Okta actions & endpoints

Introduction

The Okta Integration with Rewst delivers a robust set of actions and endpoints for interacting with Okta. Below is a summary of each section, highlighting the diverse capabilities and opportunities provided through the Okta Integration:

Actions

Application

List Applications

GET <example>.okta.com/api/v1/apps

Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query.

Create Application

POST <example>.okta.com/api/v1/apps

Adds a new application to your Okta organization.

Get Application

GET <example>.okta.com/api/v1/apps/{appId}

Fetches an application from your Okta organization by `id`.

Update Application

PUT <example>.okta.com/api/v1/apps/{appId}

Updates an application in your organization.

Delete Application

DELETE <example>.okta.com/api/v1/apps/{appId}

Removes an inactive application.

Get Default Provisioning Connection For Application

GET <example>.okta.com/api/v1/apps/{appId}/connections/default

Get default Provisioning Connection for application

Sets Default Provisioning Connection For Application

POST <example>.okta.com/api/v1/apps/{appId}/connections/default

Set default Provisioning Connection for application

Activate Default Provisioning Connection For Application

POST <example>.okta.com/api/v1/apps/{appId}/connections/default/lifecycle/activate

Activates the default Provisioning Connection for an application.

Deactivate Default Provisioning Connection For Application

POST <example>.okta.com/api/v1/apps/{appId}/connections/default/lifecycle/deactivate

Deactivates the default Provisioning Connection for an application.

List Certificate Signing Requests For Application

GET <example>.okta.com/api/v1/apps/{appId}/credentials/csrs

Enumerates Certificate Signing Requests for an application

Generate Certificate Signing Request For Application

POST <example>.okta.com/api/v1/apps/{appId}/credentials/csrs

Generates a new key pair and returns the Certificate Signing Request for it.

Get CSR For Application

GET <example>.okta.com/api/v1/apps/{appId}/credentials/csrs/{csrId}

Description coming soon...

Revoke CSR From Application

DELETE <example>.okta.com/api/v1/apps/{appId}/credentials/csrs/{csrId}

Description coming soon...

Publish CSR Credential

POST <example>.okta.com/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish

Description coming soon...

List Key Credentials For Application

GET <example>.okta.com/api/v1/apps/{appId}/credentials/keys

Enumerates key credentials for an application

Generate Application Key

POST <example>.okta.com/api/v1/apps/{appId}/credentials/keys/generate

Generates a new X.509 certificate for an application key credential

Get Key Credential For Application

GET <example>.okta.com/api/v1/apps/{appId}/credentials/keys/{keyId}

Gets a specific application key credential by kid

Clone Application Key Credential

POST <example>.okta.com/api/v1/apps/{appId}/credentials/keys/{keyId}/clone

Clones a X.509 certificate for an application key credential from a source application to target application.

List Client Secrets

GET <example>.okta.com/api/v1/apps/{appId}/credentials/secrets

Enumerates the client's collection of secrets

Create New Client Secret

POST <example>.okta.com/api/v1/apps/{appId}/credentials/secrets

Adds a new secret to the client's collection of secrets.

Get Client Secret

GET <example>.okta.com/api/v1/apps/{appId}/credentials/secrets/{secretId}

Gets a specific client secret by secretId

Delete Client Secret For Application

DELETE <example>.okta.com/api/v1/apps/{appId}/credentials/secrets/{secretId}

Removes a secret from the client's collection of secrets.

Activate A Client Secret

POST <example>.okta.com/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate

Activates a specific client secret by secretId

Deactivate A Client Secret

POST <example>.okta.com/api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate

Deactivates a specific client secret by secretId

List Features for Application

GET <example>.okta.com/api/v1/apps/{appId}/features

Description coming soon...

Get Application Feature

GET <example>.okta.com/api/v1/apps/{appId}/features/{name}

Description coming soon...

Updates A Feature Object For An Application

PUT <example>.okta.com/api/v1/apps/{appId}/features/{name}

Description coming soon...

List Scope Consent Grants

GET <example>.okta.com/api/v1/apps/{appId}/grants

Lists all scope consent grants for the application

Grant Consent To Scope

POST <example>.okta.com/api/v1/apps/{appId}/grants

Grants consent for the application to request an OAuth 2.0 Okta scope

Get Scope Consent Grant

GET <example>.okta.com/api/v1/apps/{appId}/grants/{grantId}

Fetches a single scope consent grant for the application

Revoke Scope Consent Grant

DELETE <example>.okta.com/api/v1/apps/{appId}/grants/{grantId}

Revokes permission for the application to request the given scope

List Groups Assigned To Application

GET <example>.okta.com/api/v1/apps/{appId}/groups

Enumerates group assignments for an application.

Get Assigned Group For Application

GET <example>.okta.com/api/v1/apps/{appId}/groups/{groupId}

Fetches an application group assignment

Assign Group To Application

PUT <example>.okta.com/api/v1/apps/{appId}/groups/{groupId}

Assigns a group to an application

Remove Group From Application

DELETE <example>.okta.com/api/v1/apps/{appId}/groups/{groupId}

Removes a group assignment from an application.

Activate Application

POST <example>.okta.com/api/v1/apps/{appId}/lifecycle/activate

Activates an inactive application.

Deactivate Application

POST <example>.okta.com/api/v1/apps/{appId}/lifecycle/deactivate

Deactivates an active application.

Update Application Policy

PUT <example>.okta.com/api/v1/apps/{appId}/policies/{policyId}

Assign an application to a specific policy. This unassigns the application from its currently assigned policy.

Previewsaml App Metadata

GET <example>.okta.com/api/v1/apps/{appId}/sso/saml/metadata

Previews SAML metadata based on a specific key credential for an application

Listoauth Tokensforapplication

GET <example>.okta.com/api/v1/apps/{appId}/tokens

Lists all tokens for the application

Revokeoauth Tokensforapplication

DELETE <example>.okta.com/api/v1/apps/{appId}/tokens

Revokes all tokens for the specified application

Getoauth Tokenforapplication

GET <example>.okta.com/api/v1/apps/{appId}/tokens/{tokenId}

Gets a token for the specified application

Revokeoauth Tokenforapplication

DELETE <example>.okta.com/api/v1/apps/{appId}/tokens/{tokenId}

Revokes the specified token for the specified application

List Users Assigned To Application

GET <example>.okta.com/api/v1/apps/{appId}/users

Enumerates all assigned [application users](#application-user-model) for an application.

Assign User To Application For Sso Provisioning

POST <example>.okta.com/api/v1/apps/{appId}/users

Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.

Get Assigned User For Application

GET <example>.okta.com/api/v1/apps/{appId}/users/{userId}

Fetches a specific user assignment for application by `id`.

Update Application Profile For Assigned User

POST <example>.okta.com/api/v1/apps/{appId}/users/{userId}

Updates a user's profile for an application

Remove User From Application

DELETE <example>.okta.com/api/v1/apps/{appId}/users/{userId}

Removes an assignment for a user from an application.

Authenticator

List Authenticators

GET <example>.okta.com/api/v1/authenticators

List Authenticators

Create An Authenticator

POST <example>.okta.com/api/v1/authenticators

Create Authenticator

Get Authenticator

GET <example>.okta.com/api/v1/authenticators/{authenticatorId}

Description coming soon...

Update Authenticator

PUT <example>.okta.com/api/v1/authenticators/{authenticatorId}

Updates an authenticator

Activate Authenticator

POST <example>.okta.com/api/v1/authenticators/{authenticatorId}/lifecycle/activate

Description coming soon...

Deactivate Authenticator

POST <example>.okta.com/api/v1/authenticators/{authenticatorId}/lifecycle/deactivate

Description coming soon...

Authorizationserver

List Authorization Servers

GET <example>.okta.com/api/v1/authorizationServers

Description coming soon...

Create Authorization Server

POST <example>.okta.com/api/v1/authorizationServers

Description coming soon...

Get Authorization Server

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}

Description coming soon...

Update Authorization Server

PUT <example>.okta.com/api/v1/authorizationServers/{authServerId}

Description coming soon...

Delete Authorization Server

DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}

Description coming soon...

List oAuth Claims

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/claims

Description coming soon...

Create oAuth Claim

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/claims

Description coming soon...

Get oAuth Claim

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/claims/{claimId}

Description coming soon...

Updateoauth Claim

PUT <example>.okta.com/api/v1/authorizationServers/{authServerId}/claims/{claimId}

Description coming soon...

Deleteoauth Claim

DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/claims/{claimId}

Description coming soon...

Listoauth Clientsforauthorizationserver

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/clients

Description coming soon...

List Refresh Tokens For Authorization Server And Client

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens

Description coming soon...

Revoke Refresh Tokens For Authorization Server And Client

DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens

Description coming soon...

Get Refresh Token For Authorization Server And Client

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}

Description coming soon...

Revoke Refresh Token For Authorization Server And Client

DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}

Description coming soon...

List Authorization Server Keys

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/credentials/keys

Description coming soon...

Rotate Authorization Server Keys

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate

Description coming soon...

Activate Authorization Server

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/lifecycle/activate

Description coming soon...

Deactivate Authorization Server

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate

Description coming soon...

List Authorization Server Policies

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies

Description coming soon...

Create Authorization Server Policy

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies

Description coming soon...

Get Authorization Server Policy

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}

Description coming soon...

Update Authorization Server Policy

PUT <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}

Description coming soon...

Delete Authorization Server Policy

DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}

Description coming soon...

Activate Authorization Server Policy

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate

Description coming soon...

Deactivate Authorization Server Policy

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate

Description coming soon...

List Authorization Server Policy Rules

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules

Enumerates all policy rules for the specified Custom Authorization Server and Policy.

Create Authorization Server Policy Rule

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules

Creates a policy rule for the specified Custom Authorization Server and Policy.

Get Authorization Server Policy Rule

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}

Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy.

Update Authorization Server Policy Rule

PUT <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}

Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.

Delete Authorization Server Policy Rule

DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}

Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.

Activate Authorization Server Policy Rule

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate

Description coming soon...

Deactivate Authorization Server Policy Rule

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate

Description coming soon...

Listoauth Scopes

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/scopes

Description coming soon...

Createoauth Scope

POST <example>.okta.com/api/v1/authorizationServers/{authServerId}/scopes

Description coming soon...

Getoauth Scope

GET <example>.okta.com/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}

Description coming soon...

Updateoauth Scope

PUT <example>.okta.com/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}

Description coming soon...

Deleteoauth Scope

DELETE <example>.okta.com/api/v1/authorizationServers/{authServerId}/scopes/{scopeId}

Description coming soon...

Brand

List Brands

GET <example>.okta.com/api/v1/brands

List all the brands in your org.

Get Brand

GET <example>.okta.com/api/v1/brands/{brandId}

Fetches a brand by `brandId`

Update Brand

PUT <example>.okta.com/api/v1/brands/{brandId}

Updates a brand by `brandId`

List Email Templates

GET <example>.okta.com/api/v1/brands/{brandId}/templates/email

List email templates in your organization with pagination.

Get Email Template

GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}

Fetch an email template by templateName

List Email Template Customization

GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations

List all email customizations for an email template

Create Email Template Customization

POST <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations

Create an email customization

Delete Email Template Customization

DELETE <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations

Delete all customizations for an email template. Also known as “Reset to Default”.

Get Email Template Customization

GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}

Fetch an email customization by id.

Update Email Customization

PUT <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}

Update an email customization

Delete Email Customization

DELETE <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}

Delete an email customization

Get Preview Content Of Email Customization

GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview

Get a preview of an email template customization.

Get Default Content Of Email Template

GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/default-content

Fetch the default content for an email template.

Get Preview Of Email Template Default Content

GET <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview

Fetch a preview of an email template's default content by populating velocity references with the current user's environment.

Get Preview Of Email Template Default Content

POST <example>.okta.com/api/v1/brands/{brandId}/templates/email/{templateName}/test

Send a test email to the current users primary and secondary email addresses. The email content is selected based on the following priority: An email customization specifically for the users locale. The default language of email customizations. The email templates default content.

Get Brand Themes

GET <example>.okta.com/api/v1/brands/{brandId}/themes

List all the themes in your brand

Get A Theme For A Brand

GET <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}

Fetches a theme for a brand

Update A Theme For A Brand

PUT <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}

Updates a theme for a brand

Updates The Background Image For Your Theme

POST <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/background-image

Description coming soon...

Deletes A Theme Background Image

DELETE <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/background-image

Description coming soon...

Updates The Favicon For Your Theme

POST <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/favicon

Description coming soon...

Deletes A Theme Favicon The Org Then Uses The Okta Default Favicon

DELETE <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/favicon

Description coming soon...

Update A Themes Logo

POST <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/logo

Updates the logo for your Theme

Deletes A Theme Logo The Org Then Uses The Okta Default Logo

DELETE <example>.okta.com/api/v1/brands/{brandId}/themes/{themeId}/logo

Description coming soon...

Domain

List Domains

GET <example>.okta.com/api/v1/domains

List all verified custom Domains for the org.

Create Domain

POST <example>.okta.com/api/v1/domains

Creates your domain.

Get Domain

GET <example>.okta.com/api/v1/domains/{domainId}

Fetches a Domain by `id`.

Delete Domain

DELETE <example>.okta.com/api/v1/domains/{domainId}

Deletes a Domain by `id`.

Create Certificate

PUT <example>.okta.com/api/v1/domains/{domainId}/certificate

Creates the Certificate for the Domain.

Verify Domain

POST <example>.okta.com/api/v1/domains/{domainId}/verify

Verifies the Domain by `id`.

Eventhook

List Event Hooks

GET <example>.okta.com/api/v1/eventHooks

Description coming soon...

Create Event Hook

POST <example>.okta.com/api/v1/eventHooks

Description coming soon...

Get Event Hook

GET <example>.okta.com/api/v1/eventHooks/{eventHookId}

Description coming soon...

Update Event Hook

PUT <example>.okta.com/api/v1/eventHooks/{eventHookId}

Description coming soon...

Delete Event Hook

DELETE <example>.okta.com/api/v1/eventHooks/{eventHookId}

Description coming soon...

Activate Event Hook

POST <example>.okta.com/api/v1/eventHooks/{eventHookId}/lifecycle/activate

Description coming soon...

Deactivate Event Hook

POST <example>.okta.com/api/v1/eventHooks/{eventHookId}/lifecycle/deactivate

Description coming soon...

Verify Event Hook

POST <example>.okta.com/api/v1/eventHooks/{eventHookId}/lifecycle/verify

Description coming soon...

Feature

List Features

GET <example>.okta.com/api/v1/features

Description coming soon...

Get Feature

GET <example>.okta.com/api/v1/features/{featureId}

Description coming soon...

List Feature Dependencies

GET <example>.okta.com/api/v1/features/{featureId}/dependencies

Description coming soon...

List Feature Dependents

GET <example>.okta.com/api/v1/features/{featureId}/dependents

Description coming soon...

Update Feature Lifecycle

POST <example>.okta.com/api/v1/features/{featureId}/{lifecycle}

Description coming soon...

Generic Request

Okta Generic Request

GET <example>.okta.com/<url_path>

Generic action for making authenticated requests against the Okta API

Group

List Groups

GET <example>.okta.com/api/v1/groups

Enumerates groups in your organization with pagination. A subset of groups can be returned that match a supported filter expression or query.

Create Group

POST <example>.okta.com/api/v1/groups

Adds a new group with `OKTA_GROUP` type to your organization.

List Group Rules

GET <example>.okta.com/api/v1/groups/rules

Lists all group rules for your organization.

Create Group Rule

POST <example>.okta.com/api/v1/groups/rules

Creates a group rule to dynamically add users to the specified group if they match the condition

Get Group Rule

GET <example>.okta.com/api/v1/groups/rules/{ruleId}

Fetches a specific group rule by id from your organization

Update Group Rule

PUT <example>.okta.com/api/v1/groups/rules/{ruleId}

Updates a group rule. Only `INACTIVE` rules can be updated.

Delete A Group Rule

DELETE <example>.okta.com/api/v1/groups/rules/{ruleId}

Removes a specific group rule by id from your organization

Activate A Group Rule

POST <example>.okta.com/api/v1/groups/rules/{ruleId}/lifecycle/activate

Activates a specific group rule by id from your organization

Deactivate A Group Rule

POST <example>.okta.com/api/v1/groups/rules/{ruleId}/lifecycle/deactivate

Deactivates a specific group rule by id from your organization

Get Group

GET <example>.okta.com/api/v1/groups/{groupId}

Fetches a group from your organization.

Update Group

PUT <example>.okta.com/api/v1/groups/{groupId}

Updates the profile for a group with `OKTA_GROUP` type from your organization.

Remove Group

DELETE <example>.okta.com/api/v1/groups/{groupId}

Removes a group with `OKTA_GROUP` type from your organization.

List Assigned Applications

GET <example>.okta.com/api/v1/groups/{groupId}/apps

Enumerates all applications that are assigned to a group.

List Group Assigned Roles

GET <example>.okta.com/api/v1/groups/{groupId}/roles

Description coming soon...

Assign Role To Group

POST <example>.okta.com/api/v1/groups/{groupId}/roles

Assigns a Role to a Group

Get Role

GET <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}

Description coming soon...

Remove Role From Group

DELETE <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}

Unassigns a Role from a Group

List Application Targets For Application Administrator Role For Group

GET <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps

Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.

Create Application Target To Admin Role Given To Group

PUT <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}

Description coming soon...

Remove Application Target From Application Administrator Role Given To Group

DELETE <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}

Description coming soon...

Create App Instance Target To App Administrator Role Given To A Group

PUT <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}

Description coming soon...

Remove App Instance Target To App Administrator Role Given To A Group

DELETE <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}

Description coming soon...

List Group Targets For Group Role

GET <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/groups

Description coming soon...

Add Group Target To Group Administrator Role For Group

PUT <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}

Remove Group Target From Group Administrator Role Given To Group

DELETE <example>.okta.com/api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}

List Group Members

GET <example>.okta.com/api/v1/groups/{groupId}/users

Enumerates all users that are a member of a group.

Add User To Group

PUT <example>.okta.com/api/v1/groups/{groupId}/users/{userId}

Adds a user to a group with 'OKTA_GROUP' type.

Remove User From Group

DELETE <example>.okta.com/api/v1/groups/{groupId}/users/{userId}

Removes a user from a group with 'OKTA_GROUP' type.

Groupschema

Get Default Group Schema

GET <example>.okta.com/api/v1/meta/schemas/group/default

Description coming soon...

Update Default Group Schema

POST <example>.okta.com/api/v1/meta/schemas/group/default

Description coming soon...

Identityprovider

List Identity Providers

GET <example>.okta.com/api/v1/idps

Enumerates IdPs in your organization with pagination. A subset of IdPs can be returned that match a supported filter expression or query.

Create Identity Provider

POST <example>.okta.com/api/v1/idps

Adds a new IdP to your organization.

List Keys

GET <example>.okta.com/api/v1/idps/credentials/keys

Enumerates IdP key credentials.

Create X 509 Certificate Public Key

POST <example>.okta.com/api/v1/idps/credentials/keys

Adds a new X.509 certificate credential to the IdP key store.

Get Key

GET <example>.okta.com/api/v1/idps/credentials/keys/{keyId}

Gets a specific IdP Key Credential by `kid`

Delete Key

DELETE <example>.okta.com/api/v1/idps/credentials/keys/{keyId}

Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP.

Get Identity Provider

GET <example>.okta.com/api/v1/idps/{idpId}

Fetches an IdP by `id`.

Update Identity Provider

PUT <example>.okta.com/api/v1/idps/{idpId}

Updates the configuration for an IdP.

Delete Identity Provider

DELETE <example>.okta.com/api/v1/idps/{idpId}

Removes an IdP from your organization.

List Certificate Signing Requests For IDP

GET <example>.okta.com/api/v1/idps/{idpId}/credentials/csrs

Enumerates Certificate Signing Requests for an IdP

Generate Certificate Signing Request For IDP

POST <example>.okta.com/api/v1/idps/{idpId}/credentials/csrs

Generates a new key pair and returns a Certificate Signing Request for it.

Get CSR For Identity Provider

GET <example>.okta.com/api/v1/idps/{idpId}/credentials/csrs/{csrId}

Gets a specific Certificate Signing Request model by id

Revoke CSR For Identity Provider

DELETE <example>.okta.com/api/v1/idps/{idpId}/credentials/csrs/{csrId}

Revoke a Certificate Signing Request and delete the key pair from the IdP

Update CSR

POST <example>.okta.com/api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish

Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.

List Signing Key Credentials For IDP

GET <example>.okta.com/api/v1/idps/{idpId}/credentials/keys

Enumerates signing key credentials for an IdP

Generate New IDP Signing Key Credential

POST <example>.okta.com/api/v1/idps/{idpId}/credentials/keys/generate

Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP

Get Signing Key Credential For IDP

GET <example>.okta.com/api/v1/idps/{idpId}/credentials/keys/{keyId}

Gets a specific IdP Key Credential by `kid`

Clone Signing Key Credential For IDP

POST <example>.okta.com/api/v1/idps/{idpId}/credentials/keys/{keyId}/clone

Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP

Activate Identity Provider

POST <example>.okta.com/api/v1/idps/{idpId}/lifecycle/activate

Activates an inactive IdP.

Deactivate Identity Provider

POST <example>.okta.com/api/v1/idps/{idpId}/lifecycle/deactivate

Deactivates an active IdP.

Find Users

GET <example>.okta.com/api/v1/idps/{idpId}/users

Find all the users linked to an identity provider

Get Identity Provider Application User

GET <example>.okta.com/api/v1/idps/{idpId}/users/{userId}

Fetches a linked IdP user by ID

Link A User To A Social IDP Without A Transaction

POST <example>.okta.com/api/v1/idps/{idpId}/users/{userId}

Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type

Unlink User From IDP

DELETE <example>.okta.com/api/v1/idps/{idpId}/users/{userId}

Removes the link between the Okta user and the IdP user.

Social Authentication Token Operation

GET <example>.okta.com/api/v1/idps/{idpId}/users/{userId}/credentials/tokens

Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.

Inlinehook

List Inline Hooks

GET <example>.okta.com/api/v1/inlineHooks

Description coming soon...

Create Inline Hook

POST <example>.okta.com/api/v1/inlineHooks

Description coming soon...

Get Inline Hook

GET <example>.okta.com/api/v1/inlineHooks/{inlineHookId}

Gets an inline hook by ID

Update Inline Hook

PUT <example>.okta.com/api/v1/inlineHooks/{inlineHookId}

Updates an inline hook by ID

Delete Inline Hook

DELETE <example>.okta.com/api/v1/inlineHooks/{inlineHookId}

Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.

Execute Inline Hook

POST <example>.okta.com/api/v1/inlineHooks/{inlineHookId}/execute

Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.

Activate Inline Hook

POST <example>.okta.com/api/v1/inlineHooks/{inlineHookId}/lifecycle/activate

Activates the Inline Hook matching the provided id

Deactivate Inline Hook

POST <example>.okta.com/api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate

Deactivates the Inline Hook matching the provided id

Linkedobject

List Linked Object Definitions

GET <example>.okta.com/api/v1/meta/schemas/user/linkedObjects

Description coming soon...

Create Linked Object Definition

POST <example>.okta.com/api/v1/meta/schemas/user/linkedObjects

Description coming soon...

Get Linked Object Definition

GET <example>.okta.com/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}

Description coming soon...

Delete Linked Object Definition

DELETE <example>.okta.com/api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}

Description coming soon...

Log

Get Org System Log

GET <example>.okta.com/api/v1/logs

The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API

Networkzone

List Network Zones

GET <example>.okta.com/api/v1/zones

Enumerates network zones added to your organization with pagination. A subset of zones can be returned that match a supported filter expression or query.

Create Network Zone

POST <example>.okta.com/api/v1/zones

Adds a new network zone to your Okta organization.

Get Network Zone

GET <example>.okta.com/api/v1/zones/{zoneId}

Fetches a network zone from your Okta organization by `id`.

Update Network Zone

PUT <example>.okta.com/api/v1/zones/{zoneId}

Updates a network zone in your organization.

Delete Network Zone

DELETE <example>.okta.com/api/v1/zones/{zoneId}

Removes network zone.

Activate Network Zone

POST <example>.okta.com/api/v1/zones/{zoneId}/lifecycle/activate

Description coming soon...

Deactivate Network Zone

POST <example>.okta.com/api/v1/zones/{zoneId}/lifecycle/deactivate

Deactivates a network zone.

Org

Get Org Settings

GET <example>.okta.com/api/v1/org

Get settings of your organization.

Update Org Setting

PUT <example>.okta.com/api/v1/org

Update settings of your organization.

Partial Update Org Setting

POST <example>.okta.com/api/v1/org

Partial update settings of your organization.

Get Org Contact Types

GET <example>.okta.com/api/v1/org/contacts

Gets Contact Types of your organization.

Get Org Contact User

GET <example>.okta.com/api/v1/org/contacts/{contactType}

Retrieves the URL of the User associated with the specified Contact Type.

Update Org Contact User

PUT <example>.okta.com/api/v1/org/contacts/{contactType}

Updates the User associated with the specified Contact Type.

Get Org Preferences

GET <example>.okta.com/api/v1/org/preferences

Gets preferences of your organization.

Get Okta Support Settings

GET <example>.okta.com/api/v1/org/privacy/oktaSupport

Gets Okta Support Settings of your organization.

Extend Okta Support

POST <example>.okta.com/api/v1/org/privacy/oktaSupport/extend

Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.

Grant Okta Support

POST <example>.okta.com/api/v1/org/privacy/oktaSupport/grant

Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours.

Extend Okta Support

POST <example>.okta.com/api/v1/org/privacy/oktaSupport/revoke

Revokes Okta Support access to your organization.

Policy

List Policies

GET <example>.okta.com/api/v1/policies

Gets all policies with the specified type.

Create Policy

POST <example>.okta.com/api/v1/policies

Creates a policy.

Get Policy

GET <example>.okta.com/api/v1/policies/{policyId}

Gets a policy.

Update Policy

PUT <example>.okta.com/api/v1/policies/{policyId}

Updates a policy.

Delete Policy

DELETE <example>.okta.com/api/v1/policies/{policyId}

Removes a policy.

Activate Policy

POST <example>.okta.com/api/v1/policies/{policyId}/lifecycle/activate

Activates a policy.

Deactivate Policy

POST <example>.okta.com/api/v1/policies/{policyId}/lifecycle/deactivate

Deactivates a policy.

List Policy Rules

GET <example>.okta.com/api/v1/policies/{policyId}/rules

Enumerates all policy rules.

Create Policy Rule

POST <example>.okta.com/api/v1/policies/{policyId}/rules

Creates a policy rule.

Get Policy Rule

GET <example>.okta.com/api/v1/policies/{policyId}/rules/{ruleId}

Gets a policy rule.

Update Policy Rule

PUT <example>.okta.com/api/v1/policies/{policyId}/rules/{ruleId}

Updates a policy rule.

Delete Policy Rule

DELETE <example>.okta.com/api/v1/policies/{policyId}/rules/{ruleId}

Removes a policy rule.

Activate Policy Rule

POST <example>.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate

Activates a policy rule.

Deactivate Policy Rule

POST <example>.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate

Deactivates a policy rule.

Profilemapping

List Profile Mappings

GET <example>.okta.com/api/v1/mappings

Enumerates Profile Mappings in your organization with pagination.

Get Profile Mapping

GET <example>.okta.com/api/v1/mappings/{mappingId}

Fetches a single Profile Mapping referenced by its ID.

Update Profile Mapping

POST <example>.okta.com/api/v1/mappings/{mappingId}

Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.

Subscription

List All Subscriptions Of A Custom Role

GET <example>.okta.com/api/v1/roles/{roleTypeOrRoleId}/subscriptions

When roleType List all subscriptions of a Role. Else when roleId List subscriptions of a Custom Role

Get Subscriptions Of A Custom Role By Specific Notification Type

GET <example>.okta.com/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}

When roleType Get subscriptions of a Role with a specific notification type. Else when roleId Get subscription of a Custom Role with a specific notification type.

Subscribe A Custom Role To A Specific Notification Type

POST <example>.okta.com/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe

When roleType Subscribes a Role to a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Subscribes a Custom Role to a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.

Unsubscribe A Custom Role From A Specific Notification Type

POST <example>.okta.com/api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe

When roleType Unsubscribes a Role from a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Unsubscribes a Custom Role from a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role.

Subscribe To A Specific Notification Type

POST <example>.okta.com/api/v1/users/{userId}/subscriptions/{notificationType}/subscribe

Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users.

Unsubscribe From A Specific Notification Type

POST <example>.okta.com/api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe

Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users.

Template

List SMS Templates

GET <example>.okta.com/api/v1/templates/sms

Enumerates custom SMS templates in your organization. A subset of templates can be returned that match a template type.

Create SMS Template

POST <example>.okta.com/api/v1/templates/sms

Adds a new custom SMS template to your organization.

Get SMS Template

GET <example>.okta.com/api/v1/templates/sms/{templateId}

Fetches a specific template by `id`

Update SMS Template

PUT <example>.okta.com/api/v1/templates/sms/{templateId}

Updates the SMS template.

Partial SMS Template Update

POST <example>.okta.com/api/v1/templates/sms/{templateId}

Updates only some of the SMS template properties:

Remove SMS Template

DELETE <example>.okta.com/api/v1/templates/sms/{templateId}

Removes an SMS template.

Threatinsight

Get Current ThreatInsight Configuration

GET <example>.okta.com/api/v1/threats/configuration

Description coming soon...

Update ThreatInsight Configuration

POST <example>.okta.com/api/v1/threats/configuration

Description coming soon...

Trustedorigin

List Trusted Origins

GET <example>.okta.com/api/v1/trustedOrigins

Description coming soon...

Create Trusted Origin

POST <example>.okta.com/api/v1/trustedOrigins

Description coming soon...

Get Trusted Origin

GET <example>.okta.com/api/v1/trustedOrigins/{trustedOriginId}

Description coming soon...

Update Trusted Origin

PUT <example>.okta.com/api/v1/trustedOrigins/{trustedOriginId}

Description coming soon...

Delete Trusted Origin

DELETE <example>.okta.com/api/v1/trustedOrigins/{trustedOriginId}

Description coming soon...

Activate Origin

POST <example>.okta.com/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate

Description coming soon...

Deactivate Trusted Origin

POST <example>.okta.com/api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate

Description coming soon...

User

List Users

GET <example>.okta.com/api/v1/users

Lists users that do not have a status of 'DEPROVISIONED' (by default), up to the maximum (200 for most orgs), with pagination in most cases. A subset of users can be returned that match a supported filter expression or search criteria.

Create User

POST <example>.okta.com/api/v1/users

Creates a new user in your Okta organization with or without credentials.

Set Linked Object For User

PUT <example>.okta.com/api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}

Description coming soon...

Get User

GET <example>.okta.com/api/v1/users/{userId}

Fetches a user from your Okta organization.

Update User

PUT <example>.okta.com/api/v1/users/{userId}

Update a user's profile and/or credentials using strict-update semantics.

Partial Update User

POST <example>.okta.com/api/v1/users/{userId}

Update a user's profile or credentials with partial update semantics.

Delete User

DELETE <example>.okta.com/api/v1/users/{userId}

Deletes a user permanently. This operation can only be performed on users that have a `DEPROVISIONED` status. **This action cannot be recovered!**

Get Assigned App Links

GET <example>.okta.com/api/v1/users/{userId}/appLinks

Fetches appLinks for all direct or indirect (via group membership) assigned applications.

List User Clients

GET <example>.okta.com/api/v1/users/{userId}/clients

Lists all client resources for which the specified user has grants or tokens.

List Grants For User And Client

GET <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/grants

Lists all grants for a specified user and client

Revoke Grants For User And Client

DELETE <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/grants

Revokes all grants for the specified user and client

List Refresh Tokens For User And Client

GET <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/tokens

Lists all refresh tokens issued for the specified User and Client.

Revoke Tokens For User And Client

DELETE <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/tokens

Revokes all refresh tokens issued for the specified User and Client.

Get Refresh Token For User And Client

GET <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}

Gets a refresh token issued for the specified User and Client.

Revoke Token For User And Client

DELETE <example>.okta.com/api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}

Revokes the specified refresh token.

Change Password

POST <example>.okta.com/api/v1/users/{userId}/credentials/change_password

Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential

Change Recovery Question

POST <example>.okta.com/api/v1/users/{userId}/credentials/change_recovery_question

Changes a user's recovery question & answer credential by validating the user's current password. This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential

Forgot Password

POST <example>.okta.com/api/v1/users/{userId}/credentials/forgot_password

Description coming soon...

List User Grants

GET <example>.okta.com/api/v1/users/{userId}/grants

Lists all grants for the specified user

Revoke User Grants

DELETE <example>.okta.com/api/v1/users/{userId}/grants

Revokes all grants for a specified user

Get User Grant

GET <example>.okta.com/api/v1/users/{userId}/grants/{grantId}

Gets a grant for the specified user

Revoke User Grant

DELETE <example>.okta.com/api/v1/users/{userId}/grants/{grantId}

Revokes one grant for a specified user

Get Member Groups

GET <example>.okta.com/api/v1/users/{userId}/groups

Fetches the groups of which the user is a member.

Listing IDPs for User

GET <example>.okta.com/api/v1/users/{userId}/idps

Lists the IdPs associated with the user.

Activate User

POST <example>.okta.com/api/v1/users/{userId}/lifecycle/activate

Activates a user. This operation can only be performed on users with a `STAGED` status. Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation. The user will have a status of `ACTIVE` when the activation process is complete.

Deactivate User

POST <example>.okta.com/api/v1/users/{userId}/lifecycle/deactivate

Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user's `transitioningToStatus` property is `DEPROVISIONED`. The user's status is `DEPROVISIONED` when the deactivation process is complete.

Expire Password

POST <example>.okta.com/api/v1/users/{userId}/lifecycle/expire_password

This operation transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login.

Reactivate User

POST <example>.okta.com/api/v1/users/{userId}/lifecycle/reactivate

Reactivates a user. This operation can only be performed on users with a `PROVISIONED` status. This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).

Reset Factors

POST <example>.okta.com/api/v1/users/{userId}/lifecycle/reset_factors

This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.

Reset Password

POST <example>.okta.com/api/v1/users/{userId}/lifecycle/reset_password

Generates a one-time token (OTT) that can be used to reset a user's password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.

Suspend User

POST <example>.okta.com/api/v1/users/{userId}/lifecycle/suspend

Suspends a user. This operation can only be performed on users with an `ACTIVE` status. The user will have a status of `SUSPENDED` when the process is complete.

Unlock User

POST <example>.okta.com/api/v1/users/{userId}/lifecycle/unlock

Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE` status. Users will be able to login with their current password.

Unsuspend User

POST <example>.okta.com/api/v1/users/{userId}/lifecycle/unsuspend

Unsuspends a user and returns them to the `ACTIVE` state. This operation can only be performed on users that have a `SUSPENDED` status.

Get Linked Objects For User

GET <example>.okta.com/api/v1/users/{userId}/linkedObjects/{relationshipName}

Get linked objects for a user, relationshipName can be a primary or associated relationship name

Remove Linked Object For User

DELETE <example>.okta.com/api/v1/users/{userId}/linkedObjects/{relationshipName}

Delete linked objects for a user, relationshipName can be ONLY a primary relationship name

List Assigned Roles For User

GET <example>.okta.com/api/v1/users/{userId}/roles

Lists all roles assigned to a user.

Assign Role To User

POST <example>.okta.com/api/v1/users/{userId}/roles

Assigns a role to a user.

Get User Role

GET <example>.okta.com/api/v1/users/{userId}/roles/{roleId}

Gets role that is assigne to user.

Remove Role From User

DELETE <example>.okta.com/api/v1/users/{userId}/roles/{roleId}

Unassigns a role from a user.

List Application Targets For Application Administrator Role For User

GET <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps

Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.

Add All Apps As Target To Role

PUT <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps

Description coming soon...

Add Application Target To Admin Role For User

PUT <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}

Description coming soon...

Remove Application Target From Application Administrator Role For User

DELETE <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}

Description coming soon...

Add App Instance Target To App Administrator Role Given To A User

PUT <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}

Description coming soon...

Remove App Instance Target To App Administrator Role Given To A User

DELETE <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}

Description coming soon...

List Group Targets For Role

GET <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/groups

Description coming soon...

Add Group Target To Role

PUT <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}

Description coming soon...

Remove Group Target From Role

DELETE <example>.okta.com/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}

Description coming soon...

Clear User Sessions

DELETE <example>.okta.com/api/v1/users/{userId}/sessions

Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.

List Subscriptions Of A User

GET <example>.okta.com/api/v1/users/{userId}/subscriptions

List subscriptions of a User. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.

Get The Subscription Of A User With A Specific Notification Type

GET <example>.okta.com/api/v1/users/{userId}/subscriptions/{notificationType}

Get the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users.

Userfactor

List Factors

GET <example>.okta.com/api/v1/users/{userId}/factors

Enumerates all the enrolled factors for the specified user

Enroll Factor

POST <example>.okta.com/api/v1/users/{userId}/factors

Enrolls a user with a supported factor.

List Supported Factors

GET <example>.okta.com/api/v1/users/{userId}/factors/catalog

Enumerates all the supported factors that can be enrolled for the specified user

List Supported Security Questions

GET <example>.okta.com/api/v1/users/{userId}/factors/questions

Enumerate security questions for a user's `question` factor

Get Factor

GET <example>.okta.com/api/v1/users/{userId}/factors/{factorId}

Fetches a factor for the specified user

Delete Factor

DELETE <example>.okta.com/api/v1/users/{userId}/factors/{factorId}

Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.

Activate Factor

POST <example>.okta.com/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate

The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.

Get Factor Transaction Status

GET <example>.okta.com/api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}

Polls factors verification transaction for status.

Verify MFA Factor

POST <example>.okta.com/api/v1/users/{userId}/factors/{factorId}/verify

Verifies an OTP for a `token` or `token:hardware` factor

Userschema

Get Application Default User Schema

GET <example>.okta.com/api/v1/meta/schemas/apps/{appInstanceId}/default

Description coming soon...

Update Application User Profile

POST <example>.okta.com/api/v1/meta/schemas/apps/{appInstanceId}/default

Description coming soon...

Get Schema For User

GET <example>.okta.com/api/v1/meta/schemas/user/{schemaId}

Description coming soon...

Update User Profile

POST <example>.okta.com/api/v1/meta/schemas/user/{schemaId}

Partial updates on the User Profile properties of the user schema.

Usertype

List User Types

GET <example>.okta.com/api/v1/meta/types/user

Fetches all User Types in your org

Create User Type

POST <example>.okta.com/api/v1/meta/types/user

Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.

Get User Type

GET <example>.okta.com/api/v1/meta/types/user/{typeId}

Fetches a User Type by ID. The special identifier `default` may be used to fetch the default User Type.

Replace User Type

PUT <example>.okta.com/api/v1/meta/types/user/{typeId}

Replace an existing User Type

Update User Type

POST <example>.okta.com/api/v1/meta/types/user/{typeId}

Updates an existing User Type

Delete User Type

DELETE <example>.okta.com/api/v1/meta/types/user/{typeId}

Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users