Okta API

Identity and access management

developer.okta.com/docs/reference ↗

Version

2.16.0

OpenAPI

3.0.0

Endpoints

341

Schemas

532

91

Quality

Updated

3 days ago

Identity identity authentication security

Use this API in your AI agent

Query structured spec data via REST or MCP. Get exactly what your agent needs.

Get API Key

Server URLs

https://your-subdomain.okta.com

Endpoints

Clear filters

GET POST PUT PATCH DELETE

Application 17 endpoints

POST /api/v1/apps Add Application

Adds a new application to your Okta organization.

operationId: Application_createNew

Parameters

Name	In	Required	Type	Description
activate	query	optional	boolean	Executes activation lifecycle operation when creating the app
OktaAccessGateway-Agent	header	optional	string	—

Request Body

application/json

schema Application

Property	Type	Required
id	string	optional
name	string	optional
label	string	optional
_links	object	optional
status	string	optional
created	string	optional
profile	object	optional
features	array	optional
settings	object	optional
└ app	object	optional
└ url	string	optional
└ acsUrl	string	optional
└ orgName	string	optional
└ buttonField	string	optional
└ loginUrlRegex	string	optional
└ passwordField	string	optional
└ usernameField	string	optional
└ notes	object	optional
└ admin	string	optional
└ enduser	string	optional
└ inlineHookId	string	optional
└ notifications	object	optional
└ vpn	object	optional
└ helpUrl	string	optional
└ message	string	optional
└ network	object	optional
└ implicitAssignment	boolean	optional
_embedded	object	optional
licensing	object	optional
└ seatCount	integer	optional
signOnMode	string	optional
visibility	object	optional
└ hide	object	optional
└ iOS	boolean	optional
└ web	boolean	optional
└ appLinks	object	optional
└ autoLaunch	boolean	optional
└ autoSubmitToolbar	boolean	optional
credentials	object	optional
└ signing	object	optional
└ kid	string	optional
└ use	string	optional
└ lastRotated	string	optional
└ nextRotation	string	optional
└ rotationMode	string	optional
└ userNameTemplate	object	optional
└ type	string	optional
└ suffix	string	optional
└ template	string	optional
└ pushStatus	string	optional
lastUpdated	string	optional
accessibility	object	optional
└ selfService	boolean	optional
└ errorRedirectUrl	string	optional
└ loginRedirectUrl	string	optional

Responses

200

Success

POST /api/v1/apps

POST /api/v1/apps/{appId}/connections/default Sets the default Provisioning Connection for an application.

Set default Provisioning Connection for application

operationId: Application_setDefaultProvisioningConnection

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
activate	query	optional	boolean	—

Request Body

required

application/json

schema ProvisioningConnectionRequest

Property	Type	Required
profile	object	optional
└ token	string	optional
└ authScheme	string	optional

Responses

201

Created

400

Bad Request

404

Not Found

POST /api/v1/apps/{appId}/connections/default

POST /api/v1/apps/{appId}/connections/default/lifecycle/activate Activate default Provisioning Connection for application

Activates the default Provisioning Connection for an application.

operationId: Application_activateDefaultProvisioningConnection

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

204

No Content

404

Not Found

POST /api/v1/apps/{appId}/connections/default/lifecycle/activate

POST /api/v1/apps/{appId}/connections/default/lifecycle/deactivate Deactivate default Provisioning Connection for application

Deactivates the default Provisioning Connection for an application.

operationId: Application_deactivateDefaultProvisioningConnection

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

204

No Content

404

Not Found

POST /api/v1/apps/{appId}/connections/default/lifecycle/deactivate

POST /api/v1/apps/{appId}/credentials/csrs Generate Certificate Signing Request for Application

Generates a new key pair and returns the Certificate Signing Request for it.

operationId: Application_generateCsrForApplication

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

application/json

schema CsrMetadata

Responses

201

Created

POST /api/v1/apps/{appId}/credentials/csrs

POST /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish

operationId: Application_publishCsrLifecycle

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
csrId	path	required	string	—

Responses

201

Created

POST /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish

POST /api/v1/apps/{appId}/credentials/keys/generate

Generates a new X.509 certificate for an application key credential

operationId: Application_generateX509Certificate

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
validityYears	query	optional	integer	—

Responses

201

Created

POST /api/v1/apps/{appId}/credentials/keys/generate

POST /api/v1/apps/{appId}/credentials/keys/{keyId}/clone Clone Application Key Credential

Clones a X.509 certificate for an application key credential from a source application to target application.

operationId: Application_cloneApplicationKeyCredential

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
keyId	path	required	string	—
targetAid	query	required	string	Unique key of the target Application

Responses

201

Created

POST /api/v1/apps/{appId}/credentials/keys/{keyId}/clone

POST /api/v1/apps/{appId}/credentials/secrets Add new client secret

Adds a new secret to the client’s collection of secrets.

operationId: Application_addClientSecret

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

required

application/json

schema ClientSecretMetadata

Responses

201

Created

POST /api/v1/apps/{appId}/credentials/secrets

POST /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate Activate a client secret

Activates a specific client secret by secretId

operationId: Application_activateClientSecret

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
secretId	path	required	string	—

Responses

200

Success

POST /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate

POST /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate Deactivate a client secret

Deactivates a specific client secret by secretId

operationId: Application_deactivateClientSecretById

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
secretId	path	required	string	—

Responses

200

Success

POST /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate

POST /api/v1/apps/{appId}/grants

Grants consent for the application to request an OAuth 2.0 Okta scope

operationId: Application_grantConsentToScope

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

required

application/json

schema OAuth2ScopeConsentGrant

Property	Type	Required
id	string	optional
_links	object	optional
issuer	string	optional
source	string	optional
status	string	optional
userId	string	optional
created	string	optional
scopeId	string	optional
clientId	string	optional
_embedded	object	optional
createdBy	object	optional
└ id	string	optional
└ type	string	optional
lastUpdated	string	optional

Responses

201

Created

POST /api/v1/apps/{appId}/grants

POST /api/v1/apps/{appId}/lifecycle/activate Activate Application

Activates an inactive application.

operationId: Application_activateInactive

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

200

Success

POST /api/v1/apps/{appId}/lifecycle/activate

POST /api/v1/apps/{appId}/lifecycle/deactivate Deactivate Application

Deactivates an active application.

operationId: Application_deactivateLifecycle

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Responses

200

Success

POST /api/v1/apps/{appId}/lifecycle/deactivate

POST /api/v1/apps/{appId}/logo The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling.

Update the logo for an application.

operationId: Application_updateLogo

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

multipart/form-data

schema ApplicationUpdateLogoRequest

Property	Type	Required
file	string	required

Responses

201

Created

400

Bad Request

404

Not Found

POST /api/v1/apps/{appId}/logo

POST /api/v1/apps/{appId}/users Assign User to Application for SSO & Provisioning

Assigns an user to an application with credentials and an app-specific profile. Profile mappings defined for the application are first applied before applying any profile properties specified in the request.

operationId: Application_assignUserToApplication

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—

Request Body

application/json

schema AppUser

Property	Type	Required
id	string	optional
scope	string	optional
_links	object	optional
status	string	optional
created	string	optional
profile	object	optional
lastSync	string	optional
_embedded	object	optional
syncState	string	optional
externalId	string	optional
credentials	object	optional
└ password	object	optional
└ value	string	optional
└ userName	string	optional
lastUpdated	string	optional
statusChanged	string	optional
passwordChanged	string	optional

Responses

200

Success

POST /api/v1/apps/{appId}/users

POST /api/v1/apps/{appId}/users/{userId} Update Application Profile for Assigned User

Updates a user’s profile for an application

operationId: Application_updateProfileForUser

Parameters

Name	In	Required	Type	Description
appId	path	required	string	—
userId	path	required	string	—

Request Body

application/json

schema AppUser

Property	Type	Required
id	string	optional
scope	string	optional
_links	object	optional
status	string	optional
created	string	optional
profile	object	optional
lastSync	string	optional
_embedded	object	optional
syncState	string	optional
externalId	string	optional
credentials	object	optional
└ password	object	optional
└ value	string	optional
└ userName	string	optional
lastUpdated	string	optional
statusChanged	string	optional
passwordChanged	string	optional

Responses

200

Success

POST /api/v1/apps/{appId}/users/{userId}

Authenticator 3 endpoints

POST /api/v1/authenticators Create an Authenticator

Create Authenticator

operationId: Authenticator_createNew

Parameters

Name	In	Required	Type	Description
activate	query	optional	boolean	—

Request Body

application/json

schema Authenticator

Property	Type	Required
id	string	optional
key	string	optional
name	string	optional
type	string	optional
_links	object	optional
status	string	optional
created	string	optional
provider	object	optional
└ type	string	optional
└ configuration	object	optional
└ host	string	optional
└ authPort	integer	optional
└ hostName	string	optional
└ secretKey	string	optional
└ instanceId	string	optional
└ sharedSecret	string	optional
└ integrationKey	string	optional
└ userNameTemplate	object	optional
└ template	string	optional
settings	object	optional
└ allowedFor	string	optional
└ compliance	object	optional
└ fips	string	optional
└ appInstanceId	string	optional
└ channelBinding	object	optional
└ style	string	optional
└ required	string	optional
└ userVerification	string	optional
└ tokenLifetimeInMinutes	integer	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/authenticators

POST /api/v1/authenticators/{authenticatorId}/lifecycle/activate

Success

operationId: Authenticator_activateLifecycleSuccess

Parameters

Name	In	Required	Type	Description
authenticatorId	path	required	string	—

Responses

200

Success

POST /api/v1/authenticators/{authenticatorId}/lifecycle/activate

POST /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate

Success

operationId: Authenticator_deactivateLifecycleSuccess

Parameters

Name	In	Required	Type	Description
authenticatorId	path	required	string	—

Responses

200

Success

POST /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate

Authorizationserver 12 endpoints

POST /api/v1/authorizationServers

Success

operationId: AuthorizationServer_createNewServer

Request Body

application/json

schema AuthorizationServer

Property	Type	Required
id	string	optional
name	string	optional
_links	object	optional
issuer	string	optional
status	string	optional
created	string	optional
default	boolean	optional
audiences	array	optional
issuerMode	string	optional
credentials	object	optional
└ signing	object	optional
└ kid	string	optional
└ use	string	optional
└ lastRotated	string	optional
└ nextRotation	string	optional
└ rotationMode	string	optional
description	string	optional
lastUpdated	string	optional

Responses

200

Success

201

Created

POST /api/v1/authorizationServers

POST /api/v1/authorizationServers/{authServerId}/claims

Success

operationId: AuthorizationServer_createClaims

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—

Request Body

application/json

schema OAuth2Claim

Property	Type	Required
id	string	optional
name	string	optional
value	string	optional
_links	object	optional
status	string	optional
system	boolean	optional
claimType	string	optional
valueType	string	optional
conditions	object	optional
└ scopes	array	optional
group_filter_type	string	optional
alwaysIncludeInToken	boolean	optional

Responses

200

Created

201

Success

POST /api/v1/authorizationServers/{authServerId}/claims

POST /api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate

Success

operationId: AuthorizationServer_rotateKeyLifecycle

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—

Request Body

required

application/json

schema JwkUse

Responses

200

Success

POST /api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate

POST /api/v1/authorizationServers/{authServerId}/lifecycle/activate

Success

operationId: AuthorizationServer_activateLifecycleSuccess

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—

Responses

200

Success

POST /api/v1/authorizationServers/{authServerId}/lifecycle/activate

POST /api/v1/authorizationServers/{authServerId}/lifecycle/deactivate

Success

operationId: AuthorizationServer_deactivateLifecycle

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—

Responses

200

Success

POST /api/v1/authorizationServers/{authServerId}/lifecycle/deactivate

POST /api/v1/authorizationServers/{authServerId}/policies

Success

operationId: AuthorizationServer_createPolicy

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—

Request Body

application/json

schema AuthorizationServerPolicy

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
_links	object	optional
status	string	optional
system	boolean	optional
created	string	optional
priority	integer	optional
_embedded	object	optional
conditions	object	optional
└ app	object	optional
└ exclude	array	optional
└ id	string	optional
└ name	string	optional
└ type	string	optional
└ include	array	optional
└ id	string	optional
└ name	string	optional
└ type	string	optional
└ apps	object	optional
└ exclude	array	optional
└ include	array	optional
└ risk	object	optional
└ behaviors	array	optional
└ users	object	optional
└ exclude	array	optional
└ include	array	optional
└ inactivity	object	optional
└ unit	string	optional
└ number	integer	optional
└ passwordExpiration	object	optional
└ unit	string	optional
└ number	integer	optional
└ lifecycleExpiration	object	optional
└ unit	string	optional
└ number	integer	optional
└ lifecycleStatus	string	optional
└ userLifecycleAttribute	object	optional
└ attributeName	string	optional
└ matchingValue	string	optional
└ device	object	optional
└ rooted	boolean	optional
└ migrated	boolean	optional
└ platform	object	optional
└ types	array	optional
└ supportedMDMFrameworks	array	optional
└ trustLevel	string	optional
└ groups	object	optional
└ exclude	array	optional
└ include	array	optional
└ people	object	optional
└ users	object	optional
└ exclude	array	optional
└ include	array	optional
└ groups	object	optional
└ exclude	array	optional
└ include	array	optional
└ scopes	object	optional
└ include	array	optional
└ clients	object	optional
└ include	array	optional
└ context	object	optional
└ expression	string	optional
└ network	object	optional
└ exclude	array	optional
└ include	array	optional
└ connection	string	optional
└ platform	object	optional
└ exclude	array	optional
└ os	object	optional
└ type	string	optional
└ include	array	optional
└ os	object	optional
└ type	string	optional
└ riskScore	object	optional
└ level	string	optional
└ grantTypes	object	optional
└ include	array	optional
└ userStatus	object	optional
└ value	string	optional
└ authContext	object	optional
└ authType	string	optional
└ authProvider	object	optional
└ include	array	optional
└ provider	string	optional
└ mdmEnrollment	object	optional
└ enrollment	string	optional
└ blockNonSafeAndroid	boolean	optional
└ userIdentifier	object	optional
└ type	string	optional
└ patterns	array	optional
└ value	string	optional
└ matchType	string	optional
└ attribute	string	optional
└ identityProvider	object	optional
└ idpIds	array	optional
└ provider	string	optional
└ …1 more	object	optional
description	string	optional
lastUpdated	string	optional

Responses

200

Success

201

Created

POST /api/v1/authorizationServers/{authServerId}/policies

POST /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate

Activate Authorization Server Policy

operationId: AuthorizationServer_activatePolicyLifecycle

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—
policyId	path	required	string	—

Responses

200

Success

POST /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate

POST /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate

Deactivate Authorization Server Policy

operationId: AuthorizationServer_deactivatePolicyLifecycle

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—
policyId	path	required	string	—

Responses

200

Success

POST /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate

POST /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules

Creates a policy rule for the specified Custom Authorization Server and Policy.

operationId: AuthorizationServer_createPolicyRule

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—
policyId	path	required	string	—

Request Body

application/json

schema AuthorizationServerPolicyRule

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
status	string	optional
system	boolean	optional
actions	object	optional
└ token	object	optional
└ inlineHook	object	optional
└ id	string	optional
└ refreshTokenWindowMinutes	integer	optional
└ accessTokenLifetimeMinutes	integer	optional
└ refreshTokenLifetimeMinutes	integer	optional
created	string	optional
priority	integer	optional
conditions	object	optional
└ people	object	optional
└ users	object	optional
└ exclude	array	optional
└ include	array	optional
└ groups	object	optional
└ exclude	array	optional
└ include	array	optional
└ scopes	object	optional
└ include	array	optional
└ clients	object	optional
└ include	array	optional
└ grantTypes	object	optional
└ include	array	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules

POST /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate

Activate Authorization Server Policy Rule

operationId: AuthorizationServer_activatePolicyRule

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—
policyId	path	required	string	—
ruleId	path	required	string	—

Responses

200

Success

POST /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate

POST /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate

Deactivate Authorization Server Policy Rule

operationId: AuthorizationServer_deactivatePolicyRule

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—
policyId	path	required	string	—
ruleId	path	required	string	—

Responses

200

Success

POST /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate

POST /api/v1/authorizationServers/{authServerId}/scopes

Success

operationId: AuthorizationServer_createScope

Parameters

Name	In	Required	Type	Description
authServerId	path	required	string	—

Request Body

application/json

schema OAuth2Scope

Property	Type	Required
id	string	optional
name	string	optional
system	boolean	optional
consent	string	optional
default	boolean	optional
description	string	optional
displayName	string	optional
metadataPublish	string	optional

Responses

200

Success

201

Success

POST /api/v1/authorizationServers/{authServerId}/scopes

Brand 5 endpoints

POST /api/v1/brands/{brandId}/templates/email/{templateName}/customizations Create Email Template Customization

Create an email customization

operationId: Brand_createEmailTemplateCustomization

Parameters

Name	In	Required	Type	Description
brandId	path	required	string	—
templateName	path	required	string	—

Request Body

application/json

schema EmailTemplateCustomizationRequest

Responses

200

Success

409

Conflict

POST /api/v1/brands/{brandId}/templates/email/{templateName}/customizations

POST /api/v1/brands/{brandId}/templates/email/{templateName}/test Get Preview of Email Template Default Content

Send a test email to the current users primary and secondary email addresses. The email content is selected based on the following priority: An email customization specifically for the users locale. The default language of email customizations. The email templates default content.

operationId: Brand_getEmailTemplateDefaultContentPreview

Parameters

Name	In	Required	Type	Description
brandId	path	required	string	—
templateName	path	required	string	—

Request Body

required

application/json

schema EmailTemplateTestRequest

Responses

204

No Content

POST /api/v1/brands/{brandId}/templates/email/{templateName}/test

POST /api/v1/brands/{brandId}/themes/{themeId}/background-image Updates the background image for your Theme

Updates the background image for your Theme

operationId: Brand_updateThemeBackgroundImage

Parameters

Name	In	Required	Type	Description
brandId	path	required	string	—
themeId	path	required	string	—

Request Body

multipart/form-data

schema ApplicationUpdateLogoRequest

Property	Type	Required
file	string	required

Responses

201

Created

400

Bad Request

404

Not Found

POST /api/v1/brands/{brandId}/themes/{themeId}/background-image

POST /api/v1/brands/{brandId}/themes/{themeId}/favicon Updates the favicon for your theme

Updates the favicon for your theme

operationId: Brand_updateThemeFavicon

Parameters

Name	In	Required	Type	Description
brandId	path	required	string	—
themeId	path	required	string	—

Request Body

multipart/form-data

schema ApplicationUpdateLogoRequest

Property	Type	Required
file	string	required

Responses

201

Created

400

Bad Request

404

Not Found

POST /api/v1/brands/{brandId}/themes/{themeId}/favicon

POST /api/v1/brands/{brandId}/themes/{themeId}/logo Update a themes logo

Updates the logo for your Theme

operationId: Brand_updateThemeLogo

Parameters

Name	In	Required	Type	Description
brandId	path	required	string	—
themeId	path	required	string	—

Request Body

multipart/form-data

schema ApplicationUpdateLogoRequest

Property	Type	Required
file	string	required

Responses

200

Success

400

Bad Request

404

Not Found

POST /api/v1/brands/{brandId}/themes/{themeId}/logo

Domain 2 endpoints

POST /api/v1/domains Create Domain

Creates your domain.

operationId: Domain_createNewDomain

Request Body

required

application/json

schema Domain

Property	Type	Required
id	string	optional
domain	string	optional
dnsRecords	array	optional
└ fqdn	string	optional
└ values	array	optional
└ expiration	string	optional
└ recordType	string	optional
validationStatus	string	optional
publicCertificate	object	optional
└ subject	string	optional
└ expiration	string	optional
└ fingerprint	string	optional
certificateSourceType	string	optional

Responses

200

Success

POST /api/v1/domains

POST /api/v1/domains/{domainId}/verify Verify Domain

Verifies the Domain by id.

operationId: Domain_verifyById

Parameters

Name	In	Required	Type	Description
domainId	path	required	string	—

Responses

200

Success

POST /api/v1/domains/{domainId}/verify

Eventhook 4 endpoints

POST /api/v1/eventHooks

Success

operationId: EventHook_createSuccess

Request Body

application/json

schema EventHook

Property	Type	Required
id	string	optional
name	string	optional
_links	object	optional
events	object	optional
└ type	string	optional
└ items	array	optional
status	string	optional
channel	object	optional
└ type	string	optional
└ config	object	optional
└ uri	string	optional
└ headers	array	optional
└ key	string	optional
└ value	string	optional
└ authScheme	object	optional
└ key	string	optional
└ type	string	optional
└ value	string	optional
└ version	string	optional
created	string	optional
createdBy	string	optional
lastUpdated	string	optional
verificationStatus	string	optional

Responses

200

Success

POST /api/v1/eventHooks

POST /api/v1/eventHooks/{eventHookId}/lifecycle/activate

Success

operationId: EventHook_activateLifecycleSuccess

Parameters

Name	In	Required	Type	Description
eventHookId	path	required	string	—

Responses

200

Success

POST /api/v1/eventHooks/{eventHookId}/lifecycle/activate

POST /api/v1/eventHooks/{eventHookId}/lifecycle/deactivate

Success

operationId: EventHook_deactivateLifecycleEvent

Parameters

Name	In	Required	Type	Description
eventHookId	path	required	string	—

Responses

200

Success

POST /api/v1/eventHooks/{eventHookId}/lifecycle/deactivate

POST /api/v1/eventHooks/{eventHookId}/lifecycle/verify

Success

operationId: EventHook_verifyLifecycleSuccess

Parameters

Name	In	Required	Type	Description
eventHookId	path	required	string	—

Responses

200

Success

POST /api/v1/eventHooks/{eventHookId}/lifecycle/verify

Feature 1 endpoints

POST /api/v1/features/{featureId}/{lifecycle}

Success

operationId: Feature_createLifecycleSuccess

Parameters

Name	In	Required	Type	Description
featureId	path	required	string	—
lifecycle	path	required	string	—
mode	query	optional	string	—

Responses

200

Success

POST /api/v1/features/{featureId}/{lifecycle}

Group 5 endpoints

POST /api/v1/groups Add Group

Adds a new group with OKTA_GROUP type to your organization.

operationId: Group_createNewGroup

Request Body

application/json

schema Group

Property	Type	Required
id	string	optional
type	string	optional
_links	object	optional
created	string	optional
profile	object	optional
└ name	string	optional
└ description	string	optional
_embedded	object	optional
lastUpdated	string	optional
objectClass	array	optional
lastMembershipUpdated	string	optional

Responses

200

Success

POST /api/v1/groups

POST /api/v1/groups/rules Create Group Rule

Creates a group rule to dynamically add users to the specified group if they match the condition

operationId: Group_addRule

Request Body

application/json

schema GroupRule

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
status	string	optional
actions	object	optional
└ assignUserToGroups	object	optional
└ groupIds	array	optional
created	string	optional
conditions	object	optional
└ people	object	optional
└ users	object	optional
└ exclude	array	optional
└ include	array	optional
└ groups	object	optional
└ exclude	array	optional
└ include	array	optional
└ expression	object	optional
└ type	string	optional
└ value	string	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/groups/rules

POST /api/v1/groups/rules/{ruleId}/lifecycle/activate Activate a group Rule

Activates a specific group rule by id from your organization

operationId: Group_activateRuleLifecycle

Parameters

Name	In	Required	Type	Description
ruleId	path	required	string	—

Responses

204

No Content

POST /api/v1/groups/rules/{ruleId}/lifecycle/activate

POST /api/v1/groups/rules/{ruleId}/lifecycle/deactivate Deactivate a group Rule

Deactivates a specific group rule by id from your organization

operationId: Group_deactivateRuleLifecycle

Parameters

Name	In	Required	Type	Description
ruleId	path	required	string	—

Responses

204

No Content

POST /api/v1/groups/rules/{ruleId}/lifecycle/deactivate

POST /api/v1/groups/{groupId}/roles

Assigns a Role to a Group

operationId: Group_assignRoleToGroup

Parameters

Name	In	Required	Type	Description
groupId	path	required	string	—
disableNotifications	query	optional	boolean	—

Request Body

application/json

schema AssignRoleRequest

Responses

200

Success

201

Success

POST /api/v1/groups/{groupId}/roles

Groupschema 1 endpoints

POST /api/v1/meta/schemas/group/default Updates, adds ore removes one or more custom Group Profile properties in the schema

Updates, adds ore removes one or more custom Group Profile properties in the schema

operationId: GroupSchema_updateCustomProperties

Request Body

application/json

schema GroupSchema

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
title	string	optional
_links	object	optional
$schema	string	optional
created	string	optional
properties	object	optional
└ profile	object	optional
└ allOf	array	optional
definitions	object	optional
└ base	object	optional
└ id	string	optional
└ type	string	optional
└ required	array	optional
└ properties	object	optional
└ name	object	optional
└ description	object	optional
└ custom	object	optional
└ id	string	optional
└ type	string	optional
└ required	array	optional
└ properties	object	optional
description	string	optional
lastUpdated	string	optional

Responses

200

successful operation

POST /api/v1/meta/schemas/group/default

Identityprovider 9 endpoints

POST /api/v1/idps Add Identity Provider

Adds a new IdP to your organization.

operationId: IdentityProvider_addNewIdp

Request Body

application/json

schema IdentityProvider

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
_links	object	optional
policy	object	optional
└ subject	object	optional
└ filter	string	optional
└ format	array	optional
└ matchType	string	optional
└ matchAttribute	string	optional
└ userNameTemplate	object	optional
└ template	string	optional
└ accountLink	object	optional
└ action	string	optional
└ filter	object	optional
└ groups	object	optional
└ maxClockSkew	integer	optional
└ provisioning	object	optional
└ action	string	optional
└ groups	object	optional
└ action	string	optional
└ filter	array	optional
└ assignments	array	optional
└ sourceAttributeName	string	optional
└ conditions	object	optional
└ suspended	object	optional
└ deprovisioned	object	optional
└ profileMaster	boolean	optional
status	string	optional
created	string	optional
protocol	object	optional
└ type	string	optional
└ issuer	object	optional
└ url	string	optional
└ type	string	optional
└ binding	string	optional
└ destination	string	optional
└ scopes	array	optional
└ settings	object	optional
└ nameFormat	string	optional
└ endpoints	object	optional
└ acs	object	optional
└ url	string	optional
└ type	string	optional
└ binding	string	optional
└ destination	string	optional
└ slo	object	optional
└ url	string	optional
└ type	string	optional
└ binding	string	optional
└ destination	string	optional
└ sso	object	optional
└ url	string	optional
└ type	string	optional
└ binding	string	optional
└ destination	string	optional
└ jwks	object	optional
└ url	string	optional
└ type	string	optional
└ binding	string	optional
└ destination	string	optional
└ token	object	optional
└ url	string	optional
└ type	string	optional
└ binding	string	optional
└ destination	string	optional
└ metadata	object	optional
└ url	string	optional
└ type	string	optional
└ binding	string	optional
└ destination	string	optional
└ userInfo	object	optional
└ url	string	optional
└ type	string	optional
└ binding	string	optional
└ destination	string	optional
└ authorization	object	optional
└ url	string	optional
└ type	string	optional
└ binding	string	optional
└ destination	string	optional
└ algorithms	object	optional
└ request	object	optional
└ signature	object	optional
└ response	object	optional
└ signature	object	optional
└ relayState	object	optional
└ format	string	optional
└ credentials	object	optional
└ trust	object	optional
└ kid	string	optional
└ issuer	string	optional
└ audience	string	optional
└ revocation	string	optional
└ revocationCacheLifetime	integer	optional
└ client	object	optional
└ client_id	string	optional
└ client_secret	string	optional
└ signing	object	optional
└ kid	string	optional
└ teamId	string	optional
└ privateKey	string	optional
issuerMode	string	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/idps

POST /api/v1/idps/credentials/keys Add X.509 Certificate Public Key

Adds a new X.509 certificate credential to the IdP key store.

operationId: IdentityProvider_addX509CertificatePublicKey

Request Body

required

application/json

schema JsonWebKey

Property	Type	Required
e	string	optional
n	string	optional
alg	string	optional
kid	string	optional
kty	string	optional
use	string	optional
x5c	array	optional
x5t	string	optional
x5u	string	optional
_links	object	optional
status	string	optional
created	string	optional
key_ops	array	optional
x5t#S256	string	optional
expiresAt	string	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/idps/credentials/keys

POST /api/v1/idps/{idpId}/credentials/csrs Generate Certificate Signing Request for IdP

Generates a new key pair and returns a Certificate Signing Request for it.

operationId: IdentityProvider_generateCsr

Parameters

Name	In	Required	Type	Description
idpId	path	required	string	—

Request Body

application/json

schema CsrMetadata

Responses

201

Created

POST /api/v1/idps/{idpId}/credentials/csrs

POST /api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish

Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.

operationId: IdentityProvider_updateCsrLifecyclePublish

Parameters

Name	In	Required	Type	Description
idpId	path	required	string	—
csrId	path	required	string	—

Responses

201

Created

POST /api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish

POST /api/v1/idps/{idpId}/credentials/keys/generate Generate New IdP Signing Key Credential

Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP

operationId: IdentityProvider_generateNewSigningKeyCredential

Parameters

Name	In	Required	Type	Description
idpId	path	required	string	—
validityYears	query	required	integer	expiry of the IdP Key Credential

Responses

200

Success

POST /api/v1/idps/{idpId}/credentials/keys/generate

POST /api/v1/idps/{idpId}/credentials/keys/{keyId}/clone Clone Signing Key Credential for IdP

Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP

operationId: IdentityProvider_cloneSigningKeyCredential

Parameters

Name	In	Required	Type	Description
idpId	path	required	string	—
keyId	path	required	string	—
targetIdpId	query	required	string	—

Responses

201

Created

POST /api/v1/idps/{idpId}/credentials/keys/{keyId}/clone

POST /api/v1/idps/{idpId}/lifecycle/activate Activate Identity Provider

Activates an inactive IdP.

operationId: IdentityProvider_activateIdpLifecycle

Parameters

Name	In	Required	Type	Description
idpId	path	required	string	—

Responses

200

Success

POST /api/v1/idps/{idpId}/lifecycle/activate

POST /api/v1/idps/{idpId}/lifecycle/deactivate Deactivate Identity Provider

Deactivates an active IdP.

operationId: IdentityProvider_deactivateIdp

Parameters

Name	In	Required	Type	Description
idpId	path	required	string	—

Responses

200

Success

POST /api/v1/idps/{idpId}/lifecycle/deactivate

POST /api/v1/idps/{idpId}/users/{userId} Link a user to a Social IdP without a transaction

Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type

operationId: IdentityProvider_linkUserToIdpWithoutTransaction

Parameters

Name	In	Required	Type	Description
idpId	path	required	string	—
userId	path	required	string	—

Request Body

required

application/json

schema UserIdentityProviderLinkRequest

Property	Type	Required
externalId	string	optional

Responses

200

Success

POST /api/v1/idps/{idpId}/users/{userId}

Inlinehook 4 endpoints

POST /api/v1/inlineHooks

Success

operationId: InlineHook_createSuccess

Request Body

application/json

schema InlineHook

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
_links	object	optional
status	string	optional
channel	object	optional
└ type	string	optional
└ config	object	optional
└ uri	string	optional
└ method	string	optional
└ headers	array	optional
└ key	string	optional
└ value	string	optional
└ authScheme	object	optional
└ key	string	optional
└ type	string	optional
└ value	string	optional
└ version	string	optional
created	string	optional
version	string	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/inlineHooks

POST /api/v1/inlineHooks/{inlineHookId}/execute

Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.

operationId: InlineHook_executeWithInput

Parameters

Name	In	Required	Type	Description
inlineHookId	path	required	string	—

Request Body

required

application/json

schema InlineHookPayload

Responses

200

Success

POST /api/v1/inlineHooks/{inlineHookId}/execute

POST /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate

Activates the Inline Hook matching the provided id

operationId: InlineHook_activateLifecycle

Parameters

Name	In	Required	Type	Description
inlineHookId	path	required	string	—

Responses

200

Success

POST /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate

POST /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate

Deactivates the Inline Hook matching the provided id

operationId: InlineHook_deactivateLifecycle

Parameters

Name	In	Required	Type	Description
inlineHookId	path	required	string	—

Responses

200

Success

POST /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate

Linkedobject 1 endpoints

POST /api/v1/meta/schemas/user/linkedObjects

Success

operationId: LinkedObject_createLinkedObject

Request Body

required

application/json

schema LinkedObject

Property	Type	Required
_links	object	optional
primary	object	optional
└ name	string	optional
└ type	string	optional
└ title	string	optional
└ description	string	optional
associated	object	optional
└ name	string	optional
└ type	string	optional
└ title	string	optional
└ description	string	optional

Responses

201

Created

POST /api/v1/meta/schemas/user/linkedObjects

Networkzone 3 endpoints

POST /api/v1/zones Add Network Zone

Adds a new network zone to your Okta organization.

operationId: NetworkZone_createNew

Request Body

application/json

schema NetworkZone

Property	Type	Required
id	string	optional
asns	array	optional
name	string	optional
type	string	optional
usage	string	optional
_links	object	optional
status	string	optional
system	boolean	optional
created	string	optional
proxies	array	optional
└ type	string	optional
└ value	string	optional
gateways	array	optional
└ type	string	optional
└ value	string	optional
locations	array	optional
└ region	string	optional
└ country	string	optional
proxyType	string	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/zones

POST /api/v1/zones/{zoneId}/lifecycle/activate Activate Network Zone

Activate Network Zone

operationId: NetworkZone_activateLifecycle

Parameters

Name	In	Required	Type	Description
zoneId	path	required	string	—

Responses

200

Success

POST /api/v1/zones/{zoneId}/lifecycle/activate

POST /api/v1/zones/{zoneId}/lifecycle/deactivate Deactivate Network Zone

Deactivates a network zone.

operationId: NetworkZone_deactivateZoneLifecycle

Parameters

Name	In	Required	Type	Description
zoneId	path	required	string	—

Responses

200

Success

POST /api/v1/zones/{zoneId}/lifecycle/deactivate

Org 9 endpoints

POST /api/v1/org Partial update Org setting

Partial update settings of your organization.

operationId: Org_updateSettings

Request Body

application/json

schema OrgSetting

Property	Type	Required
id	string	optional
city	string	optional
state	string	optional
_links	object	optional
status	string	optional
country	string	optional
created	string	optional
website	string	optional
address1	string	optional
address2	string	optional
expiresAt	string	optional
subdomain	string	optional
postalCode	string	optional
companyName	string	optional
lastUpdated	string	optional
phoneNumber	string	optional
supportPhoneNumber	string	optional
endUserSupportHelpURL	string	optional

Responses

200

Success

POST /api/v1/org

POST /api/v1/org/logo Update org logo

Updates the logo for your organization.

operationId: Org_updateOrganizationLogo

Request Body

multipart/form-data

schema ApplicationUpdateLogoRequest

Property	Type	Required
file	string	required

Responses

201

Created

POST /api/v1/org/logo

POST /api/v1/org/preferences/hideEndUserFooter Show Okta UI Footer

Hide the Okta UI footer for all end users of your organization.

operationId: Org_hideEndUserFooter

Responses

200

Success

POST /api/v1/org/preferences/hideEndUserFooter

POST /api/v1/org/preferences/showEndUserFooter Show Okta UI Footer

Makes the Okta UI footer visible for all end users of your organization.

operationId: Org_makeOktaUiFooterVisible

Responses

200

Success

POST /api/v1/org/preferences/showEndUserFooter

POST /api/v1/org/privacy/oktaCommunication/optIn Opt in all users to Okta Communication emails

Opts in all users of this org to Okta Communication emails.

operationId: Org_optInOktaCommunicationEmails

Responses

200

Success

POST /api/v1/org/privacy/oktaCommunication/optIn

POST /api/v1/org/privacy/oktaCommunication/optOut Opt out all users from Okta Communication emails

Opts out all users of this org from Okta Communication emails.

operationId: Org_optOutOktaCommunicationEmails

Responses

200

Success

POST /api/v1/org/privacy/oktaCommunication/optOut

POST /api/v1/org/privacy/oktaSupport/extend Extend Okta Support

Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.

operationId: Org_extendOktaSupport

Responses

200

Success

POST /api/v1/org/privacy/oktaSupport/extend

POST /api/v1/org/privacy/oktaSupport/grant Grant Okta Support

Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours.

operationId: Org_grantOktaSupportAccess

Responses

200

Success

POST /api/v1/org/privacy/oktaSupport/grant

POST /api/v1/org/privacy/oktaSupport/revoke Extend Okta Support

Revokes Okta Support access to your organization.

operationId: Org_extendOktaSupport

Responses

200

Success

POST /api/v1/org/privacy/oktaSupport/revoke

Policy 6 endpoints

POST /api/v1/policies

Creates a policy.

operationId: Policy_createNewPolicy

Parameters

Name	In	Required	Type	Description
activate	query	optional	boolean	—

Request Body

application/json

schema Policy

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
_links	object	optional
status	string	optional
system	boolean	optional
created	string	optional
priority	integer	optional
_embedded	object	optional
conditions	object	optional
└ app	object	optional
└ exclude	array	optional
└ id	string	optional
└ name	string	optional
└ type	string	optional
└ include	array	optional
└ id	string	optional
└ name	string	optional
└ type	string	optional
└ apps	object	optional
└ exclude	array	optional
└ include	array	optional
└ risk	object	optional
└ behaviors	array	optional
└ users	object	optional
└ exclude	array	optional
└ include	array	optional
└ inactivity	object	optional
└ unit	string	optional
└ number	integer	optional
└ passwordExpiration	object	optional
└ unit	string	optional
└ number	integer	optional
└ lifecycleExpiration	object	optional
└ unit	string	optional
└ number	integer	optional
└ lifecycleStatus	string	optional
└ userLifecycleAttribute	object	optional
└ attributeName	string	optional
└ matchingValue	string	optional
└ device	object	optional
└ rooted	boolean	optional
└ migrated	boolean	optional
└ platform	object	optional
└ types	array	optional
└ supportedMDMFrameworks	array	optional
└ trustLevel	string	optional
└ groups	object	optional
└ exclude	array	optional
└ include	array	optional
└ people	object	optional
└ users	object	optional
└ exclude	array	optional
└ include	array	optional
└ groups	object	optional
└ exclude	array	optional
└ include	array	optional
└ scopes	object	optional
└ include	array	optional
└ clients	object	optional
└ include	array	optional
└ context	object	optional
└ expression	string	optional
└ network	object	optional
└ exclude	array	optional
└ include	array	optional
└ connection	string	optional
└ platform	object	optional
└ exclude	array	optional
└ os	object	optional
└ type	string	optional
└ include	array	optional
└ os	object	optional
└ type	string	optional
└ riskScore	object	optional
└ level	string	optional
└ grantTypes	object	optional
└ include	array	optional
└ userStatus	object	optional
└ value	string	optional
└ authContext	object	optional
└ authType	string	optional
└ authProvider	object	optional
└ include	array	optional
└ provider	string	optional
└ mdmEnrollment	object	optional
└ enrollment	string	optional
└ blockNonSafeAndroid	boolean	optional
└ userIdentifier	object	optional
└ type	string	optional
└ patterns	array	optional
└ value	string	optional
└ matchType	string	optional
└ attribute	string	optional
└ identityProvider	object	optional
└ idpIds	array	optional
└ provider	string	optional
└ …1 more	object	optional
description	string	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/policies

POST /api/v1/policies/{policyId}/lifecycle/activate

Activates a policy.

operationId: Policy_activateLifecycle

Parameters

Name	In	Required	Type	Description
policyId	path	required	string	—

Responses

204

No Content

POST /api/v1/policies/{policyId}/lifecycle/activate

POST /api/v1/policies/{policyId}/lifecycle/deactivate

Deactivates a policy.

operationId: Policy_deactivateLifecycle

Parameters

Name	In	Required	Type	Description
policyId	path	required	string	—

Responses

204

No Content

POST /api/v1/policies/{policyId}/lifecycle/deactivate

POST /api/v1/policies/{policyId}/rules

Creates a policy rule.

operationId: Policy_createRule

Parameters

Name	In	Required	Type	Description
policyId	path	required	string	—

Request Body

application/json

schema PolicyRule

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
status	string	optional
system	boolean	optional
actions	object	optional
└ idp	object	optional
└ providers	array	optional
└ id	string	optional
└ type	string	optional
└ enroll	object	optional
└ self	string	optional
└ signon	object	optional
└ access	string	optional
└ session	object	optional
└ usePersistentCookie	boolean	optional
└ maxSessionIdleMinutes	integer	optional
└ maxSessionLifetimeMinutes	integer	optional
└ requireFactor	boolean	optional
└ factorLifetime	integer	optional
└ factorPromptMode	string	optional
└ rememberDeviceByDefault	boolean	optional
└ passwordChange	object	optional
└ access	string	optional
└ selfServiceUnlock	object	optional
└ access	string	optional
└ selfServicePasswordReset	object	optional
└ access	string	optional
created	string	optional
priority	integer	optional
conditions	object	optional
└ app	object	optional
└ exclude	array	optional
└ id	string	optional
└ name	string	optional
└ type	string	optional
└ include	array	optional
└ id	string	optional
└ name	string	optional
└ type	string	optional
└ apps	object	optional
└ exclude	array	optional
└ include	array	optional
└ risk	object	optional
└ behaviors	array	optional
└ users	object	optional
└ exclude	array	optional
└ include	array	optional
└ inactivity	object	optional
└ unit	string	optional
└ number	integer	optional
└ passwordExpiration	object	optional
└ unit	string	optional
└ number	integer	optional
└ lifecycleExpiration	object	optional
└ unit	string	optional
└ number	integer	optional
└ lifecycleStatus	string	optional
└ userLifecycleAttribute	object	optional
└ attributeName	string	optional
└ matchingValue	string	optional
└ device	object	optional
└ rooted	boolean	optional
└ migrated	boolean	optional
└ platform	object	optional
└ types	array	optional
└ supportedMDMFrameworks	array	optional
└ trustLevel	string	optional
└ groups	object	optional
└ exclude	array	optional
└ include	array	optional
└ people	object	optional
└ users	object	optional
└ exclude	array	optional
└ include	array	optional
└ groups	object	optional
└ exclude	array	optional
└ include	array	optional
└ scopes	object	optional
└ include	array	optional
└ clients	object	optional
└ include	array	optional
└ context	object	optional
└ expression	string	optional
└ network	object	optional
└ exclude	array	optional
└ include	array	optional
└ connection	string	optional
└ platform	object	optional
└ exclude	array	optional
└ os	object	optional
└ type	string	optional
└ include	array	optional
└ os	object	optional
└ type	string	optional
└ riskScore	object	optional
└ level	string	optional
└ grantTypes	object	optional
└ include	array	optional
└ userStatus	object	optional
└ value	string	optional
└ authContext	object	optional
└ authType	string	optional
└ authProvider	object	optional
└ include	array	optional
└ provider	string	optional
└ mdmEnrollment	object	optional
└ enrollment	string	optional
└ blockNonSafeAndroid	boolean	optional
└ userIdentifier	object	optional
└ type	string	optional
└ patterns	array	optional
└ value	string	optional
└ matchType	string	optional
└ attribute	string	optional
└ identityProvider	object	optional
└ idpIds	array	optional
└ provider	string	optional
└ …1 more	object	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/policies/{policyId}/rules

POST /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate

Activates a policy rule.

operationId: Policy_activateRuleLifecycle

Parameters

Name	In	Required	Type	Description
policyId	path	required	string	—
ruleId	path	required	string	—

Responses

200

Success

POST /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate

POST /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate

Deactivates a policy rule.

operationId: Policy_deactivateRuleLifecycle

Parameters

Name	In	Required	Type	Description
policyId	path	required	string	—
ruleId	path	required	string	—

Responses

204

No Content

POST /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate

Profilemapping 1 endpoints

POST /api/v1/mappings/{mappingId} Update Profile Mapping

Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.

operationId: ProfileMapping_updatePropertyMappings

Parameters

Name	In	Required	Type	Description
mappingId	path	required	string	—

Request Body

required

application/json

schema ProfileMapping

Property	Type	Required
id	string	optional
_links	object	optional
source	object	optional
└ id	string	optional
└ name	string	optional
└ type	string	optional
└ _links	object	optional
target	object	optional
└ id	string	optional
└ name	string	optional
└ type	string	optional
└ _links	object	optional
properties	object	optional

Responses

200

Success

POST /api/v1/mappings/{mappingId}

Session 2 endpoints

POST /api/v1/sessions Create Session with Session Token

Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL.

operationId: Session_createSessionWithToken

Request Body

required

application/json

schema CreateSessionRequest

Property	Type	Required
sessionToken	string	optional

Responses

200

Success

400

Bad Request

POST /api/v1/sessions

POST /api/v1/sessions/{sessionId}/lifecycle/refresh Refresh Session

operationId: Session_refreshLifecycle

Parameters

Name	In	Required	Type	Description
sessionId	path	required	string	—

Responses

200

Success

404

Not Found

POST /api/v1/sessions/{sessionId}/lifecycle/refresh

Subscription 4 endpoints

POST /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe Subscribe a Custom Role to a specific notification type

When roleType Subscribes a Role to a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Subscribes a Custom Role to a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.

operationId: Subscription_roleNotificationSubscribe

Parameters

Name	In	Required	Type	Description
roleTypeOrRoleId	path	required	string	—
notificationType	path	required	string	—

Responses

200

Success

404

Not Found

POST /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe

POST /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe Unsubscribe a Custom Role from a specific notification type

When roleType Unsubscribes a Role from a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Unsubscribes a Custom Role from a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.

operationId: Subscription_customRoleNotificationUnsubscribe

Parameters

Name	In	Required	Type	Description
roleTypeOrRoleId	path	required	string	—
notificationType	path	required	string	—

Responses

200

Success

404

Not Found

POST /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe

POST /api/v1/users/{userId}/subscriptions/{notificationType}/subscribe Subscribe to a specific notification type

Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.

operationId: Subscription_userNotificationSubscribe

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
notificationType	path	required	string	—

Responses

200

Success

404

Not Found

POST /api/v1/users/{userId}/subscriptions/{notificationType}/subscribe

POST /api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe Unsubscribe from a specific notification type

Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.

operationId: Subscription_unsubscribeUserSubscriptionByNotificationType

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
notificationType	path	required	string	—

Responses

200

Success

404

Not Found

POST /api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe

Template 2 endpoints

POST /api/v1/templates/sms Add SMS Template

Adds a new custom SMS template to your organization.

operationId: Template_addNewCustomSms

Request Body

application/json

schema SmsTemplate

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
created	string	optional
template	string	optional
lastUpdated	string	optional
translations	object	optional

Responses

200

Success

POST /api/v1/templates/sms

POST /api/v1/templates/sms/{templateId} Partial SMS Template Update

Updates only some of the SMS template properties:

operationId: Template_partialSmsUpdate

Parameters

Name	In	Required	Type	Description
templateId	path	required	string	—

Request Body

application/json

schema SmsTemplate

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
created	string	optional
template	string	optional
lastUpdated	string	optional
translations	object	optional

Responses

200

Success

POST /api/v1/templates/sms/{templateId}

Trustedorigin 3 endpoints

POST /api/v1/trustedOrigins

Success

operationId: TrustedOrigin_createSuccess

Request Body

application/json

schema TrustedOrigin

Property	Type	Required
id	string	optional
name	string	optional
_links	object	optional
origin	string	optional
scopes	array	optional
└ type	string	optional
└ stringValue	string	optional
└ allowedOktaApps	array	optional
status	string	optional
created	string	optional
createdBy	string	optional
lastUpdated	string	optional
lastUpdatedBy	string	optional

Responses

200

Success

POST /api/v1/trustedOrigins

POST /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate

Success

operationId: TrustedOrigin_activateLifecycleSuccess

Parameters

Name	In	Required	Type	Description
trustedOriginId	path	required	string	—

Responses

200

Success

POST /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate

POST /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate

Success

operationId: TrustedOrigin_deactivateLifecycleSuccess

Parameters

Name	In	Required	Type	Description
trustedOriginId	path	required	string	—

Responses

200

Success

POST /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate

User 16 endpoints

POST /api/v1/users Create User

Creates a new user in your Okta organization with or without credentials.

operationId: User_createNewUser

Parameters

Name	In	Required	Type	Description
activate	query	optional	boolean	Executes activation lifecycle operation when creating the user
provider	query	optional	boolean	Indicates whether to create a user with a specified authentication provider
nextLogin	query	optional	string	With activate=true, set nextLogin to “changePassword” to have the password be EXPIRED, so user must change it the next time they log in.

Request Body

required

application/json

schema CreateUserRequest

Property	Type	Required
type	object	optional
└ id	string	optional
└ name	string	optional
└ _links	object	optional
└ created	string	optional
└ default	boolean	optional
└ createdBy	string	optional
└ description	string	optional
└ displayName	string	optional
└ lastUpdated	string	optional
└ lastUpdatedBy	string	optional
profile	object	optional
└ city	string	optional
└ email	string	optional
└ login	string	optional
└ state	string	optional
└ title	string	optional
└ locale	string	optional
└ manager	string	optional
└ zipCode	string	optional
└ division	string	optional
└ lastName	string	optional
└ nickName	string	optional
└ timezone	string	optional
└ userType	string	optional
└ firstName	string	optional
└ managerId	string	optional
└ costCenter	string	optional
└ department	string	optional
└ middleName	string	optional
└ profileUrl	string	optional
└ countryCode	string	optional
└ …11 more	object	optional
groupIds	array	optional
credentials	object	optional
└ password	object	optional
└ hash	object	optional
└ salt	string	optional
└ value	string	optional
└ algorithm	string	optional
└ saltOrder	string	optional
└ workFactor	integer	optional
└ hook	object	optional
└ type	string	optional
└ value	string	optional
└ provider	object	optional
└ name	string	optional
└ type	string	optional
└ recovery_question	object	optional
└ answer	string	optional
└ question	string	optional

Responses

200

Success

POST /api/v1/users

POST /api/v1/users/{userId}

Update a user’s profile or credentials with partial update semantics.

operationId: User_updateProfile

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
strict	query	optional	boolean	—

Request Body

application/json

schema User

Property	Type	Required
id	string	optional
type	object	optional
└ id	string	optional
└ name	string	optional
└ _links	object	optional
└ created	string	optional
└ default	boolean	optional
└ createdBy	string	optional
└ description	string	optional
└ displayName	string	optional
└ lastUpdated	string	optional
└ lastUpdatedBy	string	optional
_links	object	optional
status	string	optional
created	string	optional
profile	object	optional
└ city	string	optional
└ email	string	optional
└ login	string	optional
└ state	string	optional
└ title	string	optional
└ locale	string	optional
└ manager	string	optional
└ zipCode	string	optional
└ division	string	optional
└ lastName	string	optional
└ nickName	string	optional
└ timezone	string	optional
└ userType	string	optional
└ firstName	string	optional
└ managerId	string	optional
└ costCenter	string	optional
└ department	string	optional
└ middleName	string	optional
└ profileUrl	string	optional
└ countryCode	string	optional
└ …11 more	object	optional
_embedded	object	optional
activated	string	optional
lastLogin	string	optional
credentials	object	optional
└ password	object	optional
└ hash	object	optional
└ salt	string	optional
└ value	string	optional
└ algorithm	string	optional
└ saltOrder	string	optional
└ workFactor	integer	optional
└ hook	object	optional
└ type	string	optional
└ value	string	optional
└ provider	object	optional
└ name	string	optional
└ type	string	optional
└ recovery_question	object	optional
└ answer	string	optional
└ question	string	optional
lastUpdated	string	optional
statusChanged	string	optional
passwordChanged	string	optional
transitioningToStatus	string	optional

Responses

200

Success

POST /api/v1/users/{userId}

POST /api/v1/users/{userId}/credentials/change_password Change Password

Changes a user’s password by validating the user’s current password. This operation can only be performed on users in STAGED, ACTIVE, PASSWORD_EXPIRED, or RECOVERY status that have a valid password credential

operationId: User_changePasswordValidation

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
strict	query	optional	boolean	—

Request Body

required

application/json

schema ChangePasswordRequest

Property	Type	Required
newPassword	object	optional
└ hash	object	optional
└ salt	string	optional
└ value	string	optional
└ algorithm	string	optional
└ saltOrder	string	optional
└ workFactor	integer	optional
└ hook	object	optional
└ type	string	optional
└ value	string	optional
oldPassword	object	optional
└ hash	object	optional
└ salt	string	optional
└ value	string	optional
└ algorithm	string	optional
└ saltOrder	string	optional
└ workFactor	integer	optional
└ hook	object	optional
└ type	string	optional
└ value	string	optional

Responses

200

Success

POST /api/v1/users/{userId}/credentials/change_password

POST /api/v1/users/{userId}/credentials/change_recovery_question Change Recovery Question

Changes a user’s recovery question & answer credential by validating the user’s current password. This operation can only be performed on users in STAGED, ACTIVE or RECOVERY status that have a valid password credential

operationId: User_updateRecoveryQuestion

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Request Body

required

application/json

schema UserCredentials

Property	Type	Required
password	object	optional
└ hash	object	optional
└ salt	string	optional
└ value	string	optional
└ algorithm	string	optional
└ saltOrder	string	optional
└ workFactor	integer	optional
└ hook	object	optional
└ type	string	optional
└ value	string	optional
provider	object	optional
└ name	string	optional
└ type	string	optional
recovery_question	object	optional
└ answer	string	optional
└ question	string	optional

Responses

200

Success

POST /api/v1/users/{userId}/credentials/change_recovery_question

POST /api/v1/users/{userId}/credentials/forgot_password Forgot Password

operationId: User_forgotPassword

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

POST /api/v1/users/{userId}/credentials/forgot_password

POST /api/v1/users/{userId}/lifecycle/activate Activate User

Activates a user. This operation can only be performed on users with a STAGED status. Activation of a user is an asynchronous operation. The user will have the transitioningToStatus property with a value of ACTIVE during activation to indicate that the user hasn’t completed the asynchronous operation. The user will have a status of ACTIVE when the activation process is complete.

operationId: User_activateLifecycle

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
sendEmail	query	required	boolean	Sends an activation email to the user if true

Responses

200

Success

POST /api/v1/users/{userId}/lifecycle/activate

POST /api/v1/users/{userId}/lifecycle/deactivate Deactivate User

Deactivates a user. This operation can only be performed on users that do not have a DEPROVISIONED status. While the asynchronous operation (triggered by HTTP header Prefer: respond-async) is proceeding the user’s transitioningToStatus property is DEPROVISIONED. The user’s status is DEPROVISIONED when the deactivation process is complete.

operationId: User_deactivateLifecycle

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
sendEmail	query	optional	boolean	—

Responses

200

POST /api/v1/users/{userId}/lifecycle/deactivate

POST /api/v1/users/{userId}/lifecycle/expire_password?tempPassword=false Expire Password

This operation transitions the user to the status of PASSWORD_EXPIRED so that the user is required to change their password at their next login.

operationId: User_expirePasswordAndGetTemporaryPassword

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

POST /api/v1/users/{userId}/lifecycle/expire_password?tempPassword=false

POST /api/v1/users/{userId}/lifecycle/expire_password?tempPassword=true Expire Password

This operation transitions the user to the status of PASSWORD_EXPIRED and the user’s password is reset to a temporary password that is returned.

operationId: User_expirePasswordAndTemporaryPassword

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

POST /api/v1/users/{userId}/lifecycle/expire_password?tempPassword=true

POST /api/v1/users/{userId}/lifecycle/reactivate Reactivate User

Reactivates a user. This operation can only be performed on users with a PROVISIONED status. This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from Activate User.

operationId: User_reactivateUser

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
sendEmail	query	optional	boolean	Sends an activation email to the user if true

Responses

200

Success

POST /api/v1/users/{userId}/lifecycle/reactivate

POST /api/v1/users/{userId}/lifecycle/reset_factors Reset Factors

This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user’s status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.

operationId: User_resetFactorsOperation

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

POST /api/v1/users/{userId}/lifecycle/reset_factors

POST /api/v1/users/{userId}/lifecycle/reset_password Reset Password

Generates a one-time token (OTT) that can be used to reset a user’s password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.

operationId: User_generatePasswordResetToken

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
sendEmail	query	required	boolean	—

Responses

200

Success

POST /api/v1/users/{userId}/lifecycle/reset_password

POST /api/v1/users/{userId}/lifecycle/suspend Suspend User

Suspends a user. This operation can only be performed on users with an ACTIVE status. The user will have a status of SUSPENDED when the process is complete.

operationId: User_suspendLifecycle

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

POST /api/v1/users/{userId}/lifecycle/suspend

POST /api/v1/users/{userId}/lifecycle/unlock Unlock User

Unlocks a user with a LOCKED_OUT status and returns them to ACTIVE status. Users will be able to login with their current password.

operationId: User_unlockUserStatus

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

POST /api/v1/users/{userId}/lifecycle/unlock

POST /api/v1/users/{userId}/lifecycle/unsuspend Unsuspend User

Unsuspends a user and returns them to the ACTIVE state. This operation can only be performed on users that have a SUSPENDED status.

operationId: User_unsuspendLifecycle

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—

Responses

200

Success

POST /api/v1/users/{userId}/lifecycle/unsuspend

POST /api/v1/users/{userId}/roles

Assigns a role to a user.

operationId: User_assignRole

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
disableNotifications	query	optional	boolean	—

Request Body

application/json

schema AssignRoleRequest

Responses

201

Created

POST /api/v1/users/{userId}/roles

Userfactor 3 endpoints

POST /api/v1/users/{userId}/factors Enroll Factor

Enrolls a user with a supported factor.

operationId: UserFactor_enrollSupportedFactor

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
updatePhone	query	optional	boolean	—
templateId	query	optional	string	id of SMS template (only for SMS factor)
tokenLifetimeSeconds	query	optional	integer	—
activate	query	optional	boolean	—

Request Body

required

Factor

application/json

schema UserFactor

Property	Type	Required
id	string	optional
_links	object	optional
status	string	optional
verify	object	optional
└ answer	string	optional
└ passCode	string	optional
└ clientData	string	optional
└ stateToken	string	optional
└ attestation	string	optional
└ nextPassCode	string	optional
└ activationToken	string	optional
└ registrationData	string	optional
created	string	optional
provider	string	optional
_embedded	object	optional
factorType	string	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/users/{userId}/factors

POST /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate Activate Factor

The sms and token:software:totp factor types require activation to complete the enrollment process.

operationId: UserFactor_activateFactorLifecycle

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
factorId	path	required	string	—

Request Body

application/json

schema ActivateFactorRequest

Responses

200

Success

POST /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate

POST /api/v1/users/{userId}/factors/{factorId}/verify Verify MFA Factor

Verifies an OTP for a token or token:hardware factor

operationId: UserFactor_verifyOtp

Parameters

Name	In	Required	Type	Description
userId	path	required	string	—
factorId	path	required	string	—
templateId	query	optional	string	—
tokenLifetimeSeconds	query	optional	integer	—
X-Forwarded-For	header	optional	string	—
User-Agent	header	optional	string	—
Accept-Language	header	optional	string	—

Request Body

application/json

schema VerifyFactorRequest

Responses

200

Success

POST /api/v1/users/{userId}/factors/{factorId}/verify

Userschema 2 endpoints

POST /api/v1/meta/schemas/apps/{appInstanceId}/default Partial updates on the User Profile properties of the Application User Schema.

Partial updates on the User Profile properties of the Application User Schema.

operationId: UserSchema_partialUpdateUserProfile

Parameters

Name	In	Required	Type	Description
appInstanceId	path	required	string	—

Request Body

application/json

schema UserSchema

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
title	string	optional
_links	object	optional
$schema	string	optional
created	string	optional
properties	object	optional
└ profile	object	optional
└ allOf	array	optional
definitions	object	optional
└ base	object	optional
└ id	string	optional
└ type	string	optional
└ required	array	optional
└ properties	object	optional
└ city	object	optional
└ email	object	optional
└ login	object	optional
└ state	object	optional
└ title	object	optional
└ locale	object	optional
└ manager	object	optional
└ zipCode	object	optional
└ division	object	optional
└ lastName	object	optional
└ nickName	object	optional
└ timezone	object	optional
└ userType	object	optional
└ firstName	object	optional
└ managerId	object	optional
└ costCenter	object	optional
└ department	object	optional
└ middleName	object	optional
└ profileUrl	object	optional
└ countryCode	object	optional
└ …11 more	object	optional
└ custom	object	optional
└ id	string	optional
└ type	string	optional
└ required	array	optional
└ properties	object	optional
lastUpdated	string	optional

Responses

200

successful operation

POST /api/v1/meta/schemas/apps/{appInstanceId}/default

POST /api/v1/meta/schemas/user/{schemaId}

Partial updates on the User Profile properties of the user schema.

operationId: UserSchema_partialUpdateUserProfile

Parameters

Name	In	Required	Type	Description
schemaId	path	required	string	—

Request Body

required

application/json

schema UserSchema

Property	Type	Required
id	string	optional
name	string	optional
type	string	optional
title	string	optional
_links	object	optional
$schema	string	optional
created	string	optional
properties	object	optional
└ profile	object	optional
└ allOf	array	optional
definitions	object	optional
└ base	object	optional
└ id	string	optional
└ type	string	optional
└ required	array	optional
└ properties	object	optional
└ city	object	optional
└ email	object	optional
└ login	object	optional
└ state	object	optional
└ title	object	optional
└ locale	object	optional
└ manager	object	optional
└ zipCode	object	optional
└ division	object	optional
└ lastName	object	optional
└ nickName	object	optional
└ timezone	object	optional
└ userType	object	optional
└ firstName	object	optional
└ managerId	object	optional
└ costCenter	object	optional
└ department	object	optional
└ middleName	object	optional
└ profileUrl	object	optional
└ countryCode	object	optional
└ …11 more	object	optional
└ custom	object	optional
└ id	string	optional
└ type	string	optional
└ required	array	optional
└ properties	object	optional
lastUpdated	string	optional

Responses

200

Success

POST /api/v1/meta/schemas/user/{schemaId}

Usertype 2 endpoints

POST /api/v1/meta/types/user

Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.

operationId: UserType_createNewUserType

Request Body

application/json

schema UserType

Property	Type	Required
id	string	optional
name	string	optional
_links	object	optional
created	string	optional
default	boolean	optional
createdBy	string	optional
description	string	optional
displayName	string	optional
lastUpdated	string	optional
lastUpdatedBy	string	optional

Responses

200

Success

POST /api/v1/meta/types/user

POST /api/v1/meta/types/user/{typeId}

Updates an existing User Type

operationId: UserType_updateExistingType

Parameters

Name	In	Required	Type	Description
typeId	path	required	string	—

Request Body

application/json

schema UserType

Property	Type	Required
id	string	optional
name	string	optional
_links	object	optional
created	string	optional
default	boolean	optional
createdBy	string	optional
description	string	optional
displayName	string	optional
lastUpdated	string	optional
lastUpdatedBy	string	optional

Responses

200

Success

POST /api/v1/meta/types/user/{typeId}

Load more endpoints

Schemas

object AccessPolicy

{
  "x-okta-tags": [
    "Policy"
  ],
  "x-okta-parent": "#/definitions/Policy"
}

object AccessPolicyConstraint

{
  "type": "object",
  "properties": {
    "types": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "methods": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "reauthenticateIn": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AccessPolicyConstraints

{
  "type": "object",
  "properties": {
    "knowledge": {
      "$ref": "#/components/schemas/KnowledgeConstraint"
    },
    "possession": {
      "$ref": "#/components/schemas/PossessionConstraint"
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AccessPolicyRule

{
  "type": "object",
  "properties": {
    "name": {
      "type": "string"
    },
    "actions": {
      "$ref": "#/components/schemas/AccessPolicyRuleActions"
    },
    "conditions": {
      "$ref": "#/components/schemas/AccessPolicyRuleConditions"
    }
  },
  "x-okta-tags": [
    "Policy"
  ],
  "x-okta-parent": "#/definitions/PolicyRule"
}

object AccessPolicyRuleActions

{
  "type": "object",
  "properties": {
    "appSignOn": {
      "$ref": "#/components/schemas/AccessPolicyRuleApplicationSignOn"
    }
  },
  "x-okta-tags": [
    "Policy"
  ],
  "x-okta-parent": "#/definitions/PolicyRuleActions"
}

object AccessPolicyRuleApplicationSignOn

{
  "type": "object",
  "properties": {
    "access": {
      "type": "string"
    },
    "verificationMethod": {
      "$ref": "#/components/schemas/VerificationMethod"
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AccessPolicyRuleConditions

{
  "properties": {
    "device": {
      "$ref": "#/components/schemas/DeviceAccessPolicyRuleCondition"
    },
    "userType": {
      "$ref": "#/components/schemas/UserTypeCondition"
    },
    "elCondition": {
      "$ref": "#/components/schemas/AccessPolicyRuleCustomCondition"
    }
  },
  "x-okta-tags": [
    "Policy"
  ],
  "x-okta-parent": "#/definitions/PolicyRuleConditions"
}

object AccessPolicyRuleCustomCondition

{
  "properties": {
    "condition": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AcsEndpoint

{
  "properties": {
    "url": {
      "type": "string"
    },
    "index": {
      "type": "integer"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ActivateFactorRequest

{
  "properties": {
    "passCode": {
      "type": "string"
    },
    "clientData": {
      "type": "string"
    },
    "stateToken": {
      "type": "string"
    },
    "attestation": {
      "type": "string"
    },
    "registrationData": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "UserFactor"
  ]
}

string AllowedForEnum

{
  "enum": [
    "recovery",
    "sso",
    "any",
    "none"
  ],
  "type": "string",
  "x-okta-tags": [
    "Authenticator"
  ]
}

object AppAndInstanceConditionEvaluatorAppOrInstance

{
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "readOnly": true
    },
    "name": {
      "type": "string"
    },
    "type": {
      "enum": [
        "APP_TYPE",
        "APP"
      ],
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AppAndInstancePolicyRuleCondition

{
  "type": "object",
  "properties": {
    "exclude": {
      "type": "array",
      "items": {
        "$ref": "#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance"
      }
    },
    "include": {
      "type": "array",
      "items": {
        "$ref": "#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance"
      }
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AppInstancePolicyRuleCondition

{
  "type": "object",
  "properties": {
    "exclude": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "include": {
      "type": "array",
      "items": {
        "type": "string"
      }
    }
  },
  "x-okta-tags": [
    "Policy"
  ]
}

object AppLink

{
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "readOnly": true
    },
    "label": {
      "type": "string",
      "readOnly": true
    },
    "hidden": {
      "type": "boolean",
      "readOnly": true
    },
    "appName": {
      "type": "string",
      "readOnly": true
    },
    "linkUrl": {
      "type": "string",
      "readOnly": true
    },
    "logoUrl": {
      "type": "string",
      "readOnly": true
    },
    "sortOrder": {
      "type": "integer",
      "readOnly": true
    },
    "appInstanceId": {
      "type": "string",
      "readOnly": true
    },
    "appAssignmentId": {
      "type": "string",
      "readOnly": true
    },
    "credentialsSetup": {
      "type": "boolean",
      "readOnly": true
    }
  },
  "x-okta-tags": [
    "User"
  ]
}

object AppUser

{
  "type": "object",
  "properties": {
    "id": {
      "type": "string"
    },
    "scope": {
      "type": "string"
    },
    "_links": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "status": {
      "type": "string",
      "readOnly": true
    },
    "created": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "profile": {
      "type": "object",
      "additionalProperties": {
        "type": "object"
      }
    },
    "lastSync": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "_embedded": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "syncState": {
      "type": "string",
      "readOnly": true
    },
    "externalId": {
      "type": "string",
      "readOnly": true
    },
    "credentials": {
      "$ref": "#/components/schemas/AppUserCredentials"
    },
    "lastUpdated": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "statusChanged": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "passwordChanged": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    }
  },
  "x-okta-crud": [
    {
      "alias": "update",
      "arguments": [
        {
          "dest": "appId",
          "parentSrc": "appId"
        },
        {
          "src": "id",
          "dest": "userId"
        },
        {
          "dest": "appUser",
          "self": true
        }
      ],
      "operationId": "updateApplicationUser"
    },
    {
      "alias": "delete",
      "arguments": [
        {
          "dest": "appId",
          "parentSrc": "appId"
        },
        {
          "src": "id",
          "dest": "userId"
        }
      ],
      "operationId": "deleteApplicationUser"
    }
  ],
  "x-okta-tags": [
    "Application"
  ]
}

object AppUserCredentials

{
  "type": "object",
  "properties": {
    "password": {
      "$ref": "#/components/schemas/AppUserPasswordCredential"
    },
    "userName": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object AppUserPasswordCredential

{
  "properties": {
    "value": {
      "type": "string",
      "format": "password"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object Application

{
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "readOnly": true
    },
    "name": {
      "type": "string",
      "readOnly": true
    },
    "label": {
      "type": "string"
    },
    "_links": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "status": {
      "enum": [
        "ACTIVE",
        "INACTIVE",
        "DELETED"
      ],
      "type": "string",
      "readOnly": true
    },
    "created": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "profile": {
      "type": "object",
      "additionalProperties": {
        "type": "object"
      }
    },
    "features": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "settings": {
      "$ref": "#/components/schemas/ApplicationSettings"
    },
    "_embedded": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "licensing": {
      "$ref": "#/components/schemas/ApplicationLicensing"
    },
    "signOnMode": {
      "$ref": "#/components/schemas/ApplicationSignOnMode"
    },
    "visibility": {
      "$ref": "#/components/schemas/ApplicationVisibility"
    },
    "credentials": {
      "$ref": "#/components/schemas/ApplicationCredentials"
    },
    "lastUpdated": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "accessibility": {
      "$ref": "#/components/schemas/ApplicationAccessibility"
    }
  },
  "x-okta-crud": [
    {
      "alias": "read",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getApplication"
    },
    {
      "alias": "update",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        },
        {
          "dest": "application",
          "self": true
        }
      ],
      "operationId": "updateApplication"
    },
    {
      "alias": "delete",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "deleteApplication"
    }
  ],
  "x-okta-tags": [
    "Application"
  ],
  "x-okta-operations": [
    {
      "alias": "activate",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "activateApplication"
    },
    {
      "alias": "deactivate",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "deactivateApplication"
    },
    {
      "alias": "listApplicationUsers",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listApplicationUsers"
    },
    {
      "alias": "assignUserToApplication",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "assignUserToApplication"
    },
    {
      "alias": "getApplicationUser",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getApplicationUser"
    },
    {
      "alias": "createApplicationGroupAssignment",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "createApplicationGroupAssignment"
    },
    {
      "alias": "getApplicationGroupAssignment",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getApplicationGroupAssignment"
    },
    {
      "alias": "cloneApplicationKey",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "cloneApplicationKey"
    },
    {
      "alias": "getApplicationKey",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getApplicationKey"
    },
    {
      "alias": "listGroupAssignments",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listApplicationGroupAssignments"
    },
    {
      "alias": "listKeys",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listApplicationKeys"
    },
    {
      "alias": "generateKey",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "generateApplicationKey"
    },
    {
      "alias": "generateCsr",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "generateCsrForApplication"
    },
    {
      "alias": "getCsr",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getCsrForApplication"
    },
    {
      "alias": "revokeCsr",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "revokeCsrFromApplication"
    },
    {
      "alias": "listCsrs",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listCsrsForApplication"
    },
    {
      "alias": "publishCerCert",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "publishCerCert"
    },
    {
      "alias": "publishBinaryCerCert",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "publishBinaryCerCert"
    },
    {
      "alias": "publishDerCert",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "publishDerCert"
    },
    {
      "alias": "publishBinaryDerCert",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "publishBinaryDerCert"
    },
    {
      "alias": "publishBinaryPemCert",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "publishBinaryPemCert"
    },
    {
      "alias": "listOAuth2Tokens",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listOAuth2TokensForApplication"
    },
    {
      "alias": "revokeOAuth2TokenForApplication",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "revokeOAuth2TokenForApplication"
    },
    {
      "alias": "getOAuth2Token",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getOAuth2TokenForApplication"
    },
    {
      "alias": "revokeOAuth2Tokens",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "revokeOAuth2TokensForApplication"
    },
    {
      "alias": "listScopeConsentGrants",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "listScopeConsentGrants"
    },
    {
      "alias": "grantConsentToScope",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "grantConsentToScope"
    },
    {
      "alias": "revokeScopeConsentGrant",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "revokeScopeConsentGrant"
    },
    {
      "alias": "getScopeConsentGrant",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getScopeConsentGrant"
    },
    {
      "alias": "uploadApplicationLogo",
      "operationId": "uploadApplicationLogo"
    },
    {
      "alias": "getFeatureForApplication",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "getFeatureForApplication"
    },
    {
      "alias": "updateFeatureForApplication",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "updateFeatureForApplication"
    },
    {
      "alias": "updateApplicationPolicy",
      "arguments": [
        {
          "src": "id",
          "dest": "appId"
        }
      ],
      "operationId": "updateApplicationPolicy"
    }
  ],
  "x-openapi-v3-discriminator": {
    "mapping": {
      "BOOKMARK": "#/definitions/BookmarkApplication",
      "SAML_1_1": "#/definitions/SamlApplication",
      "SAML_2_0": "#/definitions/SamlApplication",
      "AUTO_LOGIN": "#/definitions/AutoLoginApplication",
      "BASIC_AUTH": "#/definitions/BasicAuthApplication",
      "WS_FEDERATION": "#/definitions/WsFederationApplication",
      "BROWSER_PLUGIN": "#/definitions/BrowserPluginApplication",
      "OPENID_CONNECT": "#/definitions/OpenIdConnectApplication",
      "SECURE_PASSWORD_STORE": "#/definitions/SecurePasswordStoreApplication"
    },
    "propertyName": "signOnMode"
  }
}

object ApplicationAccessibility

{
  "type": "object",
  "properties": {
    "selfService": {
      "type": "boolean"
    },
    "errorRedirectUrl": {
      "type": "string"
    },
    "loginRedirectUrl": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationCredentials

{
  "type": "object",
  "properties": {
    "signing": {
      "$ref": "#/components/schemas/ApplicationCredentialsSigning"
    },
    "userNameTemplate": {
      "$ref": "#/components/schemas/ApplicationCredentialsUsernameTemplate"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationCredentialsOAuthClient

{
  "properties": {
    "client_id": {
      "type": "string"
    },
    "client_secret": {
      "type": "string"
    },
    "pkce_required": {
      "type": "boolean"
    },
    "autoKeyRotation": {
      "type": "boolean"
    },
    "token_endpoint_auth_method": {
      "$ref": "#/components/schemas/OAuthEndpointAuthenticationMethod"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

string ApplicationCredentialsScheme

{
  "enum": [
    "SHARED_USERNAME_AND_PASSWORD",
    "EXTERNAL_PASSWORD_SYNC",
    "EDIT_USERNAME_AND_PASSWORD",
    "EDIT_PASSWORD_ONLY",
    "ADMIN_SETS_CREDENTIALS"
  ],
  "type": "string",
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationCredentialsSigning

{
  "type": "object",
  "properties": {
    "kid": {
      "type": "string"
    },
    "use": {
      "$ref": "#/components/schemas/ApplicationCredentialsSigningUse"
    },
    "lastRotated": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "nextRotation": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    },
    "rotationMode": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

string ApplicationCredentialsSigningUse

{
  "enum": [
    "sig"
  ],
  "type": "string",
  "x-okta-tags": [
    "AuthorizationServer"
  ]
}

object ApplicationCredentialsUsernameTemplate

{
  "type": "object",
  "properties": {
    "type": {
      "type": "string"
    },
    "suffix": {
      "type": "string"
    },
    "template": {
      "type": "string"
    },
    "pushStatus": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationFeature

{
  "type": "object",
  "properties": {
    "name": {
      "type": "string"
    },
    "_links": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "status": {
      "$ref": "#/components/schemas/EnabledStatus"
    },
    "description": {
      "type": "string"
    },
    "capabilities": {
      "$ref": "#/components/schemas/CapabilitiesObject"
    }
  },
  "x-okta-tags": [
    "Application"
  ],
  "x-okta-operations": [
    {
      "alias": "listFeaturesForApplication",
      "operationId": "listFeaturesForApplication"
    }
  ]
}

object ApplicationGroupAssignment

{
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "readOnly": true
    },
    "_links": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "profile": {
      "type": "object",
      "additionalProperties": {
        "type": "object"
      }
    },
    "priority": {
      "type": "integer"
    },
    "_embedded": {
      "type": "object",
      "readOnly": true,
      "additionalProperties": {
        "type": "object"
      }
    },
    "lastUpdated": {
      "type": "string",
      "format": "date-time",
      "readOnly": true
    }
  },
  "x-okta-crud": [
    {
      "alias": "delete",
      "arguments": [
        {
          "dest": "appId",
          "parentSrc": "appId"
        },
        {
          "src": "id",
          "dest": "groupId"
        }
      ],
      "operationId": "deleteApplicationGroupAssignment"
    }
  ],
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationLicensing

{
  "type": "object",
  "properties": {
    "seatCount": {
      "type": "integer"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

array ApplicationListAppsResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/Application"
  }
}

array ApplicationListAssignedUsersResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/AppUser"
  }
}

array ApplicationListClientSecretsResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/ClientSecret"
  }
}

array ApplicationListCsrsForApplicationResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/Csr"
  }
}

array ApplicationListFeaturesResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/ApplicationFeature"
  }
}

array ApplicationListGroupsAssignedResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/ApplicationGroupAssignment"
  }
}

array ApplicationListKeyCredentialsResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/JsonWebKey"
  }
}

array ApplicationListScopeConsentGrantsResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/OAuth2ScopeConsentGrant"
  }
}

array ApplicationListTokensResponse

{
  "type": "array",
  "items": {
    "$ref": "#/components/schemas/OAuth2Token"
  }
}

object ApplicationPreviewSamlAppMetadataResponse

{
  "type": "object",
  "properties": {
    "EntityDescriptor": {
      "type": "object",
      "properties": {
        "entityID": {
          "xml": {
            "attribute": true
          },
          "type": "string"
        },
        "IDPSSODescriptor": {
          "type": "object",
          "properties": {
            "NameIDFormat": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "KeyDescriptor": {
              "type": "object",
              "properties": {
                "use": {
                  "xml": {
                    "attribute": true
                  },
                  "type": "string"
                },
                "KeyInfo": {
                  "type": "object",
                  "properties": {
                    "X509Data": {
                      "type": "object",
                      "properties": {
                        "X509Certificate": {
                          "type": "string"
                        }
                      }
                    }
                  }
                }
              }
            },
            "SingleLogoutService": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "properties": {
                "Binding": {
                  "xml": {
                    "attribute": true
                  },
                  "type": "string"
                },
                "Location": {
                  "xml": {
                    "attribute": true
                  },
                  "type": "string"
                }
              }
            },
            "SingleSignOnService": {
              "type": "array",
              "items": {
                "type": "string"
              },
              "properties": {
                "Binding": {
                  "xml": {
                    "attribute": true
                  },
                  "type": "string"
                },
                "Location": {
                  "xml": {
                    "attribute": true
                  },
                  "type": "string"
                }
              }
            },
            "WantAuthnRequestsSigned": {
              "xml": {
                "attribute": true
              },
              "type": "boolean"
            },
            "protocolSupportEnumeration": {
              "xml": {
                "attribute": true
              },
              "type": "string"
            }
          }
        }
      }
    }
  }
}

object ApplicationSettings

{
  "type": "object",
  "properties": {
    "app": {
      "$ref": "#/components/schemas/ApplicationSettingsApplication"
    },
    "notes": {
      "$ref": "#/components/schemas/ApplicationSettingsNotes"
    },
    "inlineHookId": {
      "type": "string"
    },
    "notifications": {
      "$ref": "#/components/schemas/ApplicationSettingsNotifications"
    },
    "implicitAssignment": {
      "type": "boolean"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationSettingsApplication

{
  "properties": {
    "url": {
      "type": "string"
    },
    "acsUrl": {
      "type": "string"
    },
    "orgName": {
      "type": "string"
    },
    "buttonField": {
      "type": "string"
    },
    "loginUrlRegex": {
      "type": "string"
    },
    "passwordField": {
      "type": "string"
    },
    "usernameField": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationSettingsNotes

{
  "type": "object",
  "properties": {
    "admin": {
      "type": "string"
    },
    "enduser": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationSettingsNotifications

{
  "type": "object",
  "properties": {
    "vpn": {
      "$ref": "#/components/schemas/ApplicationSettingsNotificationsVpn"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationSettingsNotificationsVpn

{
  "type": "object",
  "properties": {
    "helpUrl": {
      "type": "string"
    },
    "message": {
      "type": "string"
    },
    "network": {
      "$ref": "#/components/schemas/ApplicationSettingsNotificationsVpnNetwork"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationSettingsNotificationsVpnNetwork

{
  "type": "object",
  "properties": {
    "exclude": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "include": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "connection": {
      "type": "string"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

string ApplicationSignOnMode

{
  "enum": [
    "BOOKMARK",
    "BASIC_AUTH",
    "BROWSER_PLUGIN",
    "SECURE_PASSWORD_STORE",
    "AUTO_LOGIN",
    "WS_FEDERATION",
    "SAML_2_0",
    "OPENID_CONNECT",
    "SAML_1_1"
  ],
  "type": "string",
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationUpdateLogoRequest

{
  "type": "object",
  "required": [
    "file"
  ],
  "properties": {
    "file": {
      "type": "string",
      "format": "binary"
    }
  }
}

object ApplicationVisibility

{
  "type": "object",
  "properties": {
    "hide": {
      "$ref": "#/components/schemas/ApplicationVisibilityHide"
    },
    "appLinks": {
      "type": "object",
      "additionalProperties": {
        "type": "boolean"
      }
    },
    "autoLaunch": {
      "type": "boolean"
    },
    "autoSubmitToolbar": {
      "type": "boolean"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object ApplicationVisibilityHide

{
  "type": "object",
  "properties": {
    "iOS": {
      "type": "boolean"
    },
    "web": {
      "type": "boolean"
    }
  },
  "x-okta-tags": [
    "Application"
  ]
}

object AssignRoleRequest

{
  "properties": {
    "type": {
      "$ref": "#/components/schemas/RoleType"
    }
  },
  "x-okta-tags": [
    "Role"
  ]
}

Load more schemas

Versions

Version	Endpoints	Schemas	Ingested	Status
2.16.0	341	532	2026-05-25	current
2.16.0	341	532	2026-04-16