type: string
+ id:
+ type: string
+ readOnly: true
+ label:
+ type: string
+ readOnly: true
+ lastUpdated:
+ type: string
+ format: date-time
+ readOnly: true
+ status:
+ $ref: '#/components/schemas/LifecycleStatus'
+ type:
+ $ref: '#/components/schemas/RoleType'
+ _embedded:
type: object
- properties:
- binding:
- $ref: '#/components/schemas/HrefObject'
- next:
- $ref: '#/components/schemas/HrefObject'
+ additionalProperties:
+ type: object
+ properties: {}
readOnly: true
- ResourceSetBindingResponse:
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ RoleAssignedUser:
type: object
properties:
id:
type: string
- description: '`id` of the role'
- _links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- bindings:
- $ref: '#/components/schemas/HrefObject'
- resource-set:
- $ref: '#/components/schemas/HrefObject'
readOnly: true
- ResourceSetBindingRole:
+ orn:
+ type: string
+ readOnly: true
+ _links:
+ $ref: '#/components/schemas/LinksSelfAndRoles'
+ RoleAssignedUsers:
+ type: object
+ properties:
+ value:
+ type: array
+ items:
+ $ref: '#/components/schemas/RoleAssignedUser'
+ _links:
+ $ref: '#/components/schemas/LinksNext'
+ RoleAssignmentType:
+ type: string
+ x-okta-known-values:
+ - GROUP
+ - USER
+ RolePermissionType:
+ type: string
+ x-okta-known-values:
+ - okta.apps.assignment.manage
+ - okta.apps.manage
+ - okta.apps.manageFirstPartyApps
+ - okta.apps.read
+ - okta.authzServers.manage
+ - okta.authzServers.read
+ - okta.customizations.manage
+ - okta.customizations.read
+ - okta.devices.lifecycle.activate
+ - okta.devices.lifecycle.deactivate
+ - okta.devices.lifecycle.delete
+ - okta.devices.lifecycle.manage
+ - okta.devices.lifecycle.suspend
+ - okta.devices.lifecycle.unsuspend
+ - okta.devices.manage
+ - okta.devices.read
+ - okta.governance.accessCertifications.manage
+ - okta.governance.accessRequests.manage
+ - okta.groups.appAssignment.manage
+ - okta.groups.create
+ - okta.groups.manage
+ - okta.groups.members.manage
+ - okta.groups.read
+ - okta.identityProviders.manage
+ - okta.identityProviders.read
+ - okta.profilesources.import.run
+ - okta.users.appAssignment.manage
+ - okta.users.create
+ - okta.users.credentials.expirePassword
+ - okta.users.credentials.manage
+ - okta.users.credentials.resetFactors
+ - okta.users.credentials.resetPassword
+ - okta.users.groupMembership.manage
+ - okta.users.lifecycle.activate
+ - okta.users.lifecycle.clearSessions
+ - okta.users.lifecycle.deactivate
+ - okta.users.lifecycle.delete
+ - okta.users.lifecycle.manage
+ - okta.users.lifecycle.suspend
+ - okta.users.lifecycle.unlock
+ - okta.users.lifecycle.unsuspend
+ - okta.users.manage
+ - okta.users.read
+ - okta.users.userprofile.manage
+ RoleType:
+ type: string
+ x-enumDescriptions:
+ - API_ACCESS_MANAGEMENT_ADMIN: Access Management Administrator
+ - API_ADMIN: Access Management Administrator
+ - APP_ADMIN: Application Administrator
+ - CUSTOM: Custom Label specified by the client
+ - GROUP_MEMBERSHIP_ADMIN: Group Membership Administrator
+ - HELP_DESK_ADMIN: Help Desk Administrator
+ - MOBILE_ADMIN: Mobile Administrator
+ - ORG_ADMIN: Organizational Administrator
+ - READ_ONLY_ADMIN: Read-Only Administrator
+ - REPORT_ADMIN: Report Administrator
+ - SUPER_ADMIN: Super Administrator
+ - USER_ADMIN: Group Administrator
+ x-okta-known-values:
+ - API_ACCESS_MANAGEMENT_ADMIN
+ - API_ADMIN
+ - APP_ADMIN
+ - CUSTOM
+ - GROUP_MEMBERSHIP_ADMIN
+ - HELP_DESK_ADMIN
+ - MOBILE_ADMIN
+ - ORG_ADMIN
+ - READ_ONLY_ADMIN
+ - REPORT_ADMIN
+ - SUPER_ADMIN
+ - USER_ADMIN
+ SafeBrowsingProtectionLevel:
+ description: Represents the current value of the Safe Browsing protection level
+ example: ENHANCED_PROTECTION
+ type: string
+ x-enumDescriptions:
+ NO_SAFE_BROWSING: Safe Browsing is never active
+ STANDARD_PROTECTION: Safe Browsing is active in the standard mode
+ ENHANCED_PROTECTION: Safe Browsing is active in the enhanced mode
+ x-okta-known-values:
+ - ENHANCED_PROTECTION
+ - NO_SAFE_BROWSING
+ - STANDARD_PROTECTION
+ SalesforceApplicationSettings:
+ allOf:
+ - $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
+ - type: object
+ - required:
+ - app
+ properties:
+ app:
+ $ref: '#/components/schemas/SalesforceApplicationSettingsApplication'
+ SalesforceApplicationSettingsApplication:
+ description: Salesforce app instance properties
type: object
properties:
- id:
+ instanceType:
type: string
- _links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- members:
- $ref: '#/components/schemas/HrefObject'
- ResourceSetBindings:
+ description: Salesforce instance that you want to connect to
+ enum:
+ - SANDBOX
+ - PRODUCTION
+ - GOVERNMENT
+ integrationType:
+ type: string
+ description: Salesforce integration type
+ enum:
+ - STANDARD
+ - PORTAL
+ - COMMUNITY
+ loginUrl:
+ type: string
+ description: The Login URL specified in your Salesforce Single Sign-On settings
+ logoutUrl:
+ type: string
+ description: Salesforce Logout URL
+ required:
+ - integrationType
+ - instanceType
+ Saml:
+ description: SAML configuration details
type: object
properties:
- roles:
+ acs:
type: array
+ minItems: 1
+ description: 'List of Assertion Consumer Service (ACS) URLs. The default ACS URL is required and is indicated by a null `index` value. You can use the org-level variables you defined in the `config` array in the URL. For example: `https://${org.subdomain}.example.com/saml/login`'
items:
- $ref: '#/components/schemas/ResourceSetBindingRole'
- _links:
- type: object
+ type: object
+ properties:
+ index:
+ type: number
+ minimum: 0
+ maximum: 65535
+ description: Index of ACS URL. You can't reuse the same index in the ACS URL array.
+ example: 0
+ url:
+ type: string
+ format: uri
+ maxLength: 1024
+ description: Assertion Consumer Service (ACS) URL
+ example: https://${org.subdomain}.example.com/saml/login
+ doc:
+ type: string
+ format: uri
+ description: The URL to your customer-facing instructions for configuring your SAML integration. See [Customer configuration document guidelines](https://developer.okta.com/docs/guides/submit-app-prereq/main/#customer-configuration-document-guidelines).
+ example: https://example.com/strawberry/help/samlSetup
+ entityId:
+ type: string
+ description: Globally unique name for your SAML entity. For instance, your Identity Provider (IdP) or Service Provider (SP) URL.
+ example: https://${org.subdomain}.example.com
+ required:
+ - acs
+ - entityId
+ - doc
+ SamlApplication:
+ allOf:
+ - $ref: '#/components/schemas/Application'
+ - type: object
properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- bindings:
- $ref: '#/components/schemas/HrefObject'
- resource-set:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- ResourceSetResource:
+ credentials:
+ $ref: '#/components/schemas/ApplicationCredentials'
+ name:
+ type: string
+ description: Unique key for the app definition
+ settings:
+ $ref: '#/components/schemas/SamlApplicationSettings'
+ SamlApplicationSettings:
+ allOf:
+ - $ref: '#/components/schemas/ApplicationSettings'
+ - type: object
+ properties:
+ app:
+ $ref: '#/components/schemas/SamlApplicationSettingsApplication'
+ signOn:
+ $ref: '#/components/schemas/SamlApplicationSettingsSignOn'
+ SamlApplicationSettingsApplication:
type: object
properties:
- created:
- type: string
- format: date-time
- description: Timestamp when the role was created
- readOnly: true
- description:
+ acsUrl:
type: string
- description: Description of the resource set
- id:
+ audRestriction:
type: string
- description: Unique key for the role
- readOnly: true
- lastUpdated:
+ baseUrl:
type: string
- format: date-time
- description: Timestamp when the role was last updated
- readOnly: true
- _links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
- ResourceSetResourcePatchRequest:
+ SamlApplicationSettingsSignOn:
type: object
properties:
- additions:
+ acsEndpoints:
type: array
items:
- type: string
- ResourceSetResources:
- type: object
- properties:
- resources:
+ $ref: '#/components/schemas/AcsEndpoint'
+ allowMultipleAcsEndpoints:
+ type: boolean
+ assertionSigned:
+ type: boolean
+ attributeStatements:
type: array
items:
- $ref: '#/components/schemas/ResourceSetResource'
- _links:
- type: object
- properties:
- next:
- $ref: '#/components/schemas/HrefObject'
- resource-set:
- $ref: '#/components/schemas/HrefObject'
- ResourceSets:
- type: object
- properties:
- resource-sets:
+ $ref: '#/components/schemas/SamlAttributeStatement'
+ audience:
+ type: string
+ audienceOverride:
+ type: string
+ description: Audience override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm)
+ authnContextClassRef:
+ type: string
+ configuredAttributeStatements:
type: array
items:
- $ref: '#/components/schemas/ResourceSet'
- _links:
- type: object
- properties:
- next:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- ResponseLinks:
- type: object
- RiskEvent:
- type: object
- properties:
- expiresAt:
+ $ref: '#/components/schemas/SamlAttributeStatement'
+ defaultRelayState:
type: string
- format: date-time
- description: 'Time stamp at which the event expires (Expressed as a UTC time zone using ISO 8601 format: yyyy-MM-dd''T''HH:mm:ss.SSS''Z''). If this optional field is not included, Okta automatically expires the event 24 hours after the event is consumed.'
- subjects:
- type: array
+ description: Identifies a specific application resource in an IDP-initiated SSO scenario
+ destination:
+ type: string
+ destinationOverride:
+ type: string
+ description: Destination override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm)
+ digestAlgorithm:
+ type: string
+ honorForceAuthn:
+ type: boolean
+ description: Set to `true` to prompt users for their credentials when a SAML request has the `ForceAuthn` attribute set to `true`
+ idpIssuer:
+ type: string
+ inlineHooks:
items:
- $ref: '#/components/schemas/RiskEventSubject'
- timestamp:
+ $ref: '#/components/schemas/SignOnInlineHook'
+ type: array
+ participateSlo:
+ $ref: '#/components/schemas/SloParticipate'
+ recipient:
type: string
- format: date-time
- description: 'Time stamp at which the event is produced (Expressed as a UTC time zone using ISO 8601 format: yyyy-MM-dd''T''HH:mm:ss.SSS''Z'').'
- required:
- - subjects
- RiskEventSubject:
- type: object
- properties:
- ip:
+ recipientOverride:
type: string
- description: Either an IpV4 or IpV6 address.
- message:
+ description: Recipient override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm)
+ requestCompressed:
+ type: boolean
+ responseSigned:
+ type: boolean
+ signatureAlgorithm:
type: string
- description: Any additional message that the provider can send specifying the reason for the risk level of the IP.
- maxLength: 512
- pattern: ^[a-zA-Z0-9.\-_]$
- riskLevel:
- $ref: '#/components/schemas/RiskEventSubjectRiskLevel'
- required:
- - ip
- RiskEventSubjectRiskLevel:
- type: string
- x-okta-known-values:
- - HIGH
- - LOW
- - MEDIUM
- RiskPolicyRuleCondition:
+ slo:
+ $ref: '#/components/schemas/SingleLogout'
+ spCertificate:
+ $ref: '#/components/schemas/SpCertificate'
+ spIssuer:
+ type: string
+ ssoAcsUrl:
+ type: string
+ ssoAcsUrlOverride:
+ type: string
+ description: Assertion Consumer Service URL override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm)
+ subjectNameIdFormat:
+ type: string
+ subjectNameIdTemplate:
+ type: string
+ SamlAttributeStatement:
+ description: Define custom attribute statements for the integration. These statements are inserted into the SAML assertions shared with your app
type: object
properties:
- behaviors:
- uniqueItems: true
+ filterType:
+ type: string
+ filterValue:
+ type: string
+ name:
+ type: string
+ namespace:
+ type: string
+ type:
+ type: string
+ values:
type: array
items:
type: string
- RiskProvider:
+ ScheduledUserLifecycleAction:
type: object
properties:
- action:
- $ref: '#/components/schemas/RiskProviderAction'
- clientId:
+ status:
+ $ref: '#/components/schemas/PolicyUserStatus'
+ SchemeApplicationCredentials:
+ allOf:
+ - $ref: '#/components/schemas/ApplicationCredentials'
+ - type: object
+ properties:
+ password:
+ $ref: '#/components/schemas/PasswordCredential'
+ revealPassword:
+ type: boolean
+ description: Allow users to securely see their password
+ scheme:
+ $ref: '#/components/schemas/ApplicationCredentialsScheme'
+ signing:
+ $ref: '#/components/schemas/ApplicationCredentialsSigning'
+ userName:
+ type: string
+ ScreenLockType:
+ type: string
+ x-okta-known-values:
+ - BIOMETRIC
+ - PASSCODE
+ SecurePasswordStoreApplication:
+ x-okta-defined-as:
+ name: template_sps
+ allOf:
+ - $ref: '#/components/schemas/Application'
+ - type: object
+ properties:
+ credentials:
+ $ref: '#/components/schemas/SchemeApplicationCredentials'
+ name:
+ type: string
+ description: Unique key for the app definition
+ default: template_sps
+ settings:
+ $ref: '#/components/schemas/SecurePasswordStoreApplicationSettings'
+ SecurePasswordStoreApplicationSettings:
+ allOf:
+ - $ref: '#/components/schemas/ApplicationSettings'
+ - type: object
+ properties:
+ app:
+ $ref: '#/components/schemas/SecurePasswordStoreApplicationSettingsApplication'
+ SecurePasswordStoreApplicationSettingsApplication:
+ type: object
+ properties:
+ optionalField1:
+ type: string
+ optionalField1Value:
+ type: string
+ optionalField2:
+ type: string
+ optionalField2Value:
type: string
- description: The ID of the [OAuth service app](https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/main/#create-a-service-app-and-grant-scopes) that is used to send risk events to Okta
- created:
+ optionalField3:
type: string
- format: date-time
- description: Timestamp when the risk provider was created
- readOnly: true
- id:
+ optionalField3Value:
type: string
- description: The ID of the risk provider
- readOnly: true
- lastUpdated:
+ passwordField:
type: string
- format: date-time
- description: Timestamp when the risk provider was last updated
- readOnly: true
- name:
+ url:
type: string
- description: Name of the risk provider
- maxLength: 50
- _links:
- type: object
- properties:
- self:
- $ref: '#/components/schemas/HrefObject'
- readOnly: true
- required:
- - name
- - clientId
- RiskProviderAction:
- description: The action taken by Okta during authentication attempts based on the risk events sent by this provider. Logging can be found in the SystemLogs.
- default: log_only
+ usernameField:
+ type: string
+ SeedEnum:
+ description: Determines whether the generated password is the user's Okta password or a randomly generated password
+ default: RANDOM
+ example: OKTA
type: string
x-okta-known-values:
- - enforce_and_log
- - log_only
- - none
- RiskScorePolicyRuleCondition:
- type: object
- properties:
- level:
- type: string
- Role:
+ - OKTA
+ - RANDOM
+ SelfServicePasswordResetAction:
+ allOf:
+ - $ref: '#/components/schemas/PasswordPolicyRuleAction'
+ - type: object
+ - description: Enables or disables users to reset their own password and defines the authenticators and constraints needed to complete the reset
+ properties:
+ type:
+ type: string
+ readOnly: true
+ description: The type of rule action
+ enum:
+ - selfServicePasswordReset
+ requirement:
+ $ref: '#/components/schemas/SsprRequirement'
+ Session:
type: object
properties:
- assignmentType:
- $ref: '#/components/schemas/RoleAssignmentType'
- created:
+ amr:
+ type: array
+ readOnly: true
+ description: Authentication method reference
+ items:
+ $ref: '#/components/schemas/SessionAuthenticationMethod'
+ createdAt:
type: string
format: date-time
readOnly: true
- description:
+ expiresAt:
type: string
+ format: date-time
+ readOnly: true
+ description: A timestamp when the Session expires
id:
type: string
readOnly: true
- label:
+ description: A unique key for the Session
+ idp:
+ $ref: '#/components/schemas/SessionIdentityProvider'
+ lastFactorVerification:
type: string
+ format: date-time
readOnly: true
- lastUpdated:
+ description: A timestamp when the user last performed multifactor authentication
+ lastPasswordVerification:
type: string
format: date-time
readOnly: true
+ description: A timestamp when the user last performed the primary or step-up authentication with a password
+ login:
+ type: string
+ readOnly: true
+ description: A unique identifier for the user (username)
status:
- $ref: '#/components/schemas/LifecycleStatus'
- type:
- $ref: '#/components/schemas/RoleType'
- _embedded:
- type: object
- additionalProperties:
- type: object
- properties: {}
+ $ref: '#/components/schemas/SessionStatus'
+ description: Current Session status
+ userId:
+ type: string
readOnly: true
+ description: A unique key for the user
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
+ $ref: '#/components/schemas/LinksSelf'
+ SessionAuthenticationMethod:
+ type: string
+ x-enumDescriptions:
+ pwd: Password authentication. **Inline hook value:** `PASSWORD` **Example:** Standard password-based sign-in
+ swk: Proof-of-possession (PoP) of a software key. **Inline hook value:** `POP_SOFTWARE_KEY` **Example:** Okta Verify with Push
+ hwk: Proof-of-possession (PoP) of a hardware key. **Inline hook value:** `POP_HARDWARE_KEY` **Example:** Yubikey factor
+ opt: One-time password. **Inline hook value:** `ONE_TIME_PASSWORD`. **Example:** Okta Verify, Google Authenticator
+ sms: SMS text message to the user at a registered number. **Inline hook value:** `SMS_MESSAGE`. **Example:** SMS factor
+ tel: Telephone call to the user at a registered number. **Inline hook value:** `TELEPHONE_CALL`. **Example:** Phone call factor
+ geo: Use of geo-location information. **Inline hook value:** `GEOLOCATION`. **Example:** IP Trust and Network Zone policy conditions
+ fpt: Fingerprint biometric authentication. **Inline hook value:** `BIO_FINGERPRINT`. **Example:** Okta Verify with Touch ID
+ kba: Knowledge-based authentication. **Inline hook value:** `KNOWLEDGE_BASED_AUTHENTICATION`. **Example:** Security Question factor
+ mfa: Multifactor authentication. **Inline hook value:** `MULTIFACTOR_AUTHENTICATION`. **Example:** This value is present whenever any MFA factor verification is performed.
+ mca: Multiple-channel authentication. **Inline hook value:** `MULTIPLE_CHANNEL_AUTHENTICATION`. **Example:** Authentication requires communication over more than one channel, such as Internet and mobile network
+ sc: Smart card authentication. **Inline hook value:** `SMART_CARD. **Example:** User authenticated using a smart card, such as a Personal Identity Verification (PIV) card or Common Access Card (CAC)
+ x-okta-known-values:
+ - fpt
+ - geo
+ - hwk
+ - kba
+ - mca
+ - mfa
+ - otp
+ - pwd
+ - sc
+ - sms
+ - swk
+ - tel
+ SessionIdentityProvider:
+ type: object
+ properties:
+ id:
+ type: string
readOnly: true
- RoleAssignmentType:
+ description: Identity Provider ID. If the `type` is `OKTA`, then the `id` is the org ID.
+ type:
+ $ref: '#/components/schemas/SessionIdentityProviderType'
+ SessionIdentityProviderType:
type: string
x-okta-known-values:
- - GROUP
- - USER
- RolePermissionType:
+ - ACTIVE_DIRECTORY
+ - FEDERATION
+ - LDAP
+ - OKTA
+ - SOCIAL
+ SessionStatus:
type: string
+ x-enumDescriptions:
+ ACTIVE: The Session is established and fully validated.
+ MFA_REQUIRED: The Session is established, but requires second factor verification.
+ MFA_ENROLL: The Session is established, but the user needs to enroll a second factor.
x-okta-known-values:
- - okta.apps.assignment.manage
- - okta.apps.manage
- - okta.apps.manageFirstPartyApps
- - okta.apps.read
- - okta.authzServers.manage
- - okta.authzServers.read
- - okta.customizations.manage
- - okta.customizations.read
- - okta.governance.accessCertifications.manage
- - okta.governance.accessRequests.manage
- - okta.groups.appAssignment.manage
- - okta.groups.create
- - okta.groups.manage
- - okta.groups.members.manage
- - okta.groups.read
- - okta.profilesources.import.run
- - okta.users.appAssignment.manage
- - okta.users.create
- - okta.users.credentials.expirePassword
- - okta.users.credentials.manage
- - okta.users.credentials.resetFactors
- - okta.users.credentials.resetPassword
- - okta.users.groupMembership.manage
- - okta.users.lifecycle.activate
- - okta.users.lifecycle.clearSessions
- - okta.users.lifecycle.deactivate
- - okta.users.lifecycle.delete
- - okta.users.lifecycle.manage
- - okta.users.lifecycle.suspend
- - okta.users.lifecycle.unlock
- - okta.users.lifecycle.unsuspend
- - okta.users.manage
- - okta.users.read
- - okta.users.userprofile.manage
- RoleType:
+ - ACTIVE
+ - MFA_ENROLL
+ - MFA_REQUIRED
+ ShowSignInWithOV:
type: string
x-okta-known-values:
- - API_ACCESS_MANAGEMENT_ADMIN
- - APP_ADMIN
- - GROUP_MEMBERSHIP_ADMIN
- - HELP_DESK_ADMIN
- - MOBILE_ADMIN
- - ORG_ADMIN
- - READ_ONLY_ADMIN
- - REPORT_ADMIN
- - SUPER_ADMIN
- - USER_ADMIN
- SamlApplication:
+ - ALWAYS
+ - NEVER
+ SignInPage:
allOf:
- - $ref: '#/components/schemas/Application'
+ - $ref: '#/components/schemas/CustomizablePage'
- type: object
properties:
- credentials:
- $ref: '#/components/schemas/ApplicationCredentials'
- name:
- type: string
- settings:
- $ref: '#/components/schemas/SamlApplicationSettings'
- SamlApplicationSettings:
- allOf:
- - $ref: '#/components/schemas/ApplicationSettings'
- - type: object
+ contentSecurityPolicySetting:
+ $ref: '#/components/schemas/ContentSecurityPolicySetting'
+ widgetCustomizations:
+ type: object
+ properties:
+ signInLabel:
+ type: string
+ usernameLabel:
+ type: string
+ usernameInfoTip:
+ type: string
+ passwordLabel:
+ type: string
+ passwordInfoTip:
+ type: string
+ showPasswordVisibilityToggle:
+ type: boolean
+ showUserIdentifier:
+ type: boolean
+ forgotPasswordLabel:
+ type: string
+ forgotPasswordUrl:
+ type: string
+ unlockAccountLabel:
+ type: string
+ unlockAccountUrl:
+ type: string
+ helpLabel:
+ type: string
+ helpUrl:
+ type: string
+ customLink1Label:
+ type: string
+ customLink1Url:
+ type: string
+ customLink2Label:
+ type: string
+ customLink2Url:
+ type: string
+ authenticatorPageCustomLinkLabel:
+ type: string
+ authenticatorPageCustomLinkUrl:
+ type: string
+ classicRecoveryFlowEmailOrUsernameLabel:
+ type: string
+ widgetGeneration:
+ $ref: '#/components/schemas/WidgetGeneration'
+ widgetVersion:
+ $ref: '#/components/schemas/Version'
+ SignInPageTouchPointVariant:
+ type: string
+ x-okta-known-values:
+ - BACKGROUND_IMAGE
+ - BACKGROUND_SECONDARY_COLOR
+ - OKTA_DEFAULT
+ SignOnInlineHook:
+ properties:
+ id:
+ type: string
+ readOnly: false
+ SimulatePolicyBody:
+ description: The request body required for a simulate policy operation.
+ type: object
+ properties:
+ appInstance:
+ type: string
+ description: The application instance ID for a simulate operation
+ policyContext:
+ $ref: '#/components/schemas/PolicyContext'
+ policyTypes:
+ type: array
+ description: Supported policy types for a simulate operation. The default value, `null`, returns all types.
+ items:
+ $ref: '#/components/schemas/PolicyType'
+ required:
+ - appInstance
+ SimulatePolicyEvaluations:
+ type: object
+ properties:
+ evaluated:
+ type: object
+ description: A list of evaluated but not matched policies and rules
+ properties:
+ policies:
+ $ref: '#/components/schemas/SimulateResultPolicies'
+ policyType:
+ type: array
+ description: The policy type of the simulate operation
+ items:
+ $ref: '#/components/schemas/PolicyType'
+ result:
+ $ref: '#/components/schemas/SimulatePolicyResult'
+ status:
+ type: string
+ description: The result of this entity evaluation
+ enum:
+ - MATCH
+ - NOT_MATCH
+ - UNDEFINED
+ undefined:
+ type: object
+ description: A list of undefined but not matched policies and rules
properties:
- app:
- $ref: '#/components/schemas/SamlApplicationSettingsApplication'
- signOn:
- $ref: '#/components/schemas/SamlApplicationSettingsSignOn'
- SamlApplicationSettingsApplication:
+ policies:
+ $ref: '#/components/schemas/SimulateResultPolicies'
+ SimulatePolicyResponse:
+ description: The response body returned for a simulate policy operation. An array of `evaluations`.
+ items:
+ $ref: '#/components/schemas/SimulatePolicyEvaluations'
+ type: array
+ SimulatePolicyResult:
+ description: The result of the policy evaluation
type: object
properties:
- acsUrl:
- type: string
- audRestriction:
+ policies:
+ $ref: '#/components/schemas/SimulateResultPolicies'
+ SimulateResultConditions:
+ type: object
+ properties:
+ status:
type: string
- baseUrl:
+ description: The result of the entity evaluation
+ enum:
+ - MATCH
+ - UNMATCHED
+ - UNDEFINED
+ type:
type: string
- SamlApplicationSettingsSignOn:
+ description: The type of condition
+ SimulateResultPolicies:
+ items:
+ $ref: '#/components/schemas/SimulateResultPoliciesItems'
+ type: array
+ SimulateResultPoliciesItems:
type: object
properties:
- acsEndpoints:
- type: array
- items:
- $ref: '#/components/schemas/AcsEndpoint'
- allowMultipleAcsEndpoints:
- type: boolean
- assertionSigned:
- type: boolean
- attributeStatements:
+ conditions:
type: array
- items:
- $ref: '#/components/schemas/SamlAttributeStatement'
- audience:
- type: string
- audienceOverride:
+ $ref: '#/components/schemas/SimulateResultConditions'
+ id:
type: string
- authnContextClassRef:
+ name:
type: string
- defaultRelayState:
+ rules:
+ type: array
+ $ref: '#/components/schemas/SimulateResultRules'
+ status:
type: string
- destination:
+ SimulateResultRules:
+ type: object
+ properties:
+ conditions:
+ type: array
+ $ref: '#/components/schemas/SimulateResultConditions'
+ id:
type: string
- destinationOverride:
+ description: The unique ID number of the policy rule
+ name:
type: string
- digestAlgorithm:
+ description: The name of the policy rule
+ status:
type: string
- honorForceAuthn:
+ description: The result of the entity evaluation
+ enum:
+ - MATCH
+ - UNMATCHED
+ - UNDEFINED
+ SingleLogout:
+ type: object
+ properties:
+ enabled:
type: boolean
- idpIssuer:
+ issuer:
type: string
- inlineHooks:
- items:
- $ref: '#/components/schemas/SignOnInlineHook'
- type: array
- recipient:
+ logoutUrl:
type: string
- recipientOverride:
+ SlackApplicationSettings:
+ allOf:
+ - $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
+ - type: object
+ - required:
+ - app
+ properties:
+ app:
+ $ref: '#/components/schemas/SlackApplicationSettingsApplication'
+ SlackApplicationSettingsApplication:
+ description: Slack app instance properties
+ type: object
+ properties:
+ domain:
type: string
- requestCompressed:
- type: boolean
- responseSigned:
+ description: The Slack app domain name
+ userEmailValue:
+ type: string
+ description: The `User.Email` attribute value
+ required:
+ - domain
+ SloParticipate:
+ type: object
+ properties:
+ bindingType:
+ type: string
+ description: Request binding type
+ enum:
+ - POST
+ - REDIRECT
+ enabled:
type: boolean
- signatureAlgorithm:
+ description: Allows the app to participate in front-channel single logout.
+ logoutRequestUrl:
type: string
- slo:
- $ref: '#/components/schemas/SingleLogout'
- spCertificate:
- $ref: '#/components/schemas/SpCertificate'
- spIssuer:
+ description: URL where Okta sends the logout request.
+ sessionIndexRequired:
+ type: boolean
+ description: Include user session details.
+ SmsTemplate:
+ type: object
+ properties:
+ created:
type: string
- ssoAcsUrl:
+ format: date-time
+ readOnly: true
+ id:
type: string
- ssoAcsUrlOverride:
+ readOnly: true
+ lastUpdated:
type: string
- subjectNameIdFormat:
+ format: date-time
+ readOnly: true
+ name:
type: string
- subjectNameIdTemplate:
+ template:
type: string
- SamlAttributeStatement:
+ translations:
+ $ref: '#/components/schemas/SmsTemplateTranslations'
+ type:
+ $ref: '#/components/schemas/SmsTemplateType'
+ SmsTemplateTranslations:
+ type: object
+ x-okta-extensible: true
+ SmsTemplateType:
+ type: string
+ x-okta-known-values:
+ - SMS_VERIFY_CODE
+ SocialAuthToken:
type: object
properties:
- filterType:
+ expiresAt:
type: string
- filterValue:
+ format: date-time
+ readOnly: true
+ id:
type: string
- name:
+ readOnly: true
+ scopes:
+ type: array
+ items:
+ type: string
+ token:
type: string
- namespace:
+ tokenAuthScheme:
type: string
- type:
+ tokenType:
type: string
- values:
+ SourceLinks:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ schema:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: The associated schema
+ SpCertificate:
+ type: object
+ properties:
+ x5c:
type: array
items:
type: string
- ScheduledUserLifecycleAction:
+ SplunkEdition:
+ description: Edition of the Splunk Cloud instance
+ example: aws
+ type: string
+ x-okta-known-values:
+ - aws
+ - aws_govcloud
+ - gcp
+ SplunkHost:
+ description: 'The domain name for your Splunk Cloud instance. Don''t include `http` or `https` in the string. For example: `acme.splunkcloud.com`'
+ minLength: 17
+ maxLength: 116
+ example: acme.splunkcloud.com
+ type: string
+ SplunkToken:
+ description: The HEC token for your Splunk Cloud HTTP Event Collector. The token value is set at object creation, but isn't returned.
+ example: 11111111-1111-2222-2222-222222222222
+ writeOnly: true
+ type: string
+ pattern: (?i)^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$
+ Sso:
+ description: 'Supported SSO protocol configurations. You must configure at least one protocol: `oidc` or `saml`'
type: object
properties:
- status:
- $ref: '#/components/schemas/PolicyUserStatus'
- SchemeApplicationCredentials:
+ oidc:
+ $ref: '#/components/schemas/Oidc'
+ saml:
+ $ref: '#/components/schemas/Saml'
+ SsprPrimaryRequirement:
+ description: Defines the authenticators permitted for the initial authentication step of password recovery
+ type: object
+ properties:
+ methodConstraints:
+ description: Constraints on the values specified in the `methods` array. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint.
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticatorMethodConstraint'
+ methods:
+ type: array
+ description: Authenticator methods allowed for the initial authentication step of password recovery. Method `otp` requires a constraint limiting it to a Google authenticator.
+ items:
+ type: string
+ enum:
+ - push
+ - sms
+ - voice
+ - email
+ - otp
+ SsprRequirement:
+ description: Describes the initial and secondary authenticator requirements a user needs to reset their password
+ type: object
+ properties:
+ primary:
+ $ref: '#/components/schemas/SsprPrimaryRequirement'
+ stepUp:
+ $ref: '#/components/schemas/SsprStepUpRequirement'
+ SsprStepUpRequirement:
+ description: |-
+ Defines the secondary authenticators needed for password reset if `required` is true. The following are three valid configurations:
+ * `required`=false
+ * `required`=true with no methods to use any SSO authenticator
+ * `required`=true with `security_question` as the method
+ type: object
+ properties:
+ methods:
+ description: Authenticator methods required for secondary authentication step of password recovery. Specify this value only when `required` is true and `security_question` is permitted for the secondary authentication.
+ type: array
+ items:
+ type: string
+ enum:
+ - security_question
+ required:
+ type: boolean
+ SubmissionRequest:
allOf:
- - $ref: '#/components/schemas/ApplicationCredentials'
- - type: object
+ - $ref: '#/components/schemas/SubmissionResponse'
+ required:
+ - name
+ - description
+ - logo
+ SubmissionResponse:
+ type: object
+ properties:
+ config:
+ type: array
+ description: 'List of org-level variables for the customer per-tenant configuration. For example, a `subdomain` variable can be used in the ACS URL: `https://${org.subdomain}.example.com/saml/login`'
+ items:
+ type: object
+ properties:
+ label:
+ type: string
+ description: Display name of the variable in the Admin Console
+ example: Subdomain
+ name:
+ type: string
+ maxLength: 1024
+ minLength: 1
+ description: Name of the variable
+ example: subdomain
+ description:
+ type: string
+ maxLength: 1024
+ minLength: 1
+ description: A general description of your application and the benefits provided to your customers
+ example: Your one source for in-season strawberry deals. Okta's Strawberry Central integration allow users to securely access those sweet deals.
+ id:
+ type: string
+ description: OIN Integration ID
+ readOnly: true
+ example: acme_submissionapp_1
+ lastPublished:
+ type: string
+ description: Timestamp when the OIN Integration was last published
+ readOnly: true
+ example: '2023-08-24T14:15:22.000Z'
+ lastUpdated:
+ type: string
+ description: Timestamp when the OIN Integration instance was last updated
+ readOnly: true
+ example: '2023-08-24T14:15:22.000Z'
+ lastUpdatedBy:
+ type: string
+ description: ID of the user who made the last update
+ readOnly: true
+ example: 00ub0oNGTSWTBKOLGLNR
+ logo:
+ type: string
+ format: uri
+ description: URL to an uploaded application logo. This logo appears next to your app integration name in the OIN catalog. You must first [Upload an OIN Integration logo](/openapi/okta-management/management/tag/YourOinIntegrations/#tag/YourOinIntegrations/operation/uploadSubmissionLogo) to obtain the logo URL before you can specify this value.
+ example: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ name:
+ type: string
+ maxLength: 64
+ minLength: 1
+ description: The app integration name. This is the main title used for your integration in the OIN catalog.
+ example: Strawberry Central
+ sso:
+ $ref: '#/components/schemas/Sso'
+ status:
+ type: string
+ description: Status of the OIN Integration submission
+ readOnly: true
+ example: New
+ Subscription:
+ type: object
+ properties:
+ channels:
+ description: |-
+ An array of sources send notifications to users.
+ > **Note**: Currently, Okta only allows `email` channels.
+ items:
+ type: string
+ type: array
+ notificationType:
+ $ref: '#/components/schemas/NotificationType'
+ status:
+ $ref: '#/components/schemas/SubscriptionStatus'
+ _links:
+ type: object
+ description: Discoverable resources related to the subscription
properties:
- password:
- $ref: '#/components/schemas/PasswordCredential'
- revealPassword:
- type: boolean
- scheme:
- $ref: '#/components/schemas/ApplicationCredentialsScheme'
- signing:
- $ref: '#/components/schemas/ApplicationCredentialsSigning'
- userName:
- type: string
- ScreenLockType:
+ self:
+ $ref: '#/components/schemas/HrefObject'
+ readOnly: true
+ SubscriptionStatus:
+ description: The status of the subscription
type: string
x-okta-known-values:
- - BIOMETRIC
- - PASSCODE
- SecurePasswordStoreApplication:
- x-okta-defined-as:
- name: template_sps
- allOf:
- - $ref: '#/components/schemas/Application'
- - type: object
+ - subscribed
+ - unsubscribed
+ SupportedMethods:
+ type: object
+ properties:
+ settings:
+ type: object
properties:
- credentials:
- $ref: '#/components/schemas/SchemeApplicationCredentials'
- name:
+ keyProtection:
type: string
- default: template_sps
- settings:
- $ref: '#/components/schemas/SecurePasswordStoreApplicationSettings'
- SecurePasswordStoreApplicationSettings:
+ algorithms:
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticatorMethodAlgorithm'
+ transactionTypes:
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticatorMethodTransactionType'
+ status:
+ type: string
+ type:
+ type: string
+ enum:
+ - push
+ SwaApplicationSettings:
allOf:
- $ref: '#/components/schemas/ApplicationSettings'
- type: object
properties:
app:
- $ref: '#/components/schemas/SecurePasswordStoreApplicationSettingsApplication'
- SecurePasswordStoreApplicationSettingsApplication:
+ $ref: '#/components/schemas/SwaApplicationSettingsApplication'
+ SwaApplicationSettingsApplication:
type: object
properties:
- optionalField1:
+ buttonField:
type: string
- optionalField1Value:
+ buttonSelector:
type: string
- optionalField2:
+ checkbox:
type: string
- optionalField2Value:
+ extraFieldSelector:
type: string
- optionalField3:
+ extraFieldValue:
type: string
- optionalField3Value:
+ loginUrlRegex:
type: string
passwordField:
type: string
+ passwordSelector:
+ type: string
+ redirectUrl:
+ type: string
+ targetURL:
+ type: string
url:
type: string
usernameField:
type: string
- SecurityQuestion:
+ userNameSelector:
+ type: string
+ TempPassword:
type: object
properties:
- answer:
- type: string
- question:
+ tempPassword:
type: string
- questionText:
+ readOnly: true
+ TestInfo:
+ description: Integration Testing Information
+ type: object
+ properties:
+ escalationSupportContact:
type: string
- SecurityQuestionUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
+ maxLength: 255
+ description: An email for Okta to contact your company about your integration. This email isn't shared with customers.
+ example: strawberry.support@example.com
+ oidcTestConfiguration:
+ type: object
+ description: OIDC test details
properties:
- profile:
- $ref: '#/components/schemas/SecurityQuestionUserFactorProfile'
- SecurityQuestionUserFactorProfile:
+ idp:
+ type: boolean
+ description: Read only.
Indicates if your integration supports IdP-initiated sign-in flows. If [`sso.oidc.initiateLoginUri`](/openapi/okta-management/management/tag/YourOinIntegrations/#tag/YourOinIntegrations/operation/createSubmission!path=sso/oidc/initiateLoginUri&t=request) is specified, this property is set to `true`. If [`sso.oidc.initiateLoginUri`](/openapi/okta-management/management/tag/YourOinIntegrations/#tag/YourOinIntegrations/operation/createSubmission!path=sso/oidc/initiateLoginUri&t=request) isn't set for the integration submission, this property is set to `false`
+ readOnly: true
+ sp:
+ type: boolean
+ description: Read only.
Indicates if your integration supports SP-initiated sign-in flows and is always set to `true` for OIDC SSO
+ readOnly: true
+ jit:
+ type: boolean
+ description: Indicates if your integration supports Just-In-Time (JIT) provisioning
+ spInitiateUrl:
+ type: string
+ format: uri
+ maxLength: 512
+ description: URL for SP-initiated sign-in flows (required if `sp = true`)
+ example: https://test.example.com/strawberry/oidc/sp-init
+ required:
+ - spInitiateUrl
+ samlTestConfiguration:
+ type: object
+ description: SAML test details
+ properties:
+ idp:
+ type: boolean
+ description: Indicates if your integration supports IdP-initiated sign-in
+ sp:
+ type: boolean
+ description: Indicates if your integration supports SP-initiated sign-in
+ jit:
+ type: boolean
+ description: Indicates if your integration supports Just-In-Time (JIT) provisioning
+ spInitiateUrl:
+ type: string
+ format: uri
+ maxLength: 512
+ description: URL for SP-initiated sign-in flows (required if `sp = true`)
+ example: https://test.example.com/strawberry/saml/sp-init
+ spInitiateDescription:
+ type: string
+ maxLength: 2048
+ description: Instructions on how to sign in to your app using the SP-initiated flow (required if `sp = true`)
+ example: Go to your app URL from a browser and enter your username
+ required:
+ - spInitiateUrl
+ testAccount:
+ type: object
+ description: An account on a test instance of your app with admin privileges. A test admin account is required by Okta for integration testing. During OIN QA testing, an Okta analyst uses this admin account to configure your app for the various test case flows.
+ properties:
+ url:
+ type: string
+ format: uri
+ maxLength: 512
+ description: The sign-in URL to a test instance of your app
+ example: https://example.com/strawberry/login
+ username:
+ type: string
+ maxLength: 255
+ description: The username for your app admin account
+ example: test@example.com
+ password:
+ type: string
+ maxLength: 255
+ description: The password for your app admin account
+ example: sUperP@ssw0rd
+ instructions:
+ type: string
+ maxLength: 2048
+ description: Additional instructions to test the app integration, including instructions for obtaining test accounts
+ example: Go to your app URL from a browser and enter your credentials
+ required:
+ - url
+ - username
+ - password
+ required:
+ - escalationSupportContact
+ Theme:
type: object
properties:
- answer:
+ backgroundImage:
+ readOnly: true
type: string
- question:
+ emailTemplateTouchPointVariant:
+ $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
+ endUserDashboardTouchPointVariant:
+ $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
+ errorPageTouchPointVariant:
+ $ref: '#/components/schemas/ErrorPageTouchPointVariant'
+ loadingPageTouchPointVariant:
+ $ref: '#/components/schemas/LoadingPageTouchPointVariant'
+ primaryColorContrastHex:
type: string
- questionText:
+ primaryColorHex:
type: string
- SeedEnum:
- type: string
- x-okta-known-values:
- - OKTA
- - RANDOM
- Session:
+ secondaryColorContrastHex:
+ type: string
+ secondaryColorHex:
+ type: string
+ signInPageTouchPointVariant:
+ $ref: '#/components/schemas/SignInPageTouchPointVariant'
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ ThemeResponse:
type: object
properties:
- amr:
- type: array
+ backgroundImage:
readOnly: true
- items:
- $ref: '#/components/schemas/SessionAuthenticationMethod'
- createdAt:
type: string
- format: date-time
+ emailTemplateTouchPointVariant:
+ $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
+ endUserDashboardTouchPointVariant:
+ $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
+ errorPageTouchPointVariant:
+ $ref: '#/components/schemas/ErrorPageTouchPointVariant'
+ favicon:
readOnly: true
- expiresAt:
type: string
- format: date-time
- readOnly: true
id:
- type: string
readOnly: true
- idp:
- $ref: '#/components/schemas/SessionIdentityProvider'
- lastFactorVerification:
type: string
- format: date-time
+ loadingPageTouchPointVariant:
+ $ref: '#/components/schemas/LoadingPageTouchPointVariant'
+ logo:
readOnly: true
- lastPasswordVerification:
type: string
- format: date-time
- readOnly: true
- login:
+ primaryColorContrastHex:
type: string
- readOnly: true
- status:
- $ref: '#/components/schemas/SessionStatus'
- userId:
+ primaryColorHex:
type: string
- readOnly: true
- _links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
- SessionAuthenticationMethod:
- type: string
- x-okta-known-values:
- - fpt
- - geo
- - hwk
- - kba
- - mca
- - mfa
- - otp
- - pwd
- - sc
- - sms
- - swk
- - tel
- SessionIdentityProvider:
- type: object
- properties:
- id:
+ secondaryColorContrastHex:
type: string
- readOnly: true
- type:
- $ref: '#/components/schemas/SessionIdentityProviderType'
- SessionIdentityProviderType:
- type: string
- x-okta-known-values:
- - ACTIVE_DIRECTORY
- - FEDERATION
- - LDAP
- - OKTA
- - SOCIAL
- SessionStatus:
- type: string
- x-okta-known-values:
- - ACTIVE
- - MFA_ENROLL
- - MFA_REQUIRED
- SignInPage:
- allOf:
- - $ref: '#/components/schemas/CustomizablePage'
- - type: object
- properties:
- widgetCustomizations:
- type: object
- properties:
- signInLabel:
- type: string
- usernameLabel:
- type: string
- usernameInfoTip:
- type: string
- passwordLabel:
- type: string
- passwordInfoTip:
- type: string
- showPasswordVisibilityToggle:
- type: boolean
- showUserIdentifier:
- type: boolean
- forgotPasswordLabel:
- type: string
- forgotPasswordUrl:
- type: string
- unlockAccountLabel:
- type: string
- unlockAccountUrl:
- type: string
- helpLabel:
- type: string
- helpUrl:
- type: string
- customLink1Label:
- type: string
- customLink1Url:
- type: string
- customLink2Label:
- type: string
- customLink2Url:
- type: string
- authenticatorPageCustomLinkLabel:
- type: string
- authenticatorPageCustomLinkUrl:
- type: string
- classicRecoveryFlowEmailOrUsernameLabel:
- type: string
- widgetVersion:
- $ref: '#/components/schemas/Version'
- SignInPageTouchPointVariant:
- type: string
- x-okta-known-values:
- - BACKGROUND_IMAGE
- - BACKGROUND_SECONDARY_COLOR
- - OKTA_DEFAULT
- SignOnInlineHook:
- properties:
- id:
+ secondaryColorHex:
type: string
- readOnly: false
- SingleLogout:
+ signInPageTouchPointVariant:
+ $ref: '#/components/schemas/SignInPageTouchPointVariant'
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ ThirdPartyAdminSetting:
+ description: The third-party admin setting
type: object
properties:
- enabled:
+ thirdPartyAdmin:
type: boolean
- issuer:
- type: string
- logoutUrl:
- type: string
- SmsTemplate:
+ ThreatInsightConfiguration:
type: object
properties:
+ action:
+ type: string
+ description: Specifies how Okta responds to authentication requests from suspicious IP addresses
+ enum:
+ - none
+ - audit
+ - block
+ x-enumDescriptions:
+ none: Indicates that ThreatInsight is disabled
+ audit: Indicates that Okta logs suspicious requests to the System Log
+ block: Indicates that Okta logs suspicious requests to the System Log and blocks the requests
+ example: none
created:
type: string
format: date-time
+ description: Timestamp when the ThreatInsight Configuration object was created
+ example: '2020-08-05T22:18:30.629Z'
readOnly: true
- id:
- type: string
- readOnly: true
+ excludeZones:
+ type: array
+ description: |-
+ Accepts a list of [Network Zone](/openapi/okta-management/management/tag/NetworkZone/) IDs.
+ IPs in the excluded network zones aren't logged or blocked.
+ This ensures that traffic from known, trusted IPs isn't accidentally logged or blocked.
+ items:
+ type: string
+ example: []
lastUpdated:
type: string
format: date-time
+ description: Timestamp when the ThreatInsight Configuration object was last updated
readOnly: true
- name:
- type: string
- template:
- type: string
- translations:
- $ref: '#/components/schemas/SmsTemplateTranslations'
- type:
- $ref: '#/components/schemas/SmsTemplateType'
- SmsTemplateTranslations:
- type: object
- x-okta-extensible: true
- SmsTemplateType:
+ example: '2020-09-08T20:53:20.882Z'
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ required:
+ - action
+ TimeDuration:
+ description: A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations).
type: string
- x-okta-known-values:
- - SMS_VERIFY_CODE
- SmsUserFactor:
+ pattern: ^P(?!$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?$
+ TokenAuthorizationServerPolicyRuleAction:
+ type: object
+ properties:
+ accessTokenLifetimeMinutes:
+ type: integer
+ description: Lifetime of the access token in minutes. The minimum is five minutes. The maximum is one day.
+ inlineHook:
+ $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleActionInlineHook'
+ refreshTokenLifetimeMinutes:
+ type: integer
+ description: Lifetime of the refresh token is the minimum access token lifetime.
+ refreshTokenWindowMinutes:
+ type: integer
+ description: Timeframe when the refresh token is valid. The minimum is 10 minutes. The maximum is five years (2,628,000 minutes).
+ TokenAuthorizationServerPolicyRuleActionInlineHook:
+ type: object
+ properties:
+ id:
+ type: string
+ readOnly: false
+ TrendMicroApexOneServiceApplicationSettings:
allOf:
- - $ref: '#/components/schemas/UserFactor'
+ - $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
- type: object
+ - required:
+ - app
properties:
- profile:
- $ref: '#/components/schemas/SmsUserFactorProfile'
- SmsUserFactorProfile:
+ app:
+ $ref: '#/components/schemas/TrendMicroApexOneServiceApplicationSettingsApplication'
+ TrendMicroApexOneServiceApplicationSettingsApplication:
+ description: Trend Micro Apex One as a Service app instance properties
type: object
properties:
- phoneNumber:
+ baseURL:
type: string
- SocialAuthToken:
+ description: Base URL
+ required:
+ - baseURL
+ TrustedOrigin:
type: object
properties:
- expiresAt:
+ created:
type: string
format: date-time
readOnly: true
+ createdBy:
+ type: string
id:
type: string
readOnly: true
- scopes:
- type: array
- items:
- type: string
- token:
+ lastUpdated:
type: string
- tokenAuthScheme:
+ format: date-time
+ readOnly: true
+ lastUpdatedBy:
type: string
- tokenType:
+ name:
type: string
- SpCertificate:
- type: object
- properties:
- x5c:
+ origin:
+ type: string
+ scopes:
type: array
items:
- type: string
- Subscription:
+ $ref: '#/components/schemas/TrustedOriginScope'
+ status:
+ type: string
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ TrustedOriginScope:
type: object
properties:
- channels:
- items:
- type: string
+ allowedOktaApps:
type: array
- notificationType:
- $ref: '#/components/schemas/NotificationType'
- status:
- $ref: '#/components/schemas/SubscriptionStatus'
- _links:
- additionalProperties:
- type: object
- readOnly: true
- type: object
- SubscriptionStatus:
+ items:
+ $ref: '#/components/schemas/IframeEmbedScopeAllowedApps'
+ type:
+ $ref: '#/components/schemas/TrustedOriginScopeType'
+ TrustedOriginScopeType:
type: string
x-okta-known-values:
- - subscribed
- - unsubscribed
- SwaApplicationSettings:
- allOf:
- - $ref: '#/components/schemas/ApplicationSettings'
- - type: object
- properties:
- app:
- $ref: '#/components/schemas/SwaApplicationSettingsApplication'
- SwaApplicationSettingsApplication:
+ - CORS
+ - IFRAME_EMBED
+ - REDIRECT
+ UIElement:
+ description: Specifies the configuration of an input field on an enrollment form
type: object
properties:
- buttonField:
- type: string
- buttonSelector:
+ label:
type: string
- checkbox:
+ description: Label name for the UI element
+ options:
+ type: object
+ description: UI Schema element options object
+ properties:
+ format:
+ type: string
+ description: Specifies how the input appears
+ enum:
+ - text
+ - radio
+ - select
+ - checkbox
+ - radio_yes_no
+ - radio_true_false
+ x-enumDescriptions:
+ text: The default format for the majority of property types.
+ radio: Radio button options. This option is only available for `string` data types with an `enum` or `one of` constraint.
+ select: Displays input as a dropdown list. This option is only available for the `country-code` data type or a string data type with an enum or one of constraint.
+ checkbox: Displays input as a checkbox. This option is only available for Boolean data types.
+ radio_yes_no: Displays input as two radio buttons, one with the option `yes` and the other `no`. This option is only available for Boolean data types.
+ radio_true_false: Displays input as two radio buttons, one with the option `true` and the other `false`. This option is only available for Boolean data types.
+ scope:
type: string
- extraFieldSelector:
+ description: Specifies the property bound to the input field. It must follow the format `#/properties/PROPERTY_NAME` where `PROPERTY_NAME` is a variable name for an attribute in `profile editor`.
+ type:
type: string
- extraFieldValue:
+ description: Specifies the relationship between this input element and `scope`. The `Control` value specifies that this input controls the value represented by `scope`.
+ UISchemaObject:
+ description: Properties of the UI schema
+ type: object
+ properties:
+ buttonLabel:
type: string
- loginUrlRegex:
+ description: Specifies the button label for the `Submit` button at the bottom of the enrollment form.
+ default: Submit
+ elements:
+ $ref: '#/components/schemas/UIElement'
+ label:
type: string
- passwordField:
+ description: Specifies the label at the top of the enrollment form under the logo.
+ default: Sign in
+ type:
type: string
- passwordSelector:
+ description: Specifies the type of layout
+ UISchemasResponseObject:
+ type: object
+ properties:
+ created:
type: string
- redirectUrl:
+ format: date-time
+ description: Timestamp when the UI Schema was created (ISO-86001)
+ readOnly: true
+ id:
type: string
- targetURL:
+ description: Unique identifier for the UI Schema
+ readOnly: true
+ lastUpdated:
type: string
- url:
+ format: date-time
+ description: Timestamp when the UI Schema was last modified (ISO-86001)
+ readOnly: true
+ uiSchema:
+ $ref: '#/components/schemas/UISchemaObject'
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ required:
+ - id
+ - uiSchema
+ - created
+ - lastUpdated
+ - _links
+ UpdateDomain:
+ type: object
+ properties:
+ brandId:
+ description: The `id` of the brand used to replace the existing brand.
type: string
- usernameField:
+ example: bndul904tTZ6kWVhP0g3
+ required:
+ - brandId
+ UpdateEmailDomain:
+ allOf:
+ - $ref: '#/components/schemas/BaseEmailDomain'
+ UpdateIamRoleRequest:
+ type: object
+ properties:
+ description:
type: string
- userNameSelector:
+ description: Description of the role
+ label:
type: string
- TempPassword:
+ description: Unique label for the role
+ required:
+ - label
+ - description
+ UpdateRealmAssignmentRuleRequest:
type: object
properties:
- tempPassword:
+ actions:
+ $ref: '#/components/schemas/Actions'
+ conditions:
+ $ref: '#/components/schemas/Conditions'
+ name:
type: string
- readOnly: true
- Theme:
+ priority:
+ type: integer
+ UpdateRealmRequest:
type: object
properties:
- backgroundImage:
+ profile:
+ $ref: '#/components/schemas/RealmProfile'
+ UpdateUISchema:
+ description: The updated request body properties
+ type: object
+ properties:
+ uiSchema:
+ $ref: '#/components/schemas/UISchemaObject'
+ UpdateUserRequest:
+ type: object
+ properties:
+ credentials:
+ $ref: '#/components/schemas/UserCredentials'
+ profile:
+ $ref: '#/components/schemas/UserProfile'
+ User:
+ type: object
+ properties:
+ activated:
+ type: string
+ description: The timestamp when the user status transitioned to `ACTIVE`
+ format: date-time
readOnly: true
+ nullable: true
+ created:
type: string
- emailTemplateTouchPointVariant:
- $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
- endUserDashboardTouchPointVariant:
- $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
- errorPageTouchPointVariant:
- $ref: '#/components/schemas/ErrorPageTouchPointVariant'
- loadingPageTouchPointVariant:
- $ref: '#/components/schemas/LoadingPageTouchPointVariant'
- primaryColorContrastHex:
+ description: The timestamp when the user was created
+ format: date-time
+ readOnly: true
+ credentials:
+ $ref: '#/components/schemas/UserCredentials'
+ id:
type: string
- primaryColorHex:
+ description: The unique key for the user
+ readOnly: true
+ lastLogin:
type: string
- secondaryColorContrastHex:
+ description: The timestamp of the last login
+ format: date-time
+ readOnly: true
+ nullable: true
+ lastUpdated:
type: string
- secondaryColorHex:
+ description: The timestamp when the user was last updated
+ format: date-time
+ readOnly: true
+ passwordChanged:
type: string
- signInPageTouchPointVariant:
- $ref: '#/components/schemas/SignInPageTouchPointVariant'
- _links:
+ description: The timestamp when the user's password was last updated
+ format: date-time
+ readOnly: true
+ nullable: true
+ profile:
+ $ref: '#/components/schemas/UserProfile'
+ status:
+ $ref: '#/components/schemas/UserStatus'
+ statusChanged:
+ type: string
+ description: The timestamp when the status of the user last changed
+ format: date-time
+ readOnly: true
+ nullable: true
+ transitioningToStatus:
+ type: string
+ description: The target status of an in-progress asynchronous status transition. This property is only returned if the user's state is transitioning.
+ readOnly: true
+ nullable: true
+ enum:
+ - ACTIVE
+ - DEPROVISIONED
+ - PROVISIONED
+ type:
+ type: object
+ description: |-
+ The user type that determines the schema for the user's profile. The `type` property is a map that identifies
+ the User Type (see [User Types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/#tag/UserType)).
+ Currently it contains a single element, `id`. It can be specified when creating a new user, and may be updated by an administrator on a full replace of an existing user (but not a partial update).
+ properties:
+ id:
+ type: string
+ description: The ID of the user type
+ _embedded:
+ type: object
+ description: If specified, includes embedded resources related to the user
additionalProperties:
type: object
+ properties: {}
readOnly: true
- type: object
- ThemeResponse:
+ _links:
+ description: |-
+ Specifies link relations (see [Web Linking](https://datatracker.ietf.org/doc/html/rfc8288) available for the current status of a user.
+ The Links object is used for dynamic discovery of related resources, lifecycle operations, and credential operations. The Links object is read-only.
+
+ For an individual user result, the Links object contains a full set of link relations available for that user as determined by your policies.
+ For a collection of users, the Links object contains only the self link. Operations that return a collection of Users include List Users and List Group Members.
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ self:
+ description: Link to the individual user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ activate:
+ description: Link to activate the user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ resetPassword:
+ description: Link to reset the user's password
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ resetFactors:
+ description: Link to reset the user's factors
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ expirePassword:
+ description: Link to expire the user's password
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ forgotPassword:
+ description: Link to initiate a forgot password operation
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ changeRecoveryQuestion:
+ description: Link to change the user's recovery question
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ deactivate:
+ description: Link to deactivate a user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ reactivate:
+ description: Link to reactivate the user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ changePassword:
+ description: Link to change the user's password
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ schema:
+ description: Link to the user's profile schema
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ suspend:
+ description: Link to suspend the user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ unsuspend:
+ description: Link to unsuspend the user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ unlock:
+ description: Link to unlock the locked-out user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ type:
+ description: Link to the user type
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - readOnly: true
+ UserActivationToken:
type: object
properties:
- backgroundImage:
- readOnly: true
+ activationToken:
type: string
- emailTemplateTouchPointVariant:
- $ref: '#/components/schemas/EmailTemplateTouchPointVariant'
- endUserDashboardTouchPointVariant:
- $ref: '#/components/schemas/EndUserDashboardTouchPointVariant'
- errorPageTouchPointVariant:
- $ref: '#/components/schemas/ErrorPageTouchPointVariant'
- favicon:
readOnly: true
+ activationUrl:
type: string
- id:
readOnly: true
+ UserBlock:
+ description: The description of the access block
+ type: object
+ properties:
+ appliesTo:
type: string
- loadingPageTouchPointVariant:
- $ref: '#/components/schemas/LoadingPageTouchPointVariant'
- logo:
readOnly: true
+ description: The devices that the block applies to
+ enum:
+ - ANY_DEVICES
+ - UNKNOWN_DEVICES
+ x-enumDescriptions:
+ ANY_DEVICES: The account is blocked for all devices
+ UNKNOWN_DEVICES: The account is only blocked for unknown devices
+ type:
type: string
- primaryColorContrastHex:
- type: string
- primaryColorHex:
- type: string
- secondaryColorContrastHex:
- type: string
- secondaryColorHex:
- type: string
- signInPageTouchPointVariant:
- $ref: '#/components/schemas/SignInPageTouchPointVariant'
- _links:
- additionalProperties:
- type: object
readOnly: true
- type: object
- ThreatInsightConfiguration:
+ description: Type of access block
+ enum:
+ - DEVICE_BASED
+ UserCondition:
+ description: Specifies a set of Users to be included or excluded
+ type: object
+ properties:
+ exclude:
+ description: Users to be excluded
+ type: array
+ items:
+ type: string
+ include:
+ description: Users to be included
+ type: array
+ items:
+ type: string
+ UserCredentials:
+ type: object
+ properties:
+ password:
+ $ref: '#/components/schemas/PasswordCredential'
+ provider:
+ $ref: '#/components/schemas/AuthenticationProvider'
+ recovery_question:
+ $ref: '#/components/schemas/RecoveryQuestionCredential'
+ UserFactor:
type: object
properties:
- action:
- type: string
created:
+ description: Timestamp indicating when the Factor was enrolled
type: string
format: date-time
readOnly: true
- excludeZones:
- type: array
- items:
- type: string
+ factorType:
+ $ref: '#/components/schemas/UserFactorType'
+ id:
+ description: ID of the Factor
+ type: string
+ readOnly: true
lastUpdated:
+ description: Timestamp indicating when the Factor was last updated
type: string
format: date-time
readOnly: true
- _links:
+ profile:
+ type: object
+ description: Specific attributes related to the Factor
+ provider:
+ $ref: '#/components/schemas/UserFactorProvider'
+ status:
+ $ref: '#/components/schemas/UserFactorStatus'
+ vendorName:
+ description: Name of the Factor vendor. This is usually the same as the provider except for On-Prem MFA where it depends on administrator settings.
+ type: string
+ example: OKTA
+ readOnly: true
+ _embedded:
type: object
additionalProperties:
type: object
properties: {}
readOnly: true
- TimeDuration:
- description: A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations).
- type: string
- pattern: ^P(?!$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?$
- TokenAuthorizationServerPolicyRuleAction:
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ discriminator: *ref_19
+ UserFactorActivateRequest:
type: object
properties:
- accessTokenLifetimeMinutes:
- type: integer
- inlineHook:
- $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleActionInlineHook'
- refreshTokenLifetimeMinutes:
- type: integer
- refreshTokenWindowMinutes:
- type: integer
- TokenAuthorizationServerPolicyRuleActionInlineHook:
+ attestation:
+ type: string
+ clientData:
+ type: string
+ passCode:
+ type: string
+ registrationData:
+ type: string
+ stateToken:
+ type: string
+ UserFactorCall:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorCallProfile'
+ UserFactorCallProfile:
type: object
properties:
- id:
+ phoneExtension:
+ description: Extension of the associated `phoneNumber`
type: string
- readOnly: false
- TokenUserFactor:
+ nullable: true
+ maxLength: 15
+ phoneNumber:
+ description: Phone number of the Factor. You should format phone numbers to use the [E.164 standard](https://www.itu.int/rec/T-REC-E.164/).
+ example: '+15554151337'
+ type: string
+ pattern: ^\+[1-9]\d{1,14}$
+ maxLength: 15
+ UserFactorCustomHOTP:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ factorProfileId:
+ description: ID of an existing Custom TOTP Factor profile. To create this, see [Custom TOTP Factor](https://help.okta.com/okta_help.htm?id=ext-mfa-totp).
+ type: string
+ profile:
+ $ref: '#/components/schemas/UserFactorCustomHOTPProfile'
+ UserFactorCustomHOTPProfile:
+ type: object
+ properties:
+ sharedSecret:
+ description: Unique secret key used to generate the OTP
+ type: string
+ example: 484f97be3213b117e3a20438e291540a
+ UserFactorEmail:
allOf:
- $ref: '#/components/schemas/UserFactor'
- type: object
properties:
profile:
- $ref: '#/components/schemas/TokenUserFactorProfile'
- TokenUserFactorProfile:
+ $ref: '#/components/schemas/UserFactorEmailProfile'
+ UserFactorEmailProfile:
type: object
properties:
- credentialId:
+ email:
+ description: Email address of the user
+ maxLength: 100
+ example: z.cool@example.com
type: string
- TotpUserFactor:
+ UserFactorHardware:
allOf:
- $ref: '#/components/schemas/UserFactor'
- type: object
properties:
profile:
- $ref: '#/components/schemas/TotpUserFactorProfile'
- TotpUserFactorProfile:
+ $ref: '#/components/schemas/UserFactorHardwareProfile'
+ UserFactorHardwareProfile:
type: object
properties:
credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
type: string
- TrustedOrigin:
+ UserFactorProvider:
+ description: Provider for the Factor
+ type: string
+ x-okta-known-values:
+ - CUSTOM
+ - DUO
+ - FIDO
+ - GOOGLE
+ - OKTA
+ - RSA
+ - SYMANTEC
+ - YUBICO
+ UserFactorPush:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ expiresAt:
+ description: Timestamp indicating when the Factor verification attempt expires
+ type: string
+ format: date-time
+ readOnly: true
+ factorResult:
+ $ref: '#/components/schemas/UserFactorResultType'
+ profile:
+ $ref: '#/components/schemas/UserFactorPushProfile'
+ UserFactorPushProfile:
type: object
properties:
- created:
+ credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
type: string
- format: date-time
- readOnly: true
- createdBy:
+ deviceToken:
+ description: Token used to identify the device
type: string
- id:
+ deviceType:
+ description: Type of device
+ example: SmartPhone_IPhone
type: string
- readOnly: true
- lastUpdated:
+ name:
+ description: Name of the device
+ example: My Phone
type: string
- format: date-time
- readOnly: true
- lastUpdatedBy:
+ platform:
+ description: OS version of the associated device
+ example: IOS
type: string
- name:
+ version:
+ description: Installed version of Okta Verify
+ example: '9.0'
type: string
- origin:
+ UserFactorResultType:
+ description: Result of a Factor verification attempt
+ type: string
+ x-okta-known-values:
+ - CANCELLED
+ - CHALLENGE
+ - ERROR
+ - FAILED
+ - PASSCODE_REPLAYED
+ - REJECTED
+ - SUCCESS
+ - TIMEOUT
+ - TIME_WINDOW_EXCEEDED
+ - WAITING
+ UserFactorSMS:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorSMSProfile'
+ UserFactorSMSProfile:
+ type: object
+ properties:
+ phoneNumber:
+ description: Phone number of the Factor. You should format phone numbers to use the [E.164 standard](https://www.itu.int/rec/T-REC-E.164/).
+ example: '+15554151337'
type: string
- scopes:
- type: array
- items:
- $ref: '#/components/schemas/TrustedOriginScope'
- status:
+ pattern: ^\+[1-9]\d{1,14}$
+ maxLength: 15
+ UserFactorSecurityQuestion:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorSecurityQuestionProfile'
+ UserFactorSecurityQuestionProfile:
+ type: object
+ properties:
+ answer:
+ description: Answer to the question
+ minLength: 4
+ type: string
+ writeOnly: true
+ question:
+ description: Unique key for the question
+ example: disliked_food
+ enum:
+ - disliked_food
+ - name_of_first_plush_toy
+ - first_award
+ - favorite_security_question
+ - favorite_toy
+ - first_computer_game
+ - favorite_movie_quote
+ - first_sports_team_mascot
+ - first_music_purchase
+ - favorite_art_piece
+ - grandmother_favorite_desert
+ - first_thing_cooked
+ - childhood_dream_job
+ - first_kiss_location
+ - place_where_significant_other_was_met
+ - favorite_vacation_location
+ - new_years_two_thousand
+ - favorite_speaker_actor
+ - favorite_book_movie_character
+ - favorite_sports_player
+ type: string
+ questionText:
+ description: Human-readable text displayed to the user
+ example: What is the food you least liked as a child?
type: string
- _links:
- type: object
- additionalProperties:
- type: object
- properties: {}
readOnly: true
- TrustedOriginScope:
+ UserFactorStatus:
+ description: Status of the Factor
+ type: string
+ x-okta-known-values:
+ - ACTIVE
+ - DISABLED
+ - ENROLLED
+ - EXPIRED
+ - INACTIVE
+ - NOT_SETUP
+ - PENDING_ACTIVATION
+ UserFactorTOTP:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorTOTPProfile'
+ UserFactorTOTPProfile:
type: object
properties:
- allowedOktaApps:
- type: array
- items:
- $ref: '#/components/schemas/IframeEmbedScopeAllowedApps'
- type:
- $ref: '#/components/schemas/TrustedOriginScopeType'
- TrustedOriginScopeType:
+ credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
+ type: string
+ UserFactorToken:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorTokenProfile'
+ UserFactorTokenProfile:
+ type: object
+ properties:
+ credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
+ type: string
+ UserFactorType:
+ description: Type of Factor
type: string
x-okta-known-values:
- - CORS
- - IFRAME_EMBED
- - REDIRECT
- U2fUserFactor:
+ - call
+ - email
+ - push
+ - question
+ - signed_nonce
+ - sms
+ - token
+ - token:hardware
+ - token:hotp
+ - token:software:totp
+ - u2f
+ - web
+ - webauthn
+ UserFactorU2F:
allOf:
- $ref: '#/components/schemas/UserFactor'
- type: object
properties:
profile:
- $ref: '#/components/schemas/U2fUserFactorProfile'
- U2fUserFactorProfile:
+ $ref: '#/components/schemas/UserFactorU2FProfile'
+ UserFactorU2FProfile:
type: object
properties:
credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
type: string
- UpdateDomain:
+ UserFactorVerifyRequest:
type: object
properties:
- brandId:
+ activationToken:
type: string
- UpdateEmailDomain:
- allOf:
- - $ref: '#/components/schemas/BaseEmailDomain'
- UpdateUserRequest:
- type: object
- properties:
- credentials:
- $ref: '#/components/schemas/UserCredentials'
- profile:
- $ref: '#/components/schemas/UserProfile'
- User:
- type: object
- properties:
- activated:
+ answer:
+ description: Answer to the question
+ minLength: 4
type: string
- format: date-time
- readOnly: true
- nullable: true
- created:
+ writeOnly: true
+ attestation:
+ description: Base64-encoded attestation from the WebAuthn JavaScript call
type: string
- format: date-time
- readOnly: true
- credentials:
- $ref: '#/components/schemas/UserCredentials'
- id:
+ clientData:
+ description: Base64-encoded client data from the WebAuthn authenticator
type: string
- readOnly: true
- lastLogin:
+ nextPassCode:
+ description: OTP for the next time window
+ type: integer
+ example: 3956685498
+ passCode:
+ description: OTP for the current time window
type: string
- format: date-time
- readOnly: true
- nullable: true
- lastUpdated:
+ registrationData:
+ description: Base64-encoded registration data from the U2F JavaScript call
type: string
- format: date-time
- readOnly: true
- passwordChanged:
+ stateToken:
+ type: string
+ UserFactorVerifyResponse:
+ type: object
+ properties:
+ expiresAt:
+ description: Timestamp indicating when the verification expires
type: string
format: date-time
readOnly: true
- nullable: true
- profile:
- $ref: '#/components/schemas/UserProfile'
- status:
- $ref: '#/components/schemas/UserStatus'
- statusChanged:
+ factorResult:
+ $ref: '#/components/schemas/UserFactorVerifyResult'
+ factorResultMessage:
+ description: A message for Factor verification
type: string
- format: date-time
readOnly: true
- nullable: true
- transitioningToStatus:
- $ref: '#/components/schemas/UserStatus'
- type:
- $ref: '#/components/schemas/UserType'
_embedded:
type: object
additionalProperties:
@@ -25748,92 +38510,90 @@ components:
properties: {}
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
- UserActivationToken:
- type: object
- properties:
- activationToken:
- type: string
- readOnly: true
- activationUrl:
- type: string
- readOnly: true
- UserBlock:
+ $ref: '#/components/schemas/LinksSelf'
+ UserFactorVerifyResult:
+ description: Result of a Factor verification
+ type: string
+ x-enumDescriptions:
+ CANCELED: User canceled the verification
+ CHALLENGE: Okta issued a verification challenge
+ ERROR: Verification encountered an unexpected server error
+ EXPIRED: User didn't complete the verification within the allowed time window
+ FAILED: Verification failed
+ PASSCODE_REPLAYED: User previously verified the Factor within the same time window. Another verification is required during another time window.
+ REJECTED: User rejected the verification
+ SUCCESS: User completed the verification
+ TIMEOUT: Okta didn't complete the verification within the allowed time window
+ TIME_WINDOW_EXCEEDED: User completed the verification outside of the allowed time window. Another verification is required.
+ WAITING: Verification is in progress
+ x-okta-known-values:
+ - CHALLENGE
+ - ERROR
+ - EXPIRED
+ - FAILED
+ - PASSCODE_REPLAYED
+ - REJECTED
+ - SUCCESS
+ - TIMEOUT
+ - TIME_WINDOW_EXCEEDED
+ - WAITING
+ UserFactorWeb:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorWebProfile'
+ UserFactorWebAuthn:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorWebAuthnProfile'
+ UserFactorWebAuthnProfile:
type: object
properties:
- appliesTo:
+ authenticatorName:
+ description: Human-readable name of the authenticator
+ example: MacBook Touch ID
type: string
- readOnly: true
- type:
+ credentialId:
+ description: ID for the Factor credential
+ example: AHoOEhwvYiMv6SSwLp7KYRNttXtg_kYgQoQiEIWPFH_T3Ztp5Vj3bQ5H0LypIFR8ka8kfiCJ3I5qVpxrsd6JTMWKcE3xNh_U2QVF0Kwlan8Fiw
type: string
- readOnly: true
- UserCondition:
- type: object
- properties:
- exclude:
- type: array
- items:
- type: string
- include:
- type: array
- items:
- type: string
- UserCredentials:
- type: object
- properties:
- password:
- $ref: '#/components/schemas/PasswordCredential'
- provider:
- $ref: '#/components/schemas/AuthenticationProvider'
- recovery_question:
- $ref: '#/components/schemas/RecoveryQuestionCredential'
- UserFactor:
+ UserFactorWebProfile:
type: object
properties:
- created:
- type: string
- format: date-time
- readOnly: true
- factorType:
- $ref: '#/components/schemas/FactorType'
- id:
- type: string
- readOnly: true
- lastUpdated:
+ credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
type: string
- format: date-time
- readOnly: true
- provider:
- $ref: '#/components/schemas/FactorProvider'
- status:
- $ref: '#/components/schemas/FactorStatus'
- verify:
- $ref: '#/components/schemas/VerifyFactorRequest'
- _embedded:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
- _links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
- discriminator: *ref_13
+ UserGetSingleton:
+ allOf:
+ - $ref: '#/components/schemas/User'
+ - type: object
+ properties:
+ _embedded:
+ type: object
+ description: The embedded resources related to the object if the `expand` query parameter is specified
+ properties:
+ blocks:
+ type: array
+ description: A list of access block details for the user account
+ items:
+ $ref: '#/components/schemas/UserBlock'
UserIdentifierConditionEvaluatorPattern:
+ description: Used in the User Identifier Condition object. Specifies the details of the patterns to match against.
type: object
properties:
matchType:
$ref: '#/components/schemas/UserIdentifierMatchType'
value:
type: string
+ description: The regex expression of a simple match string
UserIdentifierMatchType:
+ description: The type of pattern. For regex, use `EXPRESSION`.
type: string
x-okta-known-values:
- CONTAINS
@@ -25875,21 +38635,25 @@ components:
preventBruteForceLockoutFromUnknownDevices:
type: boolean
description: Prevents brute-force lockout from unknown devices for the password authenticator.
+ default: false
UserNextLogin:
type: string
x-okta-known-values:
- changePassword
UserPolicyRuleCondition:
+ description: Specifies a set of Users to be included or excluded
type: object
properties:
exclude:
type: array
+ description: Users to be excluded
items:
type: string
inactivity:
$ref: '#/components/schemas/InactivityPolicyRuleCondition'
include:
type: array
+ description: Users to be included
items:
type: string
lifecycleExpiration:
@@ -25900,100 +38664,170 @@ components:
$ref: '#/components/schemas/UserLifecycleAttributePolicyRuleCondition'
UserProfile:
additionalProperties: true
+ description: |-
+ Specifies the default and custom profile properties for a user.
+
+ The default user profile is based on the [System for Cross-domain Identity Management: Core Schema](https://datatracker.ietf.org/doc/html/rfc7643).
+ The only permitted customizations of the default profile are to update permissions, change whether the `firstName` and `lastName` properties are nullable, and
+ specify a [pattern](https://developer.okta.com/docs/reference/api/schemas/#login-pattern-validation) for `login`. You can use the Profile Editor in the administrator UI
+ or the [Schemas API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UISchema/#tag/UISchema) to make schema modifications.
+
+ You can extend user profiles with custom properties. You must first add the custom property to the user profile schema before you reference it.
+ You can use the Profile Editor in the Admin console or the [Schemas API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UISchema/#tag/UISchema) to manage schema extensions.
+
+ Custom attributes may contain HTML tags. It's the client's responsibility to escape or encode this data before displaying it. Use [best-practices](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html) to prevent cross-site scripting.
type: object
properties:
city:
type: string
+ description: The city or locality of the user's address (`locality`)
maxLength: 128
nullable: true
costCenter:
type: string
+ description: Name of the cost center assigned to a user
+ nullable: true
countryCode:
+ description: The country name component of the user's address (`country`)
type: string
maxLength: 2
nullable: true
department:
type: string
+ description: Name of the user's department
displayName:
type: string
+ description: Name of the user suitable for display to end users
+ nullable: true
division:
type: string
+ description: Name of the user's division
+ nullable: true
email:
type: string
+ description: The primary email address of the user. For validation, see [RFC 5322 Section 3.2.3](https://datatracker.ietf.org/doc/html/rfc5322#section-3.2.3).
format: email
minLength: 5
maxLength: 100
employeeNumber:
+ description: The organization or company assigned unique identifier for the user
type: string
firstName:
type: string
+ description: Given name of the user (`givenName`)
minLength: 1
maxLength: 50
nullable: true
honorificPrefix:
type: string
+ description: Honorific prefix(es) of the user, or title in most Western languages
+ nullable: true
honorificSuffix:
type: string
+ description: Honorific suffix(es) of the user
+ nullable: true
lastName:
type: string
+ description: The family name of the user (`familyName`)
minLength: 1
maxLength: 50
nullable: true
locale:
- $ref: '#/components/schemas/Language'
+ type: string
+ description: |-
+ The user's default location for purposes of localizing items such as currency, date time format, numerical representations, and so on.
+ A locale value is a concatenation of the ISO 639-1 two-letter language code, an underscore, and the ISO 3166-1 two-letter country code. For example, en_US specifies the language English and country US. This value is `en_US` by default.
login:
type: string
+ description: The unique identifier for the user (`username`). For validation, see [Login pattern validation](https://developer.okta.com/docs/reference/api/schemas/#login-pattern-validation). See also [Okta login](https://developer.okta.com/docs/reference/api/users/#okta-login).
maxLength: 100
+ minLength: 5
manager:
type: string
+ description: The `displayName` of the user's manager
+ nullable: true
managerId:
type: string
+ description: The `id` of the user's manager
+ nullable: true
middleName:
type: string
+ description: The middle name of the user
+ nullable: true
mobilePhone:
type: string
+ description: The mobile phone number of the user
maxLength: 100
+ minLength: 0
nullable: true
nickName:
type: string
+ description: The casual way to address the user in real life
+ nullable: true
organization:
type: string
+ description: Name of the the user's organization
+ nullable: true
postalAddress:
type: string
+ description: Mailing address component of the user's address
maxLength: 4096
nullable: true
preferredLanguage:
type: string
+ description: The user's preferred written or spoken language
+ nullable: true
primaryPhone:
type: string
+ description: The primary phone number of the user such as a home number
maxLength: 100
+ minLength: 0
nullable: true
profileUrl:
type: string
+ description: The URL of the user's online profile. For example, a web page. See [URL](https://datatracker.ietf.org/doc/html/rfc1808).
+ nullable: true
secondEmail:
type: string
format: email
+ description: The secondary email address of the user typically used for account recovery
minLength: 5
maxLength: 100
nullable: true
state:
type: string
+ description: The state or region component of the user's address (`region`)
maxLength: 128
nullable: true
streetAddress:
type: string
+ description: The full street address component of the user's address
maxLength: 1024
nullable: true
timezone:
type: string
+ description: The user's time zone
+ nullable: true
title:
type: string
+ description: The user's title, such as Vice President
+ nullable: true
userType:
type: string
+ description: The property used to describe the organization-to-user relationship, such as employee or contractor
+ nullable: true
zipCode:
type: string
+ description: The ZIP code or postal code component of the user's address (`postalCode`)
maxLength: 50
nullable: true
+ UserProvisioningApplicationFeature:
+ allOf:
+ - $ref: '#/components/schemas/ApplicationFeature'
+ - type: object
+ - properties:
+ capabilities:
+ $ref: '#/components/schemas/CapabilitiesObject'
UserSchema:
type: object
properties:
@@ -26022,11 +38856,7 @@ components:
type: string
readOnly: true
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/LinksSelf'
UserSchemaAttribute:
type: object
properties:
@@ -26258,7 +39088,9 @@ components:
type:
type: string
UserStatus:
+ description: The current status of the user
type: string
+ readOnly: true
x-okta-known-values:
- ACTIVE
- DEPROVISIONED
@@ -26279,34 +39111,45 @@ components:
created:
type: string
format: date-time
+ description: A timestamp from when the User Type was created
readOnly: true
createdBy:
type: string
+ description: The user ID of the account that created the User Type
readOnly: true
default:
type: boolean
+ description: A boolean value to indicate if this is the default User Type
readOnly: true
description:
type: string
+ description: The human-readable description of the User Type
displayName:
type: string
+ description: The human-readable name of the User Type
id:
type: string
+ description: The unique key for the User Type
+ readOnly: true
lastUpdated:
type: string
format: date-time
+ description: A timestamp from when the User Type was most recently updated
readOnly: true
lastUpdatedBy:
type: string
+ description: The user ID of the most recent account to edit the User Type
readOnly: true
name:
type: string
+ description: |-
+ The name of the User Type. The name must start with A-Z or a-z and contain only A-Z, a-z, 0-9, or underscore (_) characters.
+ This value becomes read-only after creation and can't be updated.
_links:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
+ $ref: '#/components/schemas/UserTypeLinks'
+ required:
+ - name
+ - displayName
UserTypeCondition:
properties:
exclude:
@@ -26317,9 +39160,45 @@ components:
items:
type: string
type: array
+ UserTypeLinks:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ schema:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: The associated schema
+ UserTypePostRequest:
+ type: object
+ properties:
+ description:
+ type: string
+ description: The updated human-readable description of the User Type
+ displayName:
+ type: string
+ description: The updated human-readable display name for the User Type
+ UserTypePutRequest:
+ type: object
+ properties:
+ description:
+ type: string
+ description: The human-readable description of the User Type
+ displayName:
+ type: string
+ description: The human-readable name of the User Type
+ name:
+ type: string
+ description: The name of the existing type
+ required:
+ - name
+ - displayName
+ - description
UserVerificationEnum:
+ description: User verification setting
type: string
x-okta-known-values:
+ - DISCOURAGED
- PREFERRED
- REQUIRED
VerificationMethod:
@@ -26335,96 +39214,108 @@ components:
type: string
type:
type: string
- VerifyFactorRequest:
+ Version:
+ description: The version specified as a [Semantic Version](https://semver.org/).
+ type: string
+ pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
+ WebAuthnAttachment:
+ type: string
+ x-okta-known-values:
+ - ANY
+ - BUILT_IN
+ - ROAMING
+ WebAuthnCredRequest:
+ description: Credential request object for the initialized credential, along with the enrollment and key identifiers to associate with the credential
type: object
properties:
- activationToken:
- type: string
- answer:
- type: string
- attestation:
- type: string
- clientData:
+ authenticatorEnrollmentId:
+ description: ID for a WebAuthn Preregistration Factor in Okta
type: string
- nextPassCode:
+ credRequestJwe:
+ description: Encrypted JWE of credential request for the fulfillment provider
type: string
- passCode:
+ keyId:
+ description: ID for the Okta response key-pair used to encrypt and decrypt credential requests and responses
type: string
- registrationData:
+ WebAuthnCredResponse:
+ description: Credential response object for enrolled credential details, along with enrollment and key identifiers to associate the credential
+ type: object
+ properties:
+ authenticatorEnrollmentId:
+ description: ID for a WebAuthn Preregistration Factor in Okta
type: string
- stateToken:
+ credResponseJWE:
+ description: Encrypted JWE of credential response from the fulfillment provider
type: string
- VerifyUserFactorResponse:
+ WebAuthnPreregistrationFactor:
+ description: User Factor variant used for WebAuthn Preregistration Factors
type: object
properties:
- expiresAt:
+ created:
+ description: Timestamp indicating when the Factor was enrolled
type: string
format: date-time
readOnly: true
- factorResult:
- $ref: '#/components/schemas/VerifyUserFactorResult'
- factorResultMessage:
+ factorType:
+ $ref: '#/components/schemas/UserFactorType'
+ id:
+ description: ID of the Factor
type: string
- _embedded:
- type: object
- additionalProperties:
- type: object
- properties: {}
readOnly: true
- _links:
+ lastUpdated:
+ description: Timestamp indicating when the Factor was last updated
+ type: string
+ format: date-time
+ readOnly: true
+ profile:
type: object
- additionalProperties:
- type: object
- properties: {}
+ description: Specific attributes related to the Factor
+ provider:
+ $ref: '#/components/schemas/UserFactorProvider'
+ status:
+ $ref: '#/components/schemas/UserFactorStatus'
+ vendorName:
+ description: Name of the Factor vendor. This is usually the same as the provider.
+ type: string
+ example: OKTA
readOnly: true
- VerifyUserFactorResult:
- type: string
- x-okta-known-values:
- - CHALLENGE
- - ERROR
- - EXPIRED
- - FAILED
- - PASSCODE_REPLAYED
- - REJECTED
- - SUCCESS
- - TIMEOUT
- - TIME_WINDOW_EXCEEDED
- - WAITING
- Version:
- description: The version specified as a [Semantic Version](https://semver.org/).
- type: string
- pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
- VersionObject:
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ WellKnownAppAuthenticatorConfiguration:
type: object
properties:
- minimum:
+ appAuthenticatorEnrollEndpoint:
type: string
- WebAuthnUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/WebAuthnUserFactorProfile'
- WebAuthnUserFactorProfile:
- type: object
- properties:
- authenticatorName:
+ authenticatorId:
type: string
- credentialId:
+ description: The unique identifier of the app authenticator
+ createdDate:
type: string
- WebUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
+ format: date-time
+ key:
+ type: string
+ lastUpdated:
+ type: string
+ format: date-time
+ name:
+ type: string
+ description: The authenticator display name
+ orgId:
+ type: string
+ settings:
+ type: object
properties:
- profile:
- $ref: '#/components/schemas/WebUserFactorProfile'
- WebUserFactorProfile:
- type: object
- properties:
- credentialId:
+ userVerification:
+ type: string
+ $ref: '#/components/schemas/UserVerificationEnum'
+ supportedMethods:
+ type: array
+ items:
+ $ref: '#/components/schemas/SupportedMethods'
+ type:
type: string
+ enum:
+ - app
WellKnownOrgMetadata:
type: object
properties:
@@ -26452,6 +39343,11 @@ components:
omEnabled:
type: boolean
description: Whether the legacy Okta Mobile application is enabled for the org
+ WidgetGeneration:
+ type: string
+ x-okta-known-values:
+ - G2
+ - G3
WsFederationApplication:
x-okta-defined-as:
name: template_wsfed
@@ -26463,6 +39359,7 @@ components:
$ref: '#/components/schemas/ApplicationCredentials'
name:
type: string
+ description: Unique key for the app definition
default: template_wsfed
settings:
$ref: '#/components/schemas/WsFederationApplicationSettings'
@@ -26500,69 +39397,186 @@ components:
type: boolean
wReplyURL:
type: string
- responses:
- ErrorApiValidationFailed400:
- description: Bad Request
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Error'
- examples:
- API Validation Failed:
- $ref: '#/components/examples/ErrorApiValidationFailed'
- ErrorAccessDenied403:
- description: Forbidden
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Error'
- examples:
- Access Denied:
- $ref: '#/components/examples/ErrorAccessDenied'
- ErrorResourceNotFound404:
- description: Not Found
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Error'
- examples:
- Resource Not Found:
- $ref: '#/components/examples/ErrorResourceNotFound'
- ErrorTooManyRequests429:
- description: Too Many Requests
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Error'
- examples:
- Resource Not Found:
- $ref: '#/components/examples/ErrorTooManyRequests'
- AuthenticatorResponse:
- description: OK
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Authenticator'
- examples:
- Duo:
- $ref: '#/components/examples/AuthenticatorResponseDuo'
- Email:
- $ref: '#/components/examples/AuthenticatorResponseEmail'
- Password:
- $ref: '#/components/examples/AuthenticatorResponsePassword'
- Phone:
- $ref: '#/components/examples/AuthenticatorResponsePhone'
- WebAuthn:
- $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
- Security Question:
- $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
- requestBodies:
- AuthenticatorRequestBody:
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Authenticator'
- examples:
- Duo:
- $ref: '#/components/examples/AuthenticatorRequestDuo'
- required: true
+ ZoomUsApplicationSettings:
+ allOf:
+ - $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
+ - type: object
+ - required:
+ - app
+ properties:
+ app:
+ $ref: '#/components/schemas/ZoomUsApplicationSettingsApplication'
+ ZoomUsApplicationSettingsApplication:
+ description: Zoom app instance properties
+ type: object
+ properties:
+ subDomain:
+ type: string
+ description: Your Zoom subdomain
+ required:
+ - subDomain
+ ZscalerbyzApplicationSettings:
+ allOf:
+ - $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
+ - type: object
+ - required:
+ - app
+ properties:
+ app:
+ $ref: '#/components/schemas/ZscalerbyzApplicationSettingsApplication'
+ ZscalerbyzApplicationSettingsApplication:
+ description: Zscaler app instance properties
+ type: object
+ properties:
+ siteDomain:
+ type: string
+ description: Your Zscaler domain
+ createdProperty:
+ description: Timestamp when the object was created
+ format: date-time
+ type: string
+ readOnly: true
+ enabledPagesType:
+ title: enabledPages
+ type: string
+ x-enumDescriptions:
+ SIGN_IN: User sign-in page
+ SSPR: Self-service Password Recovery page
+ SSR: Self-service Registration page
+ x-okta-known-values:
+ - SIGN_IN
+ - SSPR
+ - SSR
+ lastUpdatedProperty:
+ format: date-time
+ description: Timestamp when the object was last updated
+ type: string
+ readOnly: true
+ postAPIServiceIntegrationInstance:
+ allOf:
+ - $ref: '#/components/schemas/APIServiceIntegrationInstance'
+ - type: object
+ properties:
+ clientSecret:
+ type: string
+ description: The client secret for the API Service Integration instance. This property is only returned in a POST response.
+ readOnly: true
+ postAPIServiceIntegrationInstanceRequest:
+ type: object
+ properties:
+ grantedScopes:
+ type: array
+ description: The list of Okta management scopes granted to the API Service Integration instance. See [Okta management OAuth 2.0 scopes](/oauth2/#okta-admin-management).
+ items:
+ type: string
+ example:
+ - okta.logs.read
+ type:
+ type: string
+ description: The type of the API service integration. This string is an underscore-concatenated, lowercased API service integration name. For example, `my_api_log_integration`.
+ example: my_app_cie
+ required:
+ - type
+ - grantedScopes
+ securitySchemes:
+ apiToken:
+ description: 'Pass the API token as the Authorization header value prefixed with SSWS: `Authorization: SSWS {API Token}`'
+ name: Authorization
+ type: apiKey
+ in: header
+ oauth2:
+ type: oauth2
+ description: 'Pass the access_token as the value of the Authorization header: `Authorization: Bearer {access_token}`'
+ flows:
+ authorizationCode:
+ authorizationUrl: /oauth2/v1/authorize
+ tokenUrl: /oauth2/v1/token
+ scopes:
+ okta.agentPools.manage: Allows the app to create and manage agent pools in your Okta organization.
+ okta.agentPools.read: Allows the app to read agent pools in your Okta organization.
+ okta.apiTokens.manage: Allows the app to manage API Tokens in your Okta organization.
+ okta.apiTokens.read: Allows the app to read API Tokens in your Okta organization.
+ okta.appGrants.manage: Allows the app to create and manage grants in your Okta organization.
+ okta.appGrants.read: Allows the app to read grants in your Okta organization.
+ okta.apps.manage: Allows the app to create and manage Apps in your Okta organization.
+ okta.apps.read: Allows the app to read information about Apps in your Okta organization.
+ okta.authenticators.manage: Allows the app to manage all authenticators (e.g. enrollments, reset).
+ okta.authenticators.read: Allows the app to read org authenticators information.
+ okta.authorizationServers.manage: Allows the app to create and manage Authorization Servers in your Okta organization.
+ okta.authorizationServers.read: Allows the app to read information about Authorization Servers in your Okta organization.
+ okta.behaviors.manage: Allows the app to create and manage behavior detection rules in your Okta organization.
+ okta.behaviors.read: Allows the app to read behavior detection rules in your Okta organization.
+ okta.brands.manage: Allows the app to create and manage Brands and Themes in your Okta organization.
+ okta.brands.read: Allows the app to read information about Brands and Themes in your Okta organization.
+ okta.captchas.manage: Allows the app to create and manage CAPTCHAs in your Okta organization.
+ okta.captchas.read: Allows the app to read information about CAPTCHAs in your Okta organization.
+ okta.deviceAssurance.manage: Allows the app to manage device assurances.
+ okta.deviceAssurance.read: Allows the app to read device assurances.
+ okta.devices.manage: Allows the app to manage device status transitions and delete a device.
+ okta.devices.read: Allows the app to read the existing device's profile and search devices.
+ okta.domains.manage: Allows the app to manage custom Domains for your Okta organization.
+ okta.domains.read: Allows the app to read information about custom Domains for your Okta organization.
+ okta.emailDomains.manage: Allows the app to manage Email Domains for your Okta organization.
+ okta.emailDomains.read: Allows the app to read information about Email Domains for your Okta organization.
+ okta.emailServers.manage: Allows the app to manage Email Servers for your Okta organization.
+ okta.emailServers.read: Allows the app to read information about Email Servers for your Okta organization.
+ okta.eventHooks.manage: Allows the app to create and manage Event Hooks in your Okta organization.
+ okta.eventHooks.read: Allows the app to read information about Event Hooks in your Okta organization.
+ okta.features.manage: Allows the app to create and manage Features in your Okta organization.
+ okta.features.read: Allows the app to read information about Features in your Okta organization.
+ okta.groups.manage: Allows the app to manage existing groups in your Okta organization.
+ okta.groups.read: Allows the app to read information about groups and their members in your Okta organization.
+ okta.identitySources.manage: Allows the custom identity sources to manage user entities in your Okta organization
+ okta.identitySources.read: Allows to read session information for custom identity sources in your Okta organization
+ okta.idps.manage: Allows the app to create and manage Identity Providers in your Okta organization.
+ okta.idps.read: Allows the app to read information about Identity Providers in your Okta organization.
+ okta.inlineHooks.manage: Allows the app to create and manage Inline Hooks in your Okta organization.
+ okta.inlineHooks.read: Allows the app to read information about Inline Hooks in your Okta organization.
+ okta.linkedObjects.manage: Allows the app to manage linked object definitions in your Okta organization.
+ okta.linkedObjects.read: Allows the app to read linked object definitions in your Okta organization.
+ okta.logStreams.manage: Allows the app to create and manage log streams in your Okta organization.
+ okta.logStreams.read: Allows the app to read information about log streams in your Okta organization.
+ okta.logs.read: Allows the app to read information about System Log entries in your Okta organization.
+ okta.manifests.manage: Allows the app to manage OIN submissions in your Okta organization.
+ okta.manifests.read: Allows the app to read OIN submissions in your Okta organization.
+ okta.networkZones.manage: Allows the app to create and manage Network Zones in your Okta organization.
+ okta.networkZones.read: Allows the app to read Network Zones in your Okta organization.
+ okta.oauthIntegrations.manage: Allows the app to create and manage API service Integration instances in your Okta organization.
+ okta.oauthIntegrations.read: Allows the app to read API service Integration instances in your Okta organization.
+ okta.orgs.manage: Allows the app to manage organization-specific details for your Okta organization.
+ okta.orgs.read: Allows the app to read organization-specific details about your Okta organization.
+ okta.policies.manage: Allows the app to manage policies in your Okta organization.
+ okta.policies.read: Allows the app to read information about policies in your Okta organization.
+ okta.principalRateLimits.manage: Allows the app to create and manage Principal Rate Limits in your Okta organization.
+ okta.principalRateLimits.read: Allows the app to read information about Principal Rate Limits in your Okta organization.
+ okta.profileMappings.manage: Allows the app to manage user profile mappings in your Okta organization.
+ okta.profileMappings.read: Allows the app to read user profile mappings in your Okta organization.
+ okta.pushProviders.manage: Allows the app to create and manage push notification providers such as APNs and FCM.
+ okta.pushProviders.read: Allows the app to read push notification providers such as APNs and FCM.
+ okta.rateLimits.manage: Allows the app to create and manage rate limits in your Okta organization.
+ okta.rateLimits.read: Allows the app to read information about rate limits in your Okta organization.
+ okta.realms.manage: Allows the app to create new realms and to manage their details.
+ okta.realms.read: Allows the app to read the existing realms and their details.
+ okta.resourceSelectors.manage: Allows the app to manage resource selectors in your Okta org.
+ okta.resourceSelectors.read: Allows the app to read resource selectors in your Okta org.
+ okta.riskEvents.manage: Allows the app to publish risk events to your Okta organization.
+ okta.riskProviders.manage: Allows the app to create and manage risk provider integrations in your Okta organization.
+ okta.riskProviders.read: Allows the app to read all risk provider integrations in your Okta organization.
+ okta.roles.manage: Allows the app to manage administrative role assignments for users in your Okta organization.
+ okta.roles.read: Allows the app to read administrative role assignments for users in your Okta organization.
+ okta.schemas.manage: Allows the app to create and manage Schemas in your Okta organization.
+ okta.schemas.read: Allows the app to read information about Schemas in your Okta organization.
+ okta.sessions.manage: Allows the app to manage all sessions in your Okta organization.
+ okta.sessions.read: Allows the app to read all sessions in your Okta organization.
+ okta.templates.manage: Allows the app to manage all custom templates in your Okta organization.
+ okta.templates.read: Allows the app to read all custom templates in your Okta organization.
+ okta.threatInsights.manage: Allows the app to manage all ThreatInsight configurations in your Okta organization.
+ okta.threatInsights.read: Allows the app to read all ThreatInsight configurations in your Okta organization.
+ okta.trustedOrigins.manage: Allows the app to manage all Trusted Origins in your Okta organization.
+ okta.trustedOrigins.read: Allows the app to read all Trusted Origins in your Okta organization.
+ okta.uischemas.manage: Allows the app to manage all the UI Schemas in your Okta organization.
+ okta.uischemas.read: Allows the app to read all the UI Schemas in your Okta organization.
+ okta.userTypes.manage: Allows the app to manage user types in your Okta organization.
+ okta.userTypes.read: Allows the app to read user types in your Okta organization.
+ okta.users.manage: Allows the app to create new users and to manage all users' profile and credentials information.
+ okta.users.read: Allows the app to read the existing users' profiles and credentials.
\ No newline at end of file
diff --git a/.generator/templates/api_application_test.go b/.generator/templates/api_application_test.go
index 605d8ea3..f83e2456 100644
--- a/.generator/templates/api_application_test.go
+++ b/.generator/templates/api_application_test.go
@@ -106,7 +106,7 @@ func Test_Activate_Application(t *testing.T) {
app, _, err := apiClient.ApplicationAPI.GetApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
require.NoError(t, err, "Could not get app by ID")
assert.Equal(t, createdApp.BasicAuthApplication.GetId(), app.BasicAuthApplication.GetId())
- assert.Equal(t, APPLICATIONLIFECYCLESTATUS_INACTIVE, app.BasicAuthApplication.GetStatus())
+ assert.Equal(t, "INACTIVE", app.BasicAuthApplication.GetStatus())
})
t.Run("activate applications", func(t *testing.T) {
_, err = apiClient.ApplicationAPI.ActivateApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
@@ -114,7 +114,7 @@ func Test_Activate_Application(t *testing.T) {
newapp, _, err := apiClient.ApplicationAPI.GetApplication(apiClient.cfg.Context, createdApp.BasicAuthApplication.GetId()).Execute()
require.NoError(t, err, "Could not get app by ID")
assert.Equal(t, createdApp.BasicAuthApplication.GetId(), newapp.BasicAuthApplication.GetId())
- assert.Equal(t, APPLICATIONLIFECYCLESTATUS_ACTIVE, newapp.BasicAuthApplication.GetStatus())
+ assert.Equal(t, "ACTIVE", newapp.BasicAuthApplication.GetStatus())
})
err = cleanUpApplication(createdApp.BasicAuthApplication.GetId())
require.NoError(t, err, "Clean up app should not error")
@@ -279,17 +279,18 @@ func TestGetDefaultProvisioningConnectionForApplication(t *testing.T) {
t.Run("get provisioning", func(t *testing.T) {
conn, _, err := apiClient.ApplicationConnectionsAPI.GetDefaultProvisioningConnectionForApplication(apiClient.cfg.Context, createdApp.SamlApplication.GetId()).Execute()
require.NoError(t, err, "getting default provisioning connection for application should not error.")
- assert.NotEmpty(t, conn.GetAuthScheme())
- assert.NotEmpty(t, conn.GetStatus())
+ assert.NotEmpty(t, conn.ProvisioningConnectionToken.GetAuthScheme())
+ assert.NotEmpty(t, conn.ProvisioningConnectionToken.GetStatus())
})
t.Run("set provisioning", func(t *testing.T) {
- profile := ProvisioningConnectionProfile{}
+ profile := ProvisioningConnectionProfileToken{}
profile.SetAuthScheme("TOKEN")
profile.SetToken("TEST")
- payload := ProvisioningConnectionRequest{Profile: profile}
- conn, _, err := apiClient.ApplicationConnectionsAPI.UpdateDefaultProvisioningConnectionForApplication(apiClient.cfg.Context, createdApp.SamlApplication.GetId()).ProvisioningConnectionRequest(payload).Activate(false).Execute()
+ request := NewProvisioningConnectionTokenRequest(profile)
+ payload := UpdateDefaultProvisioningConnectionForApplicationRequest{ProvisioningConnectionTokenRequest: request}
+ conn, _, err := apiClient.ApplicationConnectionsAPI.UpdateDefaultProvisioningConnectionForApplication(apiClient.cfg.Context, createdApp.SamlApplication.GetId()).UpdateDefaultProvisioningConnectionForApplicationRequest(payload).Activate(false).Execute()
require.NoError(t, err, "setting default provisioning connection for application should not error.")
- assert.Equal(t, PROVISIONINGCONNECTIONAUTHSCHEME_TOKEN, conn.GetAuthScheme())
+ assert.Equal(t, "TOKEN", conn.GetAuthScheme())
})
err = cleanUpApplication(createdApp.SamlApplication.GetId())
require.NoError(t, err, "Clean up app should not error")
diff --git a/.generator/templates/api_idp_test.go b/.generator/templates/api_idp_test.go
index 66d890b3..4e255cf0 100644
--- a/.generator/templates/api_idp_test.go
+++ b/.generator/templates/api_idp_test.go
@@ -50,16 +50,16 @@ func Test_Get_Identity_Provider(t *testing.T) {
func Test_Activate_Identity_Provider(t *testing.T) {
createdIdp, _, err := setupIdp(randomTestString())
require.NoError(t, err, "Creating a new idp should not error")
- assert.Equal(t, LIFECYCLESTATUS_ACTIVE, createdIdp.GetStatus())
+ assert.Equal(t, "ACTIVE", createdIdp.GetStatus())
t.Run("deactivate idp", func(t *testing.T) {
didp, _, err := apiClient.IdentityProviderAPI.DeactivateIdentityProvider(apiClient.cfg.Context, createdIdp.GetId()).Execute()
require.NoError(t, err, "Could not deactivate idp")
- assert.Equal(t, LIFECYCLESTATUS_INACTIVE, didp.GetStatus())
+ assert.Equal(t, "INACTIVE", didp.GetStatus())
})
t.Run("activate idp", func(t *testing.T) {
aidp, _, err := apiClient.IdentityProviderAPI.ActivateIdentityProvider(apiClient.cfg.Context, createdIdp.GetId()).Execute()
require.NoError(t, err, "Could not activate idp")
- assert.Equal(t, LIFECYCLESTATUS_ACTIVE, aidp.GetStatus())
+ assert.Equal(t, "ACTIVE", aidp.GetStatus())
})
err = cleanUpIdp(createdIdp.GetId())
require.NoError(t, err, "Clean up idp should not error")
diff --git a/.generator/templates/api_policy_test.go b/.generator/templates/api_policy_test.go
index de872b72..09188a28 100644
--- a/.generator/templates/api_policy_test.go
+++ b/.generator/templates/api_policy_test.go
@@ -98,7 +98,7 @@ func Test_Activate_Policy(t *testing.T) {
policy, _, err := apiClient.PolicyAPI.GetPolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
require.NoError(t, err, "Could not get policy by ID")
assert.Equal(t, createdPolicy.AccessPolicy.GetId(), policy.AccessPolicy.GetId())
- assert.Equal(t, LIFECYCLESTATUS_INACTIVE, policy.AccessPolicy.GetStatus())
+ assert.Equal(t, "INACTIVE", policy.AccessPolicy.GetStatus())
})
t.Run("activate policy", func(t *testing.T) {
_, err = apiClient.PolicyAPI.ActivatePolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
@@ -106,7 +106,7 @@ func Test_Activate_Policy(t *testing.T) {
policy, _, err := apiClient.PolicyAPI.GetPolicy(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId()).Execute()
require.NoError(t, err, "Could not get policy by ID")
assert.Equal(t, createdPolicy.AccessPolicy.GetId(), policy.AccessPolicy.GetId())
- assert.Equal(t, LIFECYCLESTATUS_ACTIVE, policy.AccessPolicy.GetStatus())
+ assert.Equal(t, "ACTIVE", policy.AccessPolicy.GetStatus())
})
err = cleanUpPolicy(createdPolicy.AccessPolicy.GetId())
require.NoError(t, err, "Clean up policy should not error")
@@ -115,6 +115,7 @@ func Test_Activate_Policy(t *testing.T) {
// ACCESS/AUTHENTICATION POLICY ONLY
// TODO Used to work, now fail with 401
func Test_Clone_Policy(t *testing.T) {
+ t.Skip("Will failed due to change in API authz")
createdPolicy, _, err := setupAccessPolicy(randomTestString())
require.NoError(t, err, "Creating a new policy should not error")
var policyID string
@@ -141,7 +142,7 @@ func Test_Policy_Rules_Operation(t *testing.T) {
configuration.Debug = true
proxyClient := NewAPIClient(configuration)
accessPolicyRule := &AccessPolicyRule{}
- accessPolicyRule.SetType(POLICYRULETYPE_ACCESS_POLICY)
+ accessPolicyRule.SetType("ACCESS_POLICY")
name := randomTestString()
accessPolicyRule.SetName(name)
payload := ListPolicyRules200ResponseInner{AccessPolicyRule: accessPolicyRule}
@@ -176,7 +177,7 @@ func Test_Policy_Rules_Operation(t *testing.T) {
require.NoError(t, err, "Could not deactivate policy rule")
rpolicyRule, _, err := apiClient.PolicyAPI.GetPolicyRule(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId(), createdPolicyRule.AccessPolicyRule.GetId()).Execute()
require.NoError(t, err, "Could not get policy rule by ID")
- assert.Equal(t, LIFECYCLESTATUS_INACTIVE, rpolicyRule.AccessPolicyRule.GetStatus())
+ assert.Equal(t, "INACTIVE", rpolicyRule.AccessPolicyRule.GetStatus())
})
t.Run("activate policy rule", func(t *testing.T) {
@@ -184,7 +185,7 @@ func Test_Policy_Rules_Operation(t *testing.T) {
require.NoError(t, err, "Could not activate policy rule")
rpolicyRule, _, err := apiClient.PolicyAPI.GetPolicyRule(apiClient.cfg.Context, createdPolicy.AccessPolicy.GetId(), createdPolicyRule.AccessPolicyRule.GetId()).Execute()
require.NoError(t, err, "Could not get policy rule by ID")
- assert.Equal(t, LIFECYCLESTATUS_ACTIVE, rpolicyRule.AccessPolicyRule.GetStatus())
+ assert.Equal(t, "ACTIVE", rpolicyRule.AccessPolicyRule.GetStatus())
})
err = cleanUpPolicyRule(createdPolicy.AccessPolicy.GetId(), createdPolicyRule.AccessPolicyRule.GetId())
require.NoError(t, err, "Clean up policy rule should not error")
diff --git a/.generator/templates/api_user_schema_test.go b/.generator/templates/api_user_schema_test.go
index ef76bc38..48903cfb 100644
--- a/.generator/templates/api_user_schema_test.go
+++ b/.generator/templates/api_user_schema_test.go
@@ -14,7 +14,7 @@ func Test_Get_User_Schema(t *testing.T) {
assert.NotEmpty(t, schema, "User schema is empty")
assert.Equal(t, "Username", schema.Definitions.Base.Properties.Login.GetTitle())
assert.Equal(t, "READ_WRITE", schema.Definitions.Base.Properties.Login.GetMutability())
- assert.Equal(t, USERSCHEMAATTRIBUTESCOPE_NONE, schema.Definitions.Base.Properties.Login.GetScope())
+ assert.Equal(t, "NONE", schema.Definitions.Base.Properties.Login.GetScope())
assert.Equal(t, int32(5), schema.Definitions.Base.Properties.Login.GetMinLength())
assert.Equal(t, int32(100), schema.Definitions.Base.Properties.Login.GetMaxLength())
assert.NotEmpty(t, schema.Definitions.Base.Properties.Login.GetPermissions())
@@ -31,7 +31,7 @@ func Test_Update_Property_To_User_Schema(t *testing.T) {
customAttributeName := testPrefix + randomTestString()
customAttributeDetail := UserSchemaAttribute{}
customAttributeDetail.SetTitle(customAttributeName)
- customAttributeDetail.SetType(USERSCHEMAATTRIBUTETYPE_STRING)
+ customAttributeDetail.SetType("string")
customAttributeDetail.SetMinLength(1)
customAttributeDetail.SetMaxLength(20)
customAttribute := make(map[string]UserSchemaAttribute)
diff --git a/.generator/templates/api_user_test.go b/.generator/templates/api_user_test.go
index 24f4851c..406f80bd 100644
--- a/.generator/templates/api_user_test.go
+++ b/.generator/templates/api_user_test.go
@@ -80,7 +80,7 @@ func Test_Update_User_Profile(t *testing.T) {
nickName := "Batman"
t.Run("update user", func(t *testing.T) {
newProfile := user.Profile
- newProfile.NickName = &nickName
+ newProfile.NickName = NullableString{value: &nickName, isSet: true}
req := apiClient.UserAPI.UpdateUser(apiClient.cfg.Context, user.GetId())
body := UpdateUserRequest{Profile: newProfile}
req = req.User(body)
@@ -90,7 +90,7 @@ func Test_Update_User_Profile(t *testing.T) {
t.Run("get user", func(t *testing.T) {
updatedUser, _, err := apiClient.UserAPI.GetUser(apiClient.cfg.Context, user.GetId()).Execute()
require.NoError(t, err, "Could not get user by ID")
- assert.Equal(t, nickName, *updatedUser.Profile.NickName)
+ assert.Equal(t, nickName, updatedUser.Profile.GetNickName())
})
err = cleanUpUser(user.GetId())
require.NoError(t, err, "Clean up user should not error")
@@ -224,7 +224,7 @@ func Test_Assign_User_To_A_Role(t *testing.T) {
user, _, _, err := setupUser(true)
require.NoError(t, err, "Creating a new user should not error")
var roleId string
- role := ROLETYPE_USER_ADMIN
+ role := "USER_ADMIN"
t.Run("add role to user", func(t *testing.T) {
req := apiClient.RoleAssignmentAPI.AssignRoleToUser(apiClient.cfg.Context, user.GetId())
payload := AssignRoleRequest{
@@ -348,9 +348,9 @@ func Test_List_User_Subscriptions(t *testing.T) {
assert.True(t, len(subscriptions) > 0, "User should have subscriptions")
})
t.Run("get user subscription by notification type", func(t *testing.T) {
- subscription, _, err := apiClient.SubscriptionAPI.GetSubscriptionsNotificationTypeUser(apiClient.cfg.Context, NOTIFICATIONTYPE_OKTA_ANNOUNCEMENT, user.GetId()).Execute()
+ subscription, _, err := apiClient.SubscriptionAPI.GetSubscriptionsNotificationTypeUser(apiClient.cfg.Context, "OKTA_ANNOUNCEMENT", user.GetId()).Execute()
require.NoError(t, err, "Should not error getting user subscription by notification types")
- assert.Equal(t, subscription.GetNotificationType(), NOTIFICATIONTYPE_OKTA_ANNOUNCEMENT, "User should have subscription notification type %q, got %q", NOTIFICATIONTYPE_OKTA_ANNOUNCEMENT, subscription.NotificationType)
+ assert.Equal(t, subscription.GetNotificationType(), "OKTA_ANNOUNCEMENT", "User should have subscription notification type %q, got %q", "OKTA_ANNOUNCEMENT", subscription.NotificationType)
})
}
diff --git a/.generator/templates/test_helpers.go b/.generator/templates/test_helpers.go
index e8f94db4..98008957 100644
--- a/.generator/templates/test_helpers.go
+++ b/.generator/templates/test_helpers.go
@@ -96,7 +96,7 @@ func (t *TestFactory) NewValidTestRecoveryQuestionCredential() *RecoveryQuestion
func (t *TestFactory) NewValidTestIdentityProvider() *IdentityProvider {
res := IdentityProvider{}
- res.SetType(IDENTITYPROVIDERTYPE_OIDC)
+ res.SetType("OIDC")
res.SetName(randomTestString())
res.SetProtocol(*t.NewValidTestProtocol())
res.SetPolicy(*t.NewValidTestIdentityProviderPolicy())
@@ -245,7 +245,7 @@ func (t *TestFactory) NewValidTestCSRMetadata() *CsrMetadata {
func (t *TestFactory) NewValidAccessPolicy(name string) *AccessPolicy {
policyRule := NewPolicyRuleConditions()
res := AccessPolicy{}
- res.SetType(POLICYTYPE_ACCESS_POLICY)
+ res.SetType("ACCESS_POLICY")
res.SetDescription(randomTestString())
res.SetPriority(int32(1))
res.SetConditions(*policyRule)
@@ -262,7 +262,7 @@ func (t *TestFactory) NewValidBasicAuthApplication(label string) *BasicAuthAppli
res := BasicAuthApplication{}
res.SetSettings(*setting)
res.SetName("template_basic_auth")
- res.SetSignOnMode(APPLICATIONSIGNONMODE_BASIC_AUTH)
+ res.SetSignOnMode("BASIC_AUTH")
res.SetLabel(label)
return &res
}
@@ -276,7 +276,7 @@ func (t *TestFactory) NewValidBookmarkApplication(label string) *BookmarkApplica
res := BookmarkApplication{}
res.SetSettings(*setting)
res.SetName("bookmark")
- res.SetSignOnMode(APPLICATIONSIGNONMODE_BOOKMARK)
+ res.SetSignOnMode("BOOKMARK")
res.SetLabel(label)
return &res
}
@@ -291,7 +291,7 @@ func (t *TestFactory) NewValidOrg2OrgApplication(label string) *SamlApplication
res := SamlApplication{}
res.SetSettings(*setting)
res.SetName("okta_org2org")
- res.SetSignOnMode(APPLICATIONSIGNONMODE_SAML_2_0)
+ res.SetSignOnMode("SAML_2_0")
res.SetLabel(label)
return &res
}
@@ -300,17 +300,17 @@ func (t *TestFactory) NewValidOIDCApplication(label string) *OpenIdConnectApplic
settingClient := NewOpenIdConnectApplicationSettingsClient()
settingClient.SetClientUri("https://example.com/client")
settingClient.SetLogoUri("https://example.com/assets/images/logo-new.png")
- settingClient.SetResponseTypes([]OAuthResponseType{OAUTHRESPONSETYPE_TOKEN, OAUTHRESPONSETYPE_ID_TOKEN, OAUTHRESPONSETYPE_CODE})
+ settingClient.SetResponseTypes([]string{"token", "id_token", "code"})
settingClient.SetRedirectUris([]string{"https://example.com/oauth2/callback", "myapp://callback"})
settingClient.SetPostLogoutRedirectUris([]string{"https://example.com/postlogout", "myapp://postlogoutcallback"})
- settingClient.SetGrantTypes([]OAuthGrantType{OAUTHGRANTTYPE_IMPLICIT, OAUTHGRANTTYPE_AUTHORIZATION_CODE})
- settingClient.SetApplicationType(OPENIDCONNECTAPPLICATIONTYPE_NATIVE)
+ settingClient.SetGrantTypes([]string{"implicit", "authorization_code"})
+ settingClient.SetApplicationType("native")
settingClient.SetTosUri("https://example.com/client/tos")
settingClient.SetPolicyUri("https://example.com/client/policy")
setting := NewOpenIdConnectApplicationSettings()
setting.SetOauthClient(*settingClient)
credClient := NewApplicationCredentialsOAuthClient()
- credClient.SetTokenEndpointAuthMethod(OAUTHENDPOINTAUTHENTICATIONMETHOD_CLIENT_SECRET_POST)
+ credClient.SetTokenEndpointAuthMethod("client_secret_post")
credClient.SetClientId(randomTestString())
credClient.SetAutoKeyRotation(true)
credentials := NewOAuthApplicationCredentials()
@@ -319,7 +319,7 @@ func (t *TestFactory) NewValidOIDCApplication(label string) *OpenIdConnectApplic
res.SetSettings(*setting)
res.SetCredentials(*credentials)
res.SetName("oidc_client")
- res.SetSignOnMode(APPLICATIONSIGNONMODE_OPENID_CONNECT)
+ res.SetSignOnMode("OPENID_CONNECT")
res.SetLabel(label)
return &res
}
diff --git a/.github/workflows/prepareReleaseBranch.yml b/.github/workflows/prepareReleaseBranch.yml
index 32e0a77d..85bcfa6f 100644
--- a/.github/workflows/prepareReleaseBranch.yml
+++ b/.github/workflows/prepareReleaseBranch.yml
@@ -39,11 +39,11 @@ jobs:
- name: Set openapi generator version
run: openapi-generator-cli version-manager set 7.0.1
- name: Generate go client
- run: make v3-generate
+ run: make v4-generate
- run: make fmt
- run: make import
- - run: cd okta/v3 && mv go.mod go.sum ../../
- - run: cd okta && mv v3/* ./ && rm -rf v3
+ - run: cd okta/v4 && mv go.mod go.sum ../../
+ - run: cd okta && mv v4/* ./ && rm -rf v4
- name: Commit generated code
uses: EndBug/add-and-commit@v9
with:
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 85df32d0..00000000
--- a/.travis.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-language: go
-
-before_install:
- - nvm install 16.16.0
- - nvm use 16.16.0
- - npm install @openapitools/openapi-generator-cli -g
- - openapi-generator-cli version-manager set 6.0.1
- - npx @openapitools/openapi-generator-cli generate -c ./.generator/config.yaml -i ./.generator/okta-management-APIs-oasv3-enum-inheritance.yaml
- - make fmt
- - make import
-
-jobs:
- include:
- - stage: test_go_1.19_v2
- go: 1.19.x
- script:
- - go mod download
- - make test
-
- - stage: test_go_1.19_v3
- go: 1.19.x
- script:
- - cd okta/v3
- - go mod download
- - go test -failfast -race ./ -test.v
-
- # go tip build is broken upstream on Travis
- # - stage: test_go_tip
- # go: tip
- # script:
- # - go mod download
- # - make test
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2c8ef04f..1d09ac54 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,9 @@
# Changelog
Running changelog of releases since `2.0.0-rc.4`
+## v4.0.0
+ - Release v4 version of the sdk base on openapi spec v3 (#427) Thanks [@duytiennguyen-okta]
+
## v2.19.0
- Upgrade dependency (#378) Thanks [@duytiennguyen-okta]
diff --git a/MIGRATING.md b/MIGRATING.md
index 620b3e50..98093251 100644
--- a/MIGRATING.md
+++ b/MIGRATING.md
@@ -1,10 +1,10 @@
# Okta Golang management SDK migration guide
-## Migrating from 2.x to 3.x
+## Migrating from 2.x to 4.x
In releases prior to version 3 we use an Open API v2 specification, and an Okta custom client generator to partially generate our SDK. A new version of the Open API specification (V3) has been released, and new well-known generators are now available and well received by the community. Planning the future of this SDK, we consider this a good opportunity to modernize by aligning with established standards for API client generation.
-We acknowledge that migrating from v2 to v3 will require considerable effort, but we expect this change to benefit our customers in the long term.
+We acknowledge that migrating from v2 to v4 will require considerable effort, but we expect this change to benefit our customers in the long term.
With OpenAPI v3, we saw an opportunity for improvement in several areas:
@@ -119,4 +119,4 @@ The following features have been ported to 6.x:
* Manual pagination for collections
* Default retry strategy for 429 HTTP responses and ability to provide your own strategy
* Web proxy
-* OAuth for Okta
+* OAuth for Okta
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 8d16c577..eaf3a5b8 100644
--- a/Makefile
+++ b/Makefile
@@ -90,8 +90,8 @@ import: check-goimports
check-goimports:
@which $(GOIMPORTS) > /dev/null || GO111MODULE=on go install golang.org/x/tools/cmd/goimports@latest
-v3-test:
- go test -failfast -race ./okta/v3 -test.v
+v4-test:
+ go test -failfast -race ./okta -test.v
-v3-generate:
- npx @openapitools/openapi-generator-cli generate -c ./.generator/config.yaml -i .generator/okta-management-APIs-oasv3-enum-inheritance.yaml
+v4-generate:
+ npx @openapitools/openapi-generator-cli generate -c ./.generator/config.yaml -i .generator/okta-management-APIs-oasv3-noEnums-inheritance.yaml
\ No newline at end of file