Group 14 endpoints

POST /api/v1/groups/{groupId}/roles

Assigns a Role to a Group

operationId: Group_assignRoleToGroup

Parameters

Name In Required Type Description
groupId path required string
disableNotifications query optional boolean

Request Body

application/json
schema AssignRoleRequest

Responses

200

Success
201

Success
POST /api/v1/groups/{groupId}/roles
DELETE /api/v1/groups/{groupId}/roles/{roleId}

Unassigns a Role from a Group

operationId: Group_unassignRole

Parameters

Name In Required Type Description
groupId path required string
roleId path required string

Responses

204

No Content
DELETE /api/v1/groups/{groupId}/roles/{roleId}
GET /api/v1/groups/{groupId}/roles/{roleId}

Success

operationId: Group_getRoleSuccess

Parameters

Name In Required Type Description
groupId path required string
roleId path required string

Responses

200

Success
GET /api/v1/groups/{groupId}/roles/{roleId}
GET /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps

Lists all App targets for an APP_ADMIN Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an ID value, while Application will not have an ID.

operationId: Group_getRoleTargetsCatalogApps

Parameters

Name In Required Type Description
groupId path required string
roleId path required string
after query optional string
limit query optional integer

Responses

200

Success
GET /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps
DELETE /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}

Success

operationId: Group_deleteTargetGroupRolesCatalogApps

Parameters

Name In Required Type Description
groupId path required string
roleId path required string
appName path required string

Responses

204

No Content
DELETE /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}
PUT /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}

Success

operationId: Group_updateRolesCatalogApps

Parameters

Name In Required Type Description
groupId path required string
roleId path required string
appName path required string

Responses

200

Success
PUT /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}
DELETE /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}

Remove App Instance Target to App Administrator Role given to a Group

operationId: Group_removeAppInstanceTargetToAppAdminRoleGivenToGroup

Parameters

Name In Required Type Description
groupId path required string
roleId path required string
appName path required string
applicationId path required string

Responses

204

No Content
DELETE /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}
PUT /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}

Add App Instance Target to App Administrator Role given to a Group

operationId: Group_addAppInstanceTargetToAppAdminRoleGivenToGroup

Parameters

Name In Required Type Description
groupId path required string
roleId path required string
appName path required string
applicationId path required string

Responses

204

No Content
PUT /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}
GET /api/v1/groups/{groupId}/roles/{roleId}/targets/groups

Success

operationId: Group_listRoleTargetsGroups

Parameters

Name In Required Type Description
groupId path required string
roleId path required string
after query optional string
limit query optional integer

Responses

200

Success
GET /api/v1/groups/{groupId}/roles/{roleId}/targets/groups
DELETE /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}
operationId: Group_removeTargetGroup

Parameters

Name In Required Type Description
groupId path required string
roleId path required string
targetGroupId path required string

Responses

204

No Content
DELETE /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}
PUT /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}
operationId: Group_updateTargetGroupsRole

Parameters

Name In Required Type Description
groupId path required string
roleId path required string
targetGroupId path required string

Responses

204

No Content
PUT /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}
GET /api/v1/groups/{groupId}/users

Enumerates all users that are a member of a group.

operationId: Group_enumerateGroupMembers

Parameters

Name In Required Type Description
groupId path required string
after query optional string

Specifies the pagination cursor for the next page of users
limit query optional integer

Specifies the number of user results in a page

Responses

200

Success
GET /api/v1/groups/{groupId}/users
DELETE /api/v1/groups/{groupId}/users/{userId}

Removes a user from a group with ‘OKTA_GROUP’ type.

operationId: Group_removeUserFrom

Parameters

Name In Required Type Description
groupId path required string
userId path required string

Responses

204

No Content
DELETE /api/v1/groups/{groupId}/users/{userId}
PUT /api/v1/groups/{groupId}/users/{userId}

Adds a user to a group with ‘OKTA_GROUP’ type.

operationId: Group_addUserToGroup

Parameters

Name In Required Type Description
groupId path required string
userId path required string

Responses

204

No Content
PUT /api/v1/groups/{groupId}/users/{userId}

Groupschema 2 endpoints

GET /api/v1/meta/schemas/group/default

Fetches the group schema

operationId: GroupSchema_get

Responses

200

successful operation
GET /api/v1/meta/schemas/group/default
POST /api/v1/meta/schemas/group/default

Updates, adds ore removes one or more custom Group Profile properties in the schema

operationId: GroupSchema_updateCustomProperties

Request Body

application/json
schema GroupSchema
Property Type Required
id string optional
name string optional
type string optional
title string optional
_links object optional
$schema string optional
created string optional
properties object optional
profile object optional
allOf array optional
definitions object optional
base object optional
id string optional
type string optional
required array optional
properties object optional
name object optional
description object optional
custom object optional
id string optional
type string optional
required array optional
properties object optional
description string optional
lastUpdated string optional

Responses

200

successful operation
POST /api/v1/meta/schemas/group/default

Identityprovider 25 endpoints

GET /api/v1/idps

Enumerates IdPs in your organization with pagination. A subset of IdPs can be returned that match a supported filter expression or query.

operationId: IdentityProvider_list

Parameters

Name In Required Type Description
q query optional string

Searches the name property of IdPs for matching value
after query optional string

Specifies the pagination cursor for the next page of IdPs
limit query optional integer

Specifies the number of IdP results in a page
type query optional string

Filters IdPs by type

Responses

200

Success
GET /api/v1/idps
POST /api/v1/idps

Adds a new IdP to your organization.

operationId: IdentityProvider_addNewIdp

Request Body

application/json
schema IdentityProvider
Property Type Required
id string optional
name string optional
type string optional
_links object optional
policy object optional
subject object optional
filter string optional
format array optional
matchType string optional
matchAttribute string optional
userNameTemplate object optional
template string optional
accountLink object optional
action string optional
filter object optional
groups object optional
maxClockSkew integer optional
provisioning object optional
action string optional
groups object optional
action string optional
filter array optional
assignments array optional
sourceAttributeName string optional
conditions object optional
suspended object optional
deprovisioned object optional
profileMaster boolean optional
status string optional
created string optional
protocol object optional
type string optional
issuer object optional
url string optional
type string optional
binding string optional
destination string optional
scopes array optional
settings object optional
nameFormat string optional
endpoints object optional
acs object optional
url string optional
type string optional
binding string optional
destination string optional
slo object optional
url string optional
type string optional
binding string optional
destination string optional
sso object optional
url string optional
type string optional
binding string optional
destination string optional
jwks object optional
url string optional
type string optional
binding string optional
destination string optional
token object optional
url string optional
type string optional
binding string optional
destination string optional
metadata object optional
url string optional
type string optional
binding string optional
destination string optional
userInfo object optional
url string optional
type string optional
binding string optional
destination string optional
authorization object optional
url string optional
type string optional
binding string optional
destination string optional
algorithms object optional
request object optional
signature object optional
response object optional
signature object optional
relayState object optional
format string optional
credentials object optional
trust object optional
kid string optional
issuer string optional
audience string optional
revocation string optional
revocationCacheLifetime integer optional
client object optional
client_id string optional
client_secret string optional
signing object optional
kid string optional
teamId string optional
privateKey string optional
issuerMode string optional
lastUpdated string optional

Responses

200

Success
POST /api/v1/idps
GET /api/v1/idps/credentials/keys

Enumerates IdP key credentials.

operationId: IdentityProvider_enumerateIdpKeys

Parameters

Name In Required Type Description
after query optional string

Specifies the pagination cursor for the next page of keys
limit query optional integer

Specifies the number of key results in a page

Responses

200

Success
GET /api/v1/idps/credentials/keys
POST /api/v1/idps/credentials/keys

Adds a new X.509 certificate credential to the IdP key store.

operationId: IdentityProvider_addX509CertificatePublicKey

Request Body

required
application/json
schema JsonWebKey
Property Type Required
e string optional
n string optional
alg string optional
kid string optional
kty string optional
use string optional
x5c array optional
x5t string optional
x5u string optional
_links object optional
status string optional
created string optional
key_ops array optional
x5t#S256 string optional
expiresAt string optional
lastUpdated string optional

Responses

200

Success
POST /api/v1/idps/credentials/keys
DELETE /api/v1/idps/credentials/keys/{keyId}

Deletes a specific IdP Key Credential by kid if it is not currently being used by an Active or Inactive IdP.

operationId: IdentityProvider_deleteKeyCredential

Parameters

Name In Required Type Description
keyId path required string

Responses

204

No Content
DELETE /api/v1/idps/credentials/keys/{keyId}
GET /api/v1/idps/credentials/keys/{keyId}

Gets a specific IdP Key Credential by kid

operationId: IdentityProvider_getKeyCredentialByIdp

Parameters

Name In Required Type Description
keyId path required string

Responses

200

Success
GET /api/v1/idps/credentials/keys/{keyId}
DELETE /api/v1/idps/{idpId}

Removes an IdP from your organization.

operationId: IdentityProvider_removeIdp

Parameters

Name In Required Type Description
idpId path required string

Responses

204

No Content
DELETE /api/v1/idps/{idpId}
GET /api/v1/idps/{idpId}

Fetches an IdP by id.

operationId: IdentityProvider_getByIdp

Parameters

Name In Required Type Description
idpId path required string

Responses

200

Success
GET /api/v1/idps/{idpId}
PUT /api/v1/idps/{idpId}

Updates the configuration for an IdP.

operationId: IdentityProvider_updateConfiguration

Parameters

Name In Required Type Description
idpId path required string

Request Body

application/json
schema IdentityProvider
Property Type Required
id string optional
name string optional
type string optional
_links object optional
policy object optional
subject object optional
filter string optional
format array optional
matchType string optional
matchAttribute string optional
userNameTemplate object optional
template string optional
accountLink object optional
action string optional
filter object optional
groups object optional
maxClockSkew integer optional
provisioning object optional
action string optional
groups object optional
action string optional
filter array optional
assignments array optional
sourceAttributeName string optional
conditions object optional
suspended object optional
deprovisioned object optional
profileMaster boolean optional
status string optional
created string optional
protocol object optional
type string optional
issuer object optional
url string optional
type string optional
binding string optional
destination string optional
scopes array optional
settings object optional
nameFormat string optional
endpoints object optional
acs object optional
url string optional
type string optional
binding string optional
destination string optional
slo object optional
url string optional
type string optional
binding string optional
destination string optional
sso object optional
url string optional
type string optional
binding string optional
destination string optional
jwks object optional
url string optional
type string optional
binding string optional
destination string optional
token object optional
url string optional
type string optional
binding string optional
destination string optional
metadata object optional
url string optional
type string optional
binding string optional
destination string optional
userInfo object optional
url string optional
type string optional
binding string optional
destination string optional
authorization object optional
url string optional
type string optional
binding string optional
destination string optional
algorithms object optional
request object optional
signature object optional
response object optional
signature object optional
relayState object optional
format string optional
credentials object optional
trust object optional
kid string optional
issuer string optional
audience string optional
revocation string optional
revocationCacheLifetime integer optional
client object optional
client_id string optional
client_secret string optional
signing object optional
kid string optional
teamId string optional
privateKey string optional
issuerMode string optional
lastUpdated string optional

Responses

200

Success
PUT /api/v1/idps/{idpId}
GET /api/v1/idps/{idpId}/credentials/csrs

Enumerates Certificate Signing Requests for an IdP

operationId: IdentityProvider_listCsrsForCertificateSigningRequests

Parameters

Name In Required Type Description
idpId path required string

Responses

200

Success
GET /api/v1/idps/{idpId}/credentials/csrs
POST /api/v1/idps/{idpId}/credentials/csrs

Generates a new key pair and returns a Certificate Signing Request for it.

operationId: IdentityProvider_generateCsr

Parameters

Name In Required Type Description
idpId path required string

Request Body

application/json
schema CsrMetadata

Responses

201

Created
POST /api/v1/idps/{idpId}/credentials/csrs
DELETE /api/v1/idps/{idpId}/credentials/csrs/{csrId}

Revoke a Certificate Signing Request and delete the key pair from the IdP

operationId: IdentityProvider_revokeCsrForIdentityProvider

Parameters

Name In Required Type Description
idpId path required string
csrId path required string

Responses

204

No Content
DELETE /api/v1/idps/{idpId}/credentials/csrs/{csrId}
GET /api/v1/idps/{idpId}/credentials/csrs/{csrId}

Gets a specific Certificate Signing Request model by id

operationId: IdentityProvider_getCsrByIdp

Parameters

Name In Required Type Description
idpId path required string
csrId path required string

Responses

200

Success
GET /api/v1/idps/{idpId}/credentials/csrs/{csrId}
POST /api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish

Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.

operationId: IdentityProvider_updateCsrLifecyclePublish

Parameters

Name In Required Type Description
idpId path required string
csrId path required string

Responses

201

Created
POST /api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish
GET /api/v1/idps/{idpId}/credentials/keys

Enumerates signing key credentials for an IdP

operationId: IdentityProvider_listSigningKeyCredentials

Parameters

Name In Required Type Description
idpId path required string

Responses

200

Success
GET /api/v1/idps/{idpId}/credentials/keys
POST /api/v1/idps/{idpId}/credentials/keys/generate

Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP

operationId: IdentityProvider_generateNewSigningKeyCredential

Parameters

Name In Required Type Description
idpId path required string
validityYears query required integer

expiry of the IdP Key Credential

Responses

200

Success
POST /api/v1/idps/{idpId}/credentials/keys/generate
GET /api/v1/idps/{idpId}/credentials/keys/{keyId}

Gets a specific IdP Key Credential by kid

operationId: IdentityProvider_getSigningKeyCredentialByIdp

Parameters

Name In Required Type Description
idpId path required string
keyId path required string

Responses

200

Success
GET /api/v1/idps/{idpId}/credentials/keys/{keyId}
POST /api/v1/idps/{idpId}/credentials/keys/{keyId}/clone

Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP

operationId: IdentityProvider_cloneSigningKeyCredential

Parameters

Name In Required Type Description
idpId path required string
keyId path required string
targetIdpId query required string

Responses

201

Created
POST /api/v1/idps/{idpId}/credentials/keys/{keyId}/clone
POST /api/v1/idps/{idpId}/lifecycle/activate

Activates an inactive IdP.

operationId: IdentityProvider_activateIdpLifecycle

Parameters

Name In Required Type Description
idpId path required string

Responses

200

Success
POST /api/v1/idps/{idpId}/lifecycle/activate
POST /api/v1/idps/{idpId}/lifecycle/deactivate

Deactivates an active IdP.

operationId: IdentityProvider_deactivateIdp

Parameters

Name In Required Type Description
idpId path required string

Responses

200

Success
POST /api/v1/idps/{idpId}/lifecycle/deactivate
GET /api/v1/idps/{idpId}/users

Find all the users linked to an identity provider

operationId: IdentityProvider_getUser

Parameters

Name In Required Type Description
idpId path required string

Responses

200

Success
GET /api/v1/idps/{idpId}/users
DELETE /api/v1/idps/{idpId}/users/{userId}

Removes the link between the Okta user and the IdP user.

operationId: IdentityProvider_unlinkUser

Parameters

Name In Required Type Description
idpId path required string
userId path required string

Responses

204

No Content
DELETE /api/v1/idps/{idpId}/users/{userId}
GET /api/v1/idps/{idpId}/users/{userId}

Fetches a linked IdP user by ID

operationId: IdentityProvider_getLinkedUserById

Parameters

Name In Required Type Description
idpId path required string
userId path required string

Responses

200

Success
GET /api/v1/idps/{idpId}/users/{userId}
POST /api/v1/idps/{idpId}/users/{userId}

Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type

operationId: IdentityProvider_linkUserToIdpWithoutTransaction

Parameters

Name In Required Type Description
idpId path required string
userId path required string

Request Body

required
application/json
schema UserIdentityProviderLinkRequest
Property Type Required
externalId string optional

Responses

200

Success
POST /api/v1/idps/{idpId}/users/{userId}
GET /api/v1/idps/{idpId}/users/{userId}/credentials/tokens

Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.

operationId: IdentityProvider_getSocialAuthTokens

Parameters

Name In Required Type Description
idpId path required string
userId path required string

Responses

200

Success
GET /api/v1/idps/{idpId}/users/{userId}/credentials/tokens

Inlinehook 8 endpoints

GET /api/v1/inlineHooks

Success

operationId: InlineHook_getSuccess

Parameters

Name In Required Type Description
type query optional string

Responses

200

Success
GET /api/v1/inlineHooks
POST /api/v1/inlineHooks

Success

operationId: InlineHook_createSuccess

Request Body

application/json
schema InlineHook
Property Type Required
id string optional
name string optional
type string optional
_links object optional
status string optional
channel object optional
type string optional
config object optional
uri string optional
method string optional
headers array optional
key string optional
value string optional
authScheme object optional
key string optional
type string optional
value string optional
version string optional
created string optional
version string optional
lastUpdated string optional

Responses

200

Success
POST /api/v1/inlineHooks
DELETE /api/v1/inlineHooks/{inlineHookId}

Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.

operationId: InlineHook_deleteMatchingById

Parameters

Name In Required Type Description
inlineHookId path required string

Responses

204

No Content
DELETE /api/v1/inlineHooks/{inlineHookId}
GET /api/v1/inlineHooks/{inlineHookId}

Gets an inline hook by ID

operationId: InlineHook_getById

Parameters

Name In Required Type Description
inlineHookId path required string

Responses

200

Success
GET /api/v1/inlineHooks/{inlineHookId}
PUT /api/v1/inlineHooks/{inlineHookId}

Updates an inline hook by ID

operationId: InlineHook_updateById

Parameters

Name In Required Type Description
inlineHookId path required string

Request Body

application/json
schema InlineHook
Property Type Required
id string optional
name string optional
type string optional
_links object optional
status string optional
channel object optional
type string optional
config object optional
uri string optional
method string optional
headers array optional
key string optional
value string optional
authScheme object optional
key string optional
type string optional
value string optional
version string optional
created string optional
version string optional
lastUpdated string optional

Responses

200

Success
PUT /api/v1/inlineHooks/{inlineHookId}
POST /api/v1/inlineHooks/{inlineHookId}/execute

Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.

operationId: InlineHook_executeWithInput

Parameters

Name In Required Type Description
inlineHookId path required string

Request Body

required
application/json
schema InlineHookPayload

Responses

200

Success
POST /api/v1/inlineHooks/{inlineHookId}/execute
POST /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate

Activates the Inline Hook matching the provided id

operationId: InlineHook_activateLifecycle

Parameters

Name In Required Type Description
inlineHookId path required string

Responses

200

Success
POST /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate
POST /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate

Deactivates the Inline Hook matching the provided id

operationId: InlineHook_deactivateLifecycle

Parameters

Name In Required Type Description
inlineHookId path required string

Responses

200

Success
POST /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate

Linkedobject 1 endpoints

GET /api/v1/meta/schemas/user/linkedObjects

Success

operationId: LinkedObject_getUserLinkedObjects

Responses

200

Success
GET /api/v1/meta/schemas/user/linkedObjects
Load more endpoints