Actions & Endpoints
Introduction
The Okta Integration with Rewst delivers a robust set of actions and endpoints for interacting with Okta. Below is a summary of each section, highlighting the diverse capabilities and opportunities provided through the Okta Integration:
Actions
Application
List Applications
GET <example>.okta.com/api/v1/apps
Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query.
Create Application
POST <example>.okta.com/api/v1/apps
Adds a new application to your Okta organization.
Get Application
GET <example>.okta.com/api/v1/apps/{appId}
Fetches an application from your Okta organization by `id`.
Update Application
PUT <example>.okta.com/api/v1/apps/{appId}
Updates an application in your organization.
Delete Application
DELETE <example>.okta.com/api/v1/apps/{appId}
Removes an inactive application.
Get Default Provisioning Connection For Application
GET <example>.okta.com/api/v1/apps/{appId}/connections/default
Get default Provisioning Connection for application
Sets Default Provisioning Connection For Application
POST <example>.okta.com/api/v1/apps/{appId}/connections/default
Set default Provisioning Connection for application
Activate Default Provisioning Connection For Application
POST <example>.okta.com/api/v1/apps/{appId}/connections/default/lifecycle/activate
Activates the default Provisioning Connection for an application.
Deactivate Default Provisioning Connection For Application
POST <example>.okta.com/api/v1/apps/{appId}/connections/default/lifecycle/deactivate
Deactivates the default Provisioning Connection for an application.
List Certificate Signing Requests For Application
GET <example>.okta.com/api/v1/apps/{appId}/credentials/csrs
Enumerates Certificate Signing Requests for an application
Generate Certificate Signing Request For Application
POST <example>.okta.com/api/v1/apps/{appId}/credentials/csrs
Generates a new key pair and returns the Certificate Signing Request for it.
Get CSR For Application
GET <example>.okta.com/api/v1/apps/{appId}/credentials/csrs/{csrId}
Description coming soon...
Revoke CSR From Application
DELETE <example>.okta.com/api/v1/apps/{appId}/credentials/csrs/{csrId}
Description coming soon...
Publish CSR Credential
POST <example>.okta.com/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
Description coming soon...
List Key Credentials For Application
GET <example>.okta.com/api/v1/apps/{appId}/credentials/keys
Enumerates key credentials for an application
Generate Application Key
POST <example>.okta.com/api/v1/apps/{appId}/credentials/keys/generate
Generates a new X.509 certificate for an application key credential
Get Key Credential For Application
GET <example>.okta.com/api/v1/apps/{appId}/credentials/keys/{keyId}
Gets a specific application key credential by kid
Clone Application Key Credential
POST <example>.okta.com/api/v1/apps/{appId}/credentials/keys/{keyId}/clone
Clones a X.509 certificate for an application key credential from a source application to target application.
List Client Secrets
GET <example>.okta.com/api/v1/apps/{appId}/credentials/secrets
Enumerates the client's collection of secrets
Create New Client Secret
POST <example>.okta.com/api/v1/apps/{appId}/credentials/secrets
Adds a new secret to the client's collection of secrets.
Get Client Secret
GET <example>.okta.com/api/v1/apps/{appId}/credentials/secrets/{secretId}
Gets a specific client secret by secretId
Delete Client Secret For Application
DELETE <example>.okta.com/api/v1/apps/{appId}/credentials/secrets/{secretId}
Removes a secret from the client's collection of secrets.
Activate A Client Secret
POST <example>.okta.com/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate
Activates a specific client secret by secretId
Deactivate A Client Secret
POST <example>.okta.com/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate
Deactivates a specific client secret by secretId
List Features for Application
GET <example>.okta.com/api/v1/apps/{appId}/features
Description coming soon...
Get Application Feature
GET <example>.okta.com/api/v1/apps/{appId}/features/{name}
Description coming soon...
Updates A Feature Object For An Application
PUT <example>.okta.com/api/v1/apps/{appId}/features/{name}
Description coming soon...
List Scope Consent Grants
GET <example>.okta.com/api/v1/apps/{appId}/grants
Lists all scope consent grants for the application
Grant Consent To Scope
POST <example>.okta.com/api/v1/apps/{appId}/grants
Grants consent for the application to request an OAuth 2.0 Okta scope
Get Scope Consent Grant
GET <example>.okta.com/api/v1/apps/{appId}/grants/{grantId}
Fetches a single scope consent grant for the application
Revoke Scope Consent Grant
DELETE <example>.okta.com/api/v1/apps/{appId}/grants/{grantId}
Revokes permission for the application to request the given scope
List Groups Assigned To Application
GET <example>.okta.com/api/v1/apps/{appId}/groups
Enumerates group assignments for an application.
Get Assigned Group For Application
GET <example>.okta.com/api/v1/apps/{appId}/groups/{groupId}
Fetches an application group assignment
Assign Group To Application
PUT <example>.okta.com/api/v1/apps/{appId}/groups/{groupId}
Assigns a group to an application
Remove Group From Application
DELETE <example>.okta.com/api/v1/apps/{appId}/groups/{groupId}
Removes a group assignment from an application.
Activate Application
POST <example>.okta.com/api/v1/apps/{appId}/lifecycle/activate
Activates an inactive application.
Deactivate Application
POST <example>.okta.com/api/v1/apps/{appId}/lifecycle/deactivate
Deactivates an active application.
Update Application Policy
PUT <example>.okta.com/api/v1/apps/{appId}/policies/{policyId}
Assign an application to a specific policy. This unassigns the application from its currently assigned policy.
Previewsaml App Metadata
GET <example>.okta.com/api/v1/apps/{appId}/sso/saml/metadata
Previews SAML metadata based on a specific key credential for an application
Listoauth Tokensforapplication
GET <example>.okta.com/api/v1/apps/{appId}/tokens
Lists all tokens for the application
Revokeoauth Tokensforapplication
DELETE <example>.okta.com/api/v1/apps/{appId}/tokens
Revokes all tokens for the specified application
Getoauth Tokenforapplication
GET <example>.okta.com/api/v1/apps/{appId}/tokens/{tokenId}
Gets a token for the specified application
Revokeoauth Tokenforapplication
DELETE <example>.okta.com/api/v1/apps/{appId}/tokens/{tokenId}
Revokes the specified token for the specified application
List Users Assigned To Application
GET <example>.okta.com/api/v1/apps/{appId}/users
Enumerates all assigned [application users](#application-user-model) for an application.
Assign User To Application For Sso Provisioning
POST <example>.okta.com/api/v1/apps/{appId}/users
Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.
Get Assigned User For Application
GET <example>.okta.com/api/v1/apps/{appId}/users/{userId}
Fetches a specific user assignment for application by `id`.
Update Application Profile For Assigned User
POST <example>.okta.com/api/v1/apps/{appId}/users/{userId}
Updates a user's profile for an application
Remove User From Application
DELETE <example>.okta.com/api/v1/apps/{appId}/users/{userId}
Removes an assignment for a user from an application.
Authenticator
List Authenticators
GET <example>.okta.com/api/v1/authenticators
List Authenticators
Create An Authenticator
POST <example>.okta.com/api/v1/authenticators
Create Authenticator
Get Authenticator
GET <example>.okta.com/api/v1/authenticators/{authenticatorId}
Description coming soon...
Update Authenticator
PUT <example>.okta.com/api/v1/authenticators/{authenticatorId}
Updates an authenticator
Activate Authenticator
POST <example>.okta.com/api/v1/authenticators/{authenticatorId}/lifecycle/activate
Description coming soon...
Deactivate Authenticator
POST <example>.okta.com/api/v1/authenticators/{authenticatorId}/lifecycle/deactivate
Description coming soon...
Authorizationserver
List Authorization Servers
GET <example>.okta.com/api/v1/authorizationServers
Description coming soon...
Create Authorization Server
POST <example>.okta.com/api/v1/authorizationServers
Description coming soon...
Get Authorization Server
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}
Description coming soon...
Update Authorization Server
PUT <example>.okta.com/api/v1/authorizationServers/{authServerId}
Description coming soon...
Delete Authorization Server
DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}
Description coming soon...
List oAuth Claims
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/claims
Description coming soon...
Create oAuth Claim
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/claims
Description coming soon...
Get oAuth Claim
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/claims/{claimId}
Description coming soon...
Updateoauth Claim
PUT <example>.okta.com/api/v1/authorizationServers/{authServerId}/claims/{claimId}
Description coming soon...
Deleteoauth Claim
DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/claims/{claimId}
Description coming soon...
Listoauth Clientsforauthorizationserver
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/clients
Description coming soon...
List Refresh Tokens For Authorization Server And Client
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens
Description coming soon...
Revoke Refresh Tokens For Authorization Server And Client
DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens
Description coming soon...
Get Refresh Token For Authorization Server And Client
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}
Description coming soon...
Revoke Refresh Token For Authorization Server And Client
DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}
Description coming soon...
List Authorization Server Keys
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/credentials/keys
Description coming soon...
Rotate Authorization Server Keys
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate
Description coming soon...
Activate Authorization Server
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/lifecycle/activate
Description coming soon...
Deactivate Authorization Server
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate
Description coming soon...
List Authorization Server Policies
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies
Description coming soon...
Create Authorization Server Policy
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies
Description coming soon...
Get Authorization Server Policy
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}
Description coming soon...
Update Authorization Server Policy
PUT <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}
Description coming soon...
Delete Authorization Server Policy
DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}
Description coming soon...
Activate Authorization Server Policy
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate
Description coming soon...
Deactivate Authorization Server Policy
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate
Description coming soon...
List Authorization Server Policy Rules
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules
Enumerates all policy rules for the specified Custom Authorization Server and Policy.
Create Authorization Server Policy Rule
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules
Creates a policy rule for the specified Custom Authorization Server and Policy.
Get Authorization Server Policy Rule
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}
Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy.
Update Authorization Server Policy Rule
PUT <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}
Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.
Delete Authorization Server Policy Rule
DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}
Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.
Activate Authorization Server Policy Rule
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate
Description coming soon...
Deactivate Authorization Server Policy Rule
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
Description coming soon...
Listoauth Scopes
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/scopes
Description coming soon...
Createoauth Scope
POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/scopes
Description coming soon...
Getoauth Scope
GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}
Description coming soon...
Updateoauth Scope
PUT <example>.okta.com/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}
Description coming soon...
Deleteoauth Scope
DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}
Description coming soon...
Brand
List Brands
GET <example>.okta.com/api/v1/brands
List all the brands in your org.
Get Brand
GET <example>.okta.com/api/v1/brands/{brandId}
Fetches a brand by `brandId`
Update Brand
PUT <example>.okta.com/api/v1/brands/{brandId}
Updates a brand by `brandId`
List Email Templates
GET <example>.okta.com/api/v1/brands/{brandId}/templates/email
List email templates in your organization with pagination.
Get Email Template
GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}
Fetch an email template by templateName
List Email Template Customization
GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations
List all email customizations for an email template
Create Email Template Customization
POST <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations
Create an email customization
Delete Email Template Customization
DELETE <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations
Delete all customizations for an email template. Also known as βReset to Defaultβ.
Get Email Template Customization
GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}
Fetch an email customization by id.
Update Email Customization
PUT <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}
Update an email customization
Delete Email Customization
DELETE <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}
Delete an email customization
Get Preview Content Of Email Customization
GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview
Get a preview of an email template customization.
Get Default Content Of Email Template
GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/default-content
Fetch the default content for an email template.
Get Preview Of Email Template Default Content
GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview
Fetch a preview of an email template's default content by populating velocity references with the current user's environment.
Get Preview Of Email Template Default Content
POST <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/test
Send a test email to the current users primary and secondary email addresses. The email content is selected based on the following priority: An email customization specifically for the users locale. The default language of email customizations. The email templates default content.
Get Brand Themes
GET <example>.okta.com/api/v1/brands/{brandId}/themes
List all the themes in your brand
Get A Theme For A Brand
GET <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}
Fetches a theme for a brand
Update A Theme For A Brand
PUT <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}
Updates a theme for a brand
Updates The Background Image For Your Theme
POST <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/background-image
Description coming soon...
Deletes A Theme Background Image
DELETE <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/background-image
Description coming soon...
Updates The Favicon For Your Theme
POST <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/favicon
Description coming soon...
Deletes A Theme Favicon The Org Then Uses The Okta Default Favicon
DELETE <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/favicon
Description coming soon...
Update A Themes Logo
POST <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/logo
Updates the logo for your Theme
Deletes A Theme Logo The Org Then Uses The Okta Default Logo
DELETE <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/logo
Description coming soon...
Domain
List Domains
GET <example>.okta.com/api/v1/domains
List all verified custom Domains for the org.
Create Domain
POST <example>.okta.com/api/v1/domains
Creates your domain.
Get Domain
GET <example>.okta.com/api/v1/domains/{domainId}
Fetches a Domain by `id`.
Delete Domain
DELETE <example>.okta.com/api/v1/domains/{domainId}
Deletes a Domain by `id`.
Create Certificate
PUT <example>.okta.com/api/v1/domains/{domainId}/certificate
Creates the Certificate for the Domain.
Verify Domain
POST <example>.okta.com/api/v1/domains/{domainId}/verify
Verifies the Domain by `id`.
Eventhook
List Event Hooks
GET <example>.okta.com/api/v1/eventHooks
Description coming soon...
Create Event Hook
POST <example>.okta.com/api/v1/eventHooks
Description coming soon...
Get Event Hook
GET <example>.okta.com/api/v1/eventHooks/{eventHookId}
Description coming soon...
Update Event Hook
PUT <example>.okta.com/api/v1/eventHooks/{eventHookId}
Description coming soon...
Delete Event Hook
DELETE <example>.okta.com/api/v1/eventHooks/{eventHookId}
Description coming soon...
Activate Event Hook
POST <example>.okta.com/api/v1/eventHooks/{eventHookId}/lifecycle/activate
Description coming soon...
Deactivate Event Hook
POST <example>.okta.com/api/v1/eventHooks/{eventHookId}/lifecycle/deactivate
Description coming soon...
Verify Event Hook
POST <example>.okta.com/api/v1/eventHooks/{eventHookId}/lifecycle/verify
Description coming soon...
Feature
List Features
GET <example>.okta.com/api/v1/features
Description coming soon...
Get Feature
GET <example>.okta.com/api/v1/features/{featureId}
Description coming soon...
List Feature Dependencies
GET <example>.okta.com/api/v1/features/{featureId}/dependencies
Description coming soon...
List Feature Dependents
GET <example>.okta.com/api/v1/features/{featureId}/dependents
Description coming soon...
Update Feature Lifecycle
POST <example>.okta.com/api/v1/features/{featureId}/{lifecycle}
Description coming soon...
Generic Request
Okta Generic Request
GET <example>.okta.com/<url_path>
Generic action for making authenticated requests against the Okta API
Group
List Groups
GET <example>.okta.com/api/v1/groups
Enumerates groups in your organization with pagination. A subset of groups can be returned that match a supported filter expression or query.
Create Group
POST <example>.okta.com/api/v1/groups
Adds a new group with `OKTA_GROUP` type to your organization.
List Group Rules
GET <example>.okta.com/api/v1/groups/rules
Lists all group rules for your organization.
Create Group Rule
POST <example>.okta.com/api/v1/groups/rules
Creates a group rule to dynamically add users to the specified group if they match the condition
Get Group Rule
GET <example>.okta.com/api/v1/groups/rules/{ruleId}
Fetches a specific group rule by id from your organization
Update Group Rule
PUT <example>.okta.com/api/v1/groups/rules/{ruleId}
Updates a group rule. Only `INACTIVE` rules can be updated.
Delete A Group Rule
DELETE <example>.okta.com/api/v1/groups/rules/{ruleId}
Removes a specific group rule by id from your organization
Activate A Group Rule
POST <example>.okta.com/api/v1/groups/rules/{ruleId}/lifecycle/activate
Activates a specific group rule by id from your organization
Deactivate A Group Rule
POST <example>.okta.com/api/v1/groups/rules/{ruleId}/lifecycle/deactivate
Deactivates a specific group rule by id from your organization
Get Group
GET <example>.okta.com/api/v1/groups/{groupId}
Fetches a group from your organization.
Update Group
PUT <example>.okta.com/api/v1/groups/{groupId}
Updates the profile for a group with `OKTA_GROUP` type from your organization.
Remove Group
DELETE <example>.okta.com/api/v1/groups/{groupId}
Removes a group with `OKTA_GROUP` type from your organization.
List Assigned Applications
GET <example>.okta.com/api/v1/groups/{groupId}/apps
Enumerates all applications that are assigned to a group.
List Group Assigned Roles
GET <example>.okta.com/api/v1/groups/{groupId}/roles
Description coming soon...
Assign Role To Group
POST <example>.okta.com/api/v1/groups/{groupId}/roles
Assigns a Role to a Group
Get Role
GET <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}
Description coming soon...
Remove Role From Group
DELETE <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}
Unassigns a Role from a Group
List Application Targets For Application Administrator Role For Group
GET <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps
Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
Create Application Target To Admin Role Given To Group
PUT <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}
Description coming soon...
Remove Application Target From Application Administrator Role Given To Group
DELETE <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}
Description coming soon...
Create App Instance Target To App Administrator Role Given To A Group
PUT <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}
Description coming soon...
Remove App Instance Target To App Administrator Role Given To A Group
DELETE <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}
Description coming soon...
List Group Targets For Group Role
GET <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/groups
Description coming soon...
Add Group Target To Group Administrator Role For Group
PUT <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}
Remove Group Target From Group Administrator Role Given To Group
DELETE <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}
List Group Members
GET <example>.okta.com/api/v1/groups/{groupId}/users
Enumerates all users that are a member of a group.
Add User To Group
PUT <example>.okta.com/api/v1/groups/{groupId}/users/{userId}
Adds a user to a group with 'OKTA_GROUP' type.
Remove User From Group
DELETE <example>.okta.com/api/v1/groups/{groupId}/users/{userId}
Removes a user from a group with 'OKTA_GROUP' type.
Groupschema
Get Default Group Schema
GET <example>.okta.com/api/v1/meta/schemas/group/default
Description coming soon...
Update Default Group Schema
POST <example>.okta.com/api/v1/meta/schemas/group/default
Description coming soon...
Identityprovider
List Identity Providers
GET <example>.okta.com/api/v1/idps
Enumerates IdPs in your organization with pagination. A subset of IdPs can be returned that match a supported filter expression or query.
Create Identity Provider
POST <example>.okta.com/api/v1/idps
Adds a new IdP to your organization.
List Keys
GET <example>.okta.com/api/v1/idps/credentials/keys
Enumerates IdP key credentials.
Create X 509 Certificate Public Key
POST <example>.okta.com/api/v1/idps/credentials/keys
Adds a new X.509 certificate credential to the IdP key store.
Get Key
GET <example>.okta.com/api/v1/idps/credentials/keys/{keyId}
Gets a specific IdP Key Credential by `kid`
Delete Key
DELETE <example>.okta.com/api/v1/idps/credentials/keys/{keyId}
Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP.
Get Identity Provider
GET <example>.okta.com/api/v1/idps/{idpId}
Fetches an IdP by `id`.
Update Identity Provider
PUT <example>.okta.com/api/v1/idps/{idpId}
Updates the configuration for an IdP.
Delete Identity Provider
DELETE <example>.okta.com/api/v1/idps/{idpId}
Removes an IdP from your organization.
List Certificate Signing Requests For IDP
GET <example>.okta.com/api/v1/idps/{idpId}/credentials/csrs
Enumerates Certificate Signing Requests for an IdP
Generate Certificate Signing Request For IDP
POST <example>.okta.com/api/v1/idps/{idpId}/credentials/csrs
Generates a new key pair and returns a Certificate Signing Request for it.
Get CSR For Identity Provider
GET <example>.okta.com/api/v1/idps/{idpId}/credentials/csrs/{csrId}
Gets a specific Certificate Signing Request model by id
Revoke CSR For Identity Provider
DELETE <example>.okta.com/api/v1/idps/{idpId}/credentials/csrs/{csrId}
Revoke a Certificate Signing Request and delete the key pair from the IdP
Update CSR
POST <example>.okta.com/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish
Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
List Signing Key Credentials For IDP
GET <example>.okta.com/api/v1/idps/{idpId}/credentials/keys
Enumerates signing key credentials for an IdP
Generate New IDP Signing Key Credential
POST <example>.okta.com/api/v1/idps/{idpId}/credentials/keys/generate
Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP
Get Signing Key Credential For IDP
GET <example>.okta.com/api/v1/idps/{idpId}/credentials/keys/{keyId}
Gets a specific IdP Key Credential by `kid`
Clone Signing Key Credential For IDP
POST <example>.okta.com/api/v1/idps/{idpId}/credentials/keys/{keyId}/clone
Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP
Activate Identity Provider
POST <example>.okta.com/api/v1/idps/{idpId}/lifecycle/activate
Activates an inactive IdP.
Deactivate Identity Provider
POST <example>.okta.com/api/v1/idps/{idpId}/lifecycle/deactivate
Deactivates an active IdP.
Find Users
GET <example>.okta.com/api/v1/idps/{idpId}/users
Find all the users linked to an identity provider
Get Identity Provider Application User
GET <example>.okta.com/api/v1/idps/{idpId}/users/{userId}
Fetches a linked IdP user by ID
Link A User To A Social IDP Without A Transaction
POST <example>.okta.com/api/v1/idps/{idpId}/users/{userId}
Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type
Unlink User From IDP
DELETE <example>.okta.com/api/v1/idps/{idpId}/users/{userId}
Removes the link between the Okta user and the IdP user.
Social Authentication Token Operation
GET <example>.okta.com/api/v1/idps/{idpId}/users/{userId}/credentials/tokens
Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.
Inlinehook
List Inline Hooks
GET <example>.okta.com/api/v1/inlineHooks
Description coming soon...
Create Inline Hook
POST <example>.okta.com/api/v1/inlineHooks
Description coming soon...
Get Inline Hook
GET <example>.okta.com/api/v1/inlineHooks/{inlineHookId}
Gets an inline hook by ID
Update Inline Hook
PUT <example>.okta.com/api/v1/inlineHooks/{inlineHookId}
Updates an inline hook by ID
Delete Inline Hook
DELETE <example>.okta.com/api/v1/inlineHooks/{inlineHookId}
Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.
Execute Inline Hook
POST <example>.okta.com/api/v1/inlineHooks/{inlineHookId}/execute
Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.
Activate Inline Hook
POST <example>.okta.com/api/v1/inlineHooks/{inlineHookId}/lifecycle/activate
Activates the Inline Hook matching the provided id
Deactivate Inline Hook
POST <example>.okta.com/api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate
Deactivates the Inline Hook matching the provided id
Linkedobject
List Linked Object Definitions
GET <example>.okta.com/api/v1/meta/schemas/user/linkedObjects
Description coming soon...
Create Linked Object Definition
POST <example>.okta.com/api/v1/meta/schemas/user/linkedObjects
Description coming soon...
Get Linked Object Definition
GET <example>.okta.com/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}
Description coming soon...
Delete Linked Object Definition
DELETE <example>.okta.com/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}
Description coming soon...
Log
Get Org System Log
GET <example>.okta.com/api/v1/logs
The Okta System Log API provides read access to your organizationβs system log. This API provides more functionality than the Events API
Networkzone
List Network Zones
GET <example>.okta.com/api/v1/zones
Enumerates network zones added to your organization with pagination. A subset of zones can be returned that match a supported filter expression or query.
Create Network Zone
POST <example>.okta.com/api/v1/zones
Adds a new network zone to your Okta organization.
Get Network Zone
GET <example>.okta.com/api/v1/zones/{zoneId}
Fetches a network zone from your Okta organization by `id`.
Update Network Zone
PUT <example>.okta.com/api/v1/zones/{zoneId}
Updates a network zone in your organization.
Delete Network Zone
DELETE <example>.okta.com/api/v1/zones/{zoneId}
Removes network zone.
Activate Network Zone
POST <example>.okta.com/api/v1/zones/{zoneId}/lifecycle/activate
Description coming soon...
Deactivate Network Zone
POST <example>.okta.com/api/v1/zones/{zoneId}/lifecycle/deactivate
Deactivates a network zone.
Org
Get Org Settings
GET <example>.okta.com/api/v1/org
Get settings of your organization.
Update Org Setting
PUT <example>.okta.com/api/v1/org
Update settings of your organization.
Partial Update Org Setting
POST <example>.okta.com/api/v1/org
Partial update settings of your organization.
Get Org Contact Types
GET <example>.okta.com/api/v1/org/contacts
Gets Contact Types of your organization.
Get Org Contact User
GET <example>.okta.com/api/v1/org/contacts/{contactType}
Retrieves the URL of the User associated with the specified Contact Type.
Update Org Contact User
PUT <example>.okta.com/api/v1/org/contacts/{contactType}
Updates the User associated with the specified Contact Type.
Get Org Preferences
GET <example>.okta.com/api/v1/org/preferences
Gets preferences of your organization.
Get Okta Support Settings
GET <example>.okta.com/api/v1/org/privacy/oktaSupport
Gets Okta Support Settings of your organization.
Extend Okta Support
POST <example>.okta.com/api/v1/org/privacy/oktaSupport/extend
Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.
Grant Okta Support
POST <example>.okta.com/api/v1/org/privacy/oktaSupport/grant
Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours.
Extend Okta Support
POST <example>.okta.com/api/v1/org/privacy/oktaSupport/revoke
Revokes Okta Support access to your organization.
Policy
List Policies
GET <example>.okta.com/api/v1/policies
Gets all policies with the specified type.
Create Policy
POST <example>.okta.com/api/v1/policies
Creates a policy.
Get Policy
GET <example>.okta.com/api/v1/policies/{policyId}
Gets a policy.
Update Policy
PUT <example>.okta.com/api/v1/policies/{policyId}
Updates a policy.
Delete Policy
DELETE <example>.okta.com/api/v1/policies/{policyId}
Removes a policy.
Activate Policy
POST <example>.okta.com/api/v1/policies/{policyId}/lifecycle/activate
Activates a policy.
Deactivate Policy
POST <example>.okta.com/api/v1/policies/{policyId}/lifecycle/deactivate
Deactivates a policy.
List Policy Rules
GET <example>.okta.com/api/v1/policies/{policyId}/rules
Enumerates all policy rules.
Create Policy Rule
POST <example>.okta.com/api/v1/policies/{policyId}/rules
Creates a policy rule.
Get Policy Rule
GET <example>.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
Gets a policy rule.
Update Policy Rule
PUT <example>.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
Updates a policy rule.
Delete Policy Rule
DELETE <example>.okta.com/api/v1/policies/{policyId}/rules/{ruleId}
Removes a policy rule.
Activate Policy Rule
POST <example>.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate
Activates a policy rule.
Deactivate Policy Rule
POST <example>.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate
Deactivates a policy rule.
Profilemapping
List Profile Mappings
GET <example>.okta.com/api/v1/mappings
Enumerates Profile Mappings in your organization with pagination.
Get Profile Mapping
GET <example>.okta.com/api/v1/mappings/{mappingId}
Fetches a single Profile Mapping referenced by its ID.
Update Profile Mapping
POST <example>.okta.com/api/v1/mappings/{mappingId}
Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.
Subscription
List All Subscriptions Of A Custom Role
GET <example>.okta.com/api/v1/roles/{roleTypeOrRoleId}/subscriptions
When roleType List all subscriptions of a Role. Else when roleId List subscriptions of a Custom Role
Get Subscriptions Of A Custom Role By Specific Notification Type
GET <example>.okta.com/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}
When roleType Get subscriptions of a Role with a specific notification type. Else when roleId Get subscription of a Custom Role with a specific notification type.
Subscribe A Custom Role To A Specific Notification Type
POST <example>.okta.com/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe
When roleType Subscribes a Role to a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Subscribes a Custom Role to a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.
Unsubscribe A Custom Role From A Specific Notification Type
POST <example>.okta.com/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe
When roleType Unsubscribes a Role from a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Unsubscribes a Custom Role from a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.
Subscribe To A Specific Notification Type
POST <example>.okta.com/api/v1/users/{userId}/subscriptions/{notificationType}/subscribe
Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
Unsubscribe From A Specific Notification Type
POST <example>.okta.com/api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe
Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.
Template
List SMS Templates
GET <example>.okta.com/api/v1/templates/sms
Enumerates custom SMS templates in your organization. A subset of templates can be returned that match a template type.
Create SMS Template
POST <example>.okta.com/api/v1/templates/sms
Adds a new custom SMS template to your organization.
Get SMS Template
GET <example>.okta.com/api/v1/templates/sms/{templateId}
Fetches a specific template by `id`
Update SMS Template
PUT <example>.okta.com/api/v1/templates/sms/{templateId}
Updates the SMS template.
Partial SMS Template Update
POST <example>.okta.com/api/v1/templates/sms/{templateId}
Updates only some of the SMS template properties:
Remove SMS Template
DELETE <example>.okta.com/api/v1/templates/sms/{templateId}
Removes an SMS template.
Threatinsight
Get Current ThreatInsight Configuration
GET <example>.okta.com/api/v1/threats/configuration
Description coming soon...
Update ThreatInsight Configuration
POST <example>.okta.com/api/v1/threats/configuration
Description coming soon...
Trustedorigin
List Trusted Origins
GET <example>.okta.com/api/v1/trustedOrigins
Description coming soon...
Create Trusted Origin
POST <example>.okta.com/api/v1/trustedOrigins
Description coming soon...
Get Trusted Origin
GET <example>.okta.com/api/v1/trustedOrigins/{trustedOriginId}
Description coming soon...
Update Trusted Origin
PUT <example>.okta.com/api/v1/trustedOrigins/{trustedOriginId}
Description coming soon...
Delete Trusted Origin
DELETE <example>.okta.com/api/v1/trustedOrigins/{trustedOriginId}
Description coming soon...
Activate Origin
POST <example>.okta.com/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate
Description coming soon...
Deactivate Trusted Origin
POST <example>.okta.com/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate
Description coming soon...
User
List Users
GET <example>.okta.com/api/v1/users
Lists users that do not have a status of 'DEPROVISIONED' (by default), up to the maximum (200 for most orgs), with pagination in most cases. A subset of users can be returned that match a supported filter expression or search criteria.
Create User
POST <example>.okta.com/api/v1/users
Creates a new user in your Okta organization with or without credentials.
Set Linked Object For User
PUT <example>.okta.com/api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}
Description coming soon...
Get User
GET <example>.okta.com/api/v1/users/{userId}
Fetches a user from your Okta organization.
Update User
PUT <example>.okta.com/api/v1/users/{userId}
Update a user's profile and/or credentials using strict-update semantics.
Partial Update User
POST <example>.okta.com/api/v1/users/{userId}
Update a user's profile or credentials with partial update semantics.
Delete User
DELETE <example>.okta.com/api/v1/users/{userId}
Deletes a user permanently. This operation can only be performed on users that have a `DEPROVISIONED` status. **This action cannot be recovered!**
Get Assigned App Links
GET <example>.okta.com/api/v1/users/{userId}/appLinks
Fetches appLinks for all direct or indirect (via group membership) assigned applications.
List User Clients
GET <example>.okta.com/api/v1/users/{userId}/clients
Lists all client resources for which the specified user has grants or tokens.
List Grants For User And Client
GET <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/grants
Lists all grants for a specified user and client
Revoke Grants For User And Client
DELETE <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/grants
Revokes all grants for the specified user and client
List Refresh Tokens For User And Client
GET <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/tokens
Lists all refresh tokens issued for the specified User and Client.
Revoke Tokens For User And Client
DELETE <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/tokens
Revokes all refresh tokens issued for the specified User and Client.
Get Refresh Token For User And Client
GET <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}
Gets a refresh token issued for the specified User and Client.
Revoke Token For User And Client
DELETE <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}
Revokes the specified refresh token.
Change Password
POST <example>.okta.com/api/v1/users/{userId}/credentials/change_password
Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential
Change Recovery Question
POST <example>.okta.com/api/v1/users/{userId}/credentials/change_recovery_question
Changes a user's recovery question & answer credential by validating the user's current password. This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential
Forgot Password
POST <example>.okta.com/api/v1/users/{userId}/credentials/forgot_password
Description coming soon...
List User Grants
GET <example>.okta.com/api/v1/users/{userId}/grants
Lists all grants for the specified user
Revoke User Grants
DELETE <example>.okta.com/api/v1/users/{userId}/grants
Revokes all grants for a specified user
Get User Grant
GET <example>.okta.com/api/v1/users/{userId}/grants/{grantId}
Gets a grant for the specified user
Revoke User Grant
DELETE <example>.okta.com/api/v1/users/{userId}/grants/{grantId}
Revokes one grant for a specified user
Get Member Groups
GET <example>.okta.com/api/v1/users/{userId}/groups
Fetches the groups of which the user is a member.
Listing IDPs for User
GET <example>.okta.com/api/v1/users/{userId}/idps
Lists the IdPs associated with the user.
Activate User
POST <example>.okta.com/api/v1/users/{userId}/lifecycle/activate
Activates a user. This operation can only be performed on users with a `STAGED` status. Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation. The user will have a status of `ACTIVE` when the activation process is complete.
Deactivate User
POST <example>.okta.com/api/v1/users/{userId}/lifecycle/deactivate
Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user's `transitioningToStatus` property is `DEPROVISIONED`. The user's status is `DEPROVISIONED` when the deactivation process is complete.
Expire Password
POST <example>.okta.com/api/v1/users/{userId}/lifecycle/expire_password
This operation transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login.
Reactivate User
POST <example>.okta.com/api/v1/users/{userId}/lifecycle/reactivate
Reactivates a user. This operation can only be performed on users with a `PROVISIONED` status. This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).
Reset Factors
POST <example>.okta.com/api/v1/users/{userId}/lifecycle/reset_factors
This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
Reset Password
POST <example>.okta.com/api/v1/users/{userId}/lifecycle/reset_password
Generates a one-time token (OTT) that can be used to reset a user's password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
Suspend User
POST <example>.okta.com/api/v1/users/{userId}/lifecycle/suspend
Suspends a user. This operation can only be performed on users with an `ACTIVE` status. The user will have a status of `SUSPENDED` when the process is complete.
Unlock User
POST <example>.okta.com/api/v1/users/{userId}/lifecycle/unlock
Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE` status. Users will be able to login with their current password.
Unsuspend User
POST <example>.okta.com/api/v1/users/{userId}/lifecycle/unsuspend
Unsuspends a user and returns them to the `ACTIVE` state. This operation can only be performed on users that have a `SUSPENDED` status.
Get Linked Objects For User
GET <example>.okta.com/api/v1/users/{userId}/linkedObjects/{relationshipName}
Get linked objects for a user, relationshipName can be a primary or associated relationship name
Remove Linked Object For User
DELETE <example>.okta.com/api/v1/users/{userId}/linkedObjects/{relationshipName}
Delete linked objects for a user, relationshipName can be ONLY a primary relationship name
List Assigned Roles For User
GET <example>.okta.com/api/v1/users/{userId}/roles
Lists all roles assigned to a user.
Assign Role To User
POST <example>.okta.com/api/v1/users/{userId}/roles
Assigns a role to a user.
Get User Role
GET <example>.okta.com/api/v1/users/{userId}/roles/{roleId}
Gets role that is assigne to user.
Remove Role From User
DELETE <example>.okta.com/api/v1/users/{userId}/roles/{roleId}
Unassigns a role from a user.
List Application Targets For Application Administrator Role For User
GET <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps
Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
Add All Apps As Target To Role
PUT <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps
Description coming soon...
Add Application Target To Admin Role For User
PUT <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}
Description coming soon...
Remove Application Target From Application Administrator Role For User
DELETE <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}
Description coming soon...
Add App Instance Target To App Administrator Role Given To A User
PUT <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}
Description coming soon...
Remove App Instance Target To App Administrator Role Given To A User
DELETE <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}
Description coming soon...
List Group Targets For Role
GET <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/groups
Description coming soon...
Add Group Target To Role
PUT <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}
Description coming soon...
Remove Group Target From Role
DELETE <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}
Description coming soon...
Clear User Sessions
DELETE <example>.okta.com/api/v1/users/{userId}/sessions
Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
List Subscriptions Of A User
GET <example>.okta.com/api/v1/users/{userId}/subscriptions
List subscriptions of a User. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
Get The Subscription Of A User With A Specific Notification Type
GET <example>.okta.com/api/v1/users/{userId}/subscriptions/{notificationType}
Get the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.
Userfactor
List Factors
GET <example>.okta.com/api/v1/users/{userId}/factors
Enumerates all the enrolled factors for the specified user
Enroll Factor
POST <example>.okta.com/api/v1/users/{userId}/factors
Enrolls a user with a supported factor.
List Supported Factors
GET <example>.okta.com/api/v1/users/{userId}/factors/catalog
Enumerates all the supported factors that can be enrolled for the specified user
List Supported Security Questions
GET <example>.okta.com/api/v1/users/{userId}/factors/questions
Enumerate security questions for a user's `question` factor
Get Factor
GET <example>.okta.com/api/v1/users/{userId}/factors/{factorId}
Fetches a factor for the specified user
Delete Factor
DELETE <example>.okta.com/api/v1/users/{userId}/factors/{factorId}
Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.
Activate Factor
POST <example>.okta.com/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate
The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
Get Factor Transaction Status
GET <example>.okta.com/api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}
Polls factors verification transaction for status.
Verify MFA Factor
POST <example>.okta.com/api/v1/users/{userId}/factors/{factorId}/verify
Verifies an OTP for a `token` or `token:hardware` factor
Userschema
Get Application Default User Schema
GET <example>.okta.com/api/v1/meta/schemas/apps/{appInstanceId}/default
Description coming soon...
Update Application User Profile
POST <example>.okta.com/api/v1/meta/schemas/apps/{appInstanceId}/default
Description coming soon...
Get Schema For User
GET <example>.okta.com/api/v1/meta/schemas/user/{schemaId}
Description coming soon...
Update User Profile
POST <example>.okta.com/api/v1/meta/schemas/user/{schemaId}
Partial updates on the User Profile properties of the user schema.
Usertype
List User Types
GET <example>.okta.com/api/v1/meta/types/user
Fetches all User Types in your org
Create User Type
POST <example>.okta.com/api/v1/meta/types/user
Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.
Get User Type
GET <example>.okta.com/api/v1/meta/types/user/{typeId}
Fetches a User Type by ID. The special identifier `default` may be used to fetch the default User Type.
Replace User Type
PUT <example>.okta.com/api/v1/meta/types/user/{typeId}
Replace an existing User Type
Update User Type
POST <example>.okta.com/api/v1/meta/types/user/{typeId}
Updates an existing User Type
Delete User Type
DELETE <example>.okta.com/api/v1/meta/types/user/{typeId}
Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users
Last updated
