diff --git a/.generator/config.yaml b/.generator/config.yaml
index 3102a637..e3d9ea5c 100644
--- a/.generator/config.yaml
+++ b/.generator/config.yaml
@@ -8,7 +8,7 @@ additionalProperties:
enumClassPrefix: true
generateInterfaces: true
packageName: okta
- packageVersion: 3.0.0
+ packageVersion: 3.0.17
useOneOfDiscriminatorLookup: true
disallowAdditionalPropertiesIfNotPresent: false
files:
diff --git a/.generator/okta-management-APIs-oasv3-enum-inheritance.yaml b/.generator/okta-management-APIs-oasv3-enum-inheritance.yaml
index 8a3e248d..e54c5c6f 100644
--- a/.generator/okta-management-APIs-oasv3-enum-inheritance.yaml
+++ b/.generator/okta-management-APIs-oasv3-enum-inheritance.yaml
@@ -63,15 +63,15 @@ tags:
- name: ApplicationFeatures
x-displayName: Application Features
description: |
- The Feature object is used to configure feature settings for the application.
+ The Application Features API supports operations to configure app feature settings.
- The only feature this API currently supports is `USER_PROVISIONING` for the Org2Org application type.
- The `USER_PROVISIONING` feature is the same as the **To App** provisioning setting in the Admin Console.
- Enable this feature to:
- * Create Users
- * Update User Attributes
- * Deactivate Users
- * Sync Password
+ You must have app provisioning enabled to configure provisioning features. See [Update the default Provisioning Connection](/openapi/okta-management/management/tag/ApplicationConnections/#tag/ApplicationConnections/operation/updateDefaultProvisioningConnectionForApplication).
+
+ The following available provisioning feature is supported by the indicated app:
+
+ |
Feature
| Apps supported | Description |
+ | -------------------- | -------------- | ----------- |
+ | `USER_PROVISIONING` | `org2org` | Similar to the app **Provisioning** > **To App** setting in the Admin Console, this feature configures the **Create Users**, **Update User Attributes**, **Deactivate Users**, and **Sync Password** settings. |
- name: ApplicationGrants
x-displayName: Application Grants
description: |
@@ -88,12 +88,13 @@ tags:
- name: ApplicationPolicies
x-displayName: Application Policies
description: Provides a resource to manage authentication policies associated with an application
- - name: ApplicationSSO
- x-displayName: Application SSO
- description: Provides a Single Sign-On (SSO) resource for an application
- name: ApplicationTokens
x-displayName: Application Tokens
- description: Application OAuth 2.0 token operations
+ description: |
+ Resource to manage OAuth 2.0 tokens for an app
+ > **Note:** To configure refresh tokens for an app, see
+ > [grant_types](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=4/settings/oauthClient/grant_types&t=request)
+ > and [refresh_token](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=4/settings/oauthClient/refresh_token&t=request).
- name: ApplicationUsers
x-displayName: Application Users
description: Application user operations
@@ -259,13 +260,15 @@ tags:
If you created multiple User Types, they all share the same Linked Object definitions. For example, if you have separate User Types for employees and contractors, a link could designate an employee as the manager for a contractor, with the contractor being a subordinate of that employee.
- name: LogStream
x-displayName: Log Streaming
- description: The Log Streaming API provides operations to manage log stream configurations for an org. You can configure up to two log stream integrations per org.
+ description: The Log Streaming API provides operations to manage Log Stream configurations for an org. You can configure up to two Log Stream integrations per org.
- name: NetworkZone
x-displayName: Network Zones
description: |-
The Okta Network Zones API provides operations to manage Zones in your organization. There are two usage Zone types: Policy Network Zones and Blocklist Network Zones. Policy Network Zones are used to guide policy decisions. Blocklist Network Zones are used to deny access from certain IP addresses, locations, proxy types, or Autonomous System Numbers (ASNs) before policy evaluation.
A default system Policy Network Zone is provided in your Okta org. You can use the Network Zones API to modify the default Policy Network Zone or to create a custom Policy or Blocklist Network Zone. When you create your custom Zone, you can specify if the Zone is an IP Zone or a Dynamic Zone. An IP Zone allows you to define network perimeters around a set of IPs, whereas a Dynamic Zone allows you to define network perimeters around location, IP type, and ASNs.
+
+ > **Note:** To create multiple network zones, including Dynamic Zones, you must enable Adaptive MFA.
- name: OrgSetting
x-displayName: Org Settings
description: The Org Settings API provides operations to manage your org account settings such as contact information, granting Okta Support access, and more.
@@ -285,14 +288,12 @@ tags:
x-displayName: Push Providers
description: The Push Providers API provides operations to manage Push Providers for your organization.
x-okta-lifecycle:
- features:
- - CUSTOM_PUSH_AUTHENTICATOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
- name: RateLimitSettings
x-displayName: Rate Limit Settings
description: The Rate Limit Settings APIs provide operations to manage settings and configurations surrounding rate limiting in your Okta organization.
- - name: Realm
- x-displayName: Realms
- description: The realm API provides operations to manage realms
- name: ResourceSet
x-displayName: Resource Sets
description: The Resource Sets API provides operations to manage Resource Sets as custom collections of resources. You can use Resource Sets to assign Custom Roles to administrators who are scoped to the designated resources. See [Supported Resources](https://developer.okta.com/docs/concepts/role-assignment/#supported-resources).
@@ -426,8 +427,9 @@ paths:
/.well-known/app-authenticator-configuration:
get:
x-okta-lifecycle:
- features:
- - CUSTOM_PUSH_AUTHENTICATOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
summary: Retrieve the Well-Known App Authenticator Configuration
description: Retrieves the well-known app authenticator configuration, which includes an app authenticator's settings, supported methods and various other configuration details
operationId: getWellKnownAppAuthenticatorConfiguration
@@ -476,6 +478,10 @@ paths:
security: []
tags:
- OrgSetting
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools:
get:
summary: List all Agent Pools
@@ -504,6 +510,9 @@ paths:
- okta.agentPools.read
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -534,6 +543,9 @@ paths:
- okta.agentPools.read
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Agent Pool update
description: Creates an Agent pool update \n For user flow 2 manual update, starts the update immediately. \n For user flow 3, schedules the update based on the configured update window and delay.
@@ -565,6 +577,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/settings:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -591,6 +606,9 @@ paths:
- okta.agentPools.read
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update an Agent Pool update settings
description: Updates an agent pool update settings
@@ -622,6 +640,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -649,6 +670,9 @@ paths:
- okta.agentPools.read
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update an Agent Pool update by id
description: Updates Agent pool update and return latest agent pool update
@@ -680,6 +704,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Agent Pool update
description: Deletes Agent pool update
@@ -699,6 +726,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/activate:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -726,6 +756,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/deactivate:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -753,6 +786,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/pause:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -780,6 +816,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/resume:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -807,6 +846,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/retry:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -834,6 +876,9 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/agentPools/{poolId}/updates/{updateId}/stop:
parameters:
- $ref: '#/components/parameters/pathPoolId'
@@ -861,19 +906,14 @@ paths:
- okta.agentPools.manage
tags:
- AgentPools
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/api-tokens:
get:
summary: List all API Token Metadata
description: Lists all the metadata of the active API tokens
operationId: listApiTokens
- parameters:
- - $ref: '#/components/parameters/queryAfter'
- - $ref: '#/components/parameters/queryLimit'
- - name: q
- in: query
- description: Finds a token that matches the name or clientName.
- schema:
- type: string
responses:
'200':
description: OK
@@ -896,6 +936,9 @@ paths:
- okta.apiTokens.read
tags:
- ApiToken
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/api-tokens/current:
delete:
summary: Revoke the Current API Token
@@ -912,6 +955,9 @@ paths:
- apiToken: []
tags:
- ApiToken
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/api-tokens/{apiTokenId}:
parameters:
- $ref: '#/components/parameters/pathApiTokenId'
@@ -941,6 +987,9 @@ paths:
- okta.apiTokens.read
tags:
- ApiToken
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke an API Token
description: Revokes an API token by `apiTokenId`
@@ -960,6 +1009,9 @@ paths:
- okta.apiTokens.manage
tags:
- ApiToken
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps:
get:
summary: List all Applications
@@ -1036,6 +1088,9 @@ paths:
- okta.apps.read
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Application
description: Creates a new application to your Okta organization
@@ -1079,70 +1134,9 @@ paths:
- okta.apps.manage
tags:
- Application
- /api/v1/apps/${appId}/sso/saml/metadata:
- parameters:
- - $ref: '#/components/parameters/pathAppId'
- get:
- summary: Preview the application SAML metadata
- description: Previews the SSO SAML metadata for an application
- operationId: previewSAMLmetadataForApplication
- responses:
- '200':
- description: OK
- content:
- text/xml:
- schema:
- type: string
- description: SAML metadata in XML
- format: xml
- examples:
- previewSAML:
- summary: SAML metadata example
- value: |
-
-
-
-
-
-
- MIIDqDCCApCgAwIBAgIGAVGNO4qeMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
- A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
- MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJ
- ARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODUwMDhaFw0xNzEyMTAxODUxMDdaMIGUMQswCQYD
- VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
- A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEc
- MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
- ggEBALAakG48bgcTWHdwmVLHig0mkiRejxIVm3wbzrNSJcBruTq2zCYZ1rGfVxTYON8kJqvkXPmv
- kzWKhpEkvhubL+mx29XpXY0AsNIfgcm5xIV56yhXSvlMdqzGo3ciRwoACaF+ClNLxmXK9UTZD89B
- bVVGCG5AEvja0eCQ0GYsO5i9aSI5aTroab8Aew31PuWl/RGQWmjVy8+7P4wwkKKJNKCpxMYDlhfa
- WRp0zwUSbUCO0qEyeAYdZx6CLES4FGrDi/7D6G+ewWC+kbz1tL1XpF2Dcg3+IOlHrV6VWzz3rG39
- v9zFIncjvoQJFDGWhpqGqcmXvgH0Ze3SVcVF01T+bK0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
- AHmnSZ4imjNrIf9wxfQIcqHXEBoJ+oJtd59cw1Ur/YQY9pKXxoglqCQ54ZmlIf4GghlcZhslLO+m
- NdkQVwSmWMh6KLxVM18/xAkq8zyKbMbvQnTjFB7x45bgokwbjhivWqrB5LYHHCVN7k/8mKlS4eCK
- Ci6RGEmErjojr4QN2xV0qAqP6CcGANgpepsQJCzlWucMFKAh0x9Kl8fmiQodfyLXyrebYsVnLrMf
- jxE1b6dg4jKvv975tf5wreQSYZ7m//g3/+NnuDKkN/03HqhV7hTNi1fyctXk8I5Nwgyr+pT5LT2k
- YoEdncuy+GQGzE9yLOhC4HNfHQXpqp2tMPdRlw==
-
-
-
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
-
-
-
-
- '403':
- $ref: '#/components/responses/ErrorAccessDenied403'
- '404':
- $ref: '#/components/responses/ErrorResourceNotFound404'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.apps.read
- tags:
- - ApplicationSSO
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1175,6 +1169,9 @@ paths:
- okta.apps.read
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Application
description: Replaces an application
@@ -1209,6 +1206,9 @@ paths:
- okta.apps.manage
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Application
description: Deletes an inactive application
@@ -1229,6 +1229,9 @@ paths:
- okta.apps.manage
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/connections/default:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1258,6 +1261,9 @@ paths:
- okta.apps.read
tags:
- ApplicationConnections
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update the default Provisioning Connection
description: Updates the default Provisioning Connection for an app
@@ -1305,6 +1311,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationConnections
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/connections/default/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1327,6 +1336,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationConnections
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/connections/default/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1349,6 +1361,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationConnections
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/csrs:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1377,6 +1392,9 @@ paths:
- okta.apps.read
tags:
- ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Generate a Certificate Signing Request
description: Generates a new key pair and returns the Certificate Signing Request for it
@@ -1409,6 +1427,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/csrs/{csrId}:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1436,6 +1457,9 @@ paths:
- okta.apps.read
tags:
- ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke a Certificate Signing Request
description: Revokes a certificate signing request and deletes the key pair from the application
@@ -1456,6 +1480,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1503,6 +1530,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/keys:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1531,6 +1561,9 @@ paths:
- okta.apps.read
tags:
- ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/keys/generate:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1562,6 +1595,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/keys/{keyId}:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1589,6 +1625,9 @@ paths:
- okta.apps.read
tags:
- ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/credentials/keys/{keyId}/clone:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1623,6 +1662,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationCredentials
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/features:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1630,8 +1672,7 @@ paths:
summary: List all Features
description: |
Lists all features for an application
- > **Note:** The only application feature currently supported is `USER_PROVISIONING`.
- > This request returns an error if provisioning isn't enabled for the application.
+ > **Note:** This request returns an error if provisioning isn't enabled for the application.
> To set up provisioning, see [Update the default Provisioning Connection](/openapi/okta-management/management/tag/ApplicationConnections/#tag/ApplicationConnections/operation/updateDefaultProvisioningConnectionForApplication).
operationId: listFeaturesForApplication
responses:
@@ -1641,7 +1682,14 @@ paths:
application/json:
schema:
items:
- $ref: '#/components/schemas/ApplicationFeature'
+ oneOf: &ref_2
+ - $ref: '#/components/schemas/UserProvisioningApplicationFeature'
+ - $ref: '#/components/schemas/InboundProvisioningApplicationFeature'
+ discriminator: &ref_3
+ propertyName: name
+ mapping:
+ USER_PROVISIONING: '#/components/schemas/UserProvisioningApplicationFeature'
+ INBOUND_PROVISIONING: '#/components/schemas/InboundProvisioningApplicationFeature'
type: array
examples:
ListAppFeatureResponse:
@@ -1667,6 +1715,9 @@ paths:
- okta.apps.read
tags:
- ApplicationFeatures
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/features/{featureName}:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1681,7 +1732,8 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/ApplicationFeature'
+ oneOf: *ref_2
+ discriminator: *ref_3
examples:
AppFeatureResponse:
$ref: '#/components/examples/AppFeatureResponseEx'
@@ -1697,6 +1749,9 @@ paths:
- okta.apps.read
tags:
- ApplicationFeatures
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Update a Feature
description: |
@@ -1707,7 +1762,8 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/CapabilitiesObject'
+ oneOf:
+ - $ref: '#/components/schemas/CapabilitiesObject'
examples:
UpdateAppFeatureEx:
$ref: '#/components/examples/UpdateAppFeatureRequestEx'
@@ -1718,7 +1774,8 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/ApplicationFeature'
+ oneOf: *ref_2
+ discriminator: *ref_3
examples:
UpdateAppFeatureEx:
$ref: '#/components/examples/UpdateAppFeatureResponseEx'
@@ -1736,6 +1793,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationFeatures
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/grants:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1744,7 +1804,7 @@ paths:
description: Lists all scope consent Grants for the app
operationId: listScopeConsentGrants
parameters:
- - $ref: '#/components/parameters/queryExpand'
+ - $ref: '#/components/parameters/queryAppExpand'
responses:
'200':
description: Success
@@ -1754,6 +1814,9 @@ paths:
type: array
items:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+ examples:
+ ListAppGrantsExample:
+ $ref: '#/components/examples/ListAppGrantsEx'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -1766,6 +1829,9 @@ paths:
- okta.appGrants.read
tags:
- ApplicationGrants
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Grant consent to scope
description: Grants consent for the app to request an OAuth 2.0 Okta scope
@@ -1776,6 +1842,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+ examples:
+ AppGrantsExample:
+ $ref: '#/components/examples/AppGrantsPostEx'
required: true
responses:
'201':
@@ -1784,6 +1853,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+ examples:
+ AppGrantsExample:
+ $ref: '#/components/examples/AppGrantsEx'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -1798,6 +1870,9 @@ paths:
- okta.appGrants.manage
tags:
- ApplicationGrants
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/grants/{grantId}:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1807,7 +1882,7 @@ paths:
description: Retrieves a single scope consent Grant object for the app
operationId: getScopeConsentGrant
parameters:
- - $ref: '#/components/parameters/queryExpand'
+ - $ref: '#/components/parameters/queryAppExpand'
responses:
'200':
description: Success
@@ -1815,6 +1890,9 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/OAuth2ScopeConsentGrant'
+ examples:
+ AppGrantsExample:
+ $ref: '#/components/examples/AppGrantsEx'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -1827,6 +1905,9 @@ paths:
- okta.appGrants.read
tags:
- ApplicationGrants
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke an app Grant
description: Revokes permission for the app to grant the given scope
@@ -1847,6 +1928,9 @@ paths:
- okta.appGrants.manage
tags:
- ApplicationGrants
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/groups:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1896,6 +1980,9 @@ paths:
- okta.apps.read
tags:
- ApplicationGroups
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/groups/{groupId}:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -1938,6 +2025,9 @@ paths:
- okta.apps.read
tags:
- ApplicationGroups
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Assign a Group
description: Assigns a group to an application
@@ -1981,6 +2071,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationGroups
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Group
description: Unassigns a group from an application
@@ -2012,6 +2105,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationGroups
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -2035,6 +2131,9 @@ paths:
- okta.apps.manage
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -2058,6 +2157,9 @@ paths:
- okta.apps.manage
tags:
- Application
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/logo:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -2105,6 +2207,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationLogos
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/policies/{policyId}:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -2133,28 +2238,26 @@ paths:
- okta.apps.manage
tags:
- ApplicationPolicies
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/apps/{appId}/tokens:
parameters:
- $ref: '#/components/parameters/pathAppId'
get:
- summary: List all OAuth 2.0 Tokens
- description: Lists all tokens for the application
+ summary: List all application refresh Tokens
+ description: |
+ Lists all refresh tokens for an app
+
+ > **Note:** The results are [paginated](/#pagination) according to the `limit` parameter.
+ > If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it).
operationId: listOAuth2TokensForApplication
parameters:
- - name: expand
- in: query
- schema:
- type: string
- - name: after
- in: query
- schema:
- type: string
- - name: limit
- in: query
- schema:
- type: integer
- format: int32
- default: 20
+ - $ref: '#/components/parameters/queryAppExpand'
+ - $ref: '#/components/parameters/queryAppAfter'
+ - $ref: '#/components/parameters/queryLimit'
responses:
'200':
description: Success
@@ -2163,7 +2266,10 @@ paths:
schema:
type: array
items:
- $ref: '#/components/schemas/OAuth2Token'
+ $ref: '#/components/schemas/OAuth2RefreshToken'
+ examples:
+ getOAuth2TokenForApplicationListExample:
+ $ref: '#/components/examples/OAuth2RefreshTokenResponseListEx'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -2176,9 +2282,12 @@ paths:
- okta.apps.read
tags:
- ApplicationTokens
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Revoke all OAuth 2.0 Tokens
- description: Revokes all tokens for the specified application
+ summary: Revoke all application Tokens
+ description: Revokes all OAuth 2.0 refresh tokens for the specified app. Any access tokens issued with these refresh tokens are also revoked, but access tokens issued without a refresh token aren't affected.
operationId: revokeOAuth2TokensForApplication
responses:
'204':
@@ -2196,26 +2305,29 @@ paths:
- okta.apps.manage
tags:
- ApplicationTokens
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/tokens/{tokenId}:
parameters:
- $ref: '#/components/parameters/pathAppId'
- $ref: '#/components/parameters/pathTokenId'
get:
- summary: Retrieve an OAuth 2.0 Token
- description: Retrieves a token for the specified application
+ summary: Retrieve an application Token
+ description: Retrieves a refresh token for the specified app
operationId: getOAuth2TokenForApplication
parameters:
- - name: expand
- in: query
- schema:
- type: string
+ - $ref: '#/components/parameters/queryAppExpand'
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/OAuth2Token'
+ $ref: '#/components/schemas/OAuth2RefreshToken'
+ examples:
+ getOAuth2TokenForApplicationExample:
+ $ref: '#/components/examples/OAuth2RefreshTokenResponseEx'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -2228,9 +2340,12 @@ paths:
- okta.apps.read
tags:
- ApplicationTokens
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
- summary: Revoke an OAuth 2.0 Token
- description: Revokes the specified token for the specified application
+ summary: Revoke an application Token
+ description: Revokes the specified token for the specified app
operationId: revokeOAuth2TokenForApplication
responses:
'204':
@@ -2248,6 +2363,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationTokens
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/users:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -2305,6 +2423,9 @@ paths:
- okta.apps.read
tags:
- ApplicationUsers
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Assign a User
description: |-
@@ -2345,6 +2466,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationUsers
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/apps/{appId}/users/{userId}:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -2377,6 +2501,9 @@ paths:
- okta.apps.read
tags:
- ApplicationUsers
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update an App Profile for an assigned User
description: Updates a user's profile for an application
@@ -2409,6 +2536,9 @@ paths:
- okta.apps.manage
tags:
- ApplicationUsers
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign an App User
description: Unassigns a user from an application
@@ -2436,11 +2566,16 @@ paths:
- okta.apps.manage
tags:
- ApplicationUsers
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/authenticators:
get:
summary: List all Authenticators
description: Lists all authenticators
operationId: listAuthenticators
+ parameters:
+ - $ref: '#/components/parameters/queryExpandAuthenticator'
responses:
'200':
description: Success
@@ -2463,6 +2598,11 @@ paths:
- okta.authenticators.read
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Create an Authenticator
description: Creates an authenticator
@@ -2492,6 +2632,11 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/authenticators/{authenticatorId}:
parameters:
- $ref: '#/components/parameters/pathAuthenticatorId'
@@ -2499,6 +2644,8 @@ paths:
summary: Retrieve an Authenticator
description: Retrieves an authenticator from your Okta organization by `authenticatorId`
operationId: getAuthenticator
+ parameters:
+ - $ref: '#/components/parameters/queryExpandAuthenticator'
responses:
'200':
$ref: '#/components/responses/AuthenticatorResponse'
@@ -2514,6 +2661,11 @@ paths:
- okta.authenticators.read
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
summary: Replace an Authenticator
description: Replaces the properties for an Authenticator identified by `authenticatorId`
@@ -2538,6 +2690,11 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/authenticators/{authenticatorId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathAuthenticatorId'
@@ -2560,6 +2717,11 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/authenticators/{authenticatorId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathAuthenticatorId'
@@ -2582,6 +2744,11 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/authenticators/{authenticatorId}/methods:
parameters:
- $ref: '#/components/parameters/pathAuthenticatorId'
@@ -2597,7 +2764,7 @@ paths:
schema:
type: array
items:
- oneOf: &ref_2
+ oneOf: &ref_4
- $ref: '#/components/schemas/AuthenticatorMethodSimple'
- $ref: '#/components/schemas/AuthenticatorMethodPush'
- $ref: '#/components/schemas/AuthenticatorMethodSignedNonce'
@@ -2605,7 +2772,7 @@ paths:
- $ref: '#/components/schemas/AuthenticatorMethodOtp'
- $ref: '#/components/schemas/AuthenticatorMethodWebAuthn'
- $ref: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
- discriminator: &ref_3
+ discriminator: &ref_5
propertyName: type
mapping:
sms: '#/components/schemas/AuthenticatorMethodSimple'
@@ -2633,6 +2800,11 @@ paths:
- okta.authenticators.read
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/authenticators/{authenticatorId}/methods/{methodType}:
parameters:
- $ref: '#/components/parameters/pathAuthenticatorId'
@@ -2647,8 +2819,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_4
+ discriminator: *ref_5
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -2661,6 +2833,11 @@ paths:
- okta.authenticators.read
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
summary: Replace a Method
description: Replaces a Method of `methodType` for an Authenticator identified by `authenticatorId`
@@ -2669,16 +2846,16 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_4
+ discriminator: *ref_5
responses:
'200':
description: Success
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_4
+ discriminator: *ref_5
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -2693,6 +2870,11 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathAuthenticatorId'
@@ -2707,8 +2889,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_4
+ discriminator: *ref_5
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -2721,6 +2903,11 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathAuthenticatorId'
@@ -2735,8 +2922,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_2
- discriminator: *ref_3
+ oneOf: *ref_4
+ discriminator: *ref_5
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -2749,6 +2936,15 @@ paths:
- okta.authenticators.manage
tags:
- Authenticator
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
+ /api/v1/authenticators/{authenticatorId}/policies/{mappingId}:
+ parameters:
+ - $ref: '#/components/parameters/pathAuthenticatorId'
+ - $ref: '#/components/parameters/pathPolicyMappingId'
/api/v1/authorizationServers:
get:
summary: List all Authorization Servers
@@ -2788,6 +2984,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
summary: Create an Authorization Server
description: Creates an authorization server
@@ -2818,6 +3019,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -2844,6 +3050,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
put:
summary: Replace an Authorization Server
description: Replaces an authorization server
@@ -2876,6 +3087,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Delete an Authorization Server
description: Deletes an authorization server
@@ -2896,6 +3112,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/associatedServers:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -2947,6 +3168,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
summary: Create the Associated Authorization Servers
description: Creates the trusted relationships between the given authorization server and other authorization servers
@@ -2981,6 +3207,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/associatedServers/{associatedServerId}:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3005,6 +3236,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/claims:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3033,6 +3269,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
summary: Create a Custom Token Claim
description: Creates a custom token claim
@@ -3065,6 +3306,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/claims/{claimId}:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3092,6 +3338,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
put:
summary: Replace a Custom Token Claim
description: Replaces a custom token claim
@@ -3124,6 +3375,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Delete a Custom Token Claim
description: Deletes a custom token claim
@@ -3144,6 +3400,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/clients:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3172,6 +3433,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3216,6 +3482,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Revoke all Refresh Tokens for a Client
description: Revokes all refresh tokens for a client
@@ -3236,6 +3507,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3269,6 +3545,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Revoke a Refresh Token for a Client
description: Revokes a refresh token for a client
@@ -3289,6 +3570,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/credentials/keys:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3317,6 +3603,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3354,6 +3645,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3377,6 +3673,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3400,6 +3701,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3428,6 +3734,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
summary: Create a Policy
description: Creates a policy
@@ -3460,6 +3771,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3487,6 +3803,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
put:
summary: Replace a Policy
description: Replaces a policy
@@ -3519,6 +3840,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Delete a Policy
description: Deletes a policy
@@ -3539,6 +3865,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3563,6 +3894,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3587,6 +3923,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3616,6 +3957,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
summary: Create a Policy Rule
description: Creates a policy rule for the specified Custom Authorization Server and Policy
@@ -3648,6 +3994,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3676,6 +4027,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
put:
summary: Replace a Policy Rule
description: Replaces the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy
@@ -3708,6 +4064,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Delete a Policy Rule
description: Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy
@@ -3728,6 +4089,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3753,6 +4119,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3778,6 +4149,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/scopes:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3825,6 +4201,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
post:
summary: Create a Custom Token Scope
description: Creates a custom token scope
@@ -3857,6 +4238,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}:
parameters:
- $ref: '#/components/parameters/pathAuthServerId'
@@ -3884,6 +4270,11 @@ paths:
- okta.authorizationServers.read
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
put:
summary: Replace a Custom Token Scope
description: Replaces a custom token scope
@@ -3916,6 +4307,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
delete:
summary: Delete a Custom Token Scope
description: Deletes a custom token scope
@@ -3936,6 +4332,11 @@ paths:
- okta.authorizationServers.manage
tags:
- AuthorizationServer
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs:
+ - API Access Management
/api/v1/behaviors:
get:
summary: List all Behavior Detection Rules
@@ -3949,12 +4350,12 @@ paths:
schema:
type: array
items:
- oneOf: &ref_4
+ oneOf: &ref_6
- $ref: '#/components/schemas/BehaviorRuleAnomalousLocation'
- $ref: '#/components/schemas/BehaviorRuleAnomalousIP'
- $ref: '#/components/schemas/BehaviorRuleAnomalousDevice'
- $ref: '#/components/schemas/BehaviorRuleVelocity'
- discriminator: &ref_5
+ discriminator: &ref_7
propertyName: type
mapping:
ANOMALOUS_LOCATION: '#/components/schemas/BehaviorRuleAnomalousLocation'
@@ -3971,6 +4372,9 @@ paths:
- okta.behaviors.read
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Behavior Detection Rule
description: Creates a new behavior detection rule
@@ -3980,8 +4384,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_6
+ discriminator: *ref_7
examples:
BehaviorRuleRequest:
$ref: '#/components/examples/BehaviorRuleRequest'
@@ -4015,6 +4419,9 @@ paths:
- okta.behaviors.manage
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/behaviors/{behaviorId}:
parameters:
- $ref: '#/components/parameters/pathBehaviorId'
@@ -4028,8 +4435,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_6
+ discriminator: *ref_7
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -4049,6 +4456,9 @@ paths:
- okta.behaviors.read
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Behavior Detection Rule
description: Replaces a Behavior Detection Rule by `behaviorId`
@@ -4058,8 +4468,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_6
+ discriminator: *ref_7
examples:
BehaviorRuleRequest:
$ref: '#/components/examples/BehaviorRuleRequest'
@@ -4070,8 +4480,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_6
+ discriminator: *ref_7
examples:
BehaviorRuleReSponse:
$ref: '#/components/examples/BehaviorRuleResponse'
@@ -4103,6 +4513,9 @@ paths:
- okta.behaviors.manage
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Behavior Detection Rule
description: Deletes a Behavior Detection Rule by `behaviorId`
@@ -4129,6 +4542,9 @@ paths:
- okta.behaviors.manage
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/behaviors/{behaviorId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathBehaviorId'
@@ -4142,8 +4558,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_6
+ discriminator: *ref_7
examples:
BehaviorRuleReSponse:
$ref: '#/components/examples/BehaviorRuleResponse'
@@ -4159,6 +4575,9 @@ paths:
- okta.behaviors.manage
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/behaviors/{behaviorId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathBehaviorId'
@@ -4172,8 +4591,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_4
- discriminator: *ref_5
+ oneOf: *ref_6
+ discriminator: *ref_7
examples:
BehaviorRuleReSponse:
$ref: '#/components/examples/BehaviorRuleResponse'
@@ -4189,6 +4608,9 @@ paths:
- okta.behaviors.manage
tags:
- Behavior
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands:
parameters:
- $ref: '#/components/parameters/queryExpandBrand'
@@ -4221,6 +4643,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Brand
description: Creates a new brand in your org
@@ -4255,6 +4680,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4285,6 +4713,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Brand
description: Replaces a brand by `brandId`
@@ -4323,6 +4754,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a brand
description: Deletes a brand by `brandId`
@@ -4353,6 +4787,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/domains:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4379,6 +4816,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/error:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4406,6 +4846,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/error/customized:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4437,6 +4880,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Customized Error Page
description: Replaces the customized error page. The customized error page appears in your live environment.
@@ -4473,6 +4919,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete the Customized Error Page
description: Deletes the customized error page. As a result, the default error page appears in your live environment.
@@ -4493,6 +4942,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/error/default:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4519,6 +4971,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/error/preview:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4550,6 +5005,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Preview Error Page
description: Replaces the preview error page. The preview error page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/error/preview`.
@@ -4586,6 +5044,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete the Preview Error Page
description: Deletes the preview error page. The preview error page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/error/preview`.
@@ -4606,6 +5067,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-in:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4633,6 +5097,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-in/customized:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4664,6 +5131,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Customized Sign-in Page
description: Replaces the customized sign-in page. The customized sign-in page appears in your live environment.
@@ -4700,6 +5170,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete the Customized Sign-in Page
description: Deletes the customized sign-in page. As a result, the default sign-in page appears in your live environment.
@@ -4720,6 +5193,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-in/default:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4746,6 +5222,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-in/preview:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4777,6 +5256,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Preview Sign-in Page
description: Replaces the preview sign-in page. The preview sign-in page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/login/preview`.
@@ -4813,6 +5295,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete the Preview Sign-in Page
description: Deletes the preview sign-in page. The preview sign-in page contains unpublished changes and isn't shown in your live environment. Preview it at `${yourOktaDomain}/login/preview`.
@@ -4833,6 +5318,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-in/widget-versions:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4862,6 +5350,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/pages/sign-out/customized:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4888,6 +5379,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Sign-out Page Settings
description: Replaces the sign-out page settings
@@ -4919,6 +5413,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4959,6 +5456,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -4991,6 +5491,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/customizations:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5026,6 +5529,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Email Customization
description: Creates a new email customization
@@ -5074,6 +5580,9 @@ paths:
- okta.templates.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete all Email Customizations
description: Deletes all customizations for an email template
@@ -5094,6 +5603,9 @@ paths:
- okta.templates.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5125,6 +5637,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Email Customization
description: Replaces an existing email customization using the property values provided
@@ -5176,6 +5691,9 @@ paths:
- okta.templates.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Email Customization
description: Deletes an email customization by its unique identifier
@@ -5205,6 +5723,9 @@ paths:
- okta.templates.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5236,6 +5757,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/default-content:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5268,6 +5792,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5300,6 +5827,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/settings:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5330,6 +5860,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Email Template Settings
description: Replaces an email template's settings
@@ -5365,6 +5898,9 @@ paths:
- okta.templates.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/templates/email/{templateName}/test:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5395,6 +5931,9 @@ paths:
- okta.templates.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/themes:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5423,6 +5962,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/themes/{themeId}:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5450,6 +5992,9 @@ paths:
- okta.brands.read
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Theme
description: Replaces a theme for a brand
@@ -5482,6 +6027,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/themes/{themeId}/background-image:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5524,6 +6072,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete the Background Image
description: Deletes a Theme background image
@@ -5544,6 +6095,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/themes/{themeId}/favicon:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5586,6 +6140,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete the Favicon
description: Deletes a Theme favicon. The theme will use the default Okta favicon.
@@ -5606,6 +6163,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/brands/{brandId}/themes/{themeId}/logo:
parameters:
- $ref: '#/components/parameters/pathBrandId'
@@ -5648,6 +6208,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete the Logo
description: Deletes a Theme logo. The theme will use the default Okta logo.
@@ -5668,6 +6231,9 @@ paths:
- okta.brands.manage
tags:
- Customization
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/captchas:
get:
summary: List all CAPTCHA Instances
@@ -5692,6 +6258,11 @@ paths:
- okta.captchas.read
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Create a CAPTCHA instance
description: Creates a new CAPTCHA instance. Currently, an org can only configure a single CAPTCHA instance.
@@ -5741,6 +6312,11 @@ paths:
- okta.captchas.manage
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/captchas/{captchaId}:
parameters:
- $ref: '#/components/parameters/pathCaptchaId'
@@ -5772,6 +6348,11 @@ paths:
- okta.captchas.read
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Update a CAPTCHA Instance
description: Partially updates the properties of a specified CAPTCHA instance
@@ -5814,6 +6395,11 @@ paths:
- okta.captchas.manage
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
summary: Replace a CAPTCHA Instance
description: Replaces the properties for a specified CAPTCHA instance
@@ -5856,6 +6442,11 @@ paths:
- okta.captchas.manage
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete a CAPTCHA Instance
description: |-
@@ -5887,6 +6478,11 @@ paths:
- okta.captchas.manage
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/device-assurances:
get:
summary: List all Device Assurance Policies
@@ -5900,13 +6496,13 @@ paths:
schema:
type: array
items:
- oneOf: &ref_6
+ oneOf: &ref_8
- $ref: '#/components/schemas/DeviceAssuranceWindowsPlatform'
- $ref: '#/components/schemas/DeviceAssuranceMacOSPlatform'
- $ref: '#/components/schemas/DeviceAssuranceChromeOSPlatform'
- $ref: '#/components/schemas/DeviceAssuranceIOSPlatform'
- $ref: '#/components/schemas/DeviceAssuranceAndroidPlatform'
- discriminator: &ref_7
+ discriminator: &ref_9
propertyName: platform
mapping:
WINDOWS: '#/components/schemas/DeviceAssuranceWindowsPlatform'
@@ -5924,6 +6520,11 @@ paths:
- okta.deviceAssurance.read
tags:
- DeviceAssurance
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Create a Device Assurance Policy
description: Creates a new Device Assurance Policy
@@ -5933,8 +6534,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_8
+ discriminator: *ref_9
examples:
Android:
$ref: '#/components/examples/DeviceAssuranceAndroidRequest'
@@ -5957,8 +6558,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_8
+ discriminator: *ref_9
examples:
Android:
$ref: '#/components/examples/DeviceAssuranceAndroidResponse'
@@ -5986,6 +6587,11 @@ paths:
- okta.deviceAssurance.manage
tags:
- DeviceAssurance
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/device-assurances/{deviceAssuranceId}:
parameters:
- $ref: '#/components/parameters/pathDeviceAssuranceId'
@@ -5999,8 +6605,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_8
+ discriminator: *ref_9
examples:
Android:
$ref: '#/components/examples/DeviceAssuranceAndroidResponse'
@@ -6028,6 +6634,11 @@ paths:
- okta.deviceAssurance.read
tags:
- DeviceAssurance
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
summary: Replace a Device Assurance Policy
description: Replaces a Device Assurance Policy by `deviceAssuranceId`
@@ -6037,8 +6648,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_8
+ discriminator: *ref_9
examples:
Android:
$ref: '#/components/examples/DeviceAssuranceAndroidRequest'
@@ -6061,8 +6672,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_6
- discriminator: *ref_7
+ oneOf: *ref_8
+ discriminator: *ref_9
examples:
Android:
$ref: '#/components/examples/DeviceAssuranceAndroidResponse'
@@ -6092,6 +6703,11 @@ paths:
- okta.deviceAssurance.manage
tags:
- DeviceAssurance
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete a Device Assurance Policy
description: Deletes a Device Assurance Policy by `deviceAssuranceId`. If the Device Assurance Policy is currently being used in the org Authentication Policies, the delete will not be allowed.
@@ -6121,6 +6737,11 @@ paths:
- okta.deviceAssurance.manage
tags:
- DeviceAssurance
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices:
get:
summary: List all Devices
@@ -6166,11 +6787,25 @@ paths:
value: profile.platform eq "WINDOWS"
Devices whose `sid` starts with `S-1`:
value: profile.sid sw "S-1"
- - in: query
- name: expand
+ - name: expand
+ in: query
+ description: Includes associated user details and management status for the device in the `_embedded` attribute
schema:
type: string
- description: Lists associated users for the device in `_embedded` element
+ example: userSummary
+ enum:
+ - user
+ - userSummary
+ x-enumDescriptions:
+ user: Lists full details for associated users
+ userSummary: Lists summaries for associated users
+ examples:
+ UserFullDetails:
+ summary: Get a detailed list of associated users
+ value: user
+ UserSummaries:
+ summary: Get the list of associated user summaries
+ value: userSummary
responses:
'200':
description: OK
@@ -6181,6 +6816,9 @@ paths:
items:
$ref: '#/components/schemas/DeviceList'
examples:
+ APIDevicesResponseUserSummaryExample:
+ type: array
+ $ref: '#/components/examples/APIDevicesListAllUserSummaryResponse'
APIDevicesResponseExample:
type: array
$ref: '#/components/examples/APIDevicesListAllResponse'
@@ -6194,6 +6832,11 @@ paths:
- okta.devices.read
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
@@ -6223,6 +6866,11 @@ paths:
- okta.devices.read
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete a Device
description: |-
@@ -6253,6 +6901,11 @@ paths:
- okta.devices.manage
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
@@ -6277,6 +6930,11 @@ paths:
- okta.devices.manage
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
@@ -6305,6 +6963,11 @@ paths:
- okta.devices.manage
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}/lifecycle/suspend:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
@@ -6331,6 +6994,11 @@ paths:
- okta.devices.manage
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}/lifecycle/unsuspend:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
@@ -6355,6 +7023,11 @@ paths:
- okta.devices.manage
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/devices/{deviceId}/users:
parameters:
- $ref: '#/components/parameters/pathDeviceId'
@@ -6387,6 +7060,11 @@ paths:
- okta.devices.read
tags:
- Device
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/domains:
get:
summary: List all Custom Domains
@@ -6409,6 +7087,9 @@ paths:
- okta.domains.read
tags:
- CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Custom Domain
description: Creates your custom domain
@@ -6439,6 +7120,9 @@ paths:
- okta.domains.manage
tags:
- CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/domains/{domainId}:
parameters:
- $ref: '#/components/parameters/pathDomainId'
@@ -6465,6 +7149,9 @@ paths:
- okta.domains.read
tags:
- CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Custom Domain's Brand
description: Replaces a custom domain's brand
@@ -6496,6 +7183,9 @@ paths:
- okta.domains.manage
tags:
- CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Custom Domain
description: Deletes a custom domain by `domainId`
@@ -6516,6 +7206,9 @@ paths:
- okta.domains.manage
tags:
- CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/domains/{domainId}/certificate:
parameters:
- $ref: '#/components/parameters/pathDomainId'
@@ -6548,6 +7241,9 @@ paths:
- okta.domains.manage
tags:
- CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/domains/{domainId}/verify:
parameters:
- $ref: '#/components/parameters/pathDomainId'
@@ -6574,6 +7270,9 @@ paths:
- okta.domains.manage
tags:
- CustomDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/email-domains:
parameters:
- $ref: '#/components/parameters/queryExpandEmailDomain'
@@ -6603,6 +7302,9 @@ paths:
- okta.emailDomains.read
tags:
- EmailDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Email Domain
description: Creates an Email Domain in your org
@@ -6650,6 +7352,9 @@ paths:
- okta.emailDomains.manage
tags:
- EmailDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/email-domains/{emailDomainId}:
parameters:
- $ref: '#/components/parameters/pathEmailDomainId'
@@ -6680,6 +7385,9 @@ paths:
- okta.emailDomains.read
tags:
- EmailDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Email Domain
description: Replaces associated username and sender display name by `emailDomainId`
@@ -6718,6 +7426,9 @@ paths:
- okta.emailDomains.manage
tags:
- EmailDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Email Domain
description: Deletes an Email Domain by `emailDomainId`
@@ -6747,6 +7458,9 @@ paths:
- okta.emailDomains.manage
tags:
- EmailDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/email-domains/{emailDomainId}/verify:
parameters:
- $ref: '#/components/parameters/pathEmailDomainId'
@@ -6787,6 +7501,9 @@ paths:
- okta.emailDomains.manage
tags:
- EmailDomain
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/email-servers:
get:
summary: List all enrolled SMTP servers
@@ -6809,6 +7526,11 @@ paths:
- okta.emailServers.read
tags:
- EmailServer
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Create a custom SMTP server
description: Creates a custom email SMTP server configuration for your org
@@ -6837,6 +7559,11 @@ paths:
- okta.emailServers.manage
tags:
- EmailServer
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/email-servers/{emailServerId}:
parameters:
- $ref: '#/components/parameters/pathEmailServerId'
@@ -6863,6 +7590,11 @@ paths:
- okta.emailServers.read
tags:
- EmailServer
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
patch:
summary: Update an SMTP Server configuration
description: Updates the specified custom SMTP server configuration
@@ -6893,6 +7625,11 @@ paths:
- okta.emailServers.manage
tags:
- EmailServer
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete an SMTP Server configuration
description: Deletes the specified custom SMTP server configuration
@@ -6912,6 +7649,11 @@ paths:
- okta.emailServers.manage
tags:
- EmailServer
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/email-servers/{emailServerId}/test:
parameters:
- $ref: '#/components/parameters/pathEmailServerId'
@@ -6941,6 +7683,11 @@ paths:
- okta.emailServers.manage
tags:
- EmailServer
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/eventHooks:
get:
summary: List all Event Hooks
@@ -6968,6 +7715,9 @@ paths:
- okta.eventHooks.read
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Event Hook
description: |-
@@ -7019,6 +7769,9 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/eventHooks/{eventHookId}:
parameters:
- $ref: '#/components/parameters/pathEventHookId'
@@ -7048,6 +7801,9 @@ paths:
- okta.eventHooks.read
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Event Hook
description: |-
@@ -7090,6 +7846,9 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Event Hook
description: |-
@@ -7112,6 +7871,9 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/eventHooks/{eventHookId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathEventHookId'
@@ -7141,6 +7903,9 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/eventHooks/{eventHookId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathEventHookId'
@@ -7170,6 +7935,9 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/eventHooks/{eventHookId}/lifecycle/verify:
parameters:
- $ref: '#/components/parameters/pathEventHookId'
@@ -7207,6 +7975,9 @@ paths:
- okta.eventHooks.manage
tags:
- EventHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/features:
get:
summary: List all Features
@@ -7235,6 +8006,9 @@ paths:
- okta.features.read
tags:
- Feature
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/features/{featureId}:
parameters:
- $ref: '#/components/parameters/pathFeatureId'
@@ -7265,6 +8039,9 @@ paths:
- okta.features.read
tags:
- Feature
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/features/{featureId}/dependencies:
parameters:
- $ref: '#/components/parameters/pathFeatureId'
@@ -7300,6 +8077,9 @@ paths:
- okta.features.read
tags:
- Feature
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/features/{featureId}/dependents:
parameters:
- $ref: '#/components/parameters/pathFeatureId'
@@ -7335,6 +8115,9 @@ paths:
- okta.features.read
tags:
- Feature
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/features/{featureId}/{lifecycle}:
parameters:
- $ref: '#/components/parameters/pathFeatureId'
@@ -7383,6 +8166,9 @@ paths:
- okta.features.manage
tags:
- Feature
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups:
get:
summary: List all Groups
@@ -7454,6 +8240,9 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Group
description: Creates a new group with `OKTA_GROUP` type
@@ -7484,6 +8273,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/rules:
get:
summary: List all Group Rules
@@ -7532,6 +8324,9 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Group Rule
description: Creates a group rule to dynamically add users to the specified group if they match the condition
@@ -7562,6 +8357,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/rules/{groupRuleId}:
parameters:
- $ref: '#/components/parameters/pathGroupRuleId'
@@ -7593,6 +8391,9 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Group Rule
description: Replaces a group rule. Only `INACTIVE` rules can be updated.
@@ -7625,6 +8426,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a group Rule
description: Deletes a specific group rule by `groupRuleId`
@@ -7651,6 +8455,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/rules/{groupRuleId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathGroupRuleId'
@@ -7674,6 +8481,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/rules/{groupRuleId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathGroupRuleId'
@@ -7697,6 +8507,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -7723,6 +8536,9 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Group
description: Replaces the profile for a group with `OKTA_GROUP` type
@@ -7755,6 +8571,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Group
description: Deletes a group with `OKTA_GROUP` type
@@ -7775,6 +8594,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/apps:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -7817,6 +8639,9 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/owners:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -7868,6 +8693,9 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Assign a Group Owner
description: Assigns a group owner
@@ -7911,6 +8739,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/owners/{ownerId}:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -7935,6 +8766,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -7968,6 +8802,9 @@ paths:
- okta.roles.read
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Assign a Role to a Group
description: Assigns a role to a group
@@ -8009,6 +8846,9 @@ paths:
- okta.roles.manage
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -8036,6 +8876,9 @@ paths:
- okta.roles.read
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Role from a Group
description: Unassigns a role identified by `roleId` assigned to group identified by `groupId`
@@ -8056,6 +8899,9 @@ paths:
- okta.roles.manage
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -8096,6 +8942,9 @@ paths:
- okta.roles.read
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -8121,6 +8970,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign an Application Target from Application Administrator Role
description: Unassigns an application target from application administrator role
@@ -8141,6 +8993,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{appId}:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -8167,6 +9022,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign an Application Instance Target from an Application Administrator Role
description: Unassigns an application instance target from application administrator role
@@ -8187,6 +9045,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}/targets/groups:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -8227,6 +9088,9 @@ paths:
- okta.roles.read
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -8252,6 +9116,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Group Target from a Group Role
description: Unassigns a group target from a group role
@@ -8272,6 +9139,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/users:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -8313,6 +9183,9 @@ paths:
- okta.groups.read
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/groups/{groupId}/users/{userId}:
parameters:
- $ref: '#/components/parameters/pathGroupId'
@@ -8337,6 +9210,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a User
description: Unassigns a user from a group with 'OKTA_GROUP' type
@@ -8357,6 +9233,9 @@ paths:
- okta.groups.manage
tags:
- Group
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/hook-keys:
get:
summary: List all keys
@@ -8384,6 +9263,9 @@ paths:
- okta.inlineHooks.read
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a key
description: |
@@ -8422,6 +9304,9 @@ paths:
- okta.inlineHooks.manage
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/hook-keys/public/{publicKeyId}:
parameters:
- $ref: '#/components/parameters/pathPublicKeyId'
@@ -8451,6 +9336,9 @@ paths:
- okta.inlineHooks.read
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/hook-keys/{hookKeyId}:
parameters:
- $ref: '#/components/parameters/pathHookKeyId'
@@ -8480,6 +9368,9 @@ paths:
- okta.inlineHooks.read
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a key
description: |
@@ -8520,6 +9411,9 @@ paths:
- okta.inlineHooks.manage
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a key
description: |
@@ -8543,6 +9437,9 @@ paths:
- okta.inlineHooks.manage
tags:
- HookKey
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/assignees/users:
get:
summary: List all Users with Role Assignments
@@ -8584,6 +9481,9 @@ paths:
- okta.roles.read
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets:
get:
summary: List all Resource Sets
@@ -8611,6 +9511,9 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Resource Set
description: Creates a new Resource Set
@@ -8654,6 +9557,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
@@ -8683,6 +9589,9 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Resource Set
description: Replaces a Resource Set by `resourceSetId`
@@ -8721,6 +9630,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Resource Set
description: Deletes a role by `resourceSetId`
@@ -8748,6 +9660,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/bindings:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
@@ -8779,6 +9694,9 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Resource Set Binding
description: Creates a new Resource Set binding
@@ -8824,6 +9742,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
@@ -8854,6 +9775,9 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Binding
description: Deletes a Resource Set binding by `resourceSetId` and `roleIdOrLabel`
@@ -8881,6 +9805,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
@@ -8913,6 +9840,9 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
patch:
summary: Add more Members to a binding
description: Adds more members to a Resource Set binding
@@ -8958,6 +9888,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/bindings/{roleIdOrLabel}/members/{memberId}:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
@@ -8989,6 +9922,9 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Member from a binding
description: Unassigns a member identified by `memberId` from a binding
@@ -9017,6 +9953,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/resources:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
@@ -9046,6 +9985,9 @@ paths:
- okta.roles.read
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
patch:
summary: Add more Resource to a Resource Set
description: Adds more resources to a Resource Set
@@ -9091,6 +10033,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/resource-sets/{resourceSetId}/resources/{resourceId}:
parameters:
- $ref: '#/components/parameters/pathResourceSetId'
@@ -9122,6 +10067,9 @@ paths:
- okta.roles.manage
tags:
- ResourceSet
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/roles:
get:
summary: List all Roles
@@ -9149,6 +10097,9 @@ paths:
- okta.roles.read
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Role
description: Creates a new role
@@ -9192,6 +10143,9 @@ paths:
- okta.roles.manage
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/roles/{roleIdOrLabel}:
parameters:
- $ref: '#/components/parameters/pathRoleIdOrLabel'
@@ -9221,6 +10175,9 @@ paths:
- okta.roles.read
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Role
description: Replaces a role by `roleIdOrLabel`
@@ -9259,6 +10216,9 @@ paths:
- okta.roles.manage
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Role
description: Deletes a role by `roleIdOrLabel`
@@ -9286,6 +10246,9 @@ paths:
- okta.roles.manage
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/roles/{roleIdOrLabel}/permissions:
parameters:
- $ref: '#/components/parameters/pathRoleIdOrLabel'
@@ -9315,6 +10278,9 @@ paths:
- okta.roles.read
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType}:
parameters:
- $ref: '#/components/parameters/pathRoleIdOrLabel'
@@ -9345,6 +10311,9 @@ paths:
- okta.roles.read
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Permission
description: Creates a permission specified by `permissionType` to the role
@@ -9352,8 +10321,8 @@ paths:
x-codegen-request-body-name: instance
requestBody:
x-okta-lifecycle:
- features:
- - CUSTOM_ADMIN_ROLES_CONDITIONS
+ lifecycle: GA
+ isGenerallyAvailable: true
content:
application/json:
schema:
@@ -9379,10 +10348,13 @@ paths:
- okta.roles.manage
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
x-okta-lifecycle:
- features:
- - CUSTOM_ADMIN_ROLES_CONDITIONS
+ lifecycle: GA
+ isGenerallyAvailable: true
summary: Replace a Permission
description: Replaces a permission specified by `permissionType` in the role
operationId: replaceRolePermission
@@ -9447,6 +10419,9 @@ paths:
- okta.roles.manage
tags:
- Role
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/identity-sources/{identitySourceId}/sessions:
parameters:
- $ref: '#/components/parameters/pathIdentitySourceId'
@@ -9478,6 +10453,10 @@ paths:
- okta.identitySources.read
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
post:
summary: Create an Identity Source Session
description: Creates an identity source session for the given identity source instance
@@ -9506,6 +10485,10 @@ paths:
- okta.identitySources.manage
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}:
parameters:
- $ref: '#/components/parameters/pathIdentitySourceId'
@@ -9536,6 +10519,10 @@ paths:
- okta.identitySources.read
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
delete:
summary: Delete an Identity Source Session
description: Deletes an identity source session for a given `identitySourceId` and `sessionId`
@@ -9555,6 +10542,10 @@ paths:
- okta.identitySources.manage
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-delete:
parameters:
- $ref: '#/components/parameters/pathIdentitySourceId'
@@ -9585,6 +10576,10 @@ paths:
- okta.identitySources.manage
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-upsert:
parameters:
- $ref: '#/components/parameters/pathIdentitySourceId'
@@ -9615,6 +10610,10 @@ paths:
- okta.identitySources.manage
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/start-import:
parameters:
- $ref: '#/components/parameters/pathIdentitySourceId'
@@ -9647,6 +10646,10 @@ paths:
- okta.identitySources.manage
tags:
- IdentitySource
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/idps:
get:
summary: List all Identity Providers
@@ -9694,6 +10697,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Identity Provider
description: Creates a new identity provider integration
@@ -9724,6 +10730,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/credentials/keys:
get:
summary: List all Credential Keys
@@ -9761,6 +10770,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an X.509 Certificate Public Key
description: Creates a new X.509 certificate credential to the IdP key store.
@@ -9791,6 +10803,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/credentials/keys/{idpKeyId}:
parameters:
- $ref: '#/components/parameters/pathIdpKeyId'
@@ -9817,6 +10832,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Signing Credential Key
description: Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP
@@ -9837,6 +10855,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -9863,6 +10884,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Identity Provider
description: Replaces an identity provider integration by `idpId`
@@ -9895,6 +10919,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Identity Provider
description: Deletes an identity provider integration by `idpId`
@@ -9915,6 +10942,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/credentials/csrs:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -9943,6 +10973,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Generate a Certificate Signing Request
description: Generates a new key pair and returns a Certificate Signing Request for it
@@ -9975,6 +11008,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10002,6 +11038,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke a Certificate Signing Request
description: Revokes a certificate signing request and deletes the key pair from the IdP
@@ -10022,6 +11061,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}/lifecycle/publish:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10069,6 +11111,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/credentials/keys:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10097,6 +11142,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/credentials/keys/generate:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10131,6 +11179,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/credentials/keys/{idpKeyId}:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10158,6 +11209,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/credentials/keys/{idpKeyId}/clone:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10191,6 +11245,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10217,6 +11274,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10243,6 +11303,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/users:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10271,6 +11334,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/users/{userId}:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10298,6 +11364,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Link a User to a Social IdP
description: Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type
@@ -10330,6 +11399,9 @@ paths:
- okta.users.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unlink a User from IdP
description: Unlinks the link between the Okta user and the IdP user
@@ -10350,6 +11422,9 @@ paths:
- okta.idps.manage
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/idps/{idpId}/users/{userId}/credentials/tokens:
parameters:
- $ref: '#/components/parameters/pathIdpId'
@@ -10379,6 +11454,9 @@ paths:
- okta.idps.read
tags:
- IdentityProvider
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/inlineHooks:
get:
summary: List all Inline Hooks
@@ -10408,6 +11486,9 @@ paths:
- okta.inlineHooks.read
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an Inline Hook
description: Creates an inline hook
@@ -10438,6 +11519,9 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/inlineHooks/{inlineHookId}:
parameters:
- $ref: '#/components/parameters/pathInlineHookId'
@@ -10464,6 +11548,9 @@ paths:
- okta.inlineHooks.read
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an Inline Hook
description: Replaces an inline hook by `inlineHookId`
@@ -10496,6 +11583,9 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an Inline Hook
description: Deletes an inline hook by `inlineHookId`. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.
@@ -10516,6 +11606,9 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/inlineHooks/{inlineHookId}/execute:
parameters:
- $ref: '#/components/parameters/pathInlineHookId'
@@ -10551,6 +11644,9 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/inlineHooks/{inlineHookId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathInlineHookId'
@@ -10577,6 +11673,9 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathInlineHookId'
@@ -10603,6 +11702,9 @@ paths:
- okta.inlineHooks.manage
tags:
- InlineHook
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/logStreams:
get:
summary: List all Log Streams
@@ -10625,10 +11727,10 @@ paths:
schema:
type: array
items:
- oneOf: &ref_8
+ oneOf: &ref_10
- $ref: '#/components/schemas/LogStreamAws'
- $ref: '#/components/schemas/LogStreamSplunk'
- discriminator: &ref_9
+ discriminator: &ref_11
propertyName: type
mapping:
aws_eventbridge: '#/components/schemas/LogStreamAws'
@@ -10646,6 +11748,10 @@ paths:
- okta.logStreams.read
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
post:
summary: Create a Log Stream
description: Creates a new Log Stream object
@@ -10655,8 +11761,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_8
- discriminator: *ref_9
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
LogStreamPostRequestExample:
$ref: '#/components/examples/LogStreamPostRequest'
@@ -10667,8 +11773,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_8
- discriminator: *ref_9
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
LogStreamPostResponseExample:
$ref: '#/components/examples/LogStreamPostResponse'
@@ -10691,6 +11797,10 @@ paths:
- okta.logStreams.manage
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/logStreams/{logStreamId}:
parameters:
- $ref: '#/components/parameters/pathLogStreamId'
@@ -10704,8 +11814,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_8
- discriminator: *ref_9
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
LogStreamGetRequestExample:
$ref: '#/components/examples/LogStreamPostResponse'
@@ -10721,6 +11831,10 @@ paths:
- okta.logStreams.read
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
put:
summary: Replace a Log Stream
description: |-
@@ -10742,7 +11856,7 @@ paths:
oneOf:
- $ref: '#/components/schemas/LogStreamAwsPutSchema'
- $ref: '#/components/schemas/LogStreamSplunkPutSchema'
- discriminator: &ref_24
+ discriminator: &ref_20
propertyName: type
mapping:
aws_eventbridge: '#/components/schemas/LogStreamAwsPutSchema'
@@ -10757,8 +11871,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_8
- discriminator: *ref_9
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
LogStreamPostResponseExample:
$ref: '#/components/examples/LogStreamPutResponse'
@@ -10776,6 +11890,10 @@ paths:
- okta.logStreams.manage
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
delete:
summary: Delete a Log Stream
description: Deletes a Log Stream object from your org by ID
@@ -10803,6 +11921,10 @@ paths:
- okta.logStreams.manage
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/logStreams/{logStreamId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathLogStreamId'
@@ -10816,8 +11938,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_8
- discriminator: *ref_9
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
LogStreamActivateResponseExample:
$ref: '#/components/examples/LogStreamActivateResponse'
@@ -10833,6 +11955,10 @@ paths:
- okta.logStreams.manage
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/logStreams/{logStreamId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathLogStreamId'
@@ -10846,8 +11972,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_8
- discriminator: *ref_9
+ oneOf: *ref_10
+ discriminator: *ref_11
examples:
LogStreamDeactivateResponseExample:
$ref: '#/components/examples/LogStreamDeactivateResponse'
@@ -10863,6 +11989,10 @@ paths:
- okta.logStreams.manage
tags:
- LogStream
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/logs:
get:
summary: List all System Log Events
@@ -10920,6 +12050,10 @@ paths:
- okta.logs.read
tags:
- SystemLog
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/mappings:
get:
summary: List all Profile Mappings
@@ -10976,6 +12110,10 @@ paths:
- okta.profileMappings.read
tags:
- ProfileMapping
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/mappings/{mappingId}:
parameters:
- $ref: '#/components/parameters/pathMappingId'
@@ -11006,6 +12144,10 @@ paths:
- okta.profileMappings.read
tags:
- ProfileMapping
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
post:
summary: Update a Profile Mapping
description: Updates an existing profile mapping by adding, updating, or removing one or many property mappings
@@ -11055,60 +12197,18 @@ paths:
- okta.profileMappings.manage
tags:
- ProfileMapping
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/meta/layouts/apps/{appName}:
parameters:
- $ref: '#/components/parameters/pathAppName'
- get:
- summary: Retrieve the links for UI schemas for an Application
- description: Retrieves the links for UI schemas for an Application given `appName`
- operationId: getAppUISchemaLinks
- responses:
- '200':
- description: successful operation
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/ApplicationLayouts'
- '403':
- $ref: '#/components/responses/ErrorAccessDenied403'
- '404':
- $ref: '#/components/responses/ErrorResourceNotFound404'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.schemas.read
- tags:
- - Schema
/api/v1/meta/layouts/apps/{appName}/sections/{section}/{operation}:
parameters:
- $ref: '#/components/parameters/pathAppName'
- $ref: '#/components/parameters/pathSection'
- $ref: '#/components/parameters/pathOperation'
- get:
- summary: Retrieve the UI schema for a section
- description: Retrieves the UI schema for an Application given `appName`, `section` and `operation`
- operationId: getAppUISchema
- responses:
- '200':
- description: successful operation
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/ApplicationLayout'
- '403':
- $ref: '#/components/responses/ErrorAccessDenied403'
- '404':
- $ref: '#/components/responses/ErrorResourceNotFound404'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.schemas.read
- tags:
- - Schema
/api/v1/meta/schemas/apps/{appId}/default:
parameters:
- $ref: '#/components/parameters/pathAppId'
@@ -11135,6 +12235,9 @@ paths:
- okta.schemas.read
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update the default Application User Schema for an Application
description: Partially updates on the User Profile properties of the Application User Schema
@@ -11173,6 +12276,9 @@ paths:
- okta.schemas.manage
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/schemas/group/default:
get:
summary: Retrieve the default Group Schema
@@ -11199,6 +12305,9 @@ paths:
- okta.schemas.read
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update the default Group Schema
description: Updates the default group schema. This updates, adds, or removes one or more custom Group Profile properties in the schema.
@@ -11233,6 +12342,9 @@ paths:
- okta.schemas.manage
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/schemas/logStream:
get:
summary: List the Log Stream Schemas
@@ -11260,6 +12372,10 @@ paths:
- okta.logStreams.read
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/meta/schemas/logStream/{logStreamType}:
parameters:
- $ref: '#/components/parameters/pathLogStreamType'
@@ -11291,6 +12407,10 @@ paths:
- okta.logStreams.read
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/meta/schemas/user/linkedObjects:
get:
summary: List all Linked Object Definitions
@@ -11315,6 +12435,9 @@ paths:
- okta.linkedObjects.read
tags:
- LinkedObject
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Linked Object Definition
description: Creates a linked object definition
@@ -11345,6 +12468,9 @@ paths:
- okta.linkedObjects.manage
tags:
- LinkedObject
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}:
parameters:
- $ref: '#/components/parameters/pathLinkedObjectName'
@@ -11371,6 +12497,9 @@ paths:
- okta.linkedObjects.read
tags:
- LinkedObject
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Linked Object Definition
description: Deletes a linked object definition
@@ -11391,6 +12520,9 @@ paths:
- okta.linkedObjects.manage
tags:
- LinkedObject
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/schemas/user/{schemaId}:
parameters:
- $ref: '#/components/parameters/pathSchemaId'
@@ -11420,6 +12552,9 @@ paths:
- okta.schemas.read
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update a User Schema
description: Partially updates on the User Profile properties of the user schema
@@ -11458,6 +12593,9 @@ paths:
- okta.schemas.manage
tags:
- Schema
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/types/user:
get:
summary: List all User Types
@@ -11485,6 +12623,9 @@ paths:
- okta.userTypes.read
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a User Type
description: |-
@@ -11523,6 +12664,9 @@ paths:
- okta.userTypes.manage
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/types/user/{typeId}:
parameters:
- $ref: '#/components/parameters/pathTypeId'
@@ -11552,6 +12696,9 @@ paths:
- okta.userTypes.read
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update a User Type
description: |-
@@ -11592,6 +12739,9 @@ paths:
- okta.userTypes.manage
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a User Type
description: |-
@@ -11631,6 +12781,9 @@ paths:
- okta.userTypes.manage
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a User Type
description: |-
@@ -11653,6 +12806,9 @@ paths:
- okta.userTypes.manage
tags:
- UserType
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/meta/uischemas:
get:
summary: List all UI Schemas
@@ -11681,6 +12837,11 @@ paths:
- okta.uischemas.read
tags:
- UISchema
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Create a UI Schema
description: Creates an input for an enrollment form
@@ -11717,6 +12878,11 @@ paths:
- okta.uischemas.manage
tags:
- UISchema
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/meta/uischemas/{id}:
parameters:
- $ref: '#/components/parameters/UISchemaId'
@@ -11747,6 +12913,11 @@ paths:
- okta.uischemas.read
tags:
- UISchema
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
summary: Replace a UI Schema
description: Replaces a UI Schema by `id`
@@ -11785,6 +12956,11 @@ paths:
- okta.uischemas.manage
tags:
- UISchema
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete a UI Schema
description: Deletes a UI Schema by `id`
@@ -11807,6 +12983,11 @@ paths:
- okta.uischemas.manage
tags:
- UISchema
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/org:
get:
summary: Retrieve the Org Settings
@@ -11830,6 +13011,9 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update the Org Settings
description: Partially updates the org settings depending on provided fields
@@ -11858,6 +13042,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Org Settings
description: Replaces the settings of your organization
@@ -11888,6 +13075,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/captcha:
get:
summary: Retrieve the Org-wide CAPTCHA Settings
@@ -11917,6 +13107,11 @@ paths:
- okta.captchas.read
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
summary: Replace the Org-wide CAPTCHA Settings
description: |-
@@ -11966,6 +13161,11 @@ paths:
- okta.captchas.manage
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete the Org-wide CAPTCHA Settings
description: Deletes the CAPTCHA settings object for your organization
@@ -11985,6 +13185,11 @@ paths:
- okta.captchas.manage
tags:
- CAPTCHA
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/org/contacts:
get:
summary: Retrieve the Org Contact Types
@@ -12010,6 +13215,9 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/contacts/{contactType}:
parameters:
- $ref: '#/components/parameters/pathContactType'
@@ -12036,6 +13244,9 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the User of the Contact Type
description: Replaces the User associated with the specified Contact Type
@@ -12068,6 +13279,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/email/bounces/remove-list:
post:
summary: Remove Emails from Email Provider Bounce List
@@ -12112,6 +13326,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/logo:
post:
summary: Upload the Org Logo
@@ -12145,6 +13362,9 @@ paths:
- okta.apps.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/orgSettings/thirdPartyAdminSetting:
get:
summary: Retrieve the Org Third-Party Admin setting
@@ -12168,6 +13388,9 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update the Org Third-Party Admin setting
description: Updates the Third-Party Admin setting
@@ -12190,6 +13413,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/preferences:
get:
summary: Retrieve the Org Preferences
@@ -12213,6 +13439,9 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/preferences/hideEndUserFooter:
post:
summary: Update the Preference to Hide the Okta Dashboard Footer
@@ -12236,6 +13465,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/preferences/showEndUserFooter:
post:
summary: Update the Preference to Show the Okta Dashboard Footer
@@ -12259,6 +13491,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaCommunication:
get:
summary: Retrieve the Okta Communication Settings
@@ -12282,6 +13517,9 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaCommunication/optIn:
post:
summary: Opt in all Users to Okta Communication emails
@@ -12305,6 +13543,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaCommunication/optOut:
post:
summary: Opt out all Users from Okta Communication emails
@@ -12328,6 +13569,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaSupport:
get:
summary: Retrieve the Okta Support Settings
@@ -12351,6 +13595,9 @@ paths:
- okta.orgs.read
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaSupport/extend:
post:
summary: Extend Okta Support Access
@@ -12374,6 +13621,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaSupport/grant:
post:
summary: Grant Okta Support Access to your Org
@@ -12397,6 +13647,9 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/org/privacy/oktaSupport/revoke:
post:
summary: Revoke Okta Support Access
@@ -12420,6 +13673,64 @@ paths:
- okta.orgs.manage
tags:
- OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/org/settings/clientPrivilegesSetting:
+ get:
+ summary: Retrieve the Org settings to assign the Super Admin role
+ description: Retrieves the Org settings to assign the [Super Admin role](https://help.okta.com/okta_help.htm?type=oie&id=ext_superadmin) by default to a public client app
+ operationId: getClientPrivilegesSetting
+ parameters: []
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ClientPrivilegesSetting'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.orgs.read
+ tags:
+ - OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ put:
+ summary: Assign the Super Admin role to a public client app
+ description: Assigns the [Super Admin role](https://help.okta.com/okta_help.htm?type=oie&id=ext_superadmin) by default to a public client app
+ operationId: assignClientPrivilegesSetting
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ClientPrivilegesSetting'
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ClientPrivilegesSetting'
+ '403':
+ $ref: '#/components/responses/ErrorAccessDenied403'
+ '429':
+ $ref: '#/components/responses/ErrorTooManyRequests429'
+ security:
+ - apiToken: []
+ - oauth2:
+ - okta.orgs.manage
+ tags:
+ - OrgSetting
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies:
get:
summary: List all Policies
@@ -12448,14 +13759,14 @@ paths:
schema:
type: array
items:
- oneOf: &ref_10
+ oneOf: &ref_12
- $ref: '#/components/schemas/AccessPolicy'
- $ref: '#/components/schemas/IdentityProviderPolicy'
- $ref: '#/components/schemas/MultifactorEnrollmentPolicy'
- $ref: '#/components/schemas/OktaSignOnPolicy'
- $ref: '#/components/schemas/PasswordPolicy'
- $ref: '#/components/schemas/ProfileEnrollmentPolicy'
- discriminator: &ref_11
+ discriminator: &ref_13
propertyName: type
mapping:
ACCESS_POLICY: '#/components/schemas/AccessPolicy'
@@ -12474,6 +13785,9 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Policy
description: Creates a policy
@@ -12489,8 +13803,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_12
+ discriminator: *ref_13
required: true
responses:
'200':
@@ -12498,8 +13812,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_12
+ discriminator: *ref_13
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -12512,6 +13826,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/simulate:
parameters:
- $ref: '#/components/parameters/simulateParameter'
@@ -12555,6 +13872,11 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/policies/{policyId}:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -12574,8 +13896,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_12
+ discriminator: *ref_13
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -12588,6 +13910,9 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Policy
description: Replaces the properties of a Policy identified by `policyId`
@@ -12597,8 +13922,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_12
+ discriminator: *ref_13
required: true
responses:
'200':
@@ -12606,8 +13931,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_12
+ discriminator: *ref_13
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -12622,6 +13947,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Policy
description: Deletes a policy
@@ -12641,6 +13969,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/app:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -12674,6 +14005,9 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/clone:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -12687,8 +14021,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_10
- discriminator: *ref_11
+ oneOf: *ref_12
+ discriminator: *ref_13
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -12703,6 +14037,11 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/policies/{policyId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -12726,6 +14065,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -12749,6 +14091,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/mappings:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -12777,6 +14122,9 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Map a resource to a Policy
description: Maps a resource to a Policy identified by `policyId`
@@ -12808,6 +14156,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/mappings/{mappingId}:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -12835,6 +14186,9 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a policy resource Mapping
description: Deletes the resource Mapping for a Policy identified by `policyId` and `mappingId`
@@ -12855,6 +14209,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/rules:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -12870,13 +14227,13 @@ paths:
schema:
type: array
items:
- oneOf: &ref_12
+ oneOf: &ref_14
- $ref: '#/components/schemas/AccessPolicyRule'
- $ref: '#/components/schemas/PasswordPolicyRule'
- $ref: '#/components/schemas/ProfileEnrollmentPolicyRule'
- $ref: '#/components/schemas/AuthorizationServerPolicyRule'
- $ref: '#/components/schemas/OktaSignOnPolicyRule'
- discriminator: &ref_13
+ discriminator: &ref_15
propertyName: type
mapping:
ACCESS_POLICY: '#/components/schemas/AccessPolicyRule'
@@ -12896,6 +14253,9 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Policy Rule
description: Creates a policy rule
@@ -12905,8 +14265,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_12
- discriminator: *ref_13
+ oneOf: *ref_14
+ discriminator: *ref_15
examples:
EnableSsprSecurityQuestionStepUp:
$ref: '#/components/examples/sspr-enabled-sq-step-up'
@@ -12914,11 +14274,8 @@ paths:
$ref: '#/components/examples/sspr-enabled-sso-step-up'
EnableSsprNoStepUp:
$ref: '#/components/examples/sspr-enabled-no-step-up'
- x-okta-feature-flag-amends:
- IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
- examples:
- EnableSsprWithConstraints:
- $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints'
+ EnableSsprWithConstraints:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints'
required: true
responses:
'200':
@@ -12926,8 +14283,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_12
- discriminator: *ref_13
+ oneOf: *ref_14
+ discriminator: *ref_15
examples:
EnableSsprSecurityQuestionStepUp:
$ref: '#/components/examples/sspr-enabled-sq-step-up-response'
@@ -12935,11 +14292,8 @@ paths:
$ref: '#/components/examples/sspr-enabled-sso-step-up-response'
EnableSsprNoStepUp:
$ref: '#/components/examples/sspr-enabled-no-step-up-response'
- x-okta-feature-flag-amends:
- IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
- examples:
- EnableSsprWithConstraints:
- $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
+ EnableSsprWithConstraints:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -12954,6 +14308,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/rules/{ruleId}:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -12968,8 +14325,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_12
- discriminator: *ref_13
+ oneOf: *ref_14
+ discriminator: *ref_15
examples:
EnableSsprSecurityQuestionStepUp:
$ref: '#/components/examples/sspr-enabled-sq-step-up-update'
@@ -12977,11 +14334,8 @@ paths:
$ref: '#/components/examples/sspr-enabled-sso-step-up-update'
EnableSsprNoStepUp:
$ref: '#/components/examples/sspr-enabled-no-step-up-update'
- x-okta-feature-flag-amends:
- IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
- examples:
- EnableSsprWithConstraints:
- $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
+ EnableSsprWithConstraints:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -12994,6 +14348,9 @@ paths:
- okta.policies.read
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Policy Rule
description: Replaces the properties for a Policy Rule identified by `policyId` and `ruleId`
@@ -13003,8 +14360,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_12
- discriminator: *ref_13
+ oneOf: *ref_14
+ discriminator: *ref_15
examples:
EnableSsprSecurityQuestionStepUp:
$ref: '#/components/examples/sspr-enabled-sq-step-up-update'
@@ -13012,11 +14369,8 @@ paths:
$ref: '#/components/examples/sspr-enabled-sso-step-up-update'
EnableSsprNoStepUp:
$ref: '#/components/examples/sspr-enabled-no-step-up-update'
- x-okta-feature-flag-amends:
- IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
- examples:
- EnableSsprWithConstraints:
- $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
+ EnableSsprWithConstraints:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
required: true
responses:
'200':
@@ -13024,8 +14378,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_12
- discriminator: *ref_13
+ oneOf: *ref_14
+ discriminator: *ref_15
examples:
EnableSsprSecurityQuestionStepUp:
$ref: '#/components/examples/sspr-enabled-sq-step-up-response'
@@ -13033,11 +14387,8 @@ paths:
$ref: '#/components/examples/sspr-enabled-sso-step-up-response'
EnableSsprNoStepUp:
$ref: '#/components/examples/sspr-enabled-no-step-up-response'
- x-okta-feature-flag-amends:
- IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
- examples:
- EnableSsprWithConstraints:
- $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
+ EnableSsprWithConstraints:
+ $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -13052,6 +14403,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Policy Rule
description: Deletes a Policy Rule identified by `policyId` and `ruleId`
@@ -13072,6 +14426,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -13095,6 +14452,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathPolicyId'
@@ -13118,6 +14478,9 @@ paths:
- okta.policies.manage
tags:
- Policy
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/principal-rate-limits:
get:
summary: List all Principal Rate Limits
@@ -13160,6 +14523,9 @@ paths:
- okta.principalRateLimits.read
tags:
- PrincipalRateLimit
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Principal Rate Limit
description: Creates a new Principal Rate Limit entity. In the current release, we only allow one Principal Rate Limit entity per org and principal.
@@ -13200,6 +14566,9 @@ paths:
- okta.principalRateLimits.manage
tags:
- PrincipalRateLimit
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/principal-rate-limits/{principalRateLimitId}:
parameters:
- $ref: '#/components/parameters/pathPrincipalRateLimitId'
@@ -13229,6 +14598,9 @@ paths:
- okta.principalRateLimits.read
tags:
- PrincipalRateLimit
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Principal Rate Limit
description: Replaces a principal rate limit entity by `principalRateLimitId`
@@ -13269,6 +14641,9 @@ paths:
- okta.principalRateLimits.manage
tags:
- PrincipalRateLimit
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/push-providers:
get:
summary: List all Push Providers
@@ -13288,10 +14663,10 @@ paths:
schema:
type: array
items:
- oneOf: &ref_14
+ oneOf: &ref_16
- $ref: '#/components/schemas/APNSPushProvider'
- $ref: '#/components/schemas/FCMPushProvider'
- discriminator: &ref_15
+ discriminator: &ref_17
propertyName: providerType
mapping:
APNS: '#/components/schemas/APNSPushProvider'
@@ -13306,6 +14681,11 @@ paths:
- okta.pushProviders.read
tags:
- PushProvider
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
post:
summary: Create a Push Provider
description: Creates a new push provider
@@ -13315,8 +14695,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_14
- discriminator: *ref_15
+ oneOf: *ref_16
+ discriminator: *ref_17
examples:
APNs:
$ref: '#/components/examples/PushProviderAPNsRequest'
@@ -13329,8 +14709,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_14
- discriminator: *ref_15
+ oneOf: *ref_16
+ discriminator: *ref_17
examples:
APNs:
$ref: '#/components/examples/PushProviderAPNsResponse'
@@ -13348,6 +14728,11 @@ paths:
- okta.pushProviders.manage
tags:
- PushProvider
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/push-providers/{pushProviderId}:
parameters:
- $ref: '#/components/parameters/pathPushProviderId'
@@ -13361,8 +14746,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_14
- discriminator: *ref_15
+ oneOf: *ref_16
+ discriminator: *ref_17
examples:
APNs:
$ref: '#/components/examples/PushProviderAPNsResponse'
@@ -13380,6 +14765,11 @@ paths:
- okta.pushProviders.read
tags:
- PushProvider
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
put:
summary: Replace a Push Provider
description: Replaces a push provider by `pushProviderId`
@@ -13389,8 +14779,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_14
- discriminator: *ref_15
+ oneOf: *ref_16
+ discriminator: *ref_17
examples:
APNs:
$ref: '#/components/examples/PushProviderAPNsRequest'
@@ -13403,8 +14793,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_14
- discriminator: *ref_15
+ oneOf: *ref_16
+ discriminator: *ref_17
examples:
APNs:
$ref: '#/components/examples/PushProviderAPNsResponse'
@@ -13424,6 +14814,11 @@ paths:
- okta.pushProviders.manage
tags:
- PushProvider
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
delete:
summary: Delete a Push Provider
description: Deletes a push provider by `pushProviderId`. If the push provider is currently being used in the org by a custom authenticator, the delete will not be allowed.
@@ -13453,6 +14848,11 @@ paths:
- okta.pushProviders.manage
tags:
- PushProvider
+ x-okta-lifecycle:
+ lifecycle: LIMITED_GA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
/api/v1/rate-limit-settings/admin-notifications:
get:
summary: Retrieve the Rate Limit Admin Notification Settings
@@ -13480,6 +14880,9 @@ paths:
- okta.rateLimits.read
tags:
- RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Rate Limit Admin Notification Settings
description: Replaces the Rate Limit Admin Notification Settings and returns the configured properties
@@ -13520,6 +14923,9 @@ paths:
- okta.rateLimits.manage
tags:
- RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/rate-limit-settings/per-client:
get:
summary: Retrieve the Per-Client Rate Limit Settings
@@ -13549,6 +14955,9 @@ paths:
- okta.rateLimits.read
tags:
- RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Per-Client Rate Limit Settings
description: Replaces the Per-Client Rate Limit Settings and returns the configured properties
@@ -13593,6 +15002,9 @@ paths:
- okta.rateLimits.manage
tags:
- RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/rate-limit-settings/warning-threshold:
get:
summary: Retrieve the Rate Limit Warning Threshold Percentage
@@ -13618,6 +15030,9 @@ paths:
- okta.rateLimits.read
tags:
- RateLimitSettings
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the Rate Limit Warning Threshold Percentage
description: Replaces the Rate Limit Warning Threshold Percentage and returns the configured property
@@ -13653,192 +15068,15 @@ paths:
- okta.rateLimits.manage
tags:
- RateLimitSettings
- /api/v1/realms:
- get:
- summary: List all Realms
- description: Lists all Realms
- operationId: listRealms
- parameters:
- - name: limit
- in: query
- description: Specifies the number of results returned. Defaults to 10 if `search` is provided.
- schema:
- type: integer
- format: int32
- default: 200
- - $ref: '#/components/parameters/queryAfter'
- - name: search
- in: query
- description: Searches for Realms with a supported filtering expression for most properties
- schema:
- type: string
- - name: sortBy
- in: query
- description: Specifies field to sort by and can be any single property (for search queries only).
- schema:
- type: string
- example: profile.name
- - name: sortOrder
- in: query
- description: Specifies sort order `asc` or `desc` (for search queries only). This parameter is ignored if `sortBy` isn't present.
- schema:
- type: string
- default: asc
- responses:
- '200':
- description: OK
- content:
- application/json:
- schema:
- type: array
- items:
- $ref: '#/components/schemas/Realm'
- examples:
- Realm Lists:
- $ref: '#/components/examples/ListRealmsResponse'
- '403':
- description: Forbidden
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Error'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.realms.read
- tags:
- - Realm
- post:
- summary: Create a Realm
- description: Creates a new Realm
- operationId: createRealm
- x-codegen-request-body-name: body
- requestBody:
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Realm'
- required: true
- responses:
- '200':
- description: Success
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Realm'
- '400':
- $ref: '#/components/responses/ErrorApiValidationFailed400'
- '403':
- $ref: '#/components/responses/ErrorAccessDenied403'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.realms.manage
- tags:
- - Realm
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/realms/{realmId}:
parameters:
- $ref: '#/components/parameters/pathRealmId'
- get:
- summary: Retrieve a Realm
- description: Retrieves a Realm
- operationId: getRealm
- responses:
- '200':
- description: Success
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Realm'
- examples:
- DefaultRealm:
- $ref: '#/components/examples/DefaultRealmResponse'
- NonDefaultRealm:
- $ref: '#/components/examples/RealmResponse'
- '400':
- $ref: '#/components/responses/ErrorApiValidationFailed400'
- '403':
- $ref: '#/components/responses/ErrorAccessDenied403'
- '404':
- $ref: '#/components/responses/ErrorResourceNotFound404'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.realms.read
- tags:
- - Realm
- post:
- summary: Update a Realm
- description: Updates a Realm
- operationId: updateRealm
- x-codegen-request-body-name: body
- requestBody:
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Realm'
- required: true
- responses:
- '200':
- description: Success
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Realm'
- '400':
- $ref: '#/components/responses/ErrorApiValidationFailed400'
- '403':
- $ref: '#/components/responses/ErrorAccessDenied403'
- '404':
- $ref: '#/components/responses/ErrorResourceNotFound404'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.realms.manage
- tags:
- - Realm
- delete:
- summary: Delete a Realm
- description: Deletes a Realm permanently. This operation can only be performed after disassociating other entities like Users and Identity Providers from a Realm.
- operationId: deleteRealm
- responses:
- '204':
- description: No Content
- content: {}
- '400':
- description: Bad Request
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Error'
- '403':
- description: Forbidden
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Error'
- '404':
- description: Not Found
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/Error'
- '429':
- $ref: '#/components/responses/ErrorTooManyRequests429'
- security:
- - apiToken: []
- - oauth2:
- - okta.realms.manage
- tags:
- - Realm
+ /api/v1/resource-selectors/{resourceSelectorId}:
+ parameters:
+ - $ref: '#/components/parameters/pathResourceSelectorId'
/api/v1/risk/events/ip:
post:
summary: Send multiple Risk Events
@@ -13881,6 +15119,10 @@ paths:
- okta.riskEvents.manage
tags:
- RiskEvent
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/risk/providers:
get:
summary: List all Risk Providers
@@ -13908,6 +15150,10 @@ paths:
- okta.riskProviders.read
tags:
- RiskProvider
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
post:
summary: Create a Risk Provider
description: Creates a Risk Provider object. A maximum of three Risk Provider objects can be created.
@@ -13951,6 +15197,10 @@ paths:
- okta.riskProviders.manage
tags:
- RiskProvider
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/risk/providers/{riskProviderId}:
parameters:
- $ref: '#/components/parameters/pathRiskProviderId'
@@ -13980,6 +15230,10 @@ paths:
- okta.riskProviders.read
tags:
- RiskProvider
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
put:
summary: Replace a Risk Provider
description: Replaces the properties for a given Risk Provider object ID
@@ -14018,6 +15272,10 @@ paths:
- okta.riskProviders.manage
tags:
- RiskProvider
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
delete:
summary: Delete a Risk Provider
description: Deletes a Risk Provider object by its ID
@@ -14045,6 +15303,10 @@ paths:
- okta.riskProviders.manage
tags:
- RiskProvider
+ x-okta-lifecycle:
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs: []
/api/v1/roles/{roleRef}/subscriptions:
parameters:
- $ref: '#/components/parameters/pathRoleRef'
@@ -14073,6 +15335,9 @@ paths:
- okta.roles.read
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/roles/{roleRef}/subscriptions/{notificationType}:
parameters:
- $ref: '#/components/parameters/pathRoleRef'
@@ -14100,6 +15365,9 @@ paths:
- okta.roles.read
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/roles/{roleRef}/subscriptions/{notificationType}/subscribe:
parameters:
- $ref: '#/components/parameters/pathRoleRef'
@@ -14123,6 +15391,9 @@ paths:
- okta.roles.manage
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/roles/{roleRef}/subscriptions/{notificationType}/unsubscribe:
parameters:
- $ref: '#/components/parameters/pathRoleRef'
@@ -14146,6 +15417,9 @@ paths:
- okta.roles.manage
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/sessions:
post:
summary: Create a Session with session token
@@ -14182,6 +15456,106 @@ paths:
- apiToken: []
tags:
- Session
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/sessions/me:
+ get:
+ summary: Retrieve the current Session
+ description: |-
+ Retrieves Session information for the current user. Use this method in a browser-based application to determine if the user is signed in.
+
+ > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation.
+ operationId: getCurrentSession
+ parameters:
+ - in: header
+ name: Cookie
+ schema:
+ description: Session ID (`sid`) or Identity Engine (`idx`) cookie
+ type: string
+ example: sid=abcde-123 or idx=abcde-123
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Session'
+ examples:
+ CurrentSessionsRetrieve:
+ summary: Retrieve current Session information
+ $ref: '#/components/examples/RetrieveCurrentSessionResponse'
+ '404':
+ description: Not Found
+ security: []
+ tags:
+ - Session
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
+ delete:
+ summary: Close the current Session
+ description: |-
+ Closes the Session for the user who is currently signed in. Use this method in a browser-based application to sign out a user.
+
+ > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation.
+ operationId: closeCurrentSession
+ parameters:
+ - in: header
+ name: Cookie
+ schema:
+ description: Session ID (`sid`) or Identity Engine (`idx`) cookie
+ type: string
+ example: sid=abcde-123 or idx=abcde-123
+ responses:
+ '204':
+ description: No Content
+ content: {}
+ '404':
+ $ref: '#/components/responses/ErrorResourceNotFound404'
+ security: []
+ tags:
+ - Session
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /api/v1/sessions/me/lifecycle/refresh:
+ post:
+ summary: Refresh the current Session
+ description: |-
+ Refreshes the Session for the current user
+
+ > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation.
+ operationId: refreshCurrentSession
+ parameters:
+ - in: header
+ name: Cookie
+ schema:
+ description: Session ID (`sid`) or Identity Engine (`idx`) cookie
+ type: string
+ example: sid=abcde-123 or idx=abcde-123
+ responses:
+ '200':
+ description: Success
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/Session'
+ examples:
+ CurrentSessionsRefresh:
+ summary: Refersh current Session
+ $ref: '#/components/examples/RefreshCurrentSessionResponse'
+ '404':
+ description: Not Found
+ security: []
+ tags:
+ - Session
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/sessions/{sessionId}:
parameters:
- $ref: '#/components/parameters/pathSessionId'
@@ -14214,6 +15588,9 @@ paths:
- okta.sessions.read
tags:
- Session
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke a Session
description: Revokes the specified Session
@@ -14234,6 +15611,9 @@ paths:
- okta.sessions.manage
tags:
- Session
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/sessions/{sessionId}/lifecycle/refresh:
parameters:
- $ref: '#/components/parameters/pathSessionId'
@@ -14264,6 +15644,9 @@ paths:
- okta.sessions.manage
tags:
- Session
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/templates/sms:
get:
summary: List all SMS Templates
@@ -14293,6 +15676,9 @@ paths:
- okta.templates.read
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an SMS Template
description: Creates a new custom SMS template
@@ -14323,6 +15709,9 @@ paths:
- okta.templates.manage
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/templates/sms/{templateId}:
parameters:
- $ref: '#/components/parameters/pathTemplateId'
@@ -14349,6 +15738,9 @@ paths:
- okta.templates.read
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update an SMS Template
description: Updates an SMS template
@@ -14381,6 +15773,9 @@ paths:
- okta.templates.manage
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace an SMS Template
description: Replaces the SMS template
@@ -14413,6 +15808,9 @@ paths:
- okta.templates.manage
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an SMS Template
description: Deletes an SMS template
@@ -14433,6 +15831,9 @@ paths:
- okta.templates.manage
tags:
- Template
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/threats/configuration:
get:
summary: Retrieve the ThreatInsight Configuration
@@ -14458,6 +15859,9 @@ paths:
- okta.threatInsights.read
tags:
- ThreatInsight
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update the ThreatInsight Configuration
description: Updates the ThreatInsight configuration for the org
@@ -14494,6 +15898,9 @@ paths:
- okta.threatInsights.manage
tags:
- ThreatInsight
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/trustedOrigins:
get:
summary: List all Trusted Origins
@@ -14537,6 +15944,9 @@ paths:
- okta.trustedOrigins.read
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Trusted Origin
description: Creates a trusted origin
@@ -14567,6 +15977,9 @@ paths:
- okta.trustedOrigins.manage
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/trustedOrigins/{trustedOriginId}:
parameters:
- $ref: '#/components/parameters/pathTrustedOriginId'
@@ -14593,6 +16006,9 @@ paths:
- okta.trustedOrigins.read
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Trusted Origin
description: Replaces a trusted origin
@@ -14625,6 +16041,9 @@ paths:
- okta.trustedOrigins.manage
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Trusted Origin
description: Deletes a trusted origin
@@ -14645,6 +16064,9 @@ paths:
- okta.trustedOrigins.manage
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathTrustedOriginId'
@@ -14671,6 +16093,9 @@ paths:
- okta.trustedOrigins.manage
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathTrustedOriginId'
@@ -14697,6 +16122,9 @@ paths:
- okta.trustedOrigins.manage
tags:
- TrustedOrigin
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users:
get:
summary: List all Users
@@ -14747,11 +16175,6 @@ paths:
examples:
UserList:
$ref: '#/components/examples/ListUsersResponse'
- x-okta-feature-flag-amends:
- UD_REALMS:
- examples:
- UserList:
- $ref: '#/components/examples/ListRealmAwareUsersResponse'
'403':
description: Forbidden
content:
@@ -14766,6 +16189,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a User
description: |-
@@ -14836,6 +16263,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -14843,13 +16274,15 @@ paths:
summary: Retrieve a User
description: Retrieves a user from your Okta organization
operationId: getUser
+ parameters:
+ - $ref: '#/components/parameters/queryUserExpand'
responses:
'200':
description: Success
content:
application/json:
schema:
- $ref: '#/components/schemas/User'
+ $ref: '#/components/schemas/UserGetSingleton'
'403':
description: Forbidden
content:
@@ -14870,6 +16303,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Update a User
description: Updates a user partially determined by the request parameters
@@ -14919,6 +16356,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a User
description: Replaces a user's profile and/or credentials using strict-update semantics
@@ -14969,6 +16410,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a User
description: Deletes a user permanently. This operation can only be performed on users that have a `DEPROVISIONED` status. **This action cannot be recovered!**. Calling this on an `ACTIVE` user will transition the user to `DEPROVISIONED`.
@@ -15010,6 +16455,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/appLinks:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15038,6 +16487,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/blocks:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15071,6 +16524,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/clients:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15099,6 +16556,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/clients/{clientId}/grants:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15143,6 +16604,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke all Grants for a Client
description: Revokes all grants for the specified user and client
@@ -15163,6 +16628,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/clients/{clientId}/tokens:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15207,6 +16676,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke all Refresh Tokens for a Client
description: Revokes all refresh tokens issued for the specified User and Client
@@ -15227,6 +16700,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15269,6 +16746,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke a Token for a Client
description: Revokes the specified refresh token
@@ -15289,6 +16770,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/credentials/change_password:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15330,6 +16815,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/credentials/change_recovery_question:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15365,6 +16854,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/credentials/forgot_password:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15398,6 +16891,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/credentials/forgot_password_recovery_question:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15440,12 +16937,16 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors:
parameters:
- $ref: '#/components/parameters/pathUserId'
get:
- summary: List all Factors
- description: Lists all the enrolled factors for the specified user
+ summary: List all enrolled Factors
+ description: Lists all enrolled Factors for the specified user
operationId: listFactors
responses:
'200':
@@ -15455,35 +16956,35 @@ paths:
schema:
type: array
items:
- oneOf: &ref_16
- - $ref: '#/components/schemas/CallUserFactor'
- - $ref: '#/components/schemas/EmailUserFactor'
- - $ref: '#/components/schemas/PushUserFactor'
- - $ref: '#/components/schemas/SecurityQuestionUserFactor'
- - $ref: '#/components/schemas/SmsUserFactor'
- - $ref: '#/components/schemas/TokenUserFactor'
- - $ref: '#/components/schemas/HardwareUserFactor'
- - $ref: '#/components/schemas/CustomHotpUserFactor'
- - $ref: '#/components/schemas/TotpUserFactor'
- - $ref: '#/components/schemas/U2fUserFactor'
- - $ref: '#/components/schemas/WebUserFactor'
- - $ref: '#/components/schemas/WebAuthnUserFactor'
- discriminator: &ref_17
+ oneOf: &ref_18
+ - $ref: '#/components/schemas/UserFactorCall'
+ - $ref: '#/components/schemas/UserFactorEmail'
+ - $ref: '#/components/schemas/UserFactorPush'
+ - $ref: '#/components/schemas/UserFactorSecurityQuestion'
+ - $ref: '#/components/schemas/UserFactorSMS'
+ - $ref: '#/components/schemas/UserFactorToken'
+ - $ref: '#/components/schemas/UserFactorHardware'
+ - $ref: '#/components/schemas/UserFactorCustomHOTP'
+ - $ref: '#/components/schemas/UserFactorTOTP'
+ - $ref: '#/components/schemas/UserFactorU2F'
+ - $ref: '#/components/schemas/UserFactorWeb'
+ - $ref: '#/components/schemas/UserFactorWebAuthn'
+ discriminator: &ref_19
propertyName: factorType
mapping:
- call: '#/components/schemas/CallUserFactor'
- email: '#/components/schemas/EmailUserFactor'
- push: '#/components/schemas/PushUserFactor'
- question: '#/components/schemas/SecurityQuestionUserFactor'
- sms: '#/components/schemas/SmsUserFactor'
- token: '#/components/schemas/TokenUserFactor'
- token:hardware: '#/components/schemas/HardwareUserFactor'
- token:hotp: '#/components/schemas/CustomHotpUserFactor'
- token:software:totp: '#/components/schemas/TotpUserFactor'
- u2f: '#/components/schemas/U2fUserFactor'
- web: '#/components/schemas/WebUserFactor'
- webauthn: '#/components/schemas/WebAuthnUserFactor'
- hotp: '#/components/schemas/CustomHotpUserFactor'
+ call: '#/components/schemas/UserFactorCall'
+ email: '#/components/schemas/UserFactorEmail'
+ push: '#/components/schemas/UserFactorPush'
+ question: '#/components/schemas/UserFactorSecurityQuestion'
+ sms: '#/components/schemas/UserFactorSMS'
+ token: '#/components/schemas/UserFactorToken'
+ token:hardware: '#/components/schemas/UserFactorHardware'
+ token:hotp: '#/components/schemas/UserFactorCustomHOTP'
+ token:software:totp: '#/components/schemas/UserFactorTOTP'
+ u2f: '#/components/schemas/UserFactorU2F'
+ web: '#/components/schemas/UserFactorWeb'
+ webauthn: '#/components/schemas/UserFactorWebAuthn'
+ hotp: '#/components/schemas/UserFactorCustomHOTP'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -15496,29 +16997,38 @@ paths:
- okta.users.read
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Enroll a Factor
- description: Enrolls a user with a supported factor
+ description: Enrolls a supported Factor for the specified user
operationId: enrollFactor
parameters:
- name: updatePhone
+ description: If `true`, indicates that you'll update the `phoneNumber`. Only used for `sms` Factors that are pending activation.
in: query
schema:
type: boolean
default: false
- name: templateId
in: query
- description: id of SMS template (only for SMS factor)
+ description: ID of an existing custom SMS template. See the [SMS Templates API](../Template). Only used by `sms` Factors.
schema:
type: string
+ example: cstk2flOtuCMDJK4b0g3
- name: tokenLifetimeSeconds
+ description: Defines how long the token remains valid
in: query
schema:
type: integer
format: int32
+ minimum: 1
+ maximum: 86400
default: 300
x-okta-added-version: 1.3.0
- name: activate
+ description: If `true`, the `sms` Factor is immediately activated as part of the enrollment. An activation text message isn't sent to the device.
in: query
schema:
type: boolean
@@ -15530,8 +17040,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_16
- discriminator: *ref_17
+ oneOf: *ref_18
+ discriminator: *ref_19
required: true
responses:
'200':
@@ -15539,8 +17049,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_16
- discriminator: *ref_17
+ oneOf: *ref_18
+ discriminator: *ref_19
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -15555,12 +17065,15 @@ paths:
- okta.users.manage
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/catalog:
parameters:
- $ref: '#/components/parameters/pathUserId'
get:
- summary: List all Supported Factors
- description: Lists all the supported factors that can be enrolled for the specified user
+ summary: List all supported Factors
+ description: Lists all the supported Factors that can be enrolled for the specified user
operationId: listSupportedFactors
responses:
'200':
@@ -15570,8 +17083,8 @@ paths:
schema:
type: array
items:
- oneOf: *ref_16
- discriminator: *ref_17
+ oneOf: *ref_18
+ discriminator: *ref_19
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -15584,22 +17097,32 @@ paths:
- okta.users.read
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/questions:
parameters:
- $ref: '#/components/parameters/pathUserId'
get:
- summary: List all Supported Security Questions
- description: Lists all available security questions for a user's `question` factor
+ summary: List all supported Security Questions
+ description: Lists all available Security Questions for the specified user
operationId: listSupportedSecurityQuestions
responses:
'200':
description: Success
content:
application/json:
+ example:
+ - question: disliked_food
+ questionText: What is the food you least liked as a child?
+ - question: name_of_first_plush_toy
+ questionText: What is the name of your first stuffed animal?
+ - question: first_award
+ questionText: What did you earn your first medal or award for?
schema:
type: array
items:
- $ref: '#/components/schemas/SecurityQuestion'
+ $ref: '#/components/schemas/UserFactorSecurityQuestionProfile'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -15610,13 +17133,17 @@ paths:
- apiToken: []
tags:
- UserFactor
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/{factorId}:
parameters:
- $ref: '#/components/parameters/pathUserId'
- $ref: '#/components/parameters/pathFactorId'
get:
summary: Retrieve a Factor
- description: Retrieves a factor for the specified user
+ description: Retrieves an existing Factor for the specified user
operationId: getFactor
responses:
'200':
@@ -15624,8 +17151,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_16
- discriminator: *ref_17
+ oneOf: *ref_18
+ discriminator: *ref_19
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -15638,12 +17165,19 @@ paths:
- okta.users.read
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unenroll a Factor
- description: Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor
+ description: |-
+ Unenrolls an existing Factor for the specified user. This allows the user to enroll a new Factor.
+
+ > **Note**: If you unenroll the `push` or the `signed_nonce` Factors, Okta also unenrolls any other `totp`, `signed_nonce`, or Okta Verify `push` Factors associated with the user.
operationId: unenrollFactor
parameters:
- name: removeRecoveryEnrollment
+ description: If `true`, removes the the phone number as both a recovery method and a Factor. Only used for `sms` and `call` Factors.
in: query
schema:
type: boolean
@@ -15664,20 +17198,27 @@ paths:
- okta.users.manage
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathUserId'
- $ref: '#/components/parameters/pathFactorId'
post:
summary: Activate a Factor
- description: Activates a factor. The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
+ description: |-
+ Activates a Factor. The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
+
+ Okta enforces a rate limit of five activation attempts within five minutes.
+ After a user exceeds the rate limit, Okta returns an error message.
operationId: activateFactor
x-codegen-request-body-name: body
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/ActivateFactorRequest'
+ $ref: '#/components/schemas/UserFactorActivateRequest'
required: false
responses:
'200':
@@ -15685,8 +17226,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_16
- discriminator: *ref_17
+ oneOf: *ref_18
+ discriminator: *ref_19
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -15701,27 +17242,35 @@ paths:
- okta.users.manage
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/{factorId}/resend:
parameters:
- $ref: '#/components/parameters/pathUserId'
- $ref: '#/components/parameters/pathFactorId'
post:
- summary: Resend a factor enrollment
- description: Resends a factor challenge (SMS/call/email OTP) as part of an enrollment flow. The current rate limit is one OTP challenge (call or SMS) per device every 30 seconds. Okta round-robins between SMS providers with every resend request to help ensure delivery of an SMS OTP across different carriers.
+ summary: Resend a Factor enrollment
+ description: |-
+ Resends an `sms`, `call`, or `email` factor challenge as part of an enrollment flow.
+
+ For `call` and `sms` factors, Okta enforces a rate limit of one OTP challenge per device every 30 seconds. You can configure your `sms` and `call` factors to use a third-party telephony provider. See the [Telephony inline hook reference](https://developer.okta.com/docs/reference/telephony-hook/). Okta round-robins between SMS providers with every resend request to help ensure delivery of an SMS and Call OTPs across different carriers.
+
+ > **Note**: Resend operations aren't allowed after a factor exceeds the activation rate limit. See [Activate a Factor](./#tag/UserFactor/operation/activateFactor).
operationId: resendEnrollFactor
parameters:
- name: templateId
in: query
- description: ID of SMS template (only for SMS factor)
+ description: ID of an existing custom SMS template. See the [SMS Templates API](../Template). Only used by `sms` Factors.
schema:
+ example: cstk2flOtuCMDJK4b0g3
type: string
requestBody:
- description: Factor
content:
application/json:
schema:
- oneOf: *ref_16
- discriminator: *ref_17
+ oneOf: *ref_18
+ discriminator: *ref_19
required: true
responses:
'200':
@@ -15729,8 +17278,8 @@ paths:
content:
application/json:
schema:
- oneOf: *ref_16
- discriminator: *ref_17
+ oneOf: *ref_18
+ discriminator: *ref_19
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -15745,14 +17294,17 @@ paths:
- okta.users.manage
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}:
parameters:
- $ref: '#/components/parameters/pathUserId'
- $ref: '#/components/parameters/pathFactorId'
- $ref: '#/components/parameters/pathTransactionId'
get:
- summary: Retrieve a Factor Transaction Status
- description: Retrieves the factors verification transaction status
+ summary: Retrieve a Factor transaction status
+ description: Retrieves the status of a `push` Factor verification transaction
operationId: getFactorTransactionStatus
responses:
'200':
@@ -15760,7 +17312,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/VerifyUserFactorResponse'
+ $ref: '#/components/schemas/UserFactorVerifyResponse'
'403':
$ref: '#/components/responses/ErrorAccessDenied403'
'404':
@@ -15773,37 +17325,55 @@ paths:
- okta.users.read
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/factors/{factorId}/verify:
parameters:
- $ref: '#/components/parameters/pathUserId'
- $ref: '#/components/parameters/pathFactorId'
post:
- summary: Verify an MFA Factor
- description: Verifies an OTP for a `token` or `token:hardware` factor
+ summary: Verify a Factor
+ description: |-
+ Verifies an OTP for a Factor. Some Factors (`call`, `email`, `push`, `sms`, `u2f`, and `webauthn`) require Okta to issue a challenge to initiate the transaction. Do this by making a request without a body. After a challenge is issued, make another request to verify the Factor.
+
+ **Note**: To verify a `push` factor, use the **poll** link returned when you issue the challenge. See [Retrieve a Factor Transaction Status](/openapi/okta-management/management/tag/UserFactor/#tag/UserFactor/operation/getFactorTransactionStatus).
operationId: verifyFactor
parameters:
- name: templateId
+ description: ID of an existing custom SMS template. See the [SMS Templates API](../Template). Only used by `sms` Factors.
in: query
schema:
type: string
+ example: cstk2flOtuCMDJK4b0g3
- name: tokenLifetimeSeconds
+ description: Defines how long the token remains valid
in: query
schema:
type: integer
format: int32
+ minimum: 1
+ maximum: 86400
default: 300
x-okta-added-version: 1.3.0
- name: X-Forwarded-For
+ description: Public IP address for the user agent
in: header
schema:
type: string
x-okta-added-version: 1.11.0
- name: User-Agent
+ description: Type of user agent detected when the request is made
in: header
schema:
type: string
x-okta-added-version: 1.11.0
- name: Accept-Language
+ description: |-
+ Sets a two-letter language code that defines a localized message to send. Only used by the `sms` Factor.
+
+ * If the language code doesn't exist in the SMS template, the message uses the default template.
+ * If the `templateId` doesn't exist, the message is sent using the default template.
in: header
schema:
type: string
@@ -15812,7 +17382,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/VerifyFactorRequest'
+ $ref: '#/components/schemas/UserFactorVerifyRequest'
required: false
responses:
'200':
@@ -15820,7 +17390,7 @@ paths:
content:
application/json:
schema:
- $ref: '#/components/schemas/VerifyUserFactorResponse'
+ $ref: '#/components/schemas/UserFactorVerifyResponse'
'400':
$ref: '#/components/responses/ErrorApiValidationFailed400'
'403':
@@ -15835,6 +17405,9 @@ paths:
- okta.users.manage
tags:
- UserFactor
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/grants:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15882,6 +17455,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke all User Grants
description: Revokes all grants for a specified user
@@ -15902,6 +17479,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/grants/{grantId}:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15934,6 +17515,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Revoke a User Grant
description: Revokes one grant for a specified user
@@ -15954,6 +17539,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/groups:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -15982,6 +17571,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/idps:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16010,6 +17603,9 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16057,6 +17653,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16087,6 +17687,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/expire_password:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16113,6 +17717,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/expire_password_with_temp_password:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16147,6 +17755,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/reactivate:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16180,6 +17792,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/reset_factors:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16203,6 +17819,11 @@ paths:
- okta.users.manage
tags:
- User
+ - UserFactor
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/reset_password:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16242,6 +17863,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/suspend:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16265,6 +17890,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/unlock:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16288,6 +17917,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/lifecycle/unsuspend:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16311,6 +17944,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16335,6 +17972,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/linkedObjects/{relationshipName}:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16375,6 +18016,10 @@ paths:
- okta.users.read
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Linked Object
description: Deletes linked objects for a user, relationshipName can be ONLY a primary relationship name
@@ -16395,6 +18040,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16428,6 +18077,9 @@ paths:
- okta.roles.read
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Assign a Role to a User
description: Assigns a role to a user identified by `userId`
@@ -16466,6 +18118,9 @@ paths:
- okta.roles.manage
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16493,6 +18148,9 @@ paths:
- okta.roles.read
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Role from a User
description: Unassigns a role identified by `roleId` from a user identified by `userId`
@@ -16513,6 +18171,9 @@ paths:
- okta.roles.manage
tags:
- RoleAssignment
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16553,6 +18214,9 @@ paths:
- okta.roles.read
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Assign all Apps as Target to Role
description: Assigns all Apps as Target to Role
@@ -16573,6 +18237,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16598,6 +18265,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign an Application Target from an Application Administrator Role
description: Unassigns an application target from application administrator role
@@ -16618,6 +18288,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{appId}:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16644,6 +18317,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign an Application Instance Target from an Application Administrator Role
description: Unassigns an application instance target from an application administrator role
@@ -16664,6 +18340,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}/targets/groups:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16704,6 +18383,9 @@ paths:
- okta.roles.read
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16729,6 +18411,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Unassign a Group Target from Role
description: Unassigns a Group Target from Role
@@ -16749,6 +18434,9 @@ paths:
- okta.roles.manage
tags:
- RoleTarget
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/sessions:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16779,6 +18467,10 @@ paths:
- okta.users.manage
tags:
- User
+ x-okta-lifecycle:
+ isCorsEnabled: true
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/subscriptions:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16814,6 +18506,9 @@ paths:
- okta.users.read
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/subscriptions/{notificationType}:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16849,6 +18544,9 @@ paths:
- okta.users.read
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/subscriptions/{notificationType}/subscribe:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16880,6 +18578,9 @@ paths:
- okta.users.manage
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe:
parameters:
- $ref: '#/components/parameters/pathUserId'
@@ -16911,6 +18612,9 @@ paths:
- okta.users.manage
tags:
- Subscription
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/zones:
get:
summary: List all Network Zones
@@ -16966,6 +18670,9 @@ paths:
- okta.networkZones.read
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create a Network Zone
description: |-
@@ -17009,6 +18716,9 @@ paths:
- okta.networkZones.manage
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/zones/{zoneId}:
parameters:
- $ref: '#/components/parameters/pathZoneId'
@@ -17040,6 +18750,9 @@ paths:
- okta.networkZones.read
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace a Network Zone
description: |-
@@ -17080,6 +18793,9 @@ paths:
- okta.networkZones.manage
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete a Network Zone
description: Deletes network zone by `zoneId`
@@ -17100,6 +18816,9 @@ paths:
- okta.networkZones.manage
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/zones/{zoneId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathZoneId'
@@ -17129,6 +18848,9 @@ paths:
- okta.networkZones.manage
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/api/v1/zones/{zoneId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathZoneId'
@@ -17158,6 +18880,9 @@ paths:
- okta.networkZones.manage
tags:
- NetworkZone
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/attack-protection/api/v1/user-lockout-settings:
get:
summary: Retrieve the User Lockout Settings
@@ -17182,6 +18907,9 @@ paths:
- okta.orgs.read
tags:
- AttackProtection
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
put:
summary: Replace the User Lockout Settings
description: Replaces the User Lockout Settings for an org
@@ -17219,6 +18947,9 @@ paths:
- okta.orgs.manage
tags:
- AttackProtection
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/integrations/api/v1/api-services:
get:
summary: List all API Service Integration instances
@@ -17250,6 +18981,9 @@ paths:
- okta.oauthIntegrations.read
tags:
- ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an API Service Integration instance
description: Creates and authorizes an API Service Integration instance
@@ -17285,6 +19019,9 @@ paths:
- apiToken: []
tags:
- ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/integrations/api/v1/api-services/{apiServiceId}:
parameters:
- $ref: '#/components/parameters/pathApiServiceId'
@@ -17316,6 +19053,9 @@ paths:
- okta.oauthIntegrations.read
tags:
- ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
delete:
summary: Delete an API Service Integration instance
description: Deletes an API Service Integration instance by `id`. This operation also revokes access to scopes that were previously granted to this API Service Integration instance.
@@ -17337,6 +19077,9 @@ paths:
- okta.oauthIntegrations.manage
tags:
- ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/integrations/api/v1/api-services/{apiServiceId}/credentials/secrets:
parameters:
- $ref: '#/components/parameters/pathApiServiceId'
@@ -17370,6 +19113,9 @@ paths:
- okta.oauthIntegrations.read
tags:
- ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
post:
summary: Create an API Service Integration instance Secret
description: Creates an API Service Integration instance Secret object with a new active client secret. You can create up to two Secret objects. An error is returned if you attempt to create more than two Secret objects.
@@ -17398,6 +19144,9 @@ paths:
- okta.oauthIntegrations.manage
tags:
- ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}:
parameters:
- $ref: '#/components/parameters/pathApiServiceId'
@@ -17423,6 +19172,9 @@ paths:
- okta.oauthIntegrations.manage
tags:
- ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}/lifecycle/activate:
parameters:
- $ref: '#/components/parameters/pathApiServiceId'
@@ -17455,6 +19207,9 @@ paths:
- okta.oauthIntegrations.manage
tags:
- ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
/integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}/lifecycle/deactivate:
parameters:
- $ref: '#/components/parameters/pathApiServiceId'
@@ -17487,10 +19242,22 @@ paths:
- okta.oauthIntegrations.manage
tags:
- ApiServiceIntegrations
+ x-okta-lifecycle:
+ lifecycle: GA
+ isGenerallyAvailable: true
+ /integrations/api/v1/submissions/{submissionId}:
+ parameters:
+ - $ref: '#/components/parameters/pathSubmissionId'
+ /integrations/api/v1/submissions/{submissionId}/submit:
+ parameters:
+ - $ref: '#/components/parameters/pathSubmissionId'
+ /integrations/api/v1/submissions/{submissionId}/testing:
+ parameters:
+ - $ref: '#/components/parameters/pathSubmissionId'
components:
examples:
APIDevicesListAllResponse:
- summary: Response example
+ summary: List all devices with embedded users
value:
- id: guo4a5u7YAHhjXrMK0g4
status: CREATED
@@ -17623,6 +19390,98 @@ components:
href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_password
deactivate:
href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/deactivate
+ APIDevicesListAllUserSummaryResponse:
+ summary: List all devices with embedded user summaries
+ value:
+ - id: guo4a5u7YAHhjXrMK0g4
+ status: CREATED
+ created: '2019-10-02T18:03:07.000Z'
+ lastUpdated: '2019-10-02T18:03:07.000Z'
+ profile:
+ displayName: Example Device name 1
+ platform: WINDOWS
+ serialNumber: XXDDRFCFRGF3M8MD6D
+ sid: S-1-11-111
+ registered: true
+ secureHardwarePresent: false
+ diskEncryptionType: ALL_INTERNAL_VOLUMES
+ resourceType: UDDevice
+ resourceDisplayName:
+ value: Example Device name 1
+ sensitive: false
+ resourceAlternateId: null
+ resourceId: guo4a5u7YAHhjXrMK0g4
+ _links:
+ activate:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ self:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4
+ hints:
+ allow:
+ - GET
+ - PATCH
+ - PUT
+ users:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users
+ hints:
+ allow:
+ - GET
+ _embedded:
+ users: []
+ - id: guo4a5u7YAHhjXrMK0g5
+ status: ACTIVE
+ created: '2023-06-21T23:24:02.000Z'
+ lastUpdated: '2023-06-21T23:24:02.000Z'
+ profile:
+ displayName: Example Device name 2
+ platform: ANDROID
+ manufacturer: Google
+ model: Pixel 6
+ osVersion: 13:2023-05-05
+ registered: true
+ secureHardwarePresent: true
+ diskEncryptionType: USER
+ resourceType: UDDevice
+ resourceDisplayName:
+ value: Example Device name 2
+ sensitive: false
+ resourceAlternateId: null
+ resourceId: guo4a5u7YAHhjXrMK0g5
+ _links:
+ activate:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ self:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5
+ hints:
+ allow:
+ - GET
+ - PATCH
+ - PUT
+ users:
+ href: https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users
+ hints:
+ allow:
+ - GET
+ _embedded:
+ users:
+ - created: '2021-10-01T16:52:41.000Z'
+ user:
+ id: 00u17vh0q8ov8IU881d7
+ realmId: 00u17vh0q8ov8IU8T0g5
+ profile:
+ firstName: fname
+ lastName: lname
+ login: email@email.com
+ email: email@email.com
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7
APIDevicesListAllUsersResponse:
summary: Response example
value:
@@ -17844,6 +19703,28 @@ components:
_links:
self:
href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+ AdminConsoleSettingsExample:
+ summary: Default Okta Admin Console Settings
+ value:
+ sessionMaxLifetimeMinutes: 720
+ sessionIdleTimeoutMinutes: 15
+ AllRulesOperationResponse:
+ value:
+ id: rre4mje4ez7B2a7B60g7
+ status: COMPLETED
+ created: '2023-10-25T21:02:54.000Z'
+ started: '2023-10-25T21:02:54.000Z'
+ completed: '2023-10-25T21:02:54.000Z'
+ ruleOperation:
+ numUserMoved: 50
+ configuration:
+ id: ALL
+ name: All Rules
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez7B2a7B60g7
+ method: GET
ApiTokenListMetadataResponse:
value:
- name: My API Token
@@ -17851,9 +19732,9 @@ components:
tokenWindow: P30D
id: 00Tabcdefg1234567890
clientName: Okta API
- expiresAt: 2021-12-11T20:38:10.000Z
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ expiresAt: '2021-12-11T20:38:10.000Z'
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
_links:
self:
href: https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
@@ -17871,9 +19752,9 @@ components:
tokenWindow: PT5M
id: 00T1234567890abcdefg
clientName: Okta API
- expiresAt: 2021-11-11T20:43:10.000Z
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ expiresAt: '2021-11-11T20:43:10.000Z'
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
_links:
self:
href: https://{yourOktaDomain}/api/v1/api-tokens/00T1234567890abcdefg
@@ -17893,9 +19774,9 @@ components:
tokenWindow: P30D
id: 00Tabcdefg1234567890
clientName: Okta API
- expiresAt: 2021-12-11T20:38:10.000Z
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ expiresAt: '2021-12-11T20:38:10.000Z'
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
_links:
self:
href: https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890
@@ -17960,6 +19841,41 @@ components:
allow:
- GET
- PUT
+ AppGrantsEx:
+ summary: App Grants example
+ value:
+ id: oag91n9ruw3dsaXzP0h6
+ status: ACTIVE
+ created: '2023-02-21T16:54:00.000Z'
+ createdBy:
+ id: 00u6eltha0nrSc47i0h7
+ type: User
+ lastUpdated: '2023-02-21T16:54:00.000Z'
+ issuer: '{yourOktaDomain}'
+ clientId: '{clientId}'
+ scopeId: okta.users.read
+ source: ADMIN
+ _embedded:
+ scope:
+ id: okta.users.read
+ _links:
+ app:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}
+ title: Application name
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oag91n9ruw3dsaXzP0h6
+ hints:
+ allow:
+ - GET
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+ title: Client name
+ AppGrantsPostEx:
+ summary: App Grants example
+ value:
+ issuer: '{yourOktaDomain}'
+ scopeId: okta.users.read
AppUserSchemaAddRequest:
value:
definitions:
@@ -18074,7 +19990,7 @@ components:
hints:
allow:
- GET
- AuthenticatorResponseEmail: &ref_18
+ AuthenticatorResponseEmail:
value:
type: email
id: aut1nbsPHh7jNjjyP0g4
@@ -18103,7 +20019,7 @@ components:
hints:
allow:
- POST
- AuthenticatorResponsePassword: &ref_19
+ AuthenticatorResponsePassword:
value:
type: password
id: aut1nbtrJKKA9m45a0g4
@@ -18124,7 +20040,7 @@ components:
hints:
allow:
- GET
- AuthenticatorResponsePhone: &ref_20
+ AuthenticatorResponsePhone:
value:
type: phone
id: aut1nbuyD8m1ckAYc0g4
@@ -18178,7 +20094,7 @@ components:
hints:
allow:
- POST
- AuthenticatorResponseWebAuthn: &ref_21
+ AuthenticatorResponseWebAuthn:
value:
type: security_key
id: aut1nd8PQhGcQtSxB0g4
@@ -18207,10 +20123,106 @@ components:
AuthenticatorsResponse:
summary: Org Authenticators
value:
- - *ref_18
- - *ref_19
- - *ref_20
- - *ref_21
+ - value:
+ type: email
+ id: aut1nbsPHh7jNjjyP0g4
+ key: okta_email
+ status: ACTIVE
+ name: Email
+ created: '2020-07-26T21:05:23.000Z'
+ lastUpdated: '2020-07-28T21:45:52.000Z'
+ settings:
+ allowedFor: any
+ tokenLifetimeInMinutes: 5
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/methods
+ hints:
+ allow:
+ - GET
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
+ - value:
+ type: password
+ id: aut1nbtrJKKA9m45a0g4
+ key: okta_password
+ status: ACTIVE
+ name: Password
+ created: '2020-07-26T21:05:23.000Z'
+ lastUpdated: '2020-07-26T21:05:23.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4/methods
+ hints:
+ allow:
+ - GET
+ - value:
+ type: phone
+ id: aut1nbuyD8m1ckAYc0g4
+ key: phone_number
+ status: INACTIVE
+ name: Phone
+ created: '2020-07-26T21:05:23.000Z'
+ lastUpdated: '2020-07-29T00:21:29.000Z'
+ settings:
+ allowedFor: none
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/methods
+ hints:
+ allow:
+ - GET
+ activate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/lifecycle/activate
+ hints:
+ allow:
+ - POST
+ - value:
+ type: security_key
+ id: aut1nd8PQhGcQtSxB0g4
+ key: webauthn
+ status: ACTIVE
+ name: Security Key or Biometric
+ created: '2020-07-26T21:16:37.000Z'
+ lastUpdated: '2020-07-27T18:59:30.000Z'
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4
+ hints:
+ allow:
+ - GET
+ - PUT
+ methods:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods
+ hints:
+ allow:
+ - GET
+ deactivate:
+ href: https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate
+ hints:
+ allow:
+ - POST
BehaviorRuleRequest:
value:
name: My Behavior Rule
@@ -18223,8 +20235,8 @@ components:
settings:
velocityKph: 805
status: ACTIVE
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
_link:
self:
href: https://your-subdomain.okta.com/api/v1/behaviors/abcd1234
@@ -18354,6 +20366,7 @@ components:
userName: admin
domain: example.com
brandId: bnd100iSrkcN6aR680g1
+ validationSubdomain: mail
CreateHookKeyResponse:
summary: Create a key response example
value:
@@ -18558,8 +20571,8 @@ components:
body: Bonjour ${user.profile.firstName}. Activer le compte
isDefault: false
id: oel11u6DqUiMbQkpl0g4
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
_links:
self:
href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
@@ -18644,11 +20657,32 @@ components:
hints:
allow:
- POST
+ DefaultRealmAssignmentRule:
+ value:
+ id: rul2jy7jLUlnO5ng00g4
+ status: ACTIVE
+ name: Catch-all Rule
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: true
+ conditions:
+ profileSourceId: 0oa4enoRyjwSCy6hx0g4,
+ expression:
+ value: string
+ actions:
+ assignUserToRealm:
+ realmId: 00g1b7rvh0xPLKXFf2g5
+ priority: 499
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realm-rules/rul2jy7jLUlnO5ng00g4
+ method: GET
DefaultRealmResponse:
value:
id: guox9jQ16k9V8IQWL0g3
- created: 2022-04-04T15:56:05.000Z
- lastUpdated: 2022-05-05T18:15:44.000Z
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
isDefault: true
profile:
name: Default Realm
@@ -18704,8 +20738,9 @@ components:
- PUT
DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest:
x-okta-lifecycle:
- features:
- - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
summary: ChromeOS with third-party signal providers request
value:
name: Device Assurance ChromeOS
@@ -18730,8 +20765,9 @@ components:
keyTrustLevel: CHROME_OS_VERIFIED_MODE
DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse:
x-okta-lifecycle:
- features:
- - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
summary: ChromeOS with third-party signal providers response
value:
id: dae3m8o4rWhwReDeM1c5
@@ -18847,8 +20883,9 @@ components:
- PUT
DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest:
x-okta-lifecycle:
- features:
- - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
summary: macOS with third-party signal providers request
value:
name: Device Assurance macOS
@@ -18881,8 +20918,9 @@ components:
realtimeUrlCheckMode": true
DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse:
x-okta-lifecycle:
- features:
- - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
summary: macOS with third-party signal providers response
value:
id: dae3m8o4rWhwReDeM1c5
@@ -18972,8 +21010,9 @@ components:
- PUT
DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest:
x-okta-lifecycle:
- features:
- - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
summary: Windows with third-party signal providers request
value:
name: Device Assurance Windows
@@ -19013,8 +21052,9 @@ components:
keyTrustLevel: CHROME_BROWSER_HW_KEY
DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse:
x-okta-lifecycle:
- features:
- - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
summary: Windows with third-party signal providers response
value:
id: dae3m8o4rWhwReDeM1c5
@@ -19119,8 +21159,8 @@ components:
subject: Welcome to ${org.name}!
body: Hello, ${user.profile.firstName}. Click here to activate your account.
id: oel11u6DqUiMbQkpl0g4
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
_links:
self:
href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
@@ -19151,6 +21191,7 @@ components:
displayName: Admin
userName: admin
domain: example.com
+ validationSubdomain: mail
dnsValidationRecords:
- recordType: TXT
fqdn: _oktaverification.example.com
@@ -19451,6 +21492,27 @@ components:
hints:
allow:
- POST
+ GetRealmAssignmentRuleResponse:
+ value:
+ id: rul2jy7jLUlnO3ng00g4
+ status: ACTIVE
+ name: Realm Assignment Rule 1
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: false
+ conditions:
+ profileSourceId: 0oa4enoRyjwSCy5hx0g4
+ expression:
+ value: string
+ actions:
+ assignUserToRealm:
+ realmId: 00g1b7rvh0xPLKXFf0g5
+ priority: 0
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realm-rules/rul2jy7jLUlnO3ng00g4
+ method: GET
GetUserResponse:
summary: Retrieve a user type response
value:
@@ -19544,6 +21606,63 @@ components:
created: '2022-08-31T18:09:58.000Z'
lastUpdated: '2022-08-31T18:09:58.000Z'
isUsed: 'false'
+ ListAppGrantsEx:
+ summary: List all app Grants example
+ value:
+ - id: oag91n9ruw3dsaXzP0h6
+ status: ACTIVE
+ created: '2023-02-21T16:54:00.000Z'
+ createdBy:
+ id: 00u6eltha0nrSc47i0h7
+ type: User
+ lastUpdated: '2023-02-21T16:54:00.000Z'
+ issuer: '{yourOktaDomain}'
+ clientId: '{clientId}'
+ scopeId: okta.users.read
+ source: ADMIN
+ _embedded:
+ scope:
+ id: okta.users.read
+ _links:
+ app:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}
+ title: Application name
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oag91n9ruw3dsaXzP0h6
+ hints:
+ allow:
+ - GET
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+ title: Client name
+ - id: oaghm3sh9ukdkvDmO0h6
+ status: ACTIVE
+ created: '2023-02-03T21:57:49.000Z'
+ createdBy:
+ id: 00u6eltha0nrSc47i0h7
+ type: User
+ lastUpdated: '2023-02-03T21:57:49.000Z'
+ issuer: '{yourOktaDomain}'
+ clientId: '{clientId}'
+ scopeId: okta.apps.manage
+ source: ADMIN
+ _embedded:
+ scope:
+ id: okta.apps.manage
+ _links:
+ app:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}
+ title: Application name
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oaghm3sh9ukdkvDmO0h6
+ hints:
+ allow:
+ - GET
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/{clientId}
+ title: Client name
ListBrandsResponse:
value:
- id: bnd114iNkrcN6aR680g4
@@ -19577,8 +21696,8 @@ components:
subject: Welcome to ${org.name}!
body:
Hello, ${user.profile.firstName}. Click here to activate your account.
id: oel11u6DqUiMbQkpl0g4
- created: 2021-11-09T20:38:10.000Z
- lastUpdated: 2021-11-11T20:38:10.000Z
+ created: '2021-11-09T20:38:10.000Z'
+ lastUpdated: '2021-11-11T20:38:10.000Z'
_links:
self:
href: https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4
@@ -19722,17 +21841,57 @@ components:
_links:
self:
href: https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4
+ ListRealmAssignmentRulesResponse:
+ value:
+ - id: rul2jy7jLUlnO3ng00g4
+ status: ACTIVE
+ name: Realm Assignment Rule 1
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: false
+ conditions:
+ profileSourceId: 0oa4enoRyjwSCy5hx0g4
+ expression:
+ value: user.profile.role ==\"Manager\"
+ actions:
+ assignUserToRealm:
+ realmId: 00g1b7rvh0xPLKXFf0g5
+ priority: 0
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realm-rules/rul2jy7jLUlnO3ng00g4
+ method: GET
+ - id: rul2jy7jLUlnO5ng00g4
+ status: ACTIVE
+ name: Catch-all Rule
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ isDefault: true
+ conditions:
+ profileSourceId: 0oa4enoRyjwSCy6hx0g4,
+ expression:
+ value: string
+ actions:
+ assignUserToRealm:
+ realmId: 00g1b7rvh0xPLKXFf2g5
+ priority: 499
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/realm-rules/rul2jy7jLUlnO5ng00g4
+ method: GET
ListRealmAwareUsersResponse:
summary: List all Users
value:
- id: 00u118oQYT4TBGuay0g4
status: ACTIVE
- created: 2022-04-04T15:56:05.000Z
+ created: '2022-04-04T15:56:05.000Z'
activated: null
statusChanged: null
- lastLogin: 2022-05-04T19:50:52.000Z
- lastUpdated: 2022-05-05T18:15:44.000Z
- passwordChanged: 2022-04-04T16:00:22.000Z
+ lastLogin: '2022-05-04T19:50:52.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ passwordChanged: '2022-04-04T16:00:22.000Z'
type:
id: oty1162QAr8hJjTaq0g4
profile:
@@ -19754,8 +21913,8 @@ components:
ListRealmsResponse:
value:
- id: guox9jQ16k9V8IFEL0g3
- created: 2022-04-04T15:56:05.000Z
- lastUpdated: 2022-05-05T18:15:44.000Z
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
isDefault: false
profile:
name: Car Co
@@ -19786,40 +21945,40 @@ components:
identitySourceId: 0oa3l6l6WK6h0R0QW0g4
status: CREATED
importType: INCREMENTAL
- created: 2022-04-04T15:56:05.000Z
- lastUpdated: 2022-05-05T16:15:44.000Z
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T16:15:44.000Z'
ListSessionsResponseForGetSessions:
value:
- id: uij4ri8ZLk0ywyqxB0g1
identitySourceId: 0oa3l6l6WK6h0R0QW0g4
status: CREATED
importType: INCREMENTAL
- created: 2022-04-04T15:56:05.000Z
- lastUpdated: 2022-05-05T16:15:44.000Z
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T16:15:44.000Z'
- id: uij4ri8ZLk0ywyqxB0g2
identitySourceId: 0oa3l6l6WK6h0R0QW0g4
status: TRIGGERED
importType: INCREMENTAL
- created: 2022-04-04T16:56:05.000Z
- lastUpdated: 2022-05-05T17:15:44.000Z
+ created: '2022-04-04T16:56:05.000Z'
+ lastUpdated: '2022-05-05T17:15:44.000Z'
- id: uij4ri8ZLk0ywyqxB0g3
identitySourceId: 0oa3l6l6WK6h0R0QW0g4
status: IN_PROGRESS
importType: INCREMENTAL
- created: 2022-04-04T17:56:05.000Z
- lastUpdated: 2022-05-05T18:15:44.000Z
+ created: '2022-04-04T17:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
- id: uij4ri8ZLk0ywyqxB0g4
identitySourceId: 0oa3l6l6WK6h0R0QW0g4
status: EXPIRED
importType: INCREMENTAL
- created: 2022-04-04T18:56:05.000Z
- lastUpdated: 2022-05-05T19:15:44.000Z
+ created: '2022-04-04T18:56:05.000Z'
+ lastUpdated: '2022-05-05T19:15:44.000Z'
- id: uij4ri8ZLk0ywyqxB0g5
identitySourceId: 0oa3l6l6WK6h0R0QW0g4
status: CLOSED
importType: INCREMENTAL
- created: 2022-04-04T19:56:05.000Z
- lastUpdated: 2022-05-05T20:15:44.000Z
+ created: '2022-04-04T19:56:05.000Z'
+ lastUpdated: '2022-05-05T20:15:44.000Z'
ListUISchemaResponse:
summary: Lists all UI Schemas response
value:
@@ -19936,12 +22095,12 @@ components:
value:
- id: 00u118oQYT4TBTemp0g4
status: ACTIVE
- created: 2022-04-04T15:56:05.000Z
+ created: '2022-04-04T15:56:05.000Z'
activated: null
statusChanged: null
- lastLogin: 2022-05-04T19:50:52.000Z
- lastUpdated: 2022-05-05T18:15:44.000Z
- passwordChanged: 2022-04-04T16:00:22.000Z
+ lastLogin: '2022-05-04T19:50:52.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
+ passwordChanged: '2022-04-04T16:00:22.000Z'
type:
id: oty1162QAr8hJjTaq0g4
profile:
@@ -20009,14 +22168,14 @@ components:
originId: 'null'
originType: OKTA_DIRECTORY
displayName: Mabel Mora
- lastUpdated: 2023-03-29T18:30:58.000Z
+ lastUpdated: '2023-03-29T18:30:58.000Z'
- id: 00u1cmc52x5B86cnZ0h8
type: USER
resolved: true
originId: 'null'
originType: OKTA_DIRECTORY
displayName: Cinda Canning
- lastUpdated: 2023-03-29T18:30:55.000Z
+ lastUpdated: '2023-03-29T18:30:55.000Z'
LogStreamActivateResponse:
summary: Activate Log Stream response
value:
@@ -20135,7 +22294,7 @@ components:
href: http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate
method: POST
LogStreamSchemaAws:
- value: &ref_22
+ value:
$schema: https://json-schema.org/draft/2020-12/schema
$id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge
title: AWS EventBridge
@@ -20207,9 +22366,76 @@ components:
name: Name can't exceed 100 characters.
LogStreamSchemaList:
value:
- - *ref_22
- - &ref_23
- $schema: https://json-schema.org/draft/2020-12/schema
+ - $schema: https://json-schema.org/draft/2020-12/schema
+ $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge
+ title: AWS EventBridge
+ type: object
+ properties:
+ settings:
+ description: Configuration properties specific to AWS EventBridge
+ type: object
+ properties:
+ accountId:
+ title: AWS Account ID
+ description: Your Amazon AWS Account ID.
+ type: string
+ writeOnce: true
+ pattern: ^\d{12}$
+ eventSourceName:
+ title: AWS Event Source Name
+ description: An alphanumeric name (no spaces) to identify this event source in AWS EventBridge.
+ type: string
+ writeOnce: true
+ pattern: ^[\.\-_A-Za-z0-9]{1,75}$
+ region:
+ title: AWS Region
+ description: The destination AWS region for your system log events.
+ type: string
+ writeOnce: true
+ oneOf:
+ - title: US East (Ohio)
+ const: us-east-2
+ - title: US East (N. Virginia)
+ const: us-east-1
+ - title: US West (N. California)
+ const: us-west-1
+ - title: US West (Oregon)
+ const: us-west-2
+ - title: Canada (Central)
+ const: ca-central-1
+ - title: Europe (Frankfurt)
+ const: eu-central-1
+ - title: Europe (Ireland)
+ const: eu-west-1
+ - title: Europe (London)
+ const: eu-west-2
+ - title: Europe (Paris)
+ const: eu-west-3
+ - title: Europe (Milan)
+ const: eu-south-1
+ - title: Europe (Stockholm)
+ const: eu-north-1
+ required:
+ - eventSourceName
+ - accountId
+ - region
+ errorMessage:
+ properties:
+ accountId: Account number must be 12 digits.
+ eventSourceName: Event source name can use numbers, letters, the symbols ".", "-" or "_". It must use fewer than 76 characters.
+ name:
+ title: Name
+ description: A name for this log stream in Okta
+ type: string
+ writeOnce: false
+ pattern: ^.{1,100}$
+ required:
+ - name
+ - settings
+ errorMessage:
+ properties:
+ name: Name can't exceed 100 characters.
+ - $schema: https://json-schema.org/draft/2020-12/schema
$id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming
title: Splunk Cloud
type: object
@@ -20249,7 +22475,173 @@ components:
properties:
name: Name can't exceed 100 characters.
LogStreamSchemaSplunk:
- value: *ref_23
+ value:
+ $schema: https://json-schema.org/draft/2020-12/schema
+ $id: http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming
+ title: Splunk Cloud
+ type: object
+ properties:
+ settings:
+ description: Configuration properties specific to Splunk Cloud
+ type: object
+ properties:
+ host:
+ title: Host
+ description: 'The domain for your Splunk Cloud instance without http or https. For example: acme.splunkcloud.com'
+ type: string
+ writeOnce: false
+ pattern: ^([a-z0-9]+(-[a-z0-9]+)*){1,100}\.splunkcloud(gc|fed)?\.com$
+ token:
+ title: HEC Token
+ description: The token from your Splunk Cloud HTTP Event Collector (HEC).
+ type: string
+ writeOnce: false
+ pattern: '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}'
+ required:
+ - host
+ - token
+ errorMessage:
+ properties:
+ host: 'Host should be a domain without http or https. For example: acme.splunkcloud.com'
+ name:
+ title: Name
+ description: A name for this log stream in Okta
+ type: string
+ writeOnce: false
+ pattern: ^.{1,100}$
+ required:
+ - name
+ - settings
+ errorMessage:
+ properties:
+ name: Name can't exceed 100 characters.
+ OAuth2RefreshTokenResponseEx:
+ summary: OAuth 2.0 refresh token example
+ value:
+ id: oar579Mcp7OUsNTlo0g3
+ status: ACTIVE
+ created: '2023-03-09T03:18:06.000Z'
+ lastUpdated: '2023-03-09T03:18:06.000Z'
+ expiresAt: '2023-03-16T03:18:06.000Z'
+ issuer: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7
+ clientId: 0oabskvc6442nkvQO0h7
+ userId: 00u5t60iloOHN9pBi0h7
+ scopes:
+ - offline_access
+ - car:drive
+ _embedded:
+ scopes:
+ - id: scppb56cIl4GvGxy70g3
+ name: offline_access
+ description: Requests a refresh token by default and is used to obtain more access tokens without re-prompting the user for authentication
+ _links:
+ scope:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scppb56cIl4GvGxy70g3
+ title: offline_access
+ - id: scp142iq2J8IGRUCS0g4
+ name: car:drive
+ displayName: Drive car
+ description: Allows the user to drive a car
+ _links:
+ scope:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scp142iq2J8IGRUCS0g4
+ title: Drive car
+ _links:
+ app:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7
+ title: Native
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+ revoke:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+ hints:
+ allow:
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/0oabskvc6442nkvQO0h7
+ title: Example Client App
+ user:
+ href: https://{yourOktaDomain}/api/v1/users/00upcgi9dyWEOeCwM0g3
+ title: Saml Jackson
+ authorizationServer:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7
+ title: Example Authorization Server
+ OAuth2RefreshTokenResponseListEx:
+ summary: App refresh token list example
+ value:
+ - id: oar579Mcp7OUsNTlo0g3
+ status: ACTIVE
+ created: '2023-03-09T03:18:06.000Z'
+ lastUpdated: '2023-03-09T03:18:06.000Z'
+ expiresAt: '2023-03-16T03:18:06.000Z'
+ issuer: https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7
+ clientId: 0oabskvc6442nkvQO0h7
+ userId: 00u5t60iloOHN9pBi0h7
+ scopes:
+ - offline_access
+ - car:drive
+ _embedded:
+ scopes:
+ - id: scppb56cIl4GvGxy70g3
+ name: offline_access
+ description: Requests a refresh token by default and is used to obtain more access tokens without re-prompting the user for authentication
+ _links:
+ scope:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scppb56cIl4GvGxy70g3
+ title: offline_access
+ - id: scp142iq2J8IGRUCS0g4
+ name: car:drive
+ displayName: Drive car
+ description: Allows the user to drive a car
+ _links:
+ scope:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scp142iq2J8IGRUCS0g4
+ title: Drive car
+ _links:
+ app:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7
+ title: Native
+ self:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+ revoke:
+ href: https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3
+ hints:
+ allow:
+ - DELETE
+ client:
+ href: https://{yourOktaDomain}/oauth2/v1/clients/0oabskvc6442nkvQO0h7
+ title: Example Client App
+ user:
+ href: https://{yourOktaDomain}/api/v1/users/00upcgi9dyWEOeCwM0g3
+ title: Saml Jackson
+ authorizationServer:
+ href: https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7
+ title: Example Authorization Server
+ OperationResponse:
+ value:
+ id: rre4mje4ez6B2a7B60g7
+ status: COMPLETED
+ created: '2023-10-25T21:02:54.000Z'
+ started: '2023-10-25T21:02:54.000Z'
+ completed: '2023-10-25T21:02:54.000Z'
+ ruleOperation:
+ numUserMoved: 50
+ configuration:
+ id: 0pr1b7rxZj2ibQzfP0g5
+ name: Realm Assignment Rule 1
+ conditions:
+ profileSourceId: 0oa4enoRyjwSCy5hx0g4
+ expression:
+ value: string
+ actions:
+ assignUserToRealm:
+ realmId: 00g1b7rvh0xPLKXFf0g5
+ realmName: Realm Name
+ _links:
+ self:
+ rel: self
+ href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez6B2a7B60g7
+ method: GET
OrgCAPTCHASettingsConfigured:
summary: Org-wide Captcha Settings are configured
value:
@@ -20517,7 +22909,7 @@ components:
id: ppctekcmngGaqeiBxB0g4
name: APNs Example
providerType: APNS
- lastUpdatedDate: 2022-01-01T00:00:00.000Z
+ lastUpdatedDate: '2022-01-01T00:00:00.000Z'
configuration:
keyId: KEY_ID
teamId: TEAM_ID
@@ -20552,7 +22944,7 @@ components:
id: ppctekcmngGaqeiBxB0g4
name: FCM Example
providerType: FCM
- lastUpdatedDate: 2022-01-01T00:00:00.000Z
+ lastUpdatedDate: '2022-01-01T00:00:00.000Z'
configuration:
projectId: PROJECT_ID
fileName: fileName.p8
@@ -20576,8 +22968,8 @@ components:
RealmResponse:
value:
id: guox9jQ16k9V8IFEL0g3
- created: 2022-04-04T15:56:05.000Z
- lastUpdated: 2022-05-05T18:15:44.000Z
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
isDefault: false
profile:
name: Car Co
@@ -20586,6 +22978,40 @@ components:
rel: self
href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3
method: GET
+ RefreshCurrentSessionResponse:
+ summary: Refresh current session
+ value:
+ amr:
+ - pwd
+ createdAt: '2019-08-24T14:15:22Z'
+ expiresAt: '2019-08-24T14:15:22Z'
+ id: l7FbDVqS8zHSy65uJD85
+ idp:
+ id: 01a2bcdef3GHIJKLMNOP
+ type: ACTIVE_DIRECTORY
+ lastFactorVerification: '2019-08-24T14:15:22Z'
+ lastPasswordVerification: '2019-08-24T14:15:22Z'
+ login: user@example.com
+ status: ACTIVE
+ userId: 00u0abcdefGHIJKLMNOP
+ _links:
+ self:
+ hints:
+ allow:
+ - GET
+ - DELETE
+ href: https://{yourOktaDomain}/api/v1/sessions/me
+ refresh:
+ hints:
+ allow:
+ - POST
+ href: https://{yourOktaDomain}/api/v1/sessions/me/lifecycle/refresh
+ user:
+ hints:
+ allow:
+ - GET
+ href: https://{yourOktaDomain}/api/v1/users/me
+ name: User Name
RefreshSessionResponse:
summary: Refresh an existing Session using the session ID
value:
@@ -20768,6 +23194,70 @@ components:
href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
schema:
href: https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6
+ ResourceSelectorCreateRequestExample:
+ value:
+ name: All applications except Workday applications
+ description: All applications except Workday applications
+ schema: /api/v1/apps
+ filter: name ne "workday"
+ ResourceSelectorCreateResponseExample:
+ value:
+ id: rsl1hx31gVEa6x10v0g5
+ name: All applications except Workday applications
+ description: All applications except Workday applications
+ orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5
+ resources:
+ href: https://{yourOktaDomain}/api/v1/apps?filter="name ne "workday""
+ ResourceSelectorPatchRequestExample:
+ value:
+ name: All applications except Facebook applications
+ description: All applications except Facebook applications
+ filter: name ne "facebook"
+ ResourceSelectorPatchResponseExample:
+ value:
+ id: rsl1hx31gVEa6x10v0g5
+ name: All applications except Facebook applications
+ description: All applications except Facebook applications
+ orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5
+ resources:
+ href: https://{yourOktaDomain}/api/v1/apps?filter="name ne "facebook""
+ ResourceSelectorResponseExample:
+ value:
+ id: rsl1hx31gVEa6x10v0g5
+ name: All applications except a specific application
+ description: All applications except a specific application
+ orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+ _links:
+ self:
+ href: https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5
+ resources:
+ href: https://{yourOktaDomain}/api/v1/apps?filter="id ne 0oafxqAAJWWGELFTYASH"
+ ResourceSelectorsResponseExample:
+ value:
+ resourceSelectors:
+ - id: rsl1hx31gVEa6x10v0g5
+ name: All applications except Workday applications
+ description: All applications except Workday applications
+ orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
+ _links:
+ resources:
+ href: http://${yourOktaDomain}/api/v1/apps?filter="id ne 0oafxqCAJWWGELFTYASJ"
+ - id: rsl1hx31gVEa6x10v0g6
+ name: All applications except Facebook applications
+ description: All applications except Facebook applications
+ orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g6:apps
+ _links:
+ resources:
+ href: http://${yourOktaDomain}/api/v1/apps?filter="id ne 0oafxqAAJWWGELFTYASH
+ _links:
+ next:
+ href: https://{yourOktaDomain}/api/v1/resource-selectors?after=rsl1hx31gVEa6x10v0g6
ResourceSetBindingAddMembersRequestExample:
value:
additions:
@@ -20934,9 +23424,9 @@ components:
verificationStatus: VERIFIED
name: Event Hook Test
description: null
- created: 2023-07-07T13:41:56.000Z
+ created: '2023-07-07T13:41:56.000Z'
createdBy: 00u7xut94qEWYx5ss1e5
- lastUpdated: 2023-07-07T13:43:03.000Z
+ lastUpdated: '2023-07-07T13:43:03.000Z'
events:
type: EVENT_TYPE
items:
@@ -20975,9 +23465,9 @@ components:
verificationStatus: VERIFIED
name: Event Hook Test
description: null
- created: 2023-07-07T17:41:56.000Z
+ created: '2023-07-07T17:41:56.000Z'
createdBy: 00u7xut94qEWYx5ss1e5
- lastUpdated: 2023-07-07T17:43:03.000Z
+ lastUpdated: '2023-07-07T17:43:03.000Z'
events:
type: EVENT_TYPE
items:
@@ -21012,9 +23502,9 @@ components:
verificationStatus: VERIFIED
name: Event Hook with Filter
description: An event hook using an Okta Expression Language filter
- created: 2023-07-07T13:41:56.000Z
+ created: '2023-07-07T13:41:56.000Z'
createdBy: 00u7xut94qEWYx5ss1e5
- lastUpdated: 2023-07-07T13:43:03.000Z
+ lastUpdated: '2023-07-07T13:43:03.000Z'
events:
type: EVENT_TYPE
items:
@@ -21057,8 +23547,8 @@ components:
name: LegacyIpZone
status: ACTIVE
usage: POLICY
- created: 2019-05-17T18:44:31.000Z
- lastUpdated: 2019-05-21T13:50:49.000Z
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
system: true
gateways:
- type: CIDR
@@ -21084,8 +23574,8 @@ components:
name: test
status: ACTIVE
usage: POLICY
- created: 2019-05-17T18:44:31.000Z
- lastUpdated: 2019-05-21T13:50:49.000Z
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
system: false
locations:
- country: AF
@@ -21114,8 +23604,8 @@ components:
name: LegacyIpZone
status: ACTIVE
usage: POLICY
- created: 2019-05-17T18:44:31.000Z
- lastUpdated: 2019-05-21T13:50:49.000Z
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
system: true
gateways:
- type: CIDR
@@ -21144,9 +23634,9 @@ components:
verificationStatus: VERIFIED
name: Event Hook Test
description: null
- created: 2023-07-07T13:41:56.000Z
+ created: '2023-07-07T13:41:56.000Z'
createdBy: 00u7xut94qEWYx5ss1e5
- lastUpdated: 2023-07-07T13:43:03.000Z
+ lastUpdated: '2023-07-07T13:43:03.000Z'
events:
type: EVENT_TYPE
items:
@@ -21185,9 +23675,9 @@ components:
verificationStatus: VERIFIED
name: Event Hook with Filter
description: An event hook using an Okta Expression Language filter
- created: 2023-07-07T13:41:56.000Z
+ created: '2023-07-07T13:41:56.000Z'
createdBy: 00u7xut94qEWYx5ss1e5
- lastUpdated: 2023-07-07T13:43:03.000Z
+ lastUpdated: '2023-07-07T13:43:03.000Z'
events:
type: EVENT_TYPE
items:
@@ -21221,6 +23711,40 @@ components:
hints:
allow:
- POST
+ RetrieveCurrentSessionResponse:
+ summary: Retrieve current session
+ value:
+ amr:
+ - pwd
+ createdAt: '2019-08-24T14:15:22Z'
+ expiresAt: '2019-08-24T14:15:22Z'
+ id: l7FbDVqS8zHSy65uJD85
+ idp:
+ id: 01a2bcdef3GHIJKLMNOP
+ type: ACTIVE_DIRECTORY
+ lastFactorVerification: '2019-08-24T14:15:22Z'
+ lastPasswordVerification: '2019-08-24T14:15:22Z'
+ login: user@example.com
+ status: ACTIVE
+ userId: 00u0abcdefGHIJKLMNOP
+ _links:
+ self:
+ hints:
+ allow:
+ - GET
+ - DELETE
+ href: https://{yourOktaDomain}/api/v1/sessions/me
+ refresh:
+ hints:
+ allow:
+ - POST
+ href: https://{yourOktaDomain}/api/v1/sessions/me/lifecycle/refresh
+ user:
+ hints:
+ allow:
+ - GET
+ href: https://{yourOktaDomain}/api/v1/users/me
+ name: User Name
RetrieveFeaturesResponse:
summary: Retrieve a feature by ID
value:
@@ -21321,8 +23845,8 @@ components:
name: LegacyIpZone
status: ACTIVE
usage: POLICY
- created: 2019-05-17T18:44:31.000Z
- lastUpdated: 2019-05-21T13:50:49.000Z
+ created: '2019-05-17T18:44:31.000Z'
+ lastUpdated: '2019-05-21T13:50:49.000Z'
system: true
gateways:
- type: CIDR
@@ -21627,6 +24151,120 @@ components:
policies: null
evaluated:
policies: null
+ SubmissionOidcRequest:
+ summary: Submission OIDC request example
+ value:
+ name: Strawberry Central
+ description: Your one source for in-season strawberry deals
+ logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ sso:
+ oidc:
+ redirectUris:
+ - https://${org.subdomain}.example.com/strawberry/oidc/login
+ initiateLoginUri: https://${org.subdomain}.example.com/strawberry/oidc/sp-init
+ postLogoutUris:
+ - https://${org.subdomain}.example.com/strawberry/oidc/logged-out
+ doc: https://example.com/strawberry/help/oidcSetup
+ config:
+ - name: subdomain
+ label: Subdomain
+ SubmissionOidcResponse:
+ summary: Submission OIDC response example
+ value:
+ id: acme_strawberrycentral_1
+ name: Strawberry Central
+ description: Your one source for in-season strawberry deals
+ logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ sso:
+ oidc:
+ redirectUris:
+ - https://${org.subdomain}.example.com/strawberry/oidc/login
+ initiateLoginUri: https://${org.subdomain}.example.com/strawberry/oidc/sp-init
+ postLogoutUris:
+ - https://${org.subdomain}.example.com/strawberry/oidc/logged-out
+ doc: https://example.com/strawberry/help/oidcSetup
+ config:
+ - name: subdomain
+ label: Subdomain
+ status: New
+ lastUpdated: '2023-08-24T14:15:22.000Z'
+ lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
+ lastPublished: '2023-09-01T13:23:45.000Z'
+ SubmissionSamlRequest:
+ summary: Submission SAML request example
+ value:
+ name: Strawberry Central
+ description: Your one source for in-season strawberry deals
+ logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ sso:
+ saml:
+ acs:
+ - url: https://${org.subdomain}.example.com/saml/login
+ entityId: https://${org.subdomain}.example.com
+ doc: https://example.com/strawberry/help/samlSetup
+ config:
+ - name: subdomain
+ label: Subdomain
+ SubmissionSamlResponse:
+ summary: Submission SAML response example
+ value:
+ id: acme_strawberrycentral_1
+ name: Strawberry Central
+ description: Your one source for in-season strawberry deals
+ logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ sso:
+ saml:
+ acs:
+ - url: https://${org.subdomain}.example.com/saml/login
+ entityId: https://${org.subdomain}.example.com
+ doc: https://example.com/strawberry/help/samlSetup
+ config:
+ - name: subdomain
+ label: Subdomain
+ status: To be reviewed by Okta
+ lastUpdated: '2023-08-24T14:15:22.000Z'
+ lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
+ lastPublished: null
+ SubmissionsResponse:
+ summary: Submission list example
+ value:
+ - id: acme_strawberrycentral_1
+ name: Strawberry Central
+ description: Your one source for in-season strawberry deals
+ logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ sso:
+ saml:
+ acs:
+ - url: https://${org.subdomain}.example.com/saml/login
+ entityId: https://${org.subdomain}.example.com
+ doc: https://example.com/strawberry/help/samlSetup
+ config:
+ - name: subdomain
+ label: Subdomain
+ status: Complete
+ lastUpdated: '2023-08-24T14:15:22.000Z'
+ lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
+ lastPublished: '2023-09-01T13:23:45.000Z'
+ TestInfoBase:
+ summary: Submission Testing Information example
+ value:
+ testAccount:
+ url: https://example.com/strawberry/login
+ username: test@example.com
+ password: sUperP@ssw0rd
+ instructions: Just open URL and input credentials
+ escalationSupportContact: strawberry.support@example.com
+ samlTestConfiguration:
+ idp: true
+ sp: true
+ jit: false
+ spInitiateUrl: https://test.example.com/strawberry/saml/sp-init
+ spInitiateDescription: Just open URL and provide your username
+ oidcTestConfiguration:
+ idp: true
+ sp: true
+ jit: false
+ spInitiateUrl: https://test.example.com/strawberry/oidc/sp-init
ThreatInsightResponseExample:
summary: ThreatInsight response
value:
@@ -21670,10 +24308,10 @@ components:
identitySourceId: 0oa3l6l6WK6h0R0QW0g4
status: TRIGGERED
importType: INCREMENTAL
- created: 2022-04-04T15:56:05.000Z
- lastUpdated: 2022-05-05T18:15:44.000Z
+ created: '2022-04-04T15:56:05.000Z'
+ lastUpdated: '2022-05-05T18:15:44.000Z'
UpdateAppFeatureRequestEx:
- summary: Update app Feature request
+ summary: Update USER_PROVISIONING request
value:
create:
lifecycleCreate:
@@ -21688,7 +24326,7 @@ components:
seed: RANDOM
change: CHANGE
UpdateAppFeatureResponseEx:
- summary: Update app Feature response
+ summary: Update USER_PROVISIONING response
value:
name: USER_PROVISIONING
status: ENABLED
@@ -21844,6 +24482,7 @@ components:
displayName: IT Admin
userName: noreply
domain: example.com
+ validationSubdomain: mail
dnsValidationRecords:
- recordType: TXT
fqdn: _oktaverification.example.com
@@ -21956,6 +24595,7 @@ components:
displayName: IT Admin
userName: noreply
domain: example.com
+ validationSubdomain: mail
dnsValidationRecords:
- recordType: TXT
fqdn: _oktaverification.example.com
@@ -22112,7 +24752,6 @@ components:
summary: Password policy - SSPR with no step up
value:
id: ruleId
- $ref: '#/components/examples/sspr-enabled-no-step-up/value'
_links:
self:
href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
@@ -22126,12 +24765,61 @@ components:
hints:
allow:
- POST
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - sms
+ - email
+ stepUp:
+ required: false
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
sspr-enabled-no-step-up-update:
summary: Password policy - SSPR with no step up
description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators with no secondary authentication required.
value:
id: ruleId
- $ref: '#/components/examples/sspr-enabled-no-step-up/value'
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - sms
+ - email
+ stepUp:
+ required: false
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
sspr-enabled-sq-step-up:
summary: Password policy - SSPR with security question as step up
description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are initial authenticators, and the secondary authentication is a security question.
@@ -22167,7 +24855,6 @@ components:
summary: Password policy - SSPR with security question as step up
value:
id: ruleId
- $ref: '#/components/examples/sspr-enabled-sq-step-up/value'
_links:
self:
href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
@@ -22181,12 +24868,65 @@ components:
hints:
allow:
- POST
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ stepUp:
+ required: true
+ methods:
+ - security_question
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
sspr-enabled-sq-step-up-update:
summary: Password policy - SSPR with security question as step up
description: This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are initial authenticators, and the secondary authentication is a security question.
value:
id: ruleId
- $ref: '#/components/examples/sspr-enabled-sq-step-up/value'
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ stepUp:
+ required: true
+ methods:
+ - security_question
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
sspr-enabled-sso-step-up:
summary: Password policy - SSPR with any SSO authenticator as step up
description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators. The step-up authentication required is any active SSO authenticator.
@@ -22220,7 +24960,6 @@ components:
summary: Password policy - SSPR with any SSO authenticator as step up
value:
id: ruleId
- $ref: '#/components/examples/sspr-enabled-sso-step-up/value'
_links:
self:
href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
@@ -22234,12 +24973,61 @@ components:
hints:
allow:
- POST
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ stepUp:
+ required: true
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
sspr-enabled-sso-step-up-update:
summary: Password policy - SSPR with any SSO authenticator as step up
description: This password policy permits self-service password change, reset, and unlock. Phone SMS or email are initial authenticators. The step-up authentication required is any active SSO authenticator.
value:
id: ruleId
- $ref: '#/components/examples/sspr-enabled-sso-step-up/value'
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ stepUp:
+ required: true
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
sspr-enabled-sso-step-up-with-constraints:
summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
description: This password policy permits self-service password change, reset, and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators. The secondary authentication required is any SSO authenticator. The `methodConstraints` property limits OTP authenticators to Google.
@@ -22279,7 +25067,6 @@ components:
summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
value:
id: ruleId
- $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints/value'
_links:
self:
href: https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
@@ -22293,12 +25080,71 @@ components:
hints:
allow:
- POST
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ - otp
+ methodConstraints:
+ - method: otp
+ allowedAuthenticators:
+ - key: google_otp
+ stepUp:
+ required: true
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
sspr-enabled-sso-step-up-with-constraints-update:
summary: Password policy - Enable SSPR with OTP enabled and Google authenticator constraint
description: This password policy permits self-service password change, reset, and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators. The secondary authentication required is any SSO authenticator. The `methodConstraints` property limits OTP authenticators to Google.
value:
id: ruleId
- $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints/value'
+ name: SSPR Rule
+ priority: 1
+ status: ACTIVE
+ conditions:
+ people:
+ users:
+ exclude: []
+ network:
+ connection: ANYWHERE
+ actions:
+ passwordChange:
+ access: ALLOW
+ selfServicePasswordReset:
+ access: ALLOW
+ requirement:
+ primary:
+ methods:
+ - push
+ - sms
+ - otp
+ methodConstraints:
+ - method: otp
+ allowedAuthenticators:
+ - key: google_otp
+ stepUp:
+ required: true
+ selfServiceUnlock:
+ access: ALLOW
+ system: false
+ type: PASSWORD
parameters:
UISchemaId:
name: id
@@ -22326,7 +25172,7 @@ components:
description: id of the API Token
pathAppId:
name: appId
- description: ID of the Application
+ description: Application ID
in: path
required: true
schema:
@@ -22469,7 +25315,7 @@ components:
example: who8vt36qfNpCGz9H1e6
pathFactorId:
name: factorId
- description: '`id` of the Factor'
+ description: ID of an existing User Factor
in: path
required: true
schema:
@@ -22489,11 +25335,19 @@ components:
in: path
required: true
schema:
- type: string
+ $ref: '#/components/schemas/ApplicationFeatureType'
example: USER_PROVISIONING
+ pathFirstPartyAppName:
+ name: appName
+ description: '`appName` of the application'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: admin-console
pathGrantId:
name: grantId
- description: ID of the Grant
+ description: Grant ID
in: path
required: true
schema:
@@ -22735,6 +25589,14 @@ components:
example: ire106sQKoHoXXsAe0g4
required: true
description: '`id` of a resource'
+ pathResourceSelectorId:
+ name: resourceSelectorId
+ in: path
+ schema:
+ type: string
+ example: rsl1hx31gVEa6x10v0g5
+ required: true
+ description: '`id` of a Resource Selector'
pathResourceSetId:
name: resourceSetId
in: path
@@ -22823,6 +25685,14 @@ components:
schema:
type: string
example: l7FbDVqS8zHSy65uJD85
+ pathSubmissionId:
+ name: submissionId
+ description: Submission ID
+ in: path
+ required: true
+ schema:
+ type: string
+ example: acme_submissionapp_1
pathTargetGroupId:
name: targetGroupId
in: path
@@ -22862,7 +25732,7 @@ components:
example: sHHSth53yJAyNSTQKDJZ
pathTransactionId:
name: transactionId
- description: '`id` of the Transaction'
+ description: ID of an existing Factor verification transaction
in: path
required: true
schema:
@@ -22892,6 +25762,7 @@ components:
required: true
pathUserId:
name: userId
+ description: ID of an existing Okta user
in: path
required: true
schema:
@@ -22910,13 +25781,34 @@ components:
schema:
type: string
description: The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination) for more information.
- queryExpand:
+ queryAppAfter:
+ name: after
+ in: query
+ description: The cursor to use for pagination. It's an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](/#pagination).
+ schema:
+ type: string
+ example: 16275000448691
+ queryAppExpand:
name: expand
in: query
description: 'An optional parameter to include scope details in the `_embedded` attribute. Valid value: `scope`'
schema:
type: string
example: scope
+ queryExpandAuthenticator:
+ name: expand
+ in: query
+ style: form
+ explode: false
+ required: false
+ schema:
+ type: array
+ items:
+ type: string
+ enum:
+ - methods
+ - authenticationPolicy
+ description: Specifies additional metadata for the response
queryExpandBrand:
name: expand
in: query
@@ -23019,6 +25911,22 @@ components:
schema:
type: boolean
required: false
+ queryUserExpand:
+ name: expand
+ in: query
+ description: 'An optional parameter to include metadata in the `_embedded` attribute. Valid value: `blocks`'
+ required: false
+ schema:
+ type: string
+ example: blocks
+ ruleId:
+ name: ruleId
+ description: '`id` of the Realm Assignment Rule'
+ in: path
+ required: true
+ schema:
+ type: string
+ example: rul2jy7jLUlnO3ng00g4
simulateParameter:
name: expand
description: Use `expand=EVALUATED` to include a list of evaluated but not matched policies and policy rules. Use `expand=RULE` to include details about why a rule condition was (not) matched.
@@ -23322,19 +26230,28 @@ components:
required:
- url
- index
- ActivateFactorRequest:
+ Actions:
type: object
properties:
- attestation:
- type: string
- clientData:
- type: string
- passCode:
- type: string
- registrationData:
- type: string
- stateToken:
- type: string
+ assignUserToRealm:
+ $ref: '#/components/schemas/AssignUserToRealm'
+ AdminConsoleSettings:
+ title: Okta Admin Console Settings
+ description: Settings specific to the Okta Admin Console
+ type: object
+ properties:
+ sessionIdleTimeoutMinutes:
+ description: The absolute maximum session lifetime of the Okta Admin Console. Must be no more than 12 hours.
+ type: integer
+ minimum: 5
+ maximum: 720
+ default: 15
+ sessionMaxLifetimeMinutes:
+ description: The absolute maximum session lifetime of the Okta Admin Console. Must be no more than 7 days.
+ type: integer
+ minimum: 5
+ maximum: 10080
+ default: 720
Agent:
description: Agent details
type: object
@@ -23529,6 +26446,29 @@ components:
enum:
- APP
- APP_TYPE
+ AppCustomHrefObject:
+ type: object
+ properties:
+ hints:
+ type: object
+ description: Describes allowed HTTP verbs for the `href`
+ properties:
+ allow:
+ type: array
+ items:
+ type: string
+ href:
+ type: string
+ description: Link URI
+ title:
+ type: string
+ description: Link name
+ type:
+ type: string
+ description: The media type of the link. If omitted, it is implicitly `application/json`.
+ required:
+ - href
+ readOnly: true
AppInstancePolicyRuleCondition:
type: object
properties:
@@ -23579,11 +26519,9 @@ components:
type: object
properties:
created:
- type: string
- description: Timestamp when the App User object was created
- format: date-time
- readOnly: true
- example: '2014-06-24T15:27:59.000Z'
+ allOf:
+ - $ref: '#/components/schemas/createdProperty'
+ - example: '2014-06-24T15:27:59.000Z'
credentials:
$ref: '#/components/schemas/AppUserCredentials'
externalId:
@@ -23607,11 +26545,9 @@ components:
readOnly: true
example: '2014-06-24T15:27:59.000Z'
lastUpdated:
- type: string
- description: Timestamp when App User was last updated
- format: date-time
- readOnly: true
- example: '2014-06-24T15:28:14.000Z'
+ allOf:
+ - $ref: '#/components/schemas/lastUpdatedProperty'
+ - example: '2014-06-24T15:28:14.000Z'
passwordChanged:
type: string
description: Timestamp when the App User password was last changed
@@ -23863,27 +26799,16 @@ components:
ApplicationFeature:
description: |
The Feature object is used to configure application feature settings.
-
- The only feature currently supported is `USER_PROVISIONING` for the Org2Org application type.
type: object
properties:
- capabilities:
- allOf:
- - $ref: '#/components/schemas/CapabilitiesObject'
description:
type: string
description: Description of the feature
example: Settings for provisioning users from Okta to a downstream application
readOnly: true
name:
- type: string
- description: Identifying name of the feature
+ $ref: '#/components/schemas/ApplicationFeatureType'
readOnly: true
- example: USER_PROVISIONING
- enum:
- - USER_PROVISIONING
- x-enumDescriptions:
- USER_PROVISIONING: Represents the **To App** provisioning feature setting in the Admin Console
status:
allOf:
- $ref: '#/components/schemas/EnabledStatus'
@@ -23894,6 +26819,20 @@ components:
allOf:
- $ref: '#/components/schemas/LinksSelf'
- readOnly: true
+ discriminator: *ref_3
+ ApplicationFeatureType:
+ description: |
+ Identifying name of the feature
+
+ | Value | Description |
+ | --------- | ------------- |
+ | USER_PROVISIONING | Represents the **To App** provisioning feature setting in the Admin Console |
+ example: USER_PROVISIONING
+ type: string
+ enum:
+ - USER_PROVISIONING
+ x-enumDescriptions:
+ USER_PROVISIONING: Represents the **To App** provisioning feature setting in the Admin Console
ApplicationGroupAssignment:
type: object
properties:
@@ -24104,6 +27043,11 @@ components:
properties:
type:
$ref: '#/components/schemas/RoleType'
+ AssignUserToRealm:
+ type: object
+ properties:
+ realmId:
+ type: string
AssociatedServerMediated:
type: object
properties:
@@ -24113,13 +27057,19 @@ components:
items:
type: string
AuthenticationProvider:
+ description: |-
+ Specifies the authentication provider that validates the user's password credential. The user's current provider
+ is managed by the Delegated Authentication settings for your organization. The provider object is read-only.
type: object
properties:
name:
type: string
+ description: The name of the authentication provider
+ readOnly: true
type:
$ref: '#/components/schemas/AuthenticationProviderType'
AuthenticationProviderType:
+ description: The type of authentication provider
type: string
enum:
- ACTIVE_DIRECTORY
@@ -24128,6 +27078,14 @@ components:
- LDAP
- OKTA
- SOCIAL
+ x-enumDescriptions:
+ ACTIVE_DIRECTORY: Specifies the directory instance name as the `name` property
+ FEDERATION: Doesn't support a `password` or `recovery question` credential and must authenticate through a trusted Identity Provider
+ IMPORT: Specifies a hashed password that was imported from an external source
+ LDAP: Specifies the directory instance name as the `name` property
+ OKTA: Specifies the Okta Identity Provider
+ SOCIAL: Doesn't support a `password` or `recovery question` credential and must authenticate through a trusted Identity Provider
+ readOnly: true
Authenticator:
type: object
properties:
@@ -24154,6 +27112,17 @@ components:
$ref: '#/components/schemas/LifecycleStatus'
type:
$ref: '#/components/schemas/AuthenticatorType'
+ _embedded:
+ type: object
+ properties:
+ methods:
+ type: array
+ items:
+ $ref: '#/components/schemas/AuthenticatorMethodBase'
+ policies:
+ type: array
+ items:
+ $ref: '#/components/schemas/Policy'
_links:
$ref: '#/components/schemas/AuthenticatorLinks'
AuthenticatorIdentity:
@@ -24186,7 +27155,7 @@ components:
$ref: '#/components/schemas/AuthenticatorMethodType'
_links:
$ref: '#/components/schemas/LinksSelfAndLifecycle'
- discriminator: *ref_3
+ discriminator: *ref_5
AuthenticatorMethodConstraint:
description: 'Limits the authenticators that can be used for a given method. Currently, only the `otp` method supports constraints, and Google authenticator (key : ''google_otp'') is the only allowed authenticator.'
type: object
@@ -24646,7 +27615,7 @@ components:
required:
- name
- type
- discriminator: *ref_5
+ discriminator: *ref_7
BehaviorRuleAnomalousDevice:
allOf:
- $ref: '#/components/schemas/BehaviorRule'
@@ -24921,20 +27890,6 @@ components:
enum:
- HCAPTCHA
- RECAPTCHA_V2
- CallUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/CallUserFactorProfile'
- CallUserFactorProfile:
- type: object
- properties:
- phoneExtension:
- type: string
- phoneNumber:
- type: string
CapabilitiesCreateObject:
description: |
Determines whether Okta assigns a new application account to each user managed by Okta.
@@ -24945,8 +27900,48 @@ components:
properties:
lifecycleCreate:
$ref: '#/components/schemas/LifecycleCreateSettingObject'
+ CapabilitiesImportRulesObject:
+ description: Defines user import rules
+ type: object
+ properties:
+ userCreateAndMatch:
+ $ref: '#/components/schemas/CapabilitiesImportRulesUserCreateAndMatchObject'
+ CapabilitiesImportRulesUserCreateAndMatchObject:
+ description: Rules for matching and creating users
+ type: object
+ properties:
+ allowPartialMatch:
+ type: boolean
+ description: Allows user import upon partial matching. Partial matching occurs when the first and last names of an imported user match those of an existing Okta user, even if the username or email attributes don't match.
+ autoActivateNewUsers:
+ type: boolean
+ description: If set to `true`, imported new users are automatically activated.
+ autoConfirmExactMatch:
+ type: boolean
+ description: If set to `true`, exact-matched users are automatically confirmed on activation. If set to `false`, exact-matched users need to be confirmed manually.
+ autoConfirmNewUsers:
+ type: boolean
+ description: If set to `true`, imported new users are automatically confirmed on activation. This doesn't apply to imported users that already exist in Okta.
+ autoConfirmPartialMatch:
+ type: boolean
+ description: If set to `true`, partially matched users are automatically confirmed on activation. If set to `false`, partially matched users need to be confirmed manually.
+ exactMatchCriteria:
+ type: string
+ description: Determines the attribute to match users
+ enum:
+ - EMAIL
+ - USERNAME
+ CapabilitiesImportSettingsObject:
+ description: Defines import settings
+ type: object
+ properties:
+ schedule:
+ $ref: '#/components/schemas/ImportScheduleObject'
+ username:
+ $ref: '#/components/schemas/ImportUsernameObject'
CapabilitiesObject:
- description: Defines the configurations related to an application feature
+ title: USER_PROVISIONING
+ description: Defines the configurations for the USER_PROVISIONING feature
type: object
properties:
create:
@@ -25039,11 +28034,24 @@ components:
type: array
items:
type: string
+ ClientPrivilegesSetting:
+ description: The org setting that assigns the super admin role by default to a public client app
+ type: object
+ properties:
+ clientPrivilegesSetting:
+ type: boolean
Compliance:
type: object
properties:
fips:
$ref: '#/components/schemas/FipsEnum'
+ Conditions:
+ type: object
+ properties:
+ expression:
+ $ref: '#/components/schemas/Expression'
+ profileSourceId:
+ type: string
ContentSecurityPolicySetting:
type: object
properties:
@@ -25091,6 +28099,22 @@ components:
- label
- description
- permissions
+ CreateRealmAssignmentRuleRequest:
+ type: object
+ properties:
+ actions:
+ $ref: '#/components/schemas/Actions'
+ conditions:
+ $ref: '#/components/schemas/Conditions'
+ name:
+ type: string
+ priority:
+ type: integer
+ CreateRealmRequest:
+ type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/RealmProfile'
CreateResourceSetRequest:
type: object
properties:
@@ -25132,13 +28156,6 @@ components:
type: string
profile:
$ref: '#/components/schemas/UserProfile'
- realmId:
- type: string
- description: The ID of the realm in which the user is residing
- example: guo1bfiNtSnZYILxO0g4
- x-okta-lifecycle:
- features:
- - UD_REALMS
type:
$ref: '#/components/schemas/UserType'
required:
@@ -25147,9 +28164,7 @@ components:
type: object
properties:
created:
- type: string
- format: date-time
- readOnly: true
+ $ref: '#/components/schemas/createdProperty'
csr:
type: string
readOnly: true
@@ -25188,20 +28203,6 @@ components:
type: array
items:
type: string
- CustomHotpUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- factorProfileId:
- type: string
- profile:
- $ref: '#/components/schemas/CustomHotpUserFactorProfile'
- CustomHotpUserFactorProfile:
- type: object
- properties:
- sharedSecret:
- type: string
CustomizablePage:
type: object
properties:
@@ -25453,7 +28454,7 @@ components:
$ref: '#/components/schemas/Platform'
_links:
$ref: '#/components/schemas/LinksSelf'
- discriminator: *ref_7
+ discriminator: *ref_9
DeviceAssuranceAndroidPlatform:
allOf:
- $ref: '#/components/schemas/DeviceAssurance'
@@ -25481,8 +28482,9 @@ components:
type: boolean
DeviceAssuranceChromeOSPlatform:
x-okta-lifecycle:
- features:
- - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
allOf:
- $ref: '#/components/schemas/DeviceAssurance'
- type: object
@@ -25534,8 +28536,9 @@ components:
type: boolean
thirdPartySignalProviders:
x-okta-lifecycle:
- features:
- - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
type: object
description: Settings for third-party signal providers (based on the `MACOS` platform)
properties:
@@ -25566,8 +28569,9 @@ components:
type: boolean
thirdPartySignalProviders:
x-okta-lifecycle:
- features:
- - GOOGLE_DEVICE_CONTEXT_CONNECTOR
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
type: object
description: Settings for third-party signal providers (based on the `WINDOWS` platform)
properties:
@@ -25587,7 +28591,7 @@ components:
- properties:
_embedded:
type: object
- description: List of associated users for the device if the `expand=user` query parameter is specified in the request
+ description: List of associated users for the device if the `expand=user` query parameter is specified in the request. Use `expand=userSummary` to get only a summary of each associated user for the device.
properties:
users:
description: Users for the device
@@ -25749,6 +28753,7 @@ components:
user:
$ref: '#/components/schemas/User'
DigestAlgorithm:
+ description: Algorithm used to generate the key. Only required for the PBKDF2 algorithm.
type: string
enum:
- SHA256_HMAC
@@ -25900,7 +28905,6 @@ components:
example: VERIFIED
type: string
enum:
- - FAILED_TO_VERIFY
- COMPLETED
- IN_PROGRESS
- NOT_STARTED
@@ -25987,6 +28991,10 @@ components:
type: string
domain:
type: string
+ validationSubdomain:
+ type: string
+ description: Subdomain for the email sender's custom mail domain. Specify your subdomain when you configure a custom mail domain.
+ default: mail
required:
- domain
- brandId
@@ -26002,7 +29010,7 @@ components:
EmailDomainDNSRecordType:
type: string
enum:
- - cname
+ - CNAME
- TXT
EmailDomainResponse:
allOf:
@@ -26019,23 +29027,15 @@ components:
type: string
validationStatus:
$ref: '#/components/schemas/EmailDomainStatus'
+ validationSubdomain:
+ type: string
+ description: The subdomain for the email sender's custom mail domain
+ default: mail
EmailDomainResponseWithEmbedded:
+ allOf:
+ - $ref: '#/components/schemas/EmailDomainResponse'
type: object
properties:
- displayName:
- type: string
- userName:
- type: string
- dnsValidationRecords:
- type: array
- items:
- $ref: '#/components/schemas/EmailDomainDNSRecord'
- domain:
- type: string
- id:
- type: string
- validationStatus:
- $ref: '#/components/schemas/EmailDomainStatus'
_embedded:
type: object
properties:
@@ -26162,18 +29162,6 @@ components:
required:
- from
- to
- EmailUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/EmailUserFactorProfile'
- EmailUserFactorProfile:
- type: object
- properties:
- email:
- type: string
EnabledStatus:
description: Setting status
type: string
@@ -26425,6 +29413,11 @@ components:
required:
- type
- items
+ Expression:
+ type: object
+ properties:
+ value:
+ type: string
FCMConfiguration:
properties:
fileName:
@@ -26445,56 +29438,6 @@ components:
properties:
configuration:
$ref: '#/components/schemas/FCMConfiguration'
- FactorProvider:
- type: string
- enum:
- - CUSTOM
- - DUO
- - FIDO
- - GOOGLE
- - OKTA
- - RSA
- - SYMANTEC
- - YUBICO
- FactorResultType:
- type: string
- enum:
- - CANCELLED
- - CHALLENGE
- - ERROR
- - FAILED
- - PASSCODE_REPLAYED
- - REJECTED
- - SUCCESS
- - TIMEOUT
- - TIME_WINDOW_EXCEEDED
- - WAITING
- FactorStatus:
- type: string
- enum:
- - ACTIVE
- - DISABLED
- - ENROLLED
- - EXPIRED
- - INACTIVE
- - NOT_SETUP
- - PENDING_ACTIVATION
- FactorType:
- type: string
- enum:
- - call
- - email
- - push
- - question
- - signed_nonce
- - sms
- - token
- - token:hardware
- - token:hotp
- - token:software:totp
- - u2f
- - web
- - webauthn
Feature:
description: Specifies feature release cycle information
type: object
@@ -26584,36 +29527,6 @@ components:
resetPasswordUrl:
type: string
readOnly: true
- GoogleApplication:
- x-tags:
- - Application
- x-okta-defined-as:
- name: google
- x-okta-lifecycle:
- features:
- - PROVISIONING_API_EXTENSION
- description: |
- Schema for Google app
-
- To create a Google app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the required parameters in the request body from the Google app schema.
- > **Note:** The Google app only supports `BROWSER_PLUGIN` and `SAML_2_0` sign-on modes.
- allOf:
- - $ref: '#/components/schemas/OINApplication'
- - type: object
- - required:
- - name
- - label
- - settings
- properties:
- name:
- default: google
- example: google
- type: string
- signOnMode:
- default: BROWSER_PLUGIN
- example: BROWSER_PLUGIN
- settings:
- $ref: '#/components/schemas/GoogleApplicationSettings'
GoogleApplicationSettings:
allOf:
- $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
@@ -26975,18 +29888,6 @@ components:
- APP_GROUP
- BUILT_IN
- OKTA_GROUP
- HardwareUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/HardwareUserFactorProfile'
- HardwareUserFactorProfile:
- type: object
- properties:
- credentialId:
- type: string
HookKey:
type: object
properties:
@@ -27254,8 +30155,10 @@ components:
description: Enable mapping AMR from IdP to Okta to downstream apps
default: false
x-okta-lifecycle:
- features:
- - IDP_AMR_CLAIMS_MAPPING
+ lifecycle: EA
+ isGenerallyAvailable: false
+ SKUs:
+ - Okta Identity Engine
maxClockSkew:
type: integer
provisioning:
@@ -27397,6 +30300,51 @@ components:
url:
readOnly: true
type: string
+ ImportScheduleObject:
+ description: Import schedule configuration
+ type: object
+ properties:
+ fullImport:
+ allOf:
+ - $ref: '#/components/schemas/ImportScheduleSettings'
+ - description: Determines the full import schedule
+ incrementalImport:
+ allOf:
+ - $ref: '#/components/schemas/ImportScheduleSettings'
+ - description: Determines the incremental import schedule
+ status:
+ $ref: '#/components/schemas/EnabledStatus'
+ ImportScheduleSettings:
+ type: object
+ properties:
+ expression:
+ type: string
+ description: The import schedule in UNIX cron format
+ example: 00 21 * * Mon,Thu,Fri,Sat
+ timezone:
+ type: string
+ description: The import schedule time zone in Internet Assigned Numbers Authority (IANA) time zone name format
+ minLength: 1
+ maxLength: 64
+ example: America/Los_Angeles
+ required:
+ - expression
+ ImportUsernameObject:
+ description: Determines the Okta username for the imported user
+ type: object
+ properties:
+ userNameExpression:
+ type: string
+ description: For `usernameFormat=CUSTOM`, specifies the Okta Expression Language statement for a username format that imported users use to sign in to Okta
+ usernameFormat:
+ type: string
+ description: Determines the username format when users sign in to Okta
+ default: EMAIL
+ enum:
+ - EMAIL
+ - CUSTOM
+ required:
+ - usernameFormat
InactivityPolicyRuleCondition:
type: object
properties:
@@ -27404,6 +30352,11 @@ components:
type: integer
unit:
type: string
+ InboundProvisioningApplicationFeature:
+ allOf:
+ - $ref: '#/components/schemas/ApplicationFeature'
+ - type: object
+ - {}
InlineHook:
type: object
properties:
@@ -27580,8 +30533,7 @@ components:
alg:
type: string
created:
- type: string
- format: date-time
+ $ref: '#/components/schemas/createdProperty'
e:
type: string
expiresAt:
@@ -27762,6 +30714,10 @@ components:
properties:
roles:
$ref: '#/components/schemas/HrefObject'
+ LinksSelfLifecycleAndAuthorize:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelfAndLifecycle'
+ - type: object
ListProfileMappings:
description: |-
A collection of the profile mappings that include a subset of the profile mapping object's properties. The Profile Mapping object describes a mapping between an Okta User's and an App User's properties using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
@@ -28069,7 +31025,7 @@ components:
- status
- type
- _links
- discriminator: *ref_9
+ discriminator: *ref_11
LogStreamActivateLink:
allOf:
- $ref: '#/components/schemas/LogStreamLinkObject'
@@ -28139,7 +31095,7 @@ components:
required:
- name
- type
- discriminator: *ref_24
+ discriminator: *ref_20
LogStreamSchema:
type: object
properties:
@@ -28330,8 +31286,9 @@ components:
type: string
uniqueItems: true
x-okta-lifecycle:
- features:
- - WEBAUTHN_MDS_CATALOG_BASED_AAGUID_ALLOWLIST
+ lifecycle: GA
+ isGenerallyAvailable: false
+ SKUs: []
enroll:
type: object
properties:
@@ -28383,7 +31340,7 @@ components:
type: array
items:
type: string
- description: Dynamic network zone property. array of strings that represent an ASN numeric value
+ description: 'Dynamic network zone property: An array of strings that represent an ASN numeric value'
maximum: 75
created:
type: string
@@ -28541,7 +31498,6 @@ components:
id:
type: string
description: User ID
- example: 00uu3u0ujW1P6AfZC1d7
readOnly: true
type:
type: string
@@ -28621,41 +31577,100 @@ components:
properties:
clientId:
type: string
+ description: Client ID
created:
- type: string
- format: date-time
- readOnly: true
- createdBy:
- $ref: '#/components/schemas/OAuth2Actor'
+ $ref: '#/components/schemas/createdProperty'
expiresAt:
type: string
+ description: Expiration time of the OAuth 2.0 Token
format: date-time
readOnly: true
id:
type: string
+ description: ID of the Token object
readOnly: true
issuer:
type: string
+ description: The complete URL of the authorization server that issued the Token
lastUpdated:
- type: string
- format: date-time
- readOnly: true
+ $ref: '#/components/schemas/lastUpdatedProperty'
scopes:
type: array
+ description: The scope names attached to the Token
items:
type: string
status:
$ref: '#/components/schemas/GrantOrTokenStatus'
userId:
type: string
+ description: The ID of the user associated with the Token
_embedded:
type: object
- additionalProperties:
- type: object
- properties: {}
+ description: The embedded resources related to the object if the `expand` query parameter is specified
+ properties:
+ scopes:
+ type: array
+ description: The scope objects attached to the Token
+ items:
+ $ref: '#/components/schemas/OAuth2RefreshTokenScope'
readOnly: true
_links:
- $ref: '#/components/schemas/LinksSelf'
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ app:
+ description: Link to the app resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ revoke:
+ description: Link to revoke the refresh Token
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ - properties:
+ hints:
+ properties:
+ allow:
+ items:
+ enum:
+ - DELETE
+ default: DELETE
+ client:
+ description: Link to the client resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ user:
+ description: Link to the user resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ authorizationServer:
+ description: Link to the Token authorization server resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
+ OAuth2RefreshTokenScope:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Scope
+ displayName:
+ type: string
+ description: Name of the end user displayed in a consent dialog
+ id:
+ type: string
+ description: Scope object ID
+ readOnly: true
+ name:
+ type: string
+ description: Scope name
+ _links:
+ description: Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification. This object is used for dynamic discovery of related resources and lifecycle operations.
+ type: object
+ properties:
+ scope:
+ description: Link to Scope resource
+ allOf:
+ - $ref: '#/components/schemas/AppCustomHrefObject'
OAuth2Scope:
type: object
properties:
@@ -28663,21 +31678,27 @@ components:
$ref: '#/components/schemas/OAuth2ScopeConsentType'
default:
type: boolean
+ description: Indicates if this Scope is a default scope
description:
type: string
+ description: Description of the Scope
displayName:
type: string
+ description: Name of the end user displayed in a consent dialog
id:
type: string
+ description: Scope object ID
readOnly: true
metadataPublish:
$ref: '#/components/schemas/OAuth2ScopeMetadataPublish'
name:
type: string
+ description: Scope name
optional:
type: boolean
system:
type: boolean
+ description: Indicates if Okta created the Scope
OAuth2ScopeConsentGrant:
description: Grant object that represents an app consent scope grant
type: object
@@ -28685,31 +31706,21 @@ components:
clientId:
type: string
description: Client ID of the app integration
- example: 0oafxqCAJWWGELFTYASJ
readOnly: true
created:
- type: string
- description: Timestamp when the Grant object was created
- format: date-time
- example: '2023-06-28T16:40:10.000Z'
- readOnly: true
+ $ref: '#/components/schemas/createdProperty'
createdBy:
$ref: '#/components/schemas/OAuth2Actor'
id:
type: string
description: ID of the Grant object
- example: oagsebt2ltaSlR6t81d6
readOnly: true
issuer:
type: string
description: The issuer of your org authorization server. This is typically your Okta domain.
example: https://my_test_okta_org.oktapreview.com
lastUpdated:
- type: string
- description: Timestamp when the Grant object was last updated
- format: date-time
- example: '2023-06-28T16:40:10.000Z'
- readOnly: true
+ $ref: '#/components/schemas/lastUpdatedProperty'
scopeId:
type: string
description: The name of the [Okta scope](https://developer.okta.com/docs/api/oauth2/#oauth-20-scopes) for which consent is granted
@@ -28740,13 +31751,13 @@ components:
- type: object
properties:
app:
- description: Link to app
+ description: Link to the app resource
allOf:
- - $ref: '#/components/schemas/HrefObject'
+ - $ref: '#/components/schemas/AppCustomHrefObject'
client:
- description: Link to client
+ description: Link to the client resource
allOf:
- - $ref: '#/components/schemas/HrefObject'
+ - $ref: '#/components/schemas/AppCustomHrefObject'
- readOnly: true
required:
- issuer
@@ -28760,12 +31771,17 @@ components:
- END_USER
readOnly: true
OAuth2ScopeConsentType:
+ description: Indicates whether a consent dialog is needed for the Scope
+ default: IMPLICIT
type: string
enum:
- ADMIN
+ - FLEXIBLE
- IMPLICIT
- REQUIRED
OAuth2ScopeMetadataPublish:
+ description: Indicates whether the Scope is included in the metadata
+ default: NO_CLIENTS
type: string
enum:
- ALL_CLIENTS
@@ -28782,25 +31798,28 @@ components:
properties:
clientId:
type: string
- created:
- type: string
- format: date-time
+ description: Client ID
+ example: 0oabskvc6442nkvQO0h7
readOnly: true
+ created:
+ $ref: '#/components/schemas/createdProperty'
expiresAt:
type: string
+ description: Expiration time of the OAuth 2.0 Token
format: date-time
readOnly: true
id:
type: string
+ description: ID of the Token object
readOnly: true
issuer:
type: string
+ description: The complete URL of the authorization server that issued the Token
lastUpdated:
- type: string
- format: date-time
- readOnly: true
+ $ref: '#/components/schemas/lastUpdatedProperty'
scopes:
type: array
+ description: Name of scopes attached to the Token
items:
type: string
status:
@@ -28809,6 +31828,7 @@ components:
type: string
_embedded:
type: object
+ description: Embedded resources related to the object if the `expand` query parameter is specified
additionalProperties:
type: object
properties: {}
@@ -28999,36 +32019,6 @@ components:
minimum:
type: string
example: 12.4.5
- Office365Application:
- x-tags:
- - Application
- x-okta-lifecycle:
- features:
- - PROVISIONING_API_EXTENSION
- x-okta-defined-as:
- name: office365
- description: |
- Schema for Office 365 app
-
- To create an Office 365 app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the required parameters in the request body from the Office 365 app schema.
- > **Note:** The Office 365 app only supports `BROWSER_PLUGIN` and `SAML_1_1` sign-on modes.
- allOf:
- - $ref: '#/components/schemas/OINApplication'
- - type: object
- - required:
- - name
- - label
- - settings
- properties:
- name:
- type: string
- default: office365
- example: office365
- signOnMode:
- default: BROWSER_PLUGIN
- example: BROWSER_PLUGIN
- settings:
- $ref: '#/components/schemas/Office365ApplicationSettings'
Office365ApplicationSettings:
allOf:
- $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
@@ -29064,6 +32054,54 @@ components:
name:
type: string
description: The domain for your Office 365 account
+ Office365ProvisioningSettings:
+ title: office365
+ description: Settings required for the Office 365 provisioning connection
+ type: object
+ properties:
+ adminPassword:
+ type: string
+ description: Office 365 global administrator password
+ adminUsername:
+ type: string
+ description: Office 365 global administrator user name
+ required:
+ - adminUsername
+ - adminPassword
+ Oidc:
+ description: OIDC configuration details
+ type: object
+ properties:
+ doc:
+ type: string
+ format: uri
+ description: The URL to your customer-facing instructions for configuring your OIDC integration
+ example: https://example.com/strawberry/help/oidcSetup
+ initiateLoginUri:
+ type: string
+ format: uri
+ description: The URL to redirect users when they click on your app from their Okta End-User Dashboard
+ example: https://${org.subdomain}.example.com/strawberry/oidc/sp-init
+ postLogoutUris:
+ type: array
+ description: The sign-out redirect URIs for your app. You can send a request to `/v1/logout` to sign the user out and redirect them to one of these URIs.
+ items:
+ type: string
+ format: uri
+ description: 'A sign-out redirect URI. You can use the org properties you defined in the `config` array as variables in your URI. For example: `https://${org.subdomain}.example.com/strawberry/oidc/logged-out`'
+ example: https://${org.subdomain}.example.com/strawberry/oidc/logged-out
+ redirectUris:
+ type: array
+ minItems: 1
+ description: List of sign-in redirect URIs
+ items:
+ type: string
+ format: uri
+ description: Sign-in redirect URI
+ example: https://${org.subdomain}.example.com/strawberry/oidc/login
+ required:
+ - redirectUris
+ - doc
OktaSignOnPolicy:
allOf:
- $ref: '#/components/schemas/Policy'
@@ -29194,8 +32232,8 @@ components:
description: Indicates that the client application uses Demonstrating Proof-of-Possession (DPoP) for token requests. If `true`, the authorization server rejects token requests from this client that don't contain the DPoP header.
default: false
x-okta-lifecycle:
- features:
- - OAUTH2_DPOP
+ lifecycle: GA
+ isGenerallyAvailable: true
frontchannel_logout_session_required:
description: Include user session details.
type: boolean
@@ -29250,12 +32288,28 @@ components:
items:
$ref: '#/components/schemas/JsonWebKey'
OpenIdConnectApplicationSettingsRefreshToken:
+ description: |
+ Refresh token configuration for an OAuth 2.0 client
+
+ When you create or update an OAuth 2.0 client, you can configure refresh token rotation by setting the `rotation_type` and `leeway` properties. If you don't set these properties when you create an app integration, the default values are used.
+ When you update an app integration, your previously configured values are used.
type: object
properties:
leeway:
type: integer
+ minimum: 0
+ maximum: 60
+ description: |
+ The leeway, in seconds, allowed for the OAuth 2.0 client.
+ After the refresh token is rotated, the previous token remains valid for the specified period of time so clients can get the new token.
+
+ > **Note:** A leeway of 0 doesn't necessarily mean that the previous token is immediately invalidated. The previous token is invalidated after the new token is generated and returned in the response.
+ default: 30
+ example: 20
rotation_type:
$ref: '#/components/schemas/OpenIdConnectRefreshTokenRotationType'
+ required:
+ - rotation_type
OpenIdConnectApplicationType:
type: string
enum:
@@ -29264,10 +32318,79 @@ components:
- service
- web
OpenIdConnectRefreshTokenRotationType:
+ description: The refresh token rotation mode for the OAuth 2.0 client
+ example: STATIC
type: string
enum:
- ROTATE
- STATIC
+ x-enumDescriptions:
+ ROTATE: The default rotation type for single-page apps (SPAs)
+ STATIC: The default rotation type for all clients, except SPAs
+ OperationRequest:
+ type: object
+ properties:
+ ruleId:
+ type: string
+ OperationResponse:
+ type: object
+ properties:
+ completed:
+ type: string
+ format: date-time
+ readOnly: true
+ created:
+ type: string
+ format: date-time
+ readOnly: true
+ id:
+ type: string
+ readOnly: true
+ numUserMoved:
+ type: number
+ readOnly: true
+ realmId:
+ type: string
+ readOnly: true
+ realmName:
+ type: string
+ readOnly: true
+ ruleOperation:
+ type: object
+ properties:
+ configuration:
+ type: object
+ properties:
+ actions:
+ type: object
+ properties:
+ assignUserToRealm:
+ type: object
+ properties:
+ realmId:
+ type: string
+ realmName:
+ type: string
+ conditions:
+ $ref: '#/components/schemas/Conditions'
+ id:
+ type: string
+ name:
+ type: string
+ started:
+ type: string
+ format: date-time
+ readOnly: true
+ status:
+ type: string
+ readOnly: true
+ enum:
+ - COMPLETED
+ - SCHEDULED
+ - IN_PROGRESS
+ - FAILED
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
OperationalStatus:
description: Operational status of a given agent
type: string
@@ -29444,6 +32567,11 @@ components:
preview:
$ref: '#/components/schemas/HrefObject'
PasswordCredential:
+ description: |-
+ When a user has a valid password, imported hashed password, or password hook, and a response object contains
+ a password credential, then the password object is a bare object without the value property defined (for example, `password: {}`). This
+ indicates that a password value exists. You can modify password policy requirements in the Admin Console by editing the Password
+ authenticator: **Security** > **Authenticators** > **Password** (or for Okta Classic orgs, use **Security** > **Authentication** > **Password**).
type: object
properties:
hash:
@@ -29452,8 +32580,16 @@ components:
$ref: '#/components/schemas/PasswordCredentialHook'
value:
type: string
+ writeOnly: true
+ description: Specifies the password for a user. The Password Policy validates this password.
format: password
PasswordCredentialHash:
+ description: |-
+ Specifies a hashed password to import into Okta. This allows an existing password to be imported into Okta directly
+ from some other store. Okta supports the BCRYPT, SHA-512, SHA-256, SHA-1, MD5, and PBKDF2 hash functions for password import.
+ A hashed password may be specified in a Password object when creating or updating a user, but not for other operations.
+ See [Create User with Imported Hashed Password](https://developer.okta.com/docs/reference/api/users/#create-user-with-imported-hashed-password)
+ for information on using this object when creating a user. When updating a user with a hashed password, the user must be in the `STAGED` status.
type: object
properties:
algorithm:
@@ -29462,17 +32598,33 @@ components:
$ref: '#/components/schemas/DigestAlgorithm'
iterationCount:
type: integer
+ description: The number of iterations used when hashing passwords using PBKDF2. Must be >= 4096. Only required for PBKDF2 algorithm.
keySize:
type: integer
+ description: Size of the derived key in bytes. Only required for PBKDF2 algorithm.
salt:
+ description: |-
+ Only required for salted hashes. For BCRYPT, this specifies Radix-64 as the encoded salt used to generate the hash,
+ which must be 22 characters long. For other salted hashes, this specifies the Base64-encoded salt used to
+ generate the hash.
type: string
saltOrder:
type: string
+ description: Specifies whether salt was pre- or postfixed to the password before hashing. Only required for salted algorithms.
value:
+ description: |-
+ For SHA-512, SHA-256, SHA-1, MD5, and PBKDF2, this is the actual base64-encoded hash of the password (and salt, if used).
+ This is the Base64-encoded `value` of the SHA-512/SHA-256/SHA-1/MD5/PBKDF2 digest that was computed by either pre-fixing or post-fixing
+ the `salt` to the `password`, depending on the `saltOrder`. If a `salt` was not used in the `source` system, then this should just be
+ the Base64-encoded `value` of the password's SHA-512/SHA-256/SHA-1/MD5/PBKDF2 digest. For BCRYPT, this is the actual Radix-64 encoded hashed password.
type: string
workFactor:
type: integer
+ description: Governs the strength of the hash and the time required to compute it. Only required for BCRYPT algorithm.
+ minimum: 1
+ maximum: 20
PasswordCredentialHashAlgorithm:
+ description: The algorithm used to generate the hash using the password (and salt, when applicable).
type: string
enum:
- BCRYPT
@@ -29482,10 +32634,15 @@ components:
- SHA-256
- SHA-512
PasswordCredentialHook:
+ description: |-
+ Specify a [password import inline hook](https://developer.okta.com/docs/reference/password-hook/) to trigger verification of the user's password
+ the first time the user logs in. This allows an existing password to be imported into Okta directly from some other store.
+ See [Create User with Password Hook](https://developer.okta.com/docs/reference/api/users/#create-user-with-password-import-inline-hook) for information on using this object when creating a user.
type: object
properties:
type:
type: string
+ description: The type of password inline hook. Currently, must be set to default.
PasswordDictionary:
type: object
properties:
@@ -29780,8 +32937,8 @@ components:
$ref: '#/components/schemas/HrefObject'
PermissionConditions:
x-okta-lifecycle:
- features:
- - CUSTOM_ADMIN_ROLES_CONDITIONS
+ lifecycle: GA
+ isGenerallyAvailable: true
description: Conditions for further restricting a permission
nullable: true
type: object
@@ -29879,7 +33036,7 @@ components:
readOnly: true
_links:
$ref: '#/components/schemas/LinksSelf'
- discriminator: *ref_11
+ discriminator: *ref_13
PolicyAccess:
type: string
enum:
@@ -29980,6 +33137,14 @@ components:
allOf:
- $ref: '#/components/schemas/HrefObject'
- description: Link to the mapped application
+ authenticator:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to the mapped authenticator
+ policy:
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - description: Link to the mapped policy
PolicyMappingRequest:
type: object
properties:
@@ -30058,7 +33223,7 @@ components:
default: false
type:
$ref: '#/components/schemas/PolicyRuleType'
- discriminator: *ref_13
+ discriminator: *ref_15
PolicyRuleActions:
type: object
PolicyRuleActionsEnroll:
@@ -30567,7 +33732,7 @@ components:
status:
$ref: '#/components/schemas/ProvisioningConnectionStatus'
_links:
- $ref: '#/components/schemas/LinksSelfAndLifecycle'
+ $ref: '#/components/schemas/LinksSelfLifecycleAndAuthorize'
required:
- authScheme
- status
@@ -30590,8 +33755,12 @@ components:
properties:
authScheme:
$ref: '#/components/schemas/ProvisioningConnectionAuthScheme'
- token:
- type: string
+ discriminator:
+ propertyName: authScheme
+ mapping:
+ TOKEN: '#/components/schemas/ProvisioningConnectionProfileToken'
+ OAUTH2: '#/components/schemas/ProvisioningConnectionProfileOauth'
+ UNKNOWN: '#/components/schemas/ProvisioningConnectionProfileUnknown'
ProvisioningConnectionProfileOauth:
description: |
The app provisioning connection profile used to configure the method of authentication and the credentials.
@@ -30606,6 +33775,12 @@ components:
required:
- authScheme
- clientId
+ ProvisioningConnectionProfileOauthSettings:
+ title: Generic
+ description: Specific settings aren't defined for generic OAuth 2.0 provisioning connections
+ additionalProperties:
+ type: string
+ type: object
ProvisioningConnectionProfileToken:
description: |
The app provisioning connection profile used to configure the method of authentication and the credentials.
@@ -30708,34 +33883,7 @@ components:
$ref: '#/components/schemas/ProviderType'
_links:
$ref: '#/components/schemas/LinksSelf'
- discriminator: *ref_15
- PushUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- expiresAt:
- type: string
- format: date-time
- factorResult:
- $ref: '#/components/schemas/FactorResultType'
- profile:
- $ref: '#/components/schemas/PushUserFactorProfile'
- PushUserFactorProfile:
- type: object
- properties:
- credentialId:
- type: string
- deviceToken:
- type: string
- deviceType:
- type: string
- name:
- type: string
- platform:
- type: string
- version:
- type: string
+ discriminator: *ref_17
RateLimitAdminNotifications:
title: RateLimitAdminNotifications
description: ''
@@ -30792,6 +33940,35 @@ components:
$ref: '#/components/schemas/RealmProfile'
_links:
$ref: '#/components/schemas/LinksSelf'
+ RealmAssignmentRule:
+ type: object
+ properties:
+ actions:
+ $ref: '#/components/schemas/Actions'
+ conditions:
+ $ref: '#/components/schemas/Conditions'
+ created:
+ type: string
+ format: date-time
+ readOnly: true
+ id:
+ type: string
+ readOnly: true
+ isDefault:
+ type: boolean
+ readOnly: true
+ lastUpdated:
+ type: string
+ format: date-time
+ readOnly: true
+ name:
+ type: string
+ priority:
+ type: integer
+ status:
+ $ref: '#/components/schemas/LifecycleStatus'
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
RealmProfile:
type: object
properties:
@@ -30799,12 +33976,22 @@ components:
type: string
description: Name of a Realm
RecoveryQuestionCredential:
+ description: |-
+ Specifies a secret question and answer that's validated (case insensitive) when a user forgets their
+ password or unlocks their account. The answer property is write-only.
type: object
properties:
answer:
type: string
+ description: The recovery question answer
+ minimum: 1
+ maximum: 100
+ writeOnly: true
question:
type: string
+ description: The recovery question
+ minimum: 1
+ maximum: 100
ReleaseChannel:
description: Release channel for auto-update
type: string
@@ -30825,6 +34012,83 @@ components:
resetPasswordUrl:
type: string
readOnly: true
+ ResourceSelectorCreateRequestSchema:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Resource Selector
+ filter:
+ type: string
+ description: SCIM filter of the Resource Selector
+ name:
+ type: string
+ description: Name of the Resource Selector
+ schema:
+ type: string
+ description: Schema of the Resource Selector
+ ResourceSelectorPatchRequestSchema:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Resource Selector
+ filter:
+ type: string
+ description: SCIM filter of the Resource Selector
+ name:
+ type: string
+ description: Name of the Resource Selector
+ ResourceSelectorResponseSchema:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Resource Selector
+ id:
+ type: string
+ description: Unique key for the Resource Selector
+ name:
+ type: string
+ description: Name of the Resource Selector
+ orn:
+ type: string
+ description: An Okta resource name
+ _links:
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - properties:
+ resources:
+ $ref: '#/components/schemas/HrefObject'
+ ResourceSelectorResponseWithoutSelfLinkSchema:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the Resource Selector
+ id:
+ type: string
+ description: Unique key for the Resource Selector
+ name:
+ type: string
+ description: Name of the Resource Selector
+ orn:
+ type: string
+ description: An Okta resource name
+ _links:
+ allOf:
+ - properties:
+ resources:
+ $ref: '#/components/schemas/HrefObject'
+ ResourceSelectorsSchema:
+ type: object
+ properties:
+ resourceSelectors:
+ type: array
+ items:
+ $ref: '#/components/schemas/ResourceSelectorResponseWithoutSelfLinkSchema'
+ _links:
+ $ref: '#/components/schemas/LinksNext'
ResourceSet:
type: object
properties:
@@ -31172,6 +34436,14 @@ components:
- okta.authzServers.read
- okta.customizations.manage
- okta.customizations.read
+ - okta.devices.lifecycle.activate
+ - okta.devices.lifecycle.deactivate
+ - okta.devices.lifecycle.delete
+ - okta.devices.lifecycle.manage
+ - okta.devices.lifecycle.suspend
+ - okta.devices.lifecycle.unsuspend
+ - okta.devices.manage
+ - okta.devices.read
- okta.governance.accessCertifications.manage
- okta.governance.accessRequests.manage
- okta.groups.appAssignment.manage
@@ -31240,36 +34512,6 @@ components:
NO_SAFE_BROWSING: Safe Browsing is never active
STANDARD_PROTECTION: Safe Browsing is active in the standard mode
ENHANCED_PROTECTION: Safe Browsing is active in the enhanced mode
- SalesforceApplication:
- x-tags:
- - Application
- x-okta-defined-as:
- name: salesforce
- x-okta-lifecycle:
- features:
- - PROVISIONING_API_EXTENSION
- description: |
- Schema for Salesforce app
-
- To create a Salesforce app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the required parameters in the request body from the Salesforce app schema.
- > **Note:** The Salesforce app only supports `BROWSER_PLUGIN`, `BOOKMARK`, and `SAML_2_0` sign-on modes.
- allOf:
- - $ref: '#/components/schemas/OINApplication'
- - type: object
- - required:
- - name
- - label
- - settings
- properties:
- name:
- type: string
- default: salesforce
- example: salesforce
- signOnMode:
- default: BROWSER_PLUGIN
- example: BROWSER_PLUGIN
- settings:
- $ref: '#/components/schemas/SalesforceApplicationSettings'
SalesforceApplicationSettings:
allOf:
- $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
@@ -31306,6 +34548,42 @@ components:
required:
- integrationType
- instanceType
+ Saml:
+ description: SAML configuration details
+ type: object
+ properties:
+ acs:
+ type: array
+ minItems: 1
+ description: 'List of Assertion Consumer Service (ACS) URLs. The default ACS URL is required and is indicated by a null index value. You can use the org properties you defined in the `config` array as variables in the URL. For example: `https://${org.subdomain}.example.com/saml/login`'
+ items:
+ type: object
+ properties:
+ index:
+ type: number
+ minimum: 0
+ maximum: 65535
+ description: Index of ACS URL
+ example: 0
+ url:
+ type: string
+ format: uri
+ maxLength: 1024
+ description: Assertion Consumer Service (ACS) URL
+ example: https://${org.subdomain}.example.com/saml/login
+ doc:
+ type: string
+ format: uri
+ description: The URL to your customer-facing instructions for configuring your SAML integration
+ example: https://example.com/strawberry/help/samlSetup
+ entityId:
+ type: string
+ description: Globally unique name for your SAML entity. For instance, your Identity Provider (IdP) or Service Provider (SP).
+ example: https://${org.subdomain}.example.com
+ required:
+ - acs
+ - entityId
+ - doc
SamlApplication:
allOf:
- $ref: '#/components/schemas/Application'
@@ -31496,31 +34774,6 @@ components:
type: string
usernameField:
type: string
- SecurityQuestion:
- type: object
- properties:
- answer:
- type: string
- question:
- type: string
- questionText:
- type: string
- SecurityQuestionUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/SecurityQuestionUserFactorProfile'
- SecurityQuestionUserFactorProfile:
- type: object
- properties:
- answer:
- type: string
- question:
- type: string
- questionText:
- type: string
SeedEnum:
description: Determines whether the generated password is the user's Okta password or a randomly generated password
default: RANDOM
@@ -31700,6 +34953,8 @@ components:
type: string
classicRecoveryFlowEmailOrUsernameLabel:
type: string
+ widgetGeneration:
+ $ref: '#/components/schemas/WidgetGeneration'
widgetVersion:
$ref: '#/components/schemas/Version'
SignInPageTouchPointVariant:
@@ -31829,35 +35084,6 @@ components:
type: string
logoutUrl:
type: string
- SlackApplication:
- x-tags:
- - Application
- x-okta-defined-as:
- name: slack
- x-okta-lifecycle:
- features:
- - PROVISIONING_API_EXTENSION
- description: |
- Schema for Slack app
-
- To create a Slack app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the required parameters in the request body from the Slack app schema.
- > **Note:** The Slack app only supports `BROWSER_PLUGIN` and `SAML_2_0` sign-on modes.
- allOf:
- - $ref: '#/components/schemas/OINApplication'
- - type: object
- - required:
- - name
- - label
- - settings
- properties:
- name:
- type: string
- default: slack
- example: slack
- signOnMode:
- default: SAML_2_0
- settings:
- $ref: '#/components/schemas/SlackApplicationSettings'
SlackApplicationSettings:
allOf:
- $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
@@ -31926,18 +35152,6 @@ components:
type: string
enum:
- SMS_VERIFY_CODE
- SmsUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/SmsUserFactorProfile'
- SmsUserFactorProfile:
- type: object
- properties:
- phoneNumber:
- type: string
SocialAuthToken:
type: object
properties:
@@ -31994,6 +35208,14 @@ components:
writeOnly: true
type: string
pattern: (?i)^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$
+ Sso:
+ description: Supported SSO protocol configurations. You must configure at least one protocol.
+ type: object
+ properties:
+ oidc:
+ $ref: '#/components/schemas/Oidc'
+ saml:
+ $ref: '#/components/schemas/Saml'
SsprPrimaryRequirement:
description: Defines the authenticators permitted for the initial authentication step of password recovery
type: object
@@ -32001,14 +35223,14 @@ components:
methodConstraints:
description: Constraints on the values specified in the `methods` array. Specifying a constraint limits methods to specific authenticator(s). Currently, Google OTP is the only accepted constraint.
x-okta-lifecycle:
- features:
- - IDX_SSPR_EXTENDED_PRIMARY_FACTORS
+ lifecycle: GA
+ isGenerallyAvailable: true
type: array
items:
$ref: '#/components/schemas/AuthenticatorMethodConstraint'
methods:
type: array
- description: Authenticator methods allowed for the initial authentication step of password recovery
+ description: Authenticator methods allowed for the initial authentication step of password recovery. Method `otp` requires a constraint limiting it to a Google authenticator.
items:
type: string
enum:
@@ -32016,17 +35238,7 @@ components:
- sms
- voice
- email
- x-okta-feature-flag-amends:
- IDX_SSPR_EXTENDED_PRIMARY_FACTORS:
- description: Authenticator methods allowed for the initial authentication step of password recovery. Method `otp` requires a constraint limiting it to a Google authenticator.
- items:
- type: string
- enum:
- - push
- - sms
- - voice
- - email
- - otp
+ - otp
SsprRequirement:
description: Describes the initial and secondary authenticator requirements a user needs to reset their password
type: object
@@ -32052,6 +35264,76 @@ components:
- security_question
required:
type: boolean
+ SubmissionRequest:
+ allOf:
+ - $ref: '#/components/schemas/SubmissionResponse'
+ required:
+ - name
+ - description
+ - logo
+ SubmissionResponse:
+ type: object
+ properties:
+ config:
+ type: array
+ description: 'List of org-level properties used to set up the per-tenant configuration for your customers. For example the `subdomain` property can be used in the ACS URL: `https://${org.subdomain}.example.com/saml/login`.'
+ items:
+ type: object
+ properties:
+ label:
+ type: string
+ description: Display name of org property in the Admin Console.
+ example: Subdomain
+ name:
+ type: string
+ maxLength: 1024
+ minLength: 1
+ description: Name of the org property
+ example: subdomain
+ description:
+ type: string
+ maxLength: 1024
+ minLength: 1
+ description: A general description of your application and value of the Okta integration
+ example: Your one source for in-season strawberry deals. Okta's Strawberry Central integration allow users to securely access those sweet deals.
+ id:
+ type: string
+ description: ID of a Submission
+ readOnly: true
+ example: acme_submissionapp_1
+ lastPublished:
+ type: string
+ description: Timestamp when the Submission was last published
+ readOnly: true
+ example: '2023-08-24T14:15:22.000Z'
+ lastUpdated:
+ type: string
+ description: Timestamp when the Submission object was last updated
+ readOnly: true
+ example: '2023-08-24T14:15:22.000Z'
+ lastUpdatedBy:
+ type: string
+ description: ID of the user who made the last update
+ readOnly: true
+ example: 00ub0oNGTSWTBKOLGLNR
+ logo:
+ type: string
+ format: uri
+ description: URL to an uploaded application logo. This logo appears next to your app integration name in the OIN catalog.
+ example: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
+ name:
+ type: string
+ maxLength: 64
+ minLength: 1
+ description: The app integration name. This is the main title used for your integration in the OIN catalog.
+ example: Strawberry Central
+ sso:
+ $ref: '#/components/schemas/Sso'
+ status:
+ type: string
+ description: Status of the Submission
+ readOnly: true
+ example: New
Subscription:
type: object
properties:
@@ -32143,6 +35425,95 @@ components:
tempPassword:
type: string
readOnly: true
+ TestInfo:
+ description: Integration Testing Information
+ type: object
+ properties:
+ escalationSupportContact:
+ type: string
+ maxLength: 255
+ description: An email for Okta to contact your company about your integration. This email isn't shared with customers.
+ example: strawberry.support@example.com
+ oidcTestConfiguration:
+ type: object
+ description: OIDC test details
+ properties:
+ idp:
+ type: boolean
+ description: Indicates if your integration supports IdP-initiated sign-in flows
+ readOnly: true
+ sp:
+ type: boolean
+ description: Indicates if your integration supports SP-initiated sign-in flows
+ readOnly: true
+ jit:
+ type: boolean
+ description: Indicates if your integration supports Just-In-Time (JIT) provisioning
+ spInitiateUrl:
+ type: string
+ format: uri
+ maxLength: 512
+ description: URL for SP-initiated sign-in flows (required if `sp = true`)
+ example: https://test.example.com/strawberry/oidc/sp-init
+ required:
+ - spInitiateUrl
+ samlTestConfiguration:
+ type: object
+ description: SAML test details
+ properties:
+ idp:
+ type: boolean
+ description: Indicates if your integration supports IdP-initiated sign-in
+ sp:
+ type: boolean
+ description: Indicates if your integration supports SP-initiated sign-in
+ jit:
+ type: boolean
+ description: Indicates if your integration supports Just-In-Time (JIT) provisioning
+ spInitiateUrl:
+ type: string
+ format: uri
+ maxLength: 512
+ description: URL for SP-initiated sign-in flows (required if `sp = true`)
+ example: https://test.example.com/strawberry/saml/sp-init
+ spInitiateDescription:
+ type: string
+ maxLength: 2048
+ description: Instructions on how to sign in to your app using the SP-initiated flow
+ example: Just open URL and provide your username
+ required:
+ - spInitiateUrl
+ testAccount:
+ type: object
+ description: An account on a test instance of your app with admin privileges. A test admin account is required by Okta for integration testing. During OIN QA testing, an Okta analyst uses this admin account to configure your app for the various test case flows.
+ properties:
+ url:
+ type: string
+ format: uri
+ maxLength: 512
+ description: The sign-in URL to a test instance of your app
+ example: https://example.com/strawberry/login
+ username:
+ type: string
+ maxLength: 255
+ description: The username for your app admin account
+ example: test@example.com
+ password:
+ type: string
+ maxLength: 255
+ description: The password for your app admin account
+ example: sUperP@ssw0rd
+ instructions:
+ type: string
+ maxLength: 2048
+ description: Additional instructions to test the app integration, including instructions for obtaining test accounts
+ example: Just open URL and input credentials
+ required:
+ - url
+ - username
+ - password
+ required:
+ - escalationSupportContact
Theme:
type: object
properties:
@@ -32271,59 +35642,6 @@ components:
id:
type: string
readOnly: false
- TokenUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/TokenUserFactorProfile'
- TokenUserFactorProfile:
- type: object
- properties:
- credentialId:
- type: string
- TotpUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/TotpUserFactorProfile'
- TotpUserFactorProfile:
- type: object
- properties:
- credentialId:
- type: string
- TrendMicroApexOneServiceApplication:
- x-tags:
- - Application
- x-okta-defined-as:
- name: trendmicroapexoneservice
- x-okta-lifecycle:
- features:
- - PROVISIONING_API_EXTENSION
- description: |
- Schema for Trend Micro Apex One as a Service app
-
- To create a Trend Micro Apex One as a Service app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the required parameters in the request body from the Trend Micro Apex One as a Service app schema.
- > **Note:** The Trend Micro Apex One as a Service app only supports `SAML_2_0` sign-on mode.
- allOf:
- - $ref: '#/components/schemas/OINApplication'
- - type: object
- - required:
- - name
- - label
- - settings
- properties:
- name:
- type: string
- default: trendmicroapexoneservice
- example: trendmicroapexoneservice
- signOnMode:
- default: SAML_2_0
- settings:
- $ref: '#/components/schemas/TrendMicroApexOneServiceApplicationSettings'
TrendMicroApexOneServiceApplicationSettings:
allOf:
- $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
@@ -32387,18 +35705,6 @@ components:
- CORS
- IFRAME_EMBED
- REDIRECT
- U2fUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/U2fUserFactorProfile'
- U2fUserFactorProfile:
- type: object
- properties:
- credentialId:
- type: string
UIElement:
description: Specifies the configuration of an input field on an enrollment form
type: object
@@ -32501,6 +35807,22 @@ components:
required:
- label
- description
+ UpdateRealmAssignmentRuleRequest:
+ type: object
+ properties:
+ actions:
+ $ref: '#/components/schemas/Actions'
+ conditions:
+ $ref: '#/components/schemas/Conditions'
+ name:
+ type: string
+ priority:
+ type: integer
+ UpdateRealmRequest:
+ type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/RealmProfile'
UpdateUISchema:
description: The updated request body properties
type: object
@@ -32514,73 +35836,147 @@ components:
$ref: '#/components/schemas/UserCredentials'
profile:
$ref: '#/components/schemas/UserProfile'
- realmId:
- type: string
- description: The ID of the realm in which the user is residing
- example: guo1bfiNtSnZYILxO0g4
- x-okta-lifecycle:
- features:
- - UD_REALMS
User:
type: object
properties:
activated:
type: string
+ description: The timestamp when the user status transitioned to `ACTIVE`
format: date-time
readOnly: true
nullable: true
created:
type: string
+ description: The timestamp when the user was created
format: date-time
readOnly: true
credentials:
$ref: '#/components/schemas/UserCredentials'
id:
type: string
+ description: The unique key for the user
readOnly: true
lastLogin:
type: string
+ description: The timestamp of the last login
format: date-time
readOnly: true
nullable: true
lastUpdated:
type: string
+ description: The timestamp when the user was last updated
format: date-time
readOnly: true
passwordChanged:
type: string
+ description: The timestamp when the user's password was last updated
format: date-time
readOnly: true
nullable: true
profile:
$ref: '#/components/schemas/UserProfile'
- realmId:
- type: string
- description: The ID of the realm in which the user is residing
- example: guo1bfiNtSnZYILxO0g4
- x-okta-lifecycle:
- features:
- - UD_REALMS
- readOnly: true
status:
$ref: '#/components/schemas/UserStatus'
statusChanged:
type: string
+ description: The timestamp when the status of the user last changed
format: date-time
readOnly: true
nullable: true
transitioningToStatus:
- $ref: '#/components/schemas/UserStatus'
+ type: string
+ description: The target status of an in-progress asynchronous status transition. This property is only returned if the user's state is transitioning.
+ readOnly: true
+ nullable: true
+ enum:
+ - ACTIVE
+ - DEPROVISIONED
+ - PROVISIONED
type:
- $ref: '#/components/schemas/UserType'
+ type: string
+ description: |-
+ The user type that determines the schema for the user's profile. The `type` property is a map that identifies
+ the User Type (see [User Types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/#tag/UserType)).
+ Currently it contains a single element, `id`. It can be specified when creating a new user, and may be updated by an administrator on a full replace of an existing user (but not a partial update).
_embedded:
type: object
+ description: If specified, includes embedded resources related to the user
additionalProperties:
type: object
properties: {}
readOnly: true
_links:
- $ref: '#/components/schemas/LinksSelf'
+ description: |-
+ Specifies link relations (see [Web Linking](https://datatracker.ietf.org/doc/html/rfc8288) available for the current status of a user.
+ The Links object is used for dynamic discovery of related resources, lifecycle operations, and credential operations. The Links object is read-only.
+
+ For an individual user result, the Links object contains a full set of link relations available for that user as determined by your policies.
+ For a collection of users, the Links object contains only the self link. Operations that return a collection of Users include List Users and List Group Members.
+ allOf:
+ - $ref: '#/components/schemas/LinksSelf'
+ - type: object
+ properties:
+ self:
+ description: Link to the individual user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ activate:
+ description: Link to activate the user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ resetPassword:
+ description: Link to reset the user's password
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ resetFactors:
+ description: Link to reset the user's factors
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ expirePassword:
+ description: Link to expire the user's password
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ forgotPassword:
+ description: Link to initiate a forgot password operation
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ changeRecoveryQuestion:
+ description: Link to change the user's recovery question
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ deactivate:
+ description: Link to deactivate a user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ reactivate:
+ description: Link to reactivate the user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ changePassword:
+ description: Link to change the user's password
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ schema:
+ description: Link to the user's profile schema
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ suspend:
+ description: Link to suspend the user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ unsuspend:
+ description: Link to unsuspend the user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ unlock:
+ description: Link to unlock the locked-out user
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ type:
+ description: Link to the user type
+ allOf:
+ - $ref: '#/components/schemas/HrefObject'
+ - readOnly: true
UserActivationToken:
type: object
properties:
@@ -32591,14 +35987,25 @@ components:
type: string
readOnly: true
UserBlock:
+ description: The description of the access block
type: object
properties:
appliesTo:
type: string
readOnly: true
+ description: The devices that the block applies to
+ enum:
+ - ANY_DEVICES
+ - UNKNOWN_DEVICES
+ x-enumDescriptions:
+ ANY_DEVICES: The account is blocked for all devices
+ UNKNOWN_DEVICES: The account is only blocked for unknown devices
type:
type: string
readOnly: true
+ description: Type of access block
+ enum:
+ - DEVICE_BASED
UserCondition:
type: object
properties:
@@ -32623,27 +36030,33 @@ components:
type: object
properties:
created:
+ description: Timestamp indicating when the Factor was enrolled
type: string
format: date-time
readOnly: true
factorType:
- $ref: '#/components/schemas/FactorType'
+ $ref: '#/components/schemas/UserFactorType'
id:
+ description: ID of the Factor
type: string
readOnly: true
lastUpdated:
+ description: Timestamp indicating when the Factor was last updated
type: string
format: date-time
readOnly: true
profile:
type: object
- description: Factor-specific attributes
+ description: Specific attributes related to the Factor
provider:
- $ref: '#/components/schemas/FactorProvider'
+ $ref: '#/components/schemas/UserFactorProvider'
status:
- $ref: '#/components/schemas/FactorStatus'
- verify:
- $ref: '#/components/schemas/VerifyFactorRequest'
+ $ref: '#/components/schemas/UserFactorStatus'
+ vendorName:
+ description: Name of the Factor vendor. This is usually the same as the provider except for On-Prem MFA where it depends on administrator settings.
+ type: string
+ example: OKTA
+ readOnly: true
_embedded:
type: object
additionalProperties:
@@ -32652,7 +36065,406 @@ components:
readOnly: true
_links:
$ref: '#/components/schemas/LinksSelf'
- discriminator: *ref_17
+ discriminator: *ref_19
+ UserFactorActivateRequest:
+ type: object
+ properties:
+ attestation:
+ type: string
+ clientData:
+ type: string
+ passCode:
+ type: string
+ registrationData:
+ type: string
+ stateToken:
+ type: string
+ UserFactorCall:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorCallProfile'
+ UserFactorCallProfile:
+ type: object
+ properties:
+ phoneExtension:
+ description: Extension of the associated `phoneNumber`
+ type: string
+ nullable: true
+ maxLength: 15
+ phoneNumber:
+ description: Phone number of the Factor. You should format phone numbers to use the [E.164 standard](https://www.itu.int/rec/T-REC-E.164/).
+ example: '+15554151337'
+ type: string
+ pattern: ^\+[1-9]\d{1,14}$
+ maxLength: 15
+ UserFactorCustomHOTP:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ factorProfileId:
+ description: ID of an existing Custom TOTP Factor profile. To create this, see [Custom TOTP Factor](https://help.okta.com/okta_help.htm?id=ext-mfa-totp).
+ type: string
+ profile:
+ $ref: '#/components/schemas/UserFactorCustomHOTPProfile'
+ UserFactorCustomHOTPProfile:
+ type: object
+ properties:
+ sharedSecret:
+ description: Unique secret key used to generate the OTP
+ type: string
+ example: 484f97be3213b117e3a20438e291540a
+ UserFactorEmail:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorEmailProfile'
+ UserFactorEmailProfile:
+ type: object
+ properties:
+ email:
+ description: Email address of the user
+ maxLength: 100
+ example: z.cool@example.com
+ type: string
+ UserFactorHardware:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorHardwareProfile'
+ UserFactorHardwareProfile:
+ type: object
+ properties:
+ credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
+ type: string
+ UserFactorProvider:
+ description: Provider for the Factor
+ type: string
+ enum:
+ - CUSTOM
+ - DUO
+ - FIDO
+ - GOOGLE
+ - OKTA
+ - RSA
+ - SYMANTEC
+ - YUBICO
+ UserFactorPush:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ expiresAt:
+ description: Timestamp indicating when the Factor verification attempt expires
+ type: string
+ format: date-time
+ readOnly: true
+ factorResult:
+ $ref: '#/components/schemas/UserFactorResultType'
+ profile:
+ $ref: '#/components/schemas/UserFactorPushProfile'
+ UserFactorPushProfile:
+ type: object
+ properties:
+ credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
+ type: string
+ deviceToken:
+ description: Token used to identify the device
+ type: string
+ deviceType:
+ description: Type of device
+ example: SmartPhone_IPhone
+ type: string
+ name:
+ description: Name of the device
+ example: My Phone
+ type: string
+ platform:
+ description: OS version of the associated device
+ example: IOS
+ type: string
+ version:
+ description: Installed version of Okta Verify
+ example: '9.0'
+ type: string
+ UserFactorResultType:
+ description: Result of a Factor verification attempt
+ type: string
+ enum:
+ - CANCELLED
+ - CHALLENGE
+ - ERROR
+ - FAILED
+ - PASSCODE_REPLAYED
+ - REJECTED
+ - SUCCESS
+ - TIMEOUT
+ - TIME_WINDOW_EXCEEDED
+ - WAITING
+ UserFactorSMS:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorSMSProfile'
+ UserFactorSMSProfile:
+ type: object
+ properties:
+ phoneNumber:
+ description: Phone number of the Factor. You should format phone numbers to use the [E.164 standard](https://www.itu.int/rec/T-REC-E.164/).
+ example: '+15554151337'
+ type: string
+ pattern: ^\+[1-9]\d{1,14}$
+ maxLength: 15
+ UserFactorSecurityQuestion:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorSecurityQuestionProfile'
+ UserFactorSecurityQuestionProfile:
+ type: object
+ properties:
+ answer:
+ description: Answer to the question
+ minLength: 4
+ type: string
+ writeOnly: true
+ question:
+ description: Unique key for the question
+ example: disliked_food
+ enum:
+ - disliked_food
+ - name_of_first_plush_toy
+ - first_award
+ - favorite_security_question
+ - favorite_toy
+ - first_computer_game
+ - favorite_movie_quote
+ - first_sports_team_mascot
+ - first_music_purchase
+ - favorite_art_piece
+ - grandmother_favorite_desert
+ - first_thing_cooked
+ - childhood_dream_job
+ - first_kiss_location
+ - place_where_significant_other_was_met
+ - favorite_vacation_location
+ - new_years_two_thousand
+ - favorite_speaker_actor
+ - favorite_book_movie_character
+ - favorite_sports_player
+ type: string
+ questionText:
+ description: Human-readable text displayed to the user
+ example: What is the food you least liked as a child?
+ type: string
+ readOnly: true
+ UserFactorStatus:
+ description: Status of the Factor
+ type: string
+ enum:
+ - ACTIVE
+ - DISABLED
+ - ENROLLED
+ - EXPIRED
+ - INACTIVE
+ - NOT_SETUP
+ - PENDING_ACTIVATION
+ UserFactorTOTP:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorTOTPProfile'
+ UserFactorTOTPProfile:
+ type: object
+ properties:
+ credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
+ type: string
+ UserFactorToken:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorTokenProfile'
+ UserFactorTokenProfile:
+ type: object
+ properties:
+ credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
+ type: string
+ UserFactorType:
+ description: Type of Factor
+ type: string
+ enum:
+ - call
+ - email
+ - push
+ - question
+ - signed_nonce
+ - sms
+ - token
+ - token:hardware
+ - token:hotp
+ - token:software:totp
+ - u2f
+ - web
+ - webauthn
+ UserFactorU2F:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorU2FProfile'
+ UserFactorU2FProfile:
+ type: object
+ properties:
+ credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
+ type: string
+ UserFactorVerifyRequest:
+ type: object
+ properties:
+ activationToken:
+ type: string
+ answer:
+ description: Answer to the question
+ minLength: 4
+ type: string
+ writeOnly: true
+ attestation:
+ description: Base64-encoded attestation from the WebAuthn JavaScript call
+ type: string
+ clientData:
+ description: Base64-encoded client data from the WebAuthn authenticator
+ type: string
+ nextPassCode:
+ description: OTP for the next time window
+ type: integer
+ example: 3956685498
+ passCode:
+ description: OTP for the current time window
+ type: string
+ registrationData:
+ description: Base64-encoded registration data from the U2F JavaScript call
+ type: string
+ stateToken:
+ type: string
+ UserFactorVerifyResponse:
+ type: object
+ properties:
+ expiresAt:
+ description: Timestamp indicating when the verification expires
+ type: string
+ format: date-time
+ readOnly: true
+ factorResult:
+ $ref: '#/components/schemas/UserFactorVerifyResult'
+ factorResultMessage:
+ description: A message for Factor verification
+ type: string
+ readOnly: true
+ _embedded:
+ type: object
+ additionalProperties:
+ type: object
+ properties: {}
+ readOnly: true
+ _links:
+ $ref: '#/components/schemas/LinksSelf'
+ UserFactorVerifyResult:
+ description: Result of a Factor verification
+ type: string
+ enum:
+ - CHALLENGE
+ - ERROR
+ - EXPIRED
+ - FAILED
+ - PASSCODE_REPLAYED
+ - REJECTED
+ - SUCCESS
+ - TIMEOUT
+ - TIME_WINDOW_EXCEEDED
+ - WAITING
+ x-enumDescriptions:
+ CANCELED: User canceled the verification
+ CHALLENGE: Okta issued a verification challenge
+ ERROR: Verification encountered an unexpected server error
+ EXPIRED: User didn't complete the verification within the allowed time window
+ FAILED: Verification failed
+ PASSCODE_REPLAYED: User previously verified the Factor within the same time window. Another verification is required during another time window.
+ REJECTED: User rejected the verification
+ SUCCESS: User completed the verification
+ TIMEOUT: Okta didn't complete the verification within the allowed time window
+ TIME_WINDOW_EXCEEDED: User completed the verification outside of the allowed time window. Another verification is required.
+ WAITING: Verification is in progress
+ UserFactorWeb:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorWebProfile'
+ UserFactorWebAuthn:
+ allOf:
+ - $ref: '#/components/schemas/UserFactor'
+ - type: object
+ properties:
+ profile:
+ $ref: '#/components/schemas/UserFactorWebAuthnProfile'
+ UserFactorWebAuthnProfile:
+ type: object
+ properties:
+ authenticatorName:
+ description: Human-readable name of the authenticator
+ example: MacBook Touch ID
+ type: string
+ credentialId:
+ description: ID for the Factor credential
+ example: AHoOEhwvYiMv6SSwLp7KYRNttXtg_kYgQoQiEIWPFH_T3Ztp5Vj3bQ5H0LypIFR8ka8kfiCJ3I5qVpxrsd6JTMWKcE3xNh_U2QVF0Kwlan8Fiw
+ type: string
+ UserFactorWebProfile:
+ type: object
+ properties:
+ credentialId:
+ description: ID for the Factor credential
+ example: dade.murphy@example.com
+ type: string
+ UserGetSingleton:
+ allOf:
+ - $ref: '#/components/schemas/User'
+ - type: object
+ properties:
+ _embedded:
+ type: object
+ description: The embedded resources related to the object if the `expand` query parameter is specified
+ properties:
+ blocks:
+ type: array
+ description: A list of access block details for the user account
+ items:
+ $ref: '#/components/schemas/UserBlock'
UserIdentifierConditionEvaluatorPattern:
type: object
properties:
@@ -32727,100 +36539,170 @@ components:
$ref: '#/components/schemas/UserLifecycleAttributePolicyRuleCondition'
UserProfile:
additionalProperties: true
+ description: |-
+ Specifies the default and custom profile properties for a user.
+
+ The default user profile is based on the [System for Cross-domain Identity Management: Core Schema](https://datatracker.ietf.org/doc/html/rfc7643).
+ The only permitted customizations of the default profile are to update permissions, change whether the `firstName` and `lastName` properties are nullable, and
+ specify a [pattern](https://developer.okta.com/docs/reference/api/schemas/#login-pattern-validation) for `login`. You can use the Profile Editor in the administrator UI
+ or the [Schemas API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UISchema/#tag/UISchema) to make schema modifications.
+
+ You can extend user profiles with custom properties. You must first add the custom property to the user profile schema before you reference it.
+ You can use the Profile Editor in the Admin console or the [Schemas API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UISchema/#tag/UISchema) to manage schema extensions.
+
+ Custom attributes may contain HTML tags. It's the client's responsibility to escape or encode this data before displaying it. Use [best-practices](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html) to prevent cross-site scripting.
type: object
properties:
city:
type: string
+ description: The city or locality of the user's address (`locality`)
maxLength: 128
nullable: true
costCenter:
type: string
+ description: Name of the cost center assigned to a user
+ nullable: true
countryCode:
+ description: The country name component of the user's address (`country`)
type: string
maxLength: 2
nullable: true
department:
type: string
+ description: Name of the user's department
displayName:
type: string
+ description: Name of the user suitable for display to end users
+ nullable: true
division:
type: string
+ description: Name of the user's division
+ nullable: true
email:
type: string
+ description: The primary email address of the user. For validation, see [RFC 5322 Section 3.2.3](https://datatracker.ietf.org/doc/html/rfc5322#section-3.2.3).
format: email
minLength: 5
maxLength: 100
employeeNumber:
+ description: The organization or company assigned unique identifier for the user
type: string
firstName:
type: string
+ description: Given name of the user (`givenName`)
minLength: 1
maxLength: 50
nullable: true
honorificPrefix:
type: string
+ description: Honorific prefix(es) of the user, or title in most Western languages
+ nullable: true
honorificSuffix:
type: string
+ description: Honorific suffix(es) of the user
+ nullable: true
lastName:
type: string
+ description: The family name of the user (`familyName`)
minLength: 1
maxLength: 50
nullable: true
locale:
- $ref: '#/components/schemas/Language'
+ type: string
+ description: |-
+ The user's default location for purposes of localizing items such as currency, date time format, numerical representations, and so on.
+ A locale value is a concatenation of the ISO 639-1 two-letter language code, an underscore, and the ISO 3166-1 two-letter country code. For example, en_US specifies the language English and country US. This value is `en_US` by default.
login:
type: string
+ description: The unique identifier for the user (`username`). For validation, see [Login pattern validation](https://developer.okta.com/docs/reference/api/schemas/#login-pattern-validation). See also [Okta login](https://developer.okta.com/docs/reference/api/users/#okta-login).
maxLength: 100
+ minLength: 5
manager:
type: string
+ description: The `displayName` of the user's manager
+ nullable: true
managerId:
type: string
+ description: The `id` of the user's manager
+ nullable: true
middleName:
type: string
+ description: The middle name of the user
+ nullable: true
mobilePhone:
type: string
+ description: The mobile phone number of the user
maxLength: 100
+ minLength: 0
nullable: true
nickName:
type: string
+ description: The casual way to address the user in real life
+ nullable: true
organization:
type: string
+ description: Name of the the user's organization
+ nullable: true
postalAddress:
type: string
+ description: Mailing address component of the user's address
maxLength: 4096
nullable: true
preferredLanguage:
type: string
+ description: The user's preferred written or spoken language
+ nullable: true
primaryPhone:
type: string
+ description: The primary phone number of the user such as a home number
maxLength: 100
+ minLength: 0
nullable: true
profileUrl:
type: string
+ description: The URL of the user's online profile. For example, a web page. See [URL](https://datatracker.ietf.org/doc/html/rfc1808).
+ nullable: true
secondEmail:
type: string
format: email
+ description: The secondary email address of the user typically used for account recovery
minLength: 5
maxLength: 100
nullable: true
state:
type: string
+ description: The state or region component of the user's address (`region`)
maxLength: 128
nullable: true
streetAddress:
type: string
+ description: The full street address component of the user's address
maxLength: 1024
nullable: true
timezone:
type: string
+ description: The user's time zone
+ nullable: true
title:
type: string
+ description: The user's title, such as Vice President
+ nullable: true
userType:
type: string
+ description: The property used to describe the organization-to-user relationship, such as employee or contractor
+ nullable: true
zipCode:
type: string
+ description: The ZIP code or postal code component of the user's address (`postalCode`)
maxLength: 50
nullable: true
+ UserProvisioningApplicationFeature:
+ allOf:
+ - $ref: '#/components/schemas/ApplicationFeature'
+ - type: object
+ - properties:
+ capabilities:
+ $ref: '#/components/schemas/CapabilitiesObject'
UserSchema:
type: object
properties:
@@ -33081,6 +36963,7 @@ components:
type:
type: string
UserStatus:
+ description: The current status of the user
type: string
enum:
- ACTIVE
@@ -33091,6 +36974,7 @@ components:
- RECOVERY
- STAGED
- SUSPENDED
+ readOnly: true
UserStatusPolicyRuleCondition:
type: object
properties:
@@ -33205,57 +37089,6 @@ components:
type: string
type:
type: string
- VerifyFactorRequest:
- type: object
- properties:
- activationToken:
- type: string
- answer:
- type: string
- attestation:
- type: string
- clientData:
- type: string
- nextPassCode:
- type: string
- passCode:
- type: string
- registrationData:
- type: string
- stateToken:
- type: string
- VerifyUserFactorResponse:
- type: object
- properties:
- expiresAt:
- type: string
- format: date-time
- readOnly: true
- factorResult:
- $ref: '#/components/schemas/VerifyUserFactorResult'
- factorResultMessage:
- type: string
- _embedded:
- type: object
- additionalProperties:
- type: object
- properties: {}
- readOnly: true
- _links:
- $ref: '#/components/schemas/LinksSelf'
- VerifyUserFactorResult:
- type: string
- enum:
- - CHALLENGE
- - ERROR
- - EXPIRED
- - FAILED
- - PASSCODE_REPLAYED
- - REJECTED
- - SUCCESS
- - TIMEOUT
- - TIME_WINDOW_EXCEEDED
- - WAITING
Version:
description: The version specified as a [Semantic Version](https://semver.org/).
type: string
@@ -33266,32 +37099,6 @@ components:
- ANY
- BUILT_IN
- ROAMING
- WebAuthnUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/WebAuthnUserFactorProfile'
- WebAuthnUserFactorProfile:
- type: object
- properties:
- authenticatorName:
- type: string
- credentialId:
- type: string
- WebUserFactor:
- allOf:
- - $ref: '#/components/schemas/UserFactor'
- - type: object
- properties:
- profile:
- $ref: '#/components/schemas/WebUserFactorProfile'
- WebUserFactorProfile:
- type: object
- properties:
- credentialId:
- type: string
WellKnownAppAuthenticatorConfiguration:
type: object
properties:
@@ -33354,6 +37161,11 @@ components:
omEnabled:
type: boolean
description: Whether the legacy Okta Mobile application is enabled for the org
+ WidgetGeneration:
+ type: string
+ enum:
+ - G2
+ - G3
WsFederationApplication:
x-okta-defined-as:
name: template_wsfed
@@ -33403,35 +37215,6 @@ components:
type: boolean
wReplyURL:
type: string
- ZoomUsApplication:
- x-tags:
- - Application
- x-okta-defined-as:
- name: zoomus
- x-okta-lifecycle:
- features:
- - PROVISIONING_API_EXTENSION
- description: |
- Schema for Zoom app
-
- To create a Zoom app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the required parameters in the request body from the Zoom app schema.
- > **Note:** The Zoom app only supports `SAML_2_0` sign-on mode.
- allOf:
- - $ref: '#/components/schemas/OINApplication'
- - type: object
- - required:
- - name
- - label
- - settings
- properties:
- name:
- type: string
- default: zoomus
- example: zoomus
- signOnMode:
- default: SAML_2_0
- settings:
- $ref: '#/components/schemas/ZoomUsApplicationSettings'
ZoomUsApplicationSettings:
allOf:
- $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
@@ -33450,35 +37233,6 @@ components:
description: Your Zoom subdomain
required:
- subDomain
- ZscalerbyzApplication:
- x-tags:
- - Application
- x-okta-defined-as:
- name: zscalerbyz
- x-okta-lifecycle:
- features:
- - PROVISIONING_API_EXTENSION
- description: |
- Schema for Zscaler app
-
- To create a Zscaler app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the required parameters in the request body from the Zscaler app schema.
- > **Note:** The Zscaler app only supports `BROWSER_PLUGIN` and `SAML_2_0` sign-on modes.
- allOf:
- - $ref: '#/components/schemas/OINApplication'
- - type: object
- - required:
- - name
- - label
- - settings
- properties:
- name:
- type: string
- default: zscalerbyz
- example: zscalerbyz
- signOnMode:
- default: SAML_2_0
- settings:
- $ref: '#/components/schemas/ZscalerbyzApplicationSettings'
ZscalerbyzApplicationSettings:
allOf:
- $ref: '#/components/schemas/OINBaseSignOnModeApplicationSettings'
@@ -33495,6 +37249,11 @@ components:
siteDomain:
type: string
description: Your Zscaler domain
+ createdProperty:
+ description: Timestamp when the object was created
+ format: date-time
+ type: string
+ readOnly: true
enabledPagesType:
title: enabledPages
type: string
@@ -33506,6 +37265,11 @@ components:
SIGN_IN: User sign-in page
SSPR: Self-service Password Recovery page
SSR: Self-service Registration page
+ lastUpdatedProperty:
+ format: date-time
+ description: Timestamp when the object was last updated
+ type: string
+ readOnly: true
postAPIServiceIntegrationInstance:
allOf:
- $ref: '#/components/schemas/APIServiceIntegrationInstance'
@@ -33591,6 +37355,8 @@ components:
okta.logStreams.manage: Allows the app to create and manage log streams in your Okta organization.
okta.logStreams.read: Allows the app to read information about log streams in your Okta organization.
okta.logs.read: Allows the app to read information about System Log entries in your Okta organization.
+ okta.manifests.manage: Allows the app to manage OIN submissions in your Okta organization.
+ okta.manifests.read: Allows the app to read OIN submissions in your Okta organization.
okta.networkZones.manage: Allows the app to create and manage Network Zones in your Okta organization.
okta.networkZones.read: Allows the app to read Network Zones in your Okta organization.
okta.oauthIntegrations.manage: Allows the app to create and manage API service Integration instances in your Okta organization.
@@ -33609,6 +37375,8 @@ components:
okta.rateLimits.read: Allows the app to read information about rate limits in your Okta organization.
okta.realms.manage: Allows the app to create new realms and to manage their details.
okta.realms.read: Allows the app to read the existing realms and their details.
+ okta.resourceSelectors.manage: Allows the app to manage resource selectors in your Okta org.
+ okta.resourceSelectors.read: Allows the app to read resource selectors in your Okta org.
okta.riskEvents.manage: Allows the app to publish risk events to your Okta organization.
okta.riskProviders.manage: Allows the app to create and manage risk provider integrations in your Okta organization.
okta.riskProviders.read: Allows the app to read all risk provider integrations in your Okta organization.