openapi: 3.0.0
info:
title: Okta API
description: Allows customers to easily access the Okta API
termsOfService: http://developer.okta.com/terms/
contact:
name: Okta Developer Team
email: devex-public@okta.com
url: http://developer.okta.com/
license:
name: Apache-2.0
url: http://www.apache.org/licenses/LICENSE-2.0.html
version: 1.9.0
externalDocs:
description: Find more info here
url: http://developer.okta.com/docs/api/getting_started/design_principles.html
paths:
/api/v1/apps:
get:
description: Enumerates apps added to your organization with pagination. A subset of
apps can be returned that match a supported filter expression or query.
operationId: listApplications
parameters:
- in: query
name: q
schema:
type: string
- description: Specifies the pagination cursor for the next page of apps
in: query
name: after
schema:
type: string
- description: Specifies the number of results for a page
in: query
name: limit
schema:
type: integer
format: int32
default: -1
- description: Filters apps by status, user.id, group.id or credentials.signing.kid
expression
in: query
name: filter
schema:
type: string
- description: Traverses users link relationship and optionally embeds Application
User resource
in: query
name: expand
schema:
type: string
- in: query
name: includeNonDeleted
schema:
type: boolean
default: false
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/Application"
type: array
security:
- api_token:
[]
summary: List Applications
tags:
- Application
post:
description: Adds a new application to your Okta organization.
operationId: createApplication
parameters:
- description: Executes activation lifecycle operation when creating the app
in: query
name: activate
schema:
type: boolean
default: true
requestBody:
$ref: "#/components/requestBodies/Application"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Application"
security:
- api_token:
[]
summary: Add Application
tags:
- Application
"/api/v1/apps/{appId}":
delete:
description: Removes an inactive application.
operationId: deleteApplication
parameters:
- in: path
name: appId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Delete Application
tags:
- Application
get:
description: Fetches an application from your Okta organization by `id`.
operationId: getApplication
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: query
name: expand
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Application"
security:
- api_token:
[]
summary: Get Application
tags:
- Application
put:
description: Updates an application in your organization.
operationId: updateApplication
parameters:
- in: path
name: appId
required: true
schema:
type: string
requestBody:
$ref: "#/components/requestBodies/Application"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Application"
security:
- api_token:
[]
summary: Update Application
tags:
- Application
"/api/v1/apps/{appId}/credentials/keys":
get:
description: Enumerates key credentials for an application
operationId: listApplicationKeys
parameters:
- in: path
name: appId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/JsonWebKey"
type: array
security:
- api_token:
[]
summary: List Key Credentials for Application
tags:
- Application
"/api/v1/apps/{appId}/credentials/keys/{keyId}":
get:
description: Gets a specific [application key
credential](#application-key-credential-model) by `kid`
operationId: getApplicationKey
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: path
name: keyId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/JsonWebKey"
security:
- api_token:
[]
summary: Get Key Credential for Application
tags:
- Application
"/api/v1/apps/{appId}/credentials/keys/{keyId}/clone":
post:
description: Clones a X.509 certificate for an application key credential from a
source application to target application.
operationId: cloneApplicationKey
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: path
name: keyId
required: true
schema:
type: string
- description: Unique key of the target Application
in: query
name: targetAid
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/JsonWebKey"
security:
- api_token:
[]
summary: Clone Application Key Credential
tags:
- Application
"/api/v1/apps/{appId}/groups":
get:
description: Enumerates group assignments for an application.
operationId: listApplicationGroupAssignments
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: query
name: q
schema:
type: string
- description: Specifies the pagination cursor for the next page of assignments
in: query
name: after
schema:
type: string
- description: Specifies the number of results for a page
in: query
name: limit
schema:
type: integer
format: int32
default: -1
- in: query
name: expand
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/ApplicationGroupAssignment"
type: array
security:
- api_token:
[]
summary: List Groups Assigned to Application
tags:
- Application
"/api/v1/apps/{appId}/groups/{groupId}":
delete:
description: Removes a group assignment from an application.
operationId: deleteApplicationGroupAssignment
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: path
name: groupId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Remove Group from Application
tags:
- Application
get:
description: Fetches an application group assignment
operationId: getApplicationGroupAssignment
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: path
name: groupId
required: true
schema:
type: string
- in: query
name: expand
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/ApplicationGroupAssignment"
security:
- api_token:
[]
summary: Get Assigned Group for Application
tags:
- Application
put:
description: Assigns a group to an application
operationId: createApplicationGroupAssignment
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: path
name: groupId
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/ApplicationGroupAssignment"
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/ApplicationGroupAssignment"
security:
- api_token:
[]
summary: Assign Group to Application
tags:
- Application
"/api/v1/apps/{appId}/lifecycle/activate":
post:
description: Activates an inactive application.
operationId: activateApplication
parameters:
- in: path
name: appId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Activate Application
tags:
- Application
"/api/v1/apps/{appId}/lifecycle/deactivate":
post:
description: Deactivates an active application.
operationId: deactivateApplication
parameters:
- in: path
name: appId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Deactivate Application
tags:
- Application
"/api/v1/apps/{appId}/users":
get:
description: Enumerates all assigned [application users](#application-user-model) for
an application.
operationId: listApplicationUsers
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: query
name: q
schema:
type: string
- in: query
name: query_scope
schema:
type: string
- description: specifies the pagination cursor for the next page of assignments
in: query
name: after
schema:
type: string
- description: specifies the number of results for a page
in: query
name: limit
schema:
type: integer
format: int32
default: -1
- in: query
name: filter
schema:
type: string
- in: query
name: expand
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/AppUser"
type: array
security:
- api_token:
[]
summary: List Users Assigned to Application
tags:
- Application
post:
description: Assigns an user to an application with
[credentials](#application-user-credentials-object) and an app-specific
[profile](#application-user-profile-object). Profile mappings defined
for the application are first applied before applying any profile
properties specified in the request.
operationId: assignUserToApplication
parameters:
- in: path
name: appId
required: true
schema:
type: string
requestBody:
$ref: "#/components/requestBodies/AppUser"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/AppUser"
security:
- api_token:
[]
summary: Assign User to Application for SSO & Provisioning
tags:
- Application
"/api/v1/apps/{appId}/users/{userId}":
delete:
description: Removes an assignment for a user from an application.
operationId: deleteApplicationUser
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: path
name: userId
required: true
schema:
type: string
- in: query
name: sendEmail
x-okta-added-version: 1.5.0
schema:
type: boolean
default: false
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Remove User from Application
tags:
- Application
get:
description: Fetches a specific user assignment for application by `id`.
operationId: getApplicationUser
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: path
name: userId
required: true
schema:
type: string
- in: query
name: expand
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/AppUser"
security:
- api_token:
[]
summary: Get Assigned User for Application
tags:
- Application
post:
description: Updates a user's profile for an application
operationId: updateApplicationUser
parameters:
- in: path
name: appId
required: true
schema:
type: string
- in: path
name: userId
required: true
schema:
type: string
requestBody:
$ref: "#/components/requestBodies/AppUser"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/AppUser"
security:
- api_token:
[]
summary: Update Application Profile for Assigned User
tags:
- Application
/api/v1/groups:
get:
description: Enumerates groups in your organization with pagination. A subset of
groups can be returned that match a supported filter expression or
query.
operationId: listGroups
parameters:
- description: Searches the name property of groups for matching value
in: query
name: q
schema:
type: string
- description: Filter expression for groups
in: query
name: filter
schema:
type: string
- description: Specifies the pagination cursor for the next page of groups
in: query
name: after
schema:
type: string
- description: Specifies the number of group results in a page
in: query
name: limit
schema:
type: integer
format: int32
default: -1
- in: query
name: expand
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/Group"
type: array
security:
- api_token:
[]
summary: List Groups
tags:
- Group
post:
description: Adds a new group with `OKTA_GROUP` type to your organization.
operationId: createGroup
requestBody:
$ref: "#/components/requestBodies/Group"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Group"
security:
- api_token:
[]
summary: Add Group
tags:
- Group
/api/v1/groups/rules:
get:
description: Lists all group rules for your organization.
operationId: listRules
parameters:
- description: Specifies the number of rule results in a page
in: query
name: limit
schema:
type: integer
format: int32
default: -1
- description: Specifies the pagination cursor for the next page of rules
in: query
name: after
schema:
type: string
- in: query
name: expand
x-okta-added-version: 1.3.0
schema:
type: string
default: ""
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/GroupRule"
type: array
security:
- api_token:
[]
summary: List Group Rules
tags:
- Group
post:
description: Creates a group rule to dynamically add users to the specified group if
they match the condition
operationId: createRule
requestBody:
$ref: "#/components/requestBodies/GroupRule"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/GroupRule"
security:
- api_token:
[]
summary: Create Group Rule
tags:
- Group
"/api/v1/groups/rules/{ruleId}":
delete:
description: Removes a specific group rule by id from your organization
operationId: deleteRule
parameters:
- in: path
name: ruleId
required: true
schema:
type: string
- in: query
name: removeUsers
schema:
type: boolean
default: false
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Delete a group Rule
tags:
- Group
get:
description: Fetches a specific group rule by id from your organization
operationId: getRule
parameters:
- in: path
name: ruleId
required: true
schema:
type: string
- in: query
name: expand
x-okta-added-version: 1.3.0
schema:
type: string
default: ""
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/GroupRule"
security:
- api_token:
[]
summary: Get Group Rule
tags:
- Group
put:
operationId: updateRule
parameters:
- in: path
name: ruleId
required: true
schema:
type: string
requestBody:
$ref: "#/components/requestBodies/GroupRule"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/GroupRule"
security:
- api_token:
[]
tags:
- Group
"/api/v1/groups/rules/{ruleId}/lifecycle/activate":
post:
description: Activates a specific group rule by id from your organization
operationId: activateRule
parameters:
- in: path
name: ruleId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Activate a group Rule
tags:
- Group
"/api/v1/groups/rules/{ruleId}/lifecycle/deactivate":
post:
description: Deactivates a specific group rule by id from your organization
operationId: deactivateRule
parameters:
- in: path
name: ruleId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Deactivate a group Rule
tags:
- Group
"/api/v1/groups/{groupId}":
delete:
description: Removes a group with `OKTA_GROUP` type from your organization.
operationId: deleteGroup
parameters:
- in: path
name: groupId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Remove Group
tags:
- Group
get:
description: Lists all group rules for your organization.
operationId: getGroup
parameters:
- in: path
name: groupId
required: true
schema:
type: string
- in: query
name: expand
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Group"
security:
- api_token:
[]
summary: List Group Rules
tags:
- Group
put:
description: Updates the profile for a group with `OKTA_GROUP` type from your
organization.
operationId: updateGroup
parameters:
- in: path
name: groupId
required: true
schema:
type: string
requestBody:
$ref: "#/components/requestBodies/Group"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Group"
security:
- api_token:
[]
summary: Update Group
tags:
- Group
"/api/v1/groups/{groupId}/users":
get:
description: Enumerates all [users](/docs/api/resources/users.html#user-model) that
are a member of a group.
operationId: listGroupUsers
parameters:
- in: path
name: groupId
required: true
schema:
type: string
- description: Specifies the pagination cursor for the next page of users
in: query
name: after
schema:
type: string
- description: Specifies the number of user results in a page
in: query
name: limit
schema:
type: integer
format: int32
default: -1
- in: query
name: managedBy
x-okta-added-version: 1.3.0
schema:
type: string
default: all
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/User"
type: array
security:
- api_token:
[]
summary: List Group Members
tags:
- Group
"/api/v1/groups/{groupId}/users/{userId}":
delete:
description: Removes a [user](users.html#user-model) from a group with `OKTA_GROUP`
type.
operationId: removeGroupUser
parameters:
- in: path
name: groupId
required: true
schema:
type: string
- in: path
name: userId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Remove User from Group
tags:
- Group
put:
description: Adds a [user](users.html#user-model) to a group with `OKTA_GROUP` type.
operationId: addUserToGroup
parameters:
- in: path
name: groupId
required: true
schema:
type: string
- in: path
name: userId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Add User to Group
tags:
- Group
/api/v1/logs:
get:
description: The Okta System Log API provides read access to your organization’s
system log. This API provides more functionality than the Events API
operationId: getLogs
parameters:
- in: query
name: until
schema:
type: string
- in: query
name: since
schema:
type: string
- in: query
name: filter
schema:
type: string
- in: query
name: q
schema:
type: string
- in: query
name: limit
schema:
type: integer
default: 100
- in: query
name: sortOrder
schema:
type: string
default: ASCENDING
- in: query
name: after
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/LogEvent"
type: array
security:
- api_token:
[]
summary: Fetch a list of events from your Okta organization system log.
tags:
- Log
/api/v1/policies:
get:
description: ""
operationId: listPolicies
parameters:
- in: query
name: type
required: true
schema:
type: string
- in: query
name: status
schema:
type: string
- in: query
name: after
schema:
type: string
- in: query
name: limit
schema:
type: integer
format: int32
default: -1
- in: query
name: expand
schema:
type: string
default: ""
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/Policy"
type: array
security:
- api_token:
[]
tags:
- Policy
post:
description: ""
operationId: createPolicy
parameters:
- in: query
name: activate
schema:
type: boolean
default: true
requestBody:
$ref: "#/components/requestBodies/Policy"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Policy"
security:
- api_token:
[]
tags:
- Policy
"/api/v1/policies/{policyId}":
delete:
description: ""
operationId: deletePolicy
parameters:
- in: path
name: policyId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- Policy
get:
description: ""
operationId: getPolicy
parameters:
- in: path
name: policyId
required: true
schema:
type: string
- in: query
name: expand
schema:
type: string
default: ""
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Policy"
security:
- api_token:
[]
tags:
- Policy
put:
description: ""
operationId: updatePolicy
parameters:
- in: path
name: policyId
required: true
schema:
type: string
requestBody:
$ref: "#/components/requestBodies/Policy"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Policy"
security:
- api_token:
[]
tags:
- Policy
"/api/v1/policies/{policyId}/lifecycle/activate":
post:
description: ""
operationId: activatePolicy
parameters:
- in: path
name: policyId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- Policy
"/api/v1/policies/{policyId}/lifecycle/deactivate":
post:
description: ""
operationId: deactivatePolicy
parameters:
- in: path
name: policyId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- Policy
"/api/v1/policies/{policyId}/rules":
get:
description: ""
operationId: listPolicyRules
parameters:
- in: path
name: policyId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/PolicyRule"
type: array
security:
- api_token:
[]
tags:
- Policy
post:
description: ""
operationId: addPolicyRule
parameters:
- in: path
name: policyId
required: true
schema:
type: string
- in: query
name: activate
schema:
type: boolean
default: true
requestBody:
$ref: "#/components/requestBodies/PolicyRule"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/PolicyRule"
security:
- api_token:
[]
tags:
- Policy
"/api/v1/policies/{policyId}/rules/{ruleId}":
delete:
description: ""
operationId: deletePolicyRule
parameters:
- in: path
name: policyId
required: true
schema:
type: string
- in: path
name: ruleId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- Policy
get:
description: ""
operationId: getPolicyRule
parameters:
- in: path
name: policyId
required: true
schema:
type: string
- in: path
name: ruleId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/PolicyRule"
security:
- api_token:
[]
tags:
- Policy
put:
description: ""
operationId: updatePolicyRule
parameters:
- in: path
name: policyId
required: true
schema:
type: string
- in: path
name: ruleId
required: true
schema:
type: string
requestBody:
$ref: "#/components/requestBodies/PolicyRule"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/PolicyRule"
security:
- api_token:
[]
tags:
- Policy
"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate":
post:
description: ""
operationId: activatePolicyRule
parameters:
- in: path
name: policyId
required: true
schema:
type: string
- in: path
name: ruleId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- Policy
"/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate":
post:
description: ""
operationId: deactivatePolicyRule
parameters:
- in: path
name: policyId
required: true
schema:
type: string
- in: path
name: ruleId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- Policy
/api/v1/sessions:
post:
description: Creates a new session for a user with a valid session token. Use this
API if, for example, you want to set the session cookie yourself instead
of allowing Okta to set it, or want to hold the session ID in order to
delete a session via the API instead of visiting the logout URL.
operationId: createSession
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/CreateSessionRequest"
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Session"
security:
- api_token:
[]
summary: Create Session with Session Token
tags:
- Session
"/api/v1/sessions/{sessionId}":
delete:
description: ""
operationId: endSession
parameters:
- in: path
name: sessionId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Close Session
tags:
- Session
get:
description: Get details about a session.
operationId: getSession
parameters:
- in: path
name: sessionId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Session"
security:
- api_token:
[]
tags:
- Session
"/api/v1/sessions/{sessionId}/lifecycle/refresh":
post:
description: ""
operationId: refreshSession
parameters:
- in: path
name: sessionId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Session"
security:
- api_token:
[]
summary: Refresh Session
tags:
- Session
/api/v1/users:
get:
description: Lists users in your organization with pagination in most cases. A
subset of users can be returned that match a supported filter expression
or search criteria.
operationId: listUsers
parameters:
- description: Finds a user that matches firstName, lastName, and email properties
in: query
name: q
schema:
type: string
- description: Specifies the pagination cursor for the next page of users
in: query
name: after
schema:
type: string
- description: Specifies the number of results returned
in: query
name: limit
schema:
type: integer
format: int32
default: -1
- description: Filters users with a supported expression for a subset of properties
in: query
name: filter
schema:
type: string
- in: query
name: format
schema:
type: string
- description: Searches for users with a supported filtering expression for most
properties
in: query
name: search
schema:
type: string
- in: query
name: expand
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/User"
type: array
security:
- api_token:
[]
summary: List Users
tags:
- User
post:
description: Creates a new user in your Okta organization with or without credentials.
operationId: createUser
parameters:
- description: Executes activation lifecycle operation when creating the user
in: query
name: activate
schema:
type: boolean
default: true
- description: Indicates whether to create a user with a specified authentication
provider
in: query
name: provider
schema:
type: boolean
default: false
- description: With activate=true, set nextLogin to "changePassword" to have the
password be EXPIRED, so user must change it the next time they log
in.
in: query
name: nextLogin
x-okta-added-version: 0.14.0
x-openapi-v3-schema-ref: "#/definitions/UserNextLogin"
schema:
type: string
default: ""
requestBody:
$ref: "#/components/requestBodies/User"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/User"
security:
- api_token:
[]
summary: Create User
tags:
- User
"/api/v1/users/{userId}":
delete:
description: Deletes a user permanently. This operation can only be performed on
users that have a `DEPROVISIONED` status. **This action cannot be
recovered!**
operationId: deactivateOrDeleteUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: query
name: sendEmail
x-okta-added-version: 1.5.0
schema:
type: boolean
default: false
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Delete User
tags:
- User
get:
description: Fetches a user from your Okta organization.
operationId: getUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/User"
security:
- api_token:
[]
summary: Get User
tags:
- User
put:
description: Update a user's profile and/or credentials using strict-update semantics.
operationId: updateUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
requestBody:
$ref: "#/components/requestBodies/User"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/User"
security:
- api_token:
[]
summary: Update User
tags:
- User
"/api/v1/users/{userId}/appLinks":
get:
description: Fetches appLinks for all direct or indirect (via group membership)
assigned applications.
operationId: listAppLinks
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: query
name: showAll
schema:
type: boolean
default: false
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/AppLink"
type: array
security:
- api_token:
[]
summary: Get Assigned App Links
tags:
- User
"/api/v1/users/{userId}/credentials/change_password":
post:
description: Changes a user's password by validating the user's current password.
This operation can only be performed on users in `STAGED`, `ACTIVE`,
`PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid [password
credential](#password-object)
operationId: changePassword
parameters:
- in: path
name: userId
required: true
schema:
type: string
requestBody:
$ref: "#/components/requestBodies/ChangePasswordRequest"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/UserCredentials"
security:
- api_token:
[]
summary: Change Password
tags:
- User
"/api/v1/users/{userId}/credentials/change_recovery_question":
post:
description: Changes a user's recovery question & answer credential by validating the
user's current password. This operation can only be performed on users
in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid
[password credential](#password-object)
operationId: changeRecoveryQuestion
parameters:
- in: path
name: userId
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/UserCredentials"
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/UserCredentials"
security:
- api_token:
[]
summary: Change Recovery Question
tags:
- User
"/api/v1/users/{userId}/credentials/forgot_password":
post:
description: Generates a one-time token (OTT) that can be used to reset a user's
password. The user will be required to validate their security
question's answer when visiting the reset link. This operation can only
be performed on users with a valid [recovery question
credential](#recovery-question-object) and have an `ACTIVE` status.
operationId: forgotPassword
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: query
name: sendEmail
schema:
type: boolean
default: true
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/UserCredentials"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/ForgotPasswordResponse"
security:
- api_token:
[]
summary: Forgot Password
tags:
- User
"/api/v1/users/{userId}/factors":
get:
description: Enumerates all the enrolled factors for the specified user
operationId: listFactors
parameters:
- in: path
name: userId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/Factor"
type: array
security:
- api_token:
[]
tags:
- UserFactor
post:
description: Enrolls a user with a supported [factor](#list-factors-to-enroll)
operationId: addFactor
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: query
name: updatePhone
schema:
type: boolean
default: false
- description: id of SMS template (only for SMS factor)
in: query
name: templateId
schema:
type: string
- in: query
name: tokenLifetimeSeconds
x-okta-added-version: 1.3.0
schema:
type: integer
format: int32
default: 300
- in: query
name: activate
x-okta-added-version: 1.3.0
schema:
type: boolean
default: false
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/Factor"
description: Factor
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Factor"
security:
- api_token:
[]
summary: Enroll Factor
tags:
- UserFactor
"/api/v1/users/{userId}/factors/catalog":
get:
description: Enumerates all the [supported factors](#supported-factors-for-providers)
that can be enrolled for the specified user
operationId: listSupportedFactors
parameters:
- in: path
name: userId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/Factor"
type: array
security:
- api_token:
[]
tags:
- UserFactor
"/api/v1/users/{userId}/factors/questions":
get:
description: Enumerates all available security questions for a user's `question`
factor
operationId: listSupportedSecurityQuestions
parameters:
- in: path
name: userId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/SecurityQuestion"
type: array
security:
- api_token:
[]
tags:
- UserFactor
"/api/v1/users/{userId}/factors/{factorId}":
delete:
description: Unenrolls an existing factor for the specified user, allowing the user
to enroll a new factor.
operationId: deleteFactor
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: path
name: factorId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- UserFactor
get:
description: Fetches a factor for the specified user
operationId: getFactor
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: path
name: factorId
required: true
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Factor"
security:
- api_token:
[]
tags:
- UserFactor
"/api/v1/users/{userId}/factors/{factorId}/lifecycle/activate":
post:
description: The `sms` and `token:software:totp` [factor types](#factor-type) require
activation to complete the enrollment process.
operationId: activateFactor
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: path
name: factorId
required: true
schema:
type: string
requestBody:
$ref: "#/components/requestBodies/VerifyFactorRequest"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Factor"
security:
- api_token:
[]
summary: Activate Factor
tags:
- UserFactor
"/api/v1/users/{userId}/factors/{factorId}/verify":
post:
description: Verifies an OTP for a `token` or `token:hardware` factor
operationId: verifyFactor
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: path
name: factorId
required: true
schema:
type: string
- in: query
name: templateId
schema:
type: string
- in: query
name: tokenLifetimeSeconds
x-okta-added-version: 1.3.0
schema:
type: integer
format: int32
default: 300
requestBody:
$ref: "#/components/requestBodies/VerifyFactorRequest"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/VerifyFactorResponse"
security:
- api_token:
[]
summary: Verify MFA Factor
tags:
- UserFactor
"/api/v1/users/{userId}/groups":
get:
description: Fetches the groups of which the user is a member.
operationId: listUserGroups
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: query
name: after
schema:
type: string
- in: query
name: limit
schema:
type: integer
format: int32
default: -1
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/Group"
type: array
security:
- api_token:
[]
summary: Get Member Groups
tags:
- User
"/api/v1/users/{userId}/lifecycle/activate":
post:
description: Activates a user. This operation can only be performed on users with a
`STAGED` status. Activation of a user is an asynchronous operation. The
user will have the `transitioningToStatus` property with a value of
`ACTIVE` during activation to indicate that the user hasn't completed
the asynchronous operation. The user will have a status of `ACTIVE`
when the activation process is complete.
operationId: activateUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
- description: Sends an activation email to the user if true
in: query
name: sendEmail
required: true
schema:
type: boolean
default: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/UserActivationToken"
security:
- api_token:
[]
summary: Activate User
tags:
- User
"/api/v1/users/{userId}/lifecycle/deactivate":
post:
description: Deactivates a user. This operation can only be performed on users that
do not have a `DEPROVISIONED` status. Deactivation of a user is an
asynchronous operation. The user will have the `transitioningToStatus`
property with a value of `DEPROVISIONED` during deactivation to indicate
that the user hasn't completed the asynchronous operation. The user
will have a status of `DEPROVISIONED` when the deactivation process is
complete.
operationId: deactivateUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: query
name: sendEmail
x-okta-added-version: 1.5.0
schema:
type: boolean
default: false
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Deactivate User
tags:
- User
"/api/v1/users/{userId}/lifecycle/expire_password":
post:
description: This operation transitions the user to the status of `PASSWORD_EXPIRED`
so that the user is required to change their password at their next
login.
operationId: expirePassword
parameters:
- in: path
name: userId
required: true
schema:
type: string
- description: Sets the user's password to a temporary password, if true
in: query
name: tempPassword
schema:
type: boolean
default: false
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/TempPassword"
security:
- api_token:
[]
summary: Expire Password
tags:
- User
"/api/v1/users/{userId}/lifecycle/reset_factors":
post:
description: This operation resets all factors for the specified user. All MFA factor
enrollments returned to the unenrolled state. The user's status remains
ACTIVE. This link is present only if the user is currently enrolled in
one or more MFA factors.
operationId: resetAllFactors
parameters:
- in: path
name: userId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Reset Factors
tags:
- User
"/api/v1/users/{userId}/lifecycle/reset_password":
post:
description: Generates a one-time token (OTT) that can be used to reset a user's
password. The OTT link can be automatically emailed to the user or
returned to the API caller and distributed using a custom flow.
operationId: resetPassword
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: query
name: provider
x-openapi-v3-schema-ref: "#/definitions/AuthenticationProviderType"
schema:
type: string
- in: query
name: sendEmail
schema:
type: boolean
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/ResetPasswordToken"
security:
- api_token:
[]
summary: Reset Password
tags:
- User
"/api/v1/users/{userId}/lifecycle/suspend":
post:
description: Suspends a user. This operation can only be performed on users with an
`ACTIVE` status. The user will have a status of `SUSPENDED` when the
process is complete.
operationId: suspendUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Suspend User
tags:
- User
"/api/v1/users/{userId}/lifecycle/unlock":
post:
description: Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE`
status. Users will be able to login with their current password.
operationId: unlockUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Unlock User
tags:
- User
"/api/v1/users/{userId}/lifecycle/unsuspend":
post:
description: Unsuspends a user and returns them to the `ACTIVE` state. This
operation can only be performed on users that have a `SUSPENDED` status.
operationId: unsuspendUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
summary: Unsuspend User
tags:
- User
"/api/v1/users/{userId}/roles":
get:
description: Lists all roles assigned to a user.
operationId: listAssignedRoles
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: query
name: expand
schema:
type: string
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/Role"
type: array
security:
- api_token:
[]
tags:
- User
post:
description: Assigns a role to a user.
operationId: addRoleToUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/Role"
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/Role"
security:
- api_token:
[]
tags:
- User
"/api/v1/users/{userId}/roles/{roleId}":
delete:
description: Unassigns a role from a user.
operationId: removeRoleFromUser
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: path
name: roleId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- User
"/api/v1/users/{userId}/roles/{roleId}/targets/groups":
get:
operationId: listGroupTargetsForRole
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: path
name: roleId
required: true
schema:
type: string
- in: query
name: after
schema:
type: string
- in: query
name: limit
schema:
type: integer
format: int32
default: -1
responses:
"200":
description: Success
content:
application/json:
schema:
items:
$ref: "#/components/schemas/Group"
type: array
security:
- api_token:
[]
tags:
- User
"/api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}":
delete:
operationId: removeGroupTargetFromRole
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: path
name: roleId
required: true
schema:
type: string
- in: path
name: groupId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- User
put:
operationId: addGroupTargetToRole
parameters:
- in: path
name: userId
required: true
schema:
type: string
- in: path
name: roleId
required: true
schema:
type: string
- in: path
name: groupId
required: true
schema:
type: string
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- User
"/api/v1/users/{userId}/sessions":
delete:
description: Removes all active identity provider sessions. This forces the user to
authenticate on the next operation. Optionally revokes OpenID Connect
and OAuth refresh and access tokens issued to the user.
operationId: endAllUserSessions
parameters:
- in: path
name: userId
required: true
schema:
type: string
- description: Revoke issued OpenID Connect and OAuth refresh and access tokens
in: query
name: oauthTokens
schema:
type: boolean
default: false
responses:
"200":
description: Success
security:
- api_token:
[]
tags:
- User
/api/v1/authn:
post:
description: Every authentication transaction starts with primary authentication
which validates a user’s primary password credential. Password Policy,
MFA Policy, and Sign-On Policy are evaluated during primary
authentication to determine if the user’s password is expired, a factor
should be enrolled, or additional verification is required. The
transaction state of the response depends on the user’s status, group
memberships and assigned policies.
operationId: authenticate
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/AuthenticationRequest"
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/AuthenticationTransaction"
security:
- api_token:
[]
tags:
- Authentication
/api/v1/authn/credentials/change_password:
post:
description: This operation changes a user’s password by providing the existing
password and the new password password for authentication transactions
with either the PASSWORD_EXPIRED or PASSWORD_WARN state.
operationId: authChangePassword
requestBody:
$ref: "#/components/requestBodies/ChangePasswordRequest"
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/AuthenticationTransaction"
security:
- api_token:
[]
tags:
- Authentication
/api/v1/authn/factors:
post:
description: You can enroll, activate, manage, and verify factors inside the
authentication context with /api/v1/authn/factors. This operation is
only available for users that have not previously enrolled a factor and
have transitioned to the MFA_ENROLL state.
operationId: enrollFactor
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/EnrollFactorRequest"
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/AuthenticationTransaction"
security:
- api_token:
[]
tags:
- Authentication
"/api/v1/authn/factors/{factorId}/lifecycle/activate":
post:
description: You can enroll, activate, manage, and verify factors inside the
authentication context with /api/v1/authn/factors. This operation is
only available for users that have not previously enrolled a factor and
have transitioned to the MFA_ENROLL state.
operationId: authActivateFactor
parameters:
- in: path
name: factorId
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/ActivateFactorRequest"
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/AuthenticationTransaction"
security:
- api_token:
[]
tags:
- Authentication
"/api/v1/authn/factors/{factorId}/verify":
post:
description: You can enroll, activate, manage, and verify factors inside the
authentication context with /api/v1/authn/factors. This operation is
only available for users that have not previously enrolled a factor and
have transitioned to the MFA_ENROLL state.
operationId: authVerifyFactor
parameters:
- in: path
name: factorId
required: true
schema:
type: string
- description: user’s decision to remember device
in: query
name: rememberDevice
schema:
type: boolean
default: false
- description: user’s decision to send push to device automatically
in: query
name: autoPush
schema:
type: boolean
default: false
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/AuthVerifyFactorRequest"
required: true
responses:
"200":
description: Success
content:
application/json:
schema:
$ref: "#/components/schemas/AuthenticationTransaction"
security:
- api_token:
[]
tags:
- Authentication
servers:
- url: https://your-subdomain.okta.com/
components:
requestBodies:
Policy:
content:
application/json:
schema:
$ref: "#/components/schemas/Policy"
required: true
ChangePasswordRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/ChangePasswordRequest"
required: true
Application:
content:
application/json:
schema:
$ref: "#/components/schemas/Application"
required: true
AppUser:
content:
application/json:
schema:
$ref: "#/components/schemas/AppUser"
required: true
Group:
content:
application/json:
schema:
$ref: "#/components/schemas/Group"
required: true
GroupRule:
content:
application/json:
schema:
$ref: "#/components/schemas/GroupRule"
required: true
PolicyRule:
content:
application/json:
schema:
$ref: "#/components/schemas/PolicyRule"
required: true
User:
content:
application/json:
schema:
$ref: "#/components/schemas/User"
required: true
VerifyFactorRequest:
content:
application/json:
schema:
$ref: "#/components/schemas/VerifyFactorRequest"
required: true
securitySchemes:
api_token:
description: SSWS {API Token}
in: header
name: Authorization
type: apiKey
schemas:
AppLink:
properties:
appAssignmentId:
readOnly: true
type: string
appInstanceId:
readOnly: true
type: string
appName:
readOnly: true
type: string
credentialsSetup:
readOnly: true
type: boolean
hidden:
readOnly: true
type: boolean
id:
readOnly: true
type: string
label:
readOnly: true
type: string
linkUrl:
readOnly: true
type: string
logoUrl:
readOnly: true
type: string
sortOrder:
readOnly: true
type: integer
type: object
example:
{
"id": "00ub0oNGTSWTBKOLGLNR",
"label": "Google Apps Mail",
"linkUrl": "https://example.okta.com/home/google/0oa3omz2i9XRNSRIHBZO/50",
"logoUrl": "https://example.okta.com/img/logos/google-mail.png",
"appName": "google",
"appInstanceId": "0oa3omz2i9XRNSRIHBZO",
"appAssignmentId": "0ua3omz7weMMMQJERBKY",
"credentialsSetup": false,
"hidden": false,
"sortOrder": 0
}
x-okta-tags:
- User
AppUser:
properties:
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
_links:
additionalProperties:
type: object
readOnly: true
type: object
created:
format: date-time
readOnly: true
type: string
credentials:
$ref: "#/components/schemas/AppUserCredentials"
externalId:
readOnly: true
type: string
id:
type: string
lastSync:
format: date-time
readOnly: true
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
passwordChanged:
format: date-time
readOnly: true
type: string
profile:
additionalProperties:
type: object
type: object
scope:
type: string
status:
readOnly: true
type: string
statusChanged:
format: date-time
readOnly: true
type: string
syncState:
readOnly: true
type: string
type: object
example:
{
"id": "00u11z6WHMYCGPCHCRFK",
"externalId": "70c14cc17d3745e8a9f98d599a68329c",
"created": "2014-06-24T15:27:59.000Z",
"lastUpdated": "2014-06-24T15:28:14.000Z",
"scope": "USER",
"status": "ACTIVE",
"statusChanged": "2014-06-24T15:28:14.000Z",
"passwordChanged": "2014-06-24T15:27:59.000Z",
"syncState": "SYNCHRONIZED",
"lastSync": "2014-06-24T15:27:59.000Z",
"credentials": {
"userName": "saml.jackson@example.com",
"password": {}
},
"profile": {
"secondEmail": null,
"lastName": "Jackson",
"mobilePhone": null,
"email": "saml.jackson@example.com",
"salesforceGroups": [
"Employee"
],
"role": "CEO",
"firstName": "Saml",
"profile": "Standard User"
},
"_links": {
"app": {
"href": "https://example.okta.com/api/v1/apps/0oabhnUQFYHMBNVSVXMV"
},
"user": {
"href": "https://example.okta.com/api/v1/users/00u11z6WHMYCGPCHCRFK"
}
}
}
x-okta-crud:
- alias: update
arguments:
- dest: appId
parentSrc: appId
- dest: userId
src: id
- dest: appUser
self: true
operationId: updateApplicationUser
- alias: delete
arguments:
- dest: appId
parentSrc: appId
- dest: userId
src: id
operationId: deleteApplicationUser
x-okta-tags:
- Application
AppUserCredentials:
properties:
password:
$ref: "#/components/schemas/AppUserPasswordCredential"
userName:
type: string
type: object
example:
{
"userName": "saml.jackson@example.com",
"password": {}
}
x-okta-tags:
- Application
AppUserPasswordCredential:
properties:
value:
format: password
type: string
x-okta-tags:
- Application
Application:
properties:
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
nullable: true
_links:
additionalProperties:
type: object
readOnly: true
type: object
nullable: true
accessibility:
$ref: "#/components/schemas/ApplicationAccessibility"
created:
format: date-time
readOnly: true
type: string
credentials:
$ref: "#/components/schemas/ApplicationCredentials"
features:
items:
type: string
type: array
nullable: true
id:
readOnly: true
type: string
label:
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
licensing:
$ref: "#/components/schemas/ApplicationLicensing"
name:
readOnly: true
type: string
profile:
additionalProperties:
type: object
type: object
nullable: true
settings:
$ref: "#/components/schemas/ApplicationSettings"
signOnMode:
$ref: "#/components/schemas/ApplicationSignOnMode"
status:
enum:
- ACTIVE
- INACTIVE
- DELETED
readOnly: true
type: string
visibility:
$ref: "#/components/schemas/ApplicationVisibility"
nullable: true
type: object
example:
{
"id": "0oaud6YvvS7AghVmH0g3",
"name": "testorg_testsamlapp_1",
"label": "Test SAML App",
"status": "ACTIVE",
"lastUpdated": "2016-06-29T16:13:47.000Z",
"created": "2016-06-29T16:13:47.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"testorgone_testsamlapp_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "${source.login}",
"type": "BUILT_IN"
},
"signing": {}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "ANYWHERE"
},
"message": "Help message text.",
"helpUrl": "http://www.help-site.example.com/"
}
},
"signOn": {
"defaultRelayState": "",
"ssoAcsUrl": "https://www.example.com/sso/saml",
"idpIssuer": "http://www.okta.com/${org.externalKey}",
"audience": "https://www.example.com/",
"recipient": "https://www.example.com/sso/saml",
"destination": "https://www.example.com/sso/saml",
"subjectNameIdTemplate": "${user.userName}",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA256",
"honorForceAuthn": true,
"authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"spIssuer": null,
"requestCompressed": false,
"attributeStatements": []
}
},
"_links": {
"logo": [
{
"name": "medium",
"href": "http://testorgone.okta.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png",
"type": "image/png"
}
],
"appLinks": [
{
"name": "testorgone_testsamlapp_1_link",
"href": "http://testorgone.okta.com/home/testorgone_testsamlapp_1/0oaud6YvvS7AghVmH0g3/alnun3sSjdvR9IYuy0g3",
"type": "text/html"
}
],
"help": {
"href": "http://testorgone-admin.okta.com:/app/testorgone_testsamlapp_1/0oaud6YvvS7AghVmH0g3/setup/help/SAML_2_0/instructions",
"type": "text/html"
},
"users": {
"href": "http://testorgone.okta.com/api/v1/apps/0oaud6YvvS7AghVmH0g3/users"
},
"deactivate": {
"href": "http://testorgone.okta.com:/api/v1/apps/0oaud6YvvS7AghVmH0g3/lifecycle/deactivate"
},
"groups": {
"href": "http://testorgone.okta.com/api/v1/apps/0oaud6YvvS7AghVmH0g3/groups"
},
"metadata": {
"href": "http://testorgone.okta.com/api/v1/apps/0oaud6YvvS7AghVmH0g3/sso/saml/metadata",
"type": "application/xml"
}
}
}
x-openapi-v3-discriminator:
mapping:
AUTO_LOGIN: "#/definitions/AutoLoginApplication"
BASIC_AUTH: "#/definitions/BasicAuthApplication"
BOOKMARK: "#/definitions/BookmarkApplication"
BROWSER_PLUGIN: "#/definitions/BrowserPluginApplication"
OPENID_CONNECT: "#/definitions/OpenIdConnectApplication"
SAML_2_0: "#/definitions/SamlApplication"
SECURE_PASSWORD_STORE: "#/definitions/SecurePasswordStoreApplication"
WS_FEDERATION: "#/definitions/WsFederationApplication"
propertyName: signOnMode
ApplicationAccessibility:
properties:
errorRedirectUrl:
type: string
loginRedirectUrl:
type: string
selfService:
type: boolean
type: object
example:
{
"selfService": false,
"errorRedirectUrl": null
}
x-okta-tags:
- Application
ApplicationCredentials:
properties:
signing:
$ref: "#/components/schemas/ApplicationCredentialsSigning"
userNameTemplate:
$ref: "#/components/schemas/ApplicationCredentialsUsernameTemplate"
type: object
example:
{
"userNameTemplate": {
"template": "${fn:substringBefore(source.login, \"@\")}",
"type": "BUILT_IN"
},
"signing": {}
}
x-okta-tags:
- Application
ApplicationCredentialsOAuthClient:
properties:
autoKeyRotation:
type: boolean
client_id:
type: string
client_secret:
type: string
token_endpoint_auth_method:
$ref: "#/components/schemas/OAuthEndpointAuthenticationMethod"
example:
{
"client_id":"0oa1hm4POxgJM6CPu0g4",
"autoKeyRotation": true,
"token_endpoint_auth_method": "client_secret_post"
}
x-okta-tags:
- Application
ApplicationCredentialsScheme:
enum:
- SHARED_USERNAME_AND_PASSWORD
- EXTERNAL_PASSWORD_SYNC
- EDIT_USERNAME_AND_PASSWORD
- EDIT_PASSWORD_ONLY
- ADMIN_SETS_CREDENTIALS
example: SHARED_USERNAME_AND_PASSWORD
type: string
x-okta-tags:
- Application
ApplicationCredentialsSigning:
properties:
kid:
type: string
lastRotated:
format: date-time
readOnly: true
type: string
nextRotation:
format: date-time
readOnly: true
type: string
rotationMode:
type: string
type: object
example:
{
"kid": "SIMcCQNY3uwXoW3y0vf6VxiBb5n9pf8L2fK8d-FIbm4"
}
x-okta-tags:
- Application
ApplicationCredentialsUsernameTemplate:
properties:
suffix:
type: string
template:
type: string
type:
type: string
type: object
x-okta-tags:
- Application
ApplicationGroupAssignment:
properties:
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
_links:
additionalProperties:
type: object
readOnly: true
type: object
id:
readOnly: true
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
priority:
type: integer
profile:
additionalProperties:
type: object
type: object
type: object
x-okta-crud:
- alias: delete
arguments:
- dest: appId
parentSrc: appId
- dest: groupId
src: id
operationId: deleteApplicationGroupAssignment
x-okta-tags:
- Application
ApplicationLicensing:
properties:
seatCount:
type: integer
type: object
x-okta-tags:
- Application
ApplicationSettings:
properties:
app:
$ref: "#/components/schemas/ApplicationSettingsApplication"
implicitAssignment:
type: boolean
notifications:
$ref: "#/components/schemas/ApplicationSettingsNotifications"
type: object
x-okta-tags:
- Application
ApplicationSettingsApplication:
x-okta-tags:
- Application
ApplicationSettingsNotifications:
properties:
vpn:
$ref: "#/components/schemas/ApplicationSettingsNotificationsVpn"
type: object
x-okta-tags:
- Application
ApplicationSettingsNotificationsVpn:
properties:
helpUrl:
type: string
message:
type: string
network:
$ref: "#/components/schemas/ApplicationSettingsNotificationsVpnNetwork"
type: object
x-okta-tags:
- Application
ApplicationSettingsNotificationsVpnNetwork:
properties:
connection:
type: string
exclude:
items:
type: string
type: array
include:
items:
type: string
type: array
type: object
x-okta-tags:
- Application
ApplicationSignOnMode:
enum:
- BOOKMARK
- BASIC_AUTH
- BROWSER_PLUGIN
- SECURE_PASSWORD_STORE
- AUTO_LOGIN
- WS_FEDERATION
- SAML_2_0
- OPENID_CONNECT
- SAML_1_1
type: string
x-okta-tags:
- Application
ApplicationVisibility:
properties:
appLinks:
additionalProperties:
type: boolean
type: object
autoSubmitToolbar:
type: boolean
hide:
$ref: "#/components/schemas/ApplicationVisibilityHide"
type: object
x-okta-tags:
- Application
ApplicationVisibilityHide:
properties:
iOS:
type: boolean
web:
type: boolean
type: object
x-okta-tags:
- Application
AuthenticationProvider:
properties:
name:
type: string
type:
$ref: "#/components/schemas/AuthenticationProviderType"
type: object
x-okta-tags:
- User
AuthenticationProviderType:
enum:
- ACTIVE_DIRECTORY
- FEDERATION
- LDAP
- OKTA
- SOCIAL
- IMPORT
type: string
x-okta-tags:
- User
AutoLoginApplication:
properties:
credentials:
$ref: "#/components/schemas/SchemeApplicationCredentials"
settings:
$ref: "#/components/schemas/AutoLoginApplicationSettings"
x-okta-parent: "#/definitions/Application"
x-okta-tags:
- Application
AutoLoginApplicationSettings:
properties:
signOn:
$ref: "#/components/schemas/AutoLoginApplicationSettingsSignOn"
x-okta-parent: "#/definitions/ApplicationSettings"
x-okta-tags:
- Application
AutoLoginApplicationSettingsSignOn:
properties:
loginUrl:
type: string
redirectUrl:
type: string
x-okta-tags:
- Application
BasicApplicationSettings:
properties:
app:
$ref: "#/components/schemas/BasicApplicationSettingsApplication"
x-okta-parent: "#/definitions/ApplicationSettings"
x-okta-tags:
- Application
BasicApplicationSettingsApplication:
properties:
authURL:
type: string
url:
type: string
x-okta-parent: "#/definitions/ApplicationSettingsApplication"
x-okta-tags:
- Application
BasicAuthApplication:
properties:
credentials:
$ref: "#/components/schemas/SchemeApplicationCredentials"
settings:
$ref: "#/components/schemas/BasicApplicationSettings"
x-okta-defined-as:
name: template_basic_auth
x-okta-parent: "#/definitions/Application"
x-okta-tags:
- Application
BookmarkApplication:
properties:
settings:
$ref: "#/components/schemas/BookmarkApplicationSettings"
x-okta-defined-as:
name: bookmark
x-okta-parent: "#/definitions/Application"
x-okta-tags:
- Application
BookmarkApplicationSettings:
properties:
app:
$ref: "#/components/schemas/BookmarkApplicationSettingsApplication"
x-okta-parent: "#/definitions/ApplicationSettings"
x-okta-tags:
- Application
BookmarkApplicationSettingsApplication:
properties:
requestIntegration:
type: boolean
url:
type: string
x-okta-parent: "#/definitions/ApplicationSettingsApplication"
x-okta-tags:
- Application
BrowserPluginApplication:
properties:
credentials:
$ref: "#/components/schemas/SchemeApplicationCredentials"
x-okta-parent: "#/definitions/Application"
x-okta-tags:
- Application
x-openapi-v3-discriminator:
mapping:
template_swa: "#/definitions/SwaApplication"
template_swa3field: "#/definitions/SwaThreeFieldApplication"
propertyName: name
CallFactor:
properties:
profile:
$ref: "#/components/schemas/CallFactorProfile"
x-okta-parent: "#/definitions/Factor"
x-okta-tags:
- UserFactor
CallFactorProfile:
properties:
phoneExtension:
type: string
phoneNumber:
type: string
x-okta-parent: "#/definitions/FactorProfile"
x-okta-tags:
- UserFactor
ChangePasswordRequest:
properties:
newPassword:
$ref: "#/components/schemas/PasswordCredential"
oldPassword:
$ref: "#/components/schemas/PasswordCredential"
type: object
x-okta-tags:
- User
CreateSessionRequest:
properties:
sessionToken:
type: string
type: object
x-okta-tags:
- Session
EmailAddress:
properties:
status:
$ref: "#/components/schemas/EmailStatus"
type:
$ref: "#/components/schemas/EmailType"
value:
readOnly: true
type: string
type: object
x-okta-tags:
- User
EmailFactor:
properties:
profile:
$ref: "#/components/schemas/EmailFactorProfile"
x-okta-parent: "#/definitions/Factor"
x-okta-tags:
- UserFactor
EmailFactorProfile:
properties:
email:
type: string
x-okta-parent: "#/definitions/FactorProfile"
x-okta-tags:
- UserFactor
EmailStatus:
enum:
- VERIFIED
- UNVERIFIED
type: string
x-okta-tags:
- User
EmailType:
enum:
- PRIMARY
- SECONDARY
type: string
x-okta-tags:
- User
Factor:
properties:
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
_links:
additionalProperties:
type: object
readOnly: true
type: object
device:
type: string
deviceType:
readOnly: true
type: string
factorType:
$ref: "#/components/schemas/FactorType"
id:
readOnly: true
type: string
mfaStateTokenId:
type: string
profile:
$ref: "#/components/schemas/FactorProfile"
provider:
$ref: "#/components/schemas/FactorProvider"
rechallengeExistingFactor:
type: boolean
sessionId:
type: string
status:
$ref: "#/components/schemas/FactorStatus"
tokenLifetimeSeconds:
type: integer
userId:
type: string
verify:
$ref: "#/components/schemas/VerifyFactorRequest"
type: object
example:
{
"id": "smsk33ujQ59REImFX0g3",
"factorType": "sms",
"provider": "OKTA",
"status": "ACTIVE",
"created": "2015-02-04T07:07:25.000Z",
"lastUpdated": "2015-02-04T07:07:25.000Z",
"profile": {
"phoneNumber": "+1415551337"
},
"_links": {
"verify": {
"href": "https://example.okta.com/api/v1/users/00u15s1KDETTQMQYABRL/factors/smsk33ujQ59REImFX0g3/verify",
"hints": {
"allow": [
"POST"
]
}
},
"self": {
"href": "https://example.okta.com/api/v1/users/00u15s1KDETTQMQYABRL/factors/smsk33ujQ59REImFX0g3",
"hints": {
"allow": [
"GET",
"DELETE"
]
}
},
"user": {
"href": "https://example.okta.com/api/v1/users/00u15s1KDETTQMQYABRL",
"hints": {
"allow": [
"GET"
]
}
}
}
}
x-okta-crud:
- alias: delete
arguments:
- dest: factorId
src: id
- dest: userId
parentSrc: id
operationId: deleteFactor
x-okta-operations:
- alias: activate
arguments:
- dest: factorId
src: id
- dest: userId
parentSrc: id
operationId: activateFactor
- alias: verify
arguments:
- dest: factorId
src: id
- dest: userId
parentSrc: id
operationId: verifyFactor
x-okta-tags:
- UserFactor
x-openapi-v3-discriminator:
mapping:
call: "#/definitions/CallFactor"
email: "#/definitions/EmailFactor"
push: "#/definitions/PushFactor"
question: "#/definitions/SecurityQuestionFactor"
sms: "#/definitions/SmsFactor"
token: "#/definitions/TokenFactor"
token:hardware: "#/definitions/HardwareFactor"
token:software:totp: "#/definitions/TotpFactor"
u2f: "#/definitions/U2fFactor"
web: "#/definitions/WebFactor"
propertyName: factorType
FactorProfile:
properties:
{}
x-okta-tags:
- UserFactor
FactorProvider:
enum:
- OKTA
- RSA
- GOOGLE
- SYMANTEC
- DUO
- YUBICO
- FIDO
type: string
x-okta-tags:
- UserFactor
FactorResultType:
enum:
- SUCCESS
- CHALLENGE
- CANCELLED
- WAITING
- FAILED
- REJECTED
- TIMEOUT
- TIME_WINDOW_EXCEEDED
- PASSCODE_REPLAYED
- ERROR
type: string
x-okta-tags:
- UserFactor
FactorStatus:
enum:
- PENDING_ACTIVATION
- ACTIVE
- INACTIVE
- NOT_SETUP
- ENROLLED
- DISABLED
- EXPIRED
type: string
x-okta-tags:
- UserFactor
FactorType:
enum:
- push
- sms
- call
- token
- token:software:totp
- token:hardware
- question
- web
- email
- u2f
- webauthn
- token:software
- custom
type: string
x-okta-tags:
- UserFactor
ForgotPasswordResponse:
properties:
resetPasswordUrl:
readOnly: true
type: string
x-okta-tags:
- User
Group:
properties:
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
_links:
additionalProperties:
type: object
readOnly: true
type: object
created:
format: date-time
readOnly: true
type: string
id:
readOnly: true
type: string
lastMembershipUpdated:
format: date-time
readOnly: true
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
objectClass:
items:
type: string
readOnly: true
type: array
profile:
$ref: "#/components/schemas/GroupProfile"
type:
readOnly: true
type: string
type: object
x-okta-crud:
- alias: update
arguments:
- dest: groupId
src: id
- dest: group
self: true
operationId: updateGroup
- alias: delete
arguments:
- dest: groupId
src: id
operationId: deleteGroup
x-okta-operations:
- alias: removeUser
arguments:
- dest: groupId
src: id
operationId: removeGroupUser
- alias: listUsers
arguments:
- dest: groupId
src: id
operationId: listGroupUsers
x-okta-tags:
- Group
GroupCondition:
properties:
exclude:
items:
type: string
type: array
include:
items:
type: string
type: array
x-okta-tags:
- Policy
GroupProfile:
properties:
description:
type: string
name:
type: string
type: object
x-okta-tags:
- Group
GroupRule:
properties:
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
actions:
$ref: "#/components/schemas/GroupRuleAction"
allGroupsValid:
type: boolean
conditions:
$ref: "#/components/schemas/GroupRuleConditions"
created:
format: date-time
readOnly: true
type: string
id:
readOnly: true
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
name:
type: string
status:
$ref: "#/components/schemas/GroupRuleStatus"
type:
type: string
type: object
example:
{
"type": "group_rule",
"id": "0pr3f7zMZZHPgUoWO0g4",
"status": "INACTIVE",
"name": "Engineers Group Rule",
"created": "2016-12-01T14:40:04.000Z",
"lastUpdated": "2016-12-01T14:40:04.000Z",
"conditions": {
"people": {
"users": {
"exclude": [
"00u22w79JPMEeeuLr0g4"
]
},
"groups": {
"exclude": []
}
},
"expression": {
"value": "user.role==\"Engineer\"",
"type": "urn:okta:expression:1.0"
}
},
"actions": {
"assignUserToGroups": {
"groupIds": [
"00gjitX9HqABSoqTB0g3"
]
}
}
}
x-okta-crud:
- alias: update
arguments:
- dest: ruleId
src: id
- dest: groupRule
self: true
operationId: updateRule
- alias: delete
arguments:
- dest: ruleId
src: id
operationId: deleteRule
x-okta-operations:
- alias: activate
arguments:
- dest: ruleId
src: id
operationId: activateRule
- alias: deactivate
arguments:
- dest: ruleId
src: id
operationId: deactivateRule
x-okta-tags:
- GroupRule
GroupRuleAction:
properties:
assignUserToGroups:
$ref: "#/components/schemas/GroupRuleGroupAssignment"
type: object
x-okta-tags:
- GroupRule
GroupRuleConditions:
properties:
expression:
$ref: "#/components/schemas/GroupRuleExpression"
people:
$ref: "#/components/schemas/GroupRulePeopleCondition"
type: object
x-okta-tags:
- GroupRule
GroupRuleExpression:
properties:
type:
type: string
value:
type: string
type: object
x-okta-tags:
- GroupRule
GroupRuleGroupAssignment:
properties:
groupIds:
items:
type: string
type: array
type: object
x-okta-tags:
- GroupRule
GroupRuleGroupCondition:
properties:
exclude:
items:
type: string
type: array
include:
items:
type: string
type: array
type: object
x-okta-tags:
- GroupRule
GroupRulePeopleCondition:
properties:
groups:
$ref: "#/components/schemas/GroupRuleGroupCondition"
users:
$ref: "#/components/schemas/GroupRuleUserCondition"
type: object
x-okta-tags:
- GroupRule
GroupRuleStatus:
enum:
- ACTIVE
- INACTIVE
- INVALID
type: string
x-okta-tags:
- GroupRule
GroupRuleUserCondition:
properties:
exclude:
items:
type: string
type: array
include:
items:
type: string
type: array
type: object
x-okta-tags:
- GroupRule
HardwareFactor:
properties:
profile:
$ref: "#/components/schemas/HardwareFactorProfile"
x-okta-parent: "#/definitions/Factor"
x-okta-tags:
- UserFactor
HardwareFactorProfile:
properties:
credentialId:
type: string
x-okta-parent: "#/definitions/FactorProfile"
x-okta-tags:
- UserFactor
JsonWebKey:
properties:
_links:
additionalProperties:
type: object
readOnly: true
type: object
alg:
readOnly: true
type: string
created:
format: date-time
readOnly: true
type: string
e:
readOnly: true
type: string
expiresAt:
format: date-time
readOnly: true
type: string
key_ops:
items:
type: string
readOnly: true
type: array
kid:
readOnly: true
type: string
kty:
readOnly: true
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
n:
readOnly: true
type: string
status:
readOnly: true
type: string
use:
readOnly: true
type: string
x5c:
items:
type: string
readOnly: true
type: array
x5t:
readOnly: true
type: string
x5t#S256:
readOnly: true
type: string
x5u:
readOnly: true
type: string
type: object
x-okta-tags:
- Application
LogActor:
properties:
alternateId:
readOnly: true
type: string
detail:
additionalProperties:
type: object
readOnly: true
type: object
displayName:
readOnly: true
type: string
id:
readOnly: true
type: string
type:
readOnly: true
type: string
type: object
x-okta-tags:
- Log
LogAuthenticationContext:
properties:
authenticationProvider:
$ref: "#/components/schemas/LogAuthenticationProvider"
authenticationStep:
readOnly: true
type: integer
credentialProvider:
items:
$ref: "#/components/schemas/LogCredentialProvider"
readOnly: true
type: array
credentialType:
items:
$ref: "#/components/schemas/LogCredentialType"
readOnly: true
type: array
externalSessionId:
readOnly: true
type: string
interface:
readOnly: true
type: string
issuer:
$ref: "#/components/schemas/LogIssuer"
type: object
x-okta-tags:
- Log
LogAuthenticationProvider:
enum:
- OKTA_AUTHENTICATION_PROVIDER
- ACTIVE_DIRECTORY
- LDAP
- FEDERATION
- SOCIAL
- FACTOR_PROVIDER
type: string
x-okta-tags:
- Log
LogClient:
properties:
device:
readOnly: true
type: string
geographicalContext:
$ref: "#/components/schemas/LogGeographicalContext"
id:
readOnly: true
type: string
ipAddress:
readOnly: true
type: string
userAgent:
$ref: "#/components/schemas/LogUserAgent"
zone:
readOnly: true
type: string
type: object
x-okta-tags:
- Log
LogCredentialProvider:
enum:
- OKTA_AUTHENTICATION_PROVIDER
- RSA
- SYMANTEC
- GOOGLE
- DUO
- YUBIKEY
type: string
x-okta-tags:
- Log
LogCredentialType:
enum:
- OTP
- SMS
- PASSWORD
- ASSERTION
- IWA
- EMAIL
- OAUTH2
- JWT
type: string
x-okta-tags:
- Log
LogDebugContext:
properties:
debugData:
additionalProperties:
type: object
readOnly: true
type: object
type: object
x-okta-tags:
- Log
LogEvent:
properties:
actor:
$ref: "#/components/schemas/LogActor"
authenticationContext:
$ref: "#/components/schemas/LogAuthenticationContext"
client:
$ref: "#/components/schemas/LogClient"
debugContext:
$ref: "#/components/schemas/LogDebugContext"
displayMessage:
readOnly: true
type: string
eventType:
readOnly: true
type: string
legacyEventType:
readOnly: true
type: string
outcome:
$ref: "#/components/schemas/LogOutcome"
published:
format: date-time
readOnly: true
type: string
request:
$ref: "#/components/schemas/LogRequest"
securityContext:
$ref: "#/components/schemas/LogSecurityContext"
severity:
$ref: "#/components/schemas/LogSeverity"
target:
items:
$ref: "#/components/schemas/LogTarget"
readOnly: true
type: array
transaction:
$ref: "#/components/schemas/LogTransaction"
uuid:
readOnly: true
type: string
version:
readOnly: true
type: string
type: object
example:
{
"version": "0",
"severity": "INFO",
"client": {
"zone": "OFF_NETWORK",
"device": "Unknown",
"userAgent": {
"os": "Unknown",
"browser": "UNKNOWN",
"rawUserAgent": "UNKNOWN-DOWNLOAD"
},
"ipAddress": "12.97.85.90"
},
"actor": {
"id": "00u1qw1mqitPHM8AJ0g7",
"type": "User",
"alternateId": "admin@tc1-trexcloud.com",
"displayName": "John Fung"
},
"outcome": {
"result": "SUCCESS"
},
"uuid": "f790999f-fe87-467a-9880-6982a583986c",
"published": "2017-09-31T22:23:07.777Z",
"eventType": "user.session.start",
"displayMessage": "User login to Okta",
"transaction": {
"type": "WEB",
"id": "V04Oy4ubUOc5UuG6s9DyNQAABtc"
},
"debugContext": {
"debugData": {
"requestUri": "/login/do-login"
}
},
"legacyEventType": "core.user_auth.login_success",
"authenticationContext": {
"authenticationStep": 0,
"externalSessionId": "1013FfF-DKQSvCI4RVXChzX-w"
}
}
x-okta-tags:
- Log
LogGeographicalContext:
properties:
city:
readOnly: true
type: string
country:
readOnly: true
type: string
geolocation:
$ref: "#/components/schemas/LogGeolocation"
postalCode:
readOnly: true
type: string
state:
readOnly: true
type: string
type: object
x-okta-tags:
- Log
LogGeolocation:
properties:
lat:
format: double
readOnly: true
type: number
lon:
format: double
readOnly: true
type: number
type: object
x-okta-tags:
- Log
LogIpAddress:
properties:
geographicalContext:
$ref: "#/components/schemas/LogGeographicalContext"
ip:
readOnly: true
type: string
source:
readOnly: true
type: string
version:
readOnly: true
type: string
type: object
x-okta-tags:
- Log
LogIssuer:
properties:
id:
readOnly: true
type: string
type:
readOnly: true
type: string
type: object
x-okta-tags:
- Log
LogOutcome:
properties:
reason:
readOnly: true
type: string
result:
readOnly: true
type: string
type: object
x-okta-tags:
- Log
LogRequest:
properties:
ipChain:
items:
$ref: "#/components/schemas/LogIpAddress"
readOnly: true
type: array
type: object
x-okta-tags:
- Log
LogSecurityContext:
properties:
asNumber:
readOnly: true
type: integer
asOrg:
readOnly: true
type: string
domain:
readOnly: true
type: string
isProxy:
readOnly: true
type: boolean
isp:
readOnly: true
type: string
type: object
x-okta-tags:
- Log
LogSeverity:
enum:
- DEBUG
- INFO
- WARN
- ERROR
type: string
x-okta-tags:
- Log
LogTarget:
properties:
alternateId:
readOnly: true
type: string
detailEntry:
additionalProperties:
type: object
readOnly: true
type: object
displayName:
readOnly: true
type: string
id:
readOnly: true
type: string
type:
readOnly: true
type: string
type: object
x-okta-tags:
- Log
LogTransaction:
properties:
detail:
additionalProperties:
type: object
readOnly: true
type: object
id:
readOnly: true
type: string
type:
readOnly: true
type: string
type: object
x-okta-tags:
- Log
LogUserAgent:
properties:
browser:
readOnly: true
type: string
os:
readOnly: true
type: string
rawUserAgent:
readOnly: true
type: string
type: object
x-okta-tags:
- Log
OAuthApplicationCredentials:
properties:
oauthClient:
$ref: "#/components/schemas/ApplicationCredentialsOAuthClient"
x-okta-parent: "#/definitions/ApplicationCredentials"
x-okta-tags:
- Application
OAuthEndpointAuthenticationMethod:
enum:
- none
- client_secret_post
- client_secret_basic
- client_secret_jwt
type: string
x-okta-tags:
- Application
OAuthGrantType:
enum:
- authorization_code
- implicit
- password
- refresh_token
- client_credentials
type: string
x-okta-tags:
- Application
OAuthResponseType:
enum:
- code
- token
- id_token
type: string
x-okta-tags:
- Application
OktaSignOnPolicy:
properties:
conditions:
$ref: "#/components/schemas/OktaSignOnPolicyConditions"
type: object
x-okta-parent: "#/definitions/Policy"
x-okta-tags:
- Policy
OktaSignOnPolicyConditions:
properties:
people:
$ref: "#/components/schemas/PolicyPeopleCondition"
x-okta-tags:
- Policy
OktaSignOnPolicyRule:
properties:
actions:
$ref: "#/components/schemas/OktaSignOnPolicyRuleActions"
conditions:
$ref: "#/components/schemas/OktaSignOnPolicyRuleConditions"
name:
type: string
x-okta-parent: "#/definitions/PolicyRule"
x-okta-tags:
- Policy
OktaSignOnPolicyRuleActions:
properties:
signon:
$ref: "#/components/schemas/OktaSignOnPolicyRuleSignonActions"
x-okta-tags:
- Policy
OktaSignOnPolicyRuleConditions:
properties:
authContext:
$ref: "#/components/schemas/PolicyRuleAuthContextCondition"
network:
$ref: "#/components/schemas/PolicyNetworkCondition"
people:
$ref: "#/components/schemas/PolicyPeopleCondition"
x-okta-tags:
- Policy
OktaSignOnPolicyRuleSignonActions:
properties:
access:
enum:
- ALLOW
- DENY
type: string
factorLifetime:
type: integer
factorPromptMode:
enum:
- ALWAYS
- DEVICE
- SESSION
type: string
rememberDeviceByDefault:
default: false
type: boolean
requireFactor:
default: false
type: boolean
session:
$ref: "#/components/schemas/OktaSignOnPolicyRuleSignonSessionActions"
type: object
x-okta-tags:
- Policy
OktaSignOnPolicyRuleSignonSessionActions:
properties:
maxSessionIdleMinutes:
default: 120
type: integer
maxSessionLifetimeMinutes:
default: 0
type: integer
usePersistentCookie:
default: false
type: boolean
type: object
x-okta-tags:
- Policy
OpenIdConnectApplication:
properties:
credentials:
$ref: "#/components/schemas/OAuthApplicationCredentials"
settings:
$ref: "#/components/schemas/OpenIdConnectApplicationSettings"
x-okta-defined-as:
name: oidc_client
x-okta-parent: "#/definitions/Application"
x-okta-tags:
- Application
OpenIdConnectApplicationConsentMethod:
enum:
- REQUIRED
- TRUSTED
type: string
x-okta-tags:
- Application
OpenIdConnectApplicationSettings:
properties:
oauthClient:
$ref: "#/components/schemas/OpenIdConnectApplicationSettingsClient"
x-okta-parent: "#/definitions/ApplicationSettings"
x-okta-tags:
- Application
OpenIdConnectApplicationSettingsClient:
properties:
application_type:
$ref: "#/components/schemas/OpenIdConnectApplicationType"
client_uri:
type: string
consent_method:
$ref: "#/components/schemas/OpenIdConnectApplicationConsentMethod"
grant_types:
items:
$ref: "#/components/schemas/OAuthGrantType"
type: array
logo_uri:
type: string
policy_uri:
type: string
redirect_uris:
items:
type: string
type: array
response_types:
items:
$ref: "#/components/schemas/OAuthResponseType"
type: array
tos_uri:
type: string
x-okta-tags:
- Application
OpenIdConnectApplicationType:
enum:
- web
- native
- browser
- service
type: string
x-okta-tags:
- Application
PasswordCredential:
properties:
value:
format: password
type: string
type: object
x-okta-tags:
- User
PasswordDictionary:
properties:
common:
$ref: "#/components/schemas/PasswordDictionaryCommon"
type: object
x-okta-tags:
- Policy
PasswordDictionaryCommon:
properties:
exclude:
default: false
type: boolean
type: object
x-okta-tags:
- Policy
PasswordPolicy:
properties:
conditions:
$ref: "#/components/schemas/PasswordPolicyConditions"
settings:
$ref: "#/components/schemas/PasswordPolicySettings"
type: object
x-okta-parent: "#/definitions/Policy"
x-okta-tags:
- Policy
PasswordPolicyAuthenticationProviderCondition:
properties:
include:
items:
type: string
type: array
provider:
enum:
- ACTIVE_DIRECTORY
- ANY
- LDAP
- OKTA
type: string
type: object
x-okta-tags:
- Policy
PasswordPolicyConditions:
properties:
authProvider:
$ref: "#/components/schemas/PasswordPolicyAuthenticationProviderCondition"
people:
$ref: "#/components/schemas/PolicyPeopleCondition"
x-okta-tags:
- Policy
PasswordPolicyDelegationSettings:
properties:
options:
$ref: "#/components/schemas/PasswordPolicyDelegationSettingsOptions"
type: object
x-okta-tags:
- Policy
PasswordPolicyDelegationSettingsOptions:
properties:
skipUnlock:
type: boolean
type: object
x-okta-tags:
- Policy
PasswordPolicyPasswordSettings:
properties:
age:
$ref: "#/components/schemas/PasswordPolicyPasswordSettingsAge"
complexity:
$ref: "#/components/schemas/PasswordPolicyPasswordSettingsComplexity"
lockout:
$ref: "#/components/schemas/PasswordPolicyPasswordSettingsLockout"
type: object
x-okta-tags:
- Policy
PasswordPolicyPasswordSettingsAge:
properties:
expireWarnDays:
default: 0
type: integer
historyCount:
default: 0
type: integer
maxAgeDays:
default: 0
type: integer
minAgeMinutes:
default: 0
type: integer
type: object
x-okta-tags:
- Policy
PasswordPolicyPasswordSettingsComplexity:
properties:
dictionary:
$ref: "#/components/schemas/PasswordDictionary"
excludeAttributes:
default: 1
items:
type: string
type: array
excludeUsername:
default: true
type: boolean
minLength:
default: 8
type: integer
minLowerCase:
default: 1
type: integer
minNumber:
default: 1
type: integer
minSymbol:
default: 1
type: integer
minUpperCase:
default: 1
type: integer
type: object
x-okta-tags:
- Policy
PasswordPolicyPasswordSettingsLockout:
properties:
autoUnlockMinutes:
type: integer
maxAttempts:
type: integer
showLockoutFailures:
type: boolean
userLockoutNotificationChannels:
items:
type: string
type: array
type: object
x-okta-tags:
- Policy
PasswordPolicyRecoveryEmail:
properties:
properties:
$ref: "#/components/schemas/PasswordPolicyRecoveryEmailProperties"
status:
enum:
- ACTIVE
- INACTIVE
readOnly: true
type: string
type: object
x-okta-tags:
- Policy
PasswordPolicyRecoveryEmailProperties:
properties:
recoveryToken:
$ref: "#/components/schemas/PasswordPolicyRecoveryEmailRecoveryToken"
type: object
x-okta-tags:
- Policy
PasswordPolicyRecoveryEmailRecoveryToken:
properties:
tokenLifetimeMinutes:
default: 10080
type: integer
type: object
x-okta-tags:
- Policy
PasswordPolicyRecoveryFactorSettings:
properties:
status:
default: INACTIVE
enum:
- ACTIVE
- INACTIVE
type: string
type: object
x-okta-tags:
- Policy
PasswordPolicyRecoveryFactors:
properties:
okta_call:
$ref: "#/components/schemas/PasswordPolicyRecoveryFactorSettings"
okta_email:
$ref: "#/components/schemas/PasswordPolicyRecoveryEmail"
okta_sms:
$ref: "#/components/schemas/PasswordPolicyRecoveryFactorSettings"
recovery_question:
$ref: "#/components/schemas/PasswordPolicyRecoveryQuestion"
type: object
x-okta-tags:
- Policy
PasswordPolicyRecoveryQuestion:
properties:
properties:
$ref: "#/components/schemas/PasswordPolicyRecoveryQuestionProperties"
status:
enum:
- ACTIVE
- INACTIVE
readOnly: true
type: string
type: object
x-okta-tags:
- Policy
PasswordPolicyRecoveryQuestionComplexity:
properties:
minLength:
readOnly: true
type: integer
type: object
x-okta-tags:
- Policy
PasswordPolicyRecoveryQuestionProperties:
properties:
complexity:
$ref: "#/components/schemas/PasswordPolicyRecoveryQuestionComplexity"
type: object
x-okta-tags:
- Policy
PasswordPolicyRecoverySettings:
properties:
factors:
$ref: "#/components/schemas/PasswordPolicyRecoveryFactors"
type: object
x-okta-tags:
- Policy
PasswordPolicyRule:
properties:
actions:
$ref: "#/components/schemas/PasswordPolicyRuleActions"
conditions:
$ref: "#/components/schemas/PasswordPolicyRuleConditions"
name:
type: string
type: object
x-okta-parent: "#/definitions/PolicyRule"
x-okta-tags:
- Policy
PasswordPolicyRuleAction:
properties:
access:
enum:
- ALLOW
- DENY
readOnly: false
type: string
type: object
x-okta-tags:
- Policy
PasswordPolicyRuleActions:
properties:
passwordChange:
$ref: "#/components/schemas/PasswordPolicyRuleAction"
selfServicePasswordReset:
$ref: "#/components/schemas/PasswordPolicyRuleAction"
selfServiceUnlock:
$ref: "#/components/schemas/PasswordPolicyRuleAction"
x-okta-tags:
- Policy
PasswordPolicyRuleConditions:
properties:
network:
$ref: "#/components/schemas/PolicyNetworkCondition"
people:
$ref: "#/components/schemas/PolicyPeopleCondition"
x-okta-tags:
- Policy
PasswordPolicySettings:
properties:
delegation:
$ref: "#/components/schemas/PasswordPolicyDelegationSettings"
password:
$ref: "#/components/schemas/PasswordPolicyPasswordSettings"
recovery:
$ref: "#/components/schemas/PasswordPolicyRecoverySettings"
type: object
x-okta-tags:
- Policy
Policy:
properties:
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
_links:
additionalProperties:
type: object
readOnly: true
type: object
created:
format: date-time
readOnly: true
type: string
description:
type: string
id:
readOnly: true
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
name:
type: string
priority:
type: integer
status:
enum:
- ACTIVE
- INACTIVE
type: string
system:
type: boolean
type:
$ref: "#/components/schemas/PolicyType"
type: object
example:
{
"type": "OKTA_SIGN_ON",
"id": "00pmez6igjv4TYOLl0g3",
"status": "ACTIVE",
"name": "Sales Policy",
"description": "Policy for Sales Department",
"priority": 1,
"system": false,
"conditions": {
"people": {
"groups": {
"include": [
"00gmexWGbl9VauvTP0g3"
]
}
}
},
"created": "2017-01-11T18:53:00.000Z",
"lastUpdated": "2017-01-11T18:53:00.000Z",
"_links": {
"self": {
"href": "http://ed.okta1.com:1802/api/v1/policies/00pmez6igjv4TYOLl0g3",
"hints": {
"allow": [
"GET",
"PUT",
"DELETE"
]
}
},
"deactivate": {
"href": "http://ed.okta1.com:1802/api/v1/policies/00pmez6igjv4TYOLl0g3/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
},
"rules": {
"href": "http://ed.okta1.com:1802/api/v1/policies/00pmez6igjv4TYOLl0g3/rules",
"hints": {
"allow": [
"GET",
"POST"
]
}
}
}
}
x-okta-crud:
- alias: read
arguments:
- dest: policyId
src: id
operationId: getPolicy
- alias: update
arguments:
- dest: policyId
src: id
- dest: policy
self: true
operationId: updatePolicy
- alias: delete
arguments:
- dest: policyId
src: id
operationId: deletePolicy
x-okta-operations:
- alias: activate
arguments:
- dest: policyId
src: id
operationId: activatePolicy
- alias: deactivate
arguments:
- dest: policyId
src: id
operationId: deactivatePolicy
- alias: listPolicyRules
arguments:
- dest: policyId
src: id
operationId: listPolicyRules
- alias: createRule
arguments:
- dest: policyId
src: id
operationId: addPolicyRule
- alias: getPolicyRule
arguments:
- dest: policyId
src: id
operationId: getPolicyRule
x-okta-tags:
- Policy
x-openapi-v3-discriminator:
mapping:
OKTA_SIGN_ON: "#/definitions/OktaSignOnPolicy"
PASSWORD: "#/definitions/PasswordPolicy"
propertyName: type
PolicyNetworkCondition:
properties:
connection:
enum:
- ANYWHERE
- ZONE
type: string
exclude:
items:
type: string
type: array
include:
items:
type: string
type: array
type: object
x-okta-tags:
- Policy
PolicyPeopleCondition:
properties:
groups:
$ref: "#/components/schemas/GroupCondition"
users:
$ref: "#/components/schemas/UserCondition"
type: object
x-okta-tags:
- Policy
PolicyRule:
properties:
created:
format: date-time
readOnly: true
type: string
id:
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
priority:
type: integer
status:
default: ACTIVE
enum:
- ACTIVE
- INACTIVE
type: string
system:
default: false
type: boolean
type:
enum:
- SIGN_ON
- PASSWORD
type: string
type: object
x-okta-crud:
- alias: update
arguments:
- dest: ruleId
src: id
- dest: policyRule
self: true
- dest: policyId
parentSrc: id
operationId: updatePolicyRule
- alias: delete
arguments:
- dest: ruleId
src: id
- dest: policyId
parentSrc: policyId
operationId: deletePolicyRule
x-okta-operations:
- alias: activate
arguments:
- dest: ruleId
src: id
- dest: policyId
parentSrc: policyId
operationId: activatePolicyRule
- alias: deactivate
arguments:
- dest: ruleId
src: id
- dest: policyId
parentSrc: policyId
operationId: deactivatePolicyRule
x-okta-tags:
- Policy
x-openapi-v3-discriminator:
mapping:
PASSWORD: "#/definitions/PasswordPolicyRule"
SIGN_ON: "#/definitions/OktaSignOnPolicyRule"
propertyName: type
PolicyRuleAuthContextCondition:
properties:
authType:
enum:
- ANY
- RADIUS
type: string
type: object
x-okta-tags:
- Policy
PolicyType:
enum:
- OAUTH_AUTHORIZATION_POLICY
- OKTA_SIGN_ON
- PASSWORD
type: string
x-okta-tags:
- Policy
PushFactor:
properties:
profile:
$ref: "#/components/schemas/PushFactorProfile"
x-okta-parent: "#/definitions/Factor"
x-okta-tags:
- UserFactor
PushFactorProfile:
properties:
credentialId:
type: string
deviceType:
readOnly: true
type: string
name:
type: string
platform:
readOnly: true
type: string
version:
type: string
x-okta-parent: "#/definitions/FactorProfile"
x-okta-tags:
- UserFactor
RecoveryQuestionCredential:
properties:
answer:
type: string
question:
type: string
type: object
x-okta-tags:
- User
ResetPasswordToken:
properties:
resetPasswordUrl:
readOnly: true
type: string
type: object
x-okta-tags:
- User
Role:
properties:
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
created:
format: date-time
readOnly: true
type: string
description:
type: string
id:
readOnly: true
type: string
label:
readOnly: true
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
status:
$ref: "#/components/schemas/RoleStatus"
type:
type: string
type: object
example:
{
"id": "ra1b7aguRQ7e5iKYb0g4",
"label": "Read-only Administrator",
"type": "READ_ONLY_ADMIN",
"status": "ACTIVE",
"created": "2015-09-04T03:27:16.000Z",
"lastUpdated": "2015-09-04T03:27:16.000Z"
}
x-okta-tags:
- User
RoleStatus:
enum:
- ACTIVE
- INACTIVE
type: string
example: ACTIVE
x-okta-tags:
- User
SamlApplication:
properties:
settings:
$ref: "#/components/schemas/SamlApplicationSettings"
x-okta-parent: "#/definitions/Application"
x-okta-tags:
- Application
SamlApplicationSettings:
properties:
signOn:
$ref: "#/components/schemas/SamlApplicationSettingsSignOn"
x-okta-parent: "#/definitions/ApplicationSettings"
x-okta-tags:
- Application
SamlApplicationSettingsSignOn:
properties:
assertionSigned:
type: boolean
attributeStatements:
items:
$ref: "#/components/schemas/SamlAttributeStatement"
type: array
audience:
type: string
audienceOverride:
type: string
authnContextClassRef:
type: string
defaultRelayState:
type: string
destination:
type: string
destinationOverride:
type: string
digestAlgorithm:
type: string
honorForceAuthn:
type: boolean
idpIssuer:
type: string
recipient:
type: string
recipientOverride:
type: string
requestCompressed:
type: boolean
responseSigned:
type: boolean
signatureAlgorithm:
type: string
spIssuer:
type: string
ssoAcsUrl:
type: string
ssoAcsUrlOverride:
type: string
subjectNameIdFormat:
type: string
subjectNameIdTemplate:
type: string
x-okta-tags:
- Application
SamlAttributeStatement:
properties:
name:
type: string
namespace:
type: string
type:
type: string
values:
items:
type: string
type: array
x-okta-tags:
- Application
SchemeApplicationCredentials:
properties:
password:
$ref: "#/components/schemas/PasswordCredential"
revealPassword:
type: boolean
scheme:
$ref: "#/components/schemas/ApplicationCredentialsScheme"
signing:
$ref: "#/components/schemas/ApplicationCredentialsSigning"
userName:
type: string
x-okta-parent: "#/definitions/ApplicationCredentials"
x-okta-tags:
- Application
SecurePasswordStoreApplication:
properties:
credentials:
$ref: "#/components/schemas/SchemeApplicationCredentials"
settings:
$ref: "#/components/schemas/SecurePasswordStoreApplicationSettings"
x-okta-defined-as:
name: template_sps
x-okta-parent: "#/definitions/Application"
x-okta-tags:
- Application
SecurePasswordStoreApplicationSettings:
properties:
app:
$ref: "#/components/schemas/SecurePasswordStoreApplicationSettingsApplica\
tion"
x-okta-parent: "#/definitions/ApplicationSettings"
x-okta-tags:
- Application
SecurePasswordStoreApplicationSettingsApplication:
properties:
optionalField1:
type: string
optionalField1Value:
type: string
optionalField2:
type: string
optionalField2Value:
type: string
optionalField3:
type: string
optionalField3Value:
type: string
passwordField:
type: string
url:
type: string
usernameField:
type: string
x-okta-parent: "#/definitions/ApplicationSettingsApplication"
x-okta-tags:
- Application
SecurityQuestion:
properties:
answer:
type: string
question:
type: string
questionText:
type: string
x-okta-tags:
- UserFactor
SecurityQuestionFactor:
properties:
profile:
$ref: "#/components/schemas/SecurityQuestionFactorProfile"
x-okta-parent: "#/definitions/Factor"
x-okta-tags:
- UserFactor
SecurityQuestionFactorProfile:
properties:
answer:
type: string
question:
type: string
questionText:
type: string
x-okta-parent: "#/definitions/FactorProfile"
x-okta-tags:
- UserFactor
Session:
properties:
_links:
additionalProperties:
type: object
readOnly: true
type: object
amr:
items:
$ref: "#/components/schemas/SessionAuthenticationMethod"
readOnly: true
type: array
createdAt:
format: date-time
readOnly: true
type: string
expiresAt:
format: date-time
readOnly: true
type: string
id:
readOnly: true
type: string
idp:
$ref: "#/components/schemas/SessionIdentityProvider"
lastFactorVerification:
format: date-time
readOnly: true
type: string
lastPasswordVerification:
format: date-time
readOnly: true
type: string
login:
readOnly: true
type: string
status:
$ref: "#/components/schemas/SessionStatus"
userId:
readOnly: true
type: string
type: object
example:
{
"id": "101W_juydrDRByB7fUdRyE2JQ",
"login": "user@example.com",
"userId": "00ubgaSARVOQDIOXMORI",
"expiresAt": "2015-08-30T18:41:35.818Z",
"status": "ACTIVE",
"lastPasswordVerification": "2015-08-30T18:41:35.818Z",
"lastFactorVerification": "2015-08-30T18:41:35.818Z",
"amr": [
"pwd",
"otp",
"mfa"
],
"idp": {
"id": "00oi5cpnylv792IcF0g3",
"type": "OKTA"
},
"mfaActive": true,
"_links": {
"self": {
"href": "https://example.okta.com/api/v1/sessions/101W_juydrDRByB7fUdRyE2JQ",
"hints": {
"allow": [
"GET",
"DELETE"
]
}
},
"refresh": {
"href": "https://example.okta.com/api/v1/sessions/101W_juydrDRByB7fUdRyE2JQ/lifecycle/refresh",
"hints": {
"allow": [
"POST"
]
}
},
"user": {
"name": "Isaac Brock",
"href": "https://example.okta.com/api/v1/users/00uit00ZK6ELuzPoD0g3",
"hints": {
"allow": [
"GET"
]
}
}
}
}
x-okta-crud:
- alias: read
arguments:
- dest: sessionId
src: id
operationId: getSession
- alias: delete
arguments:
- dest: sessionId
src: id
operationId: endSession
x-okta-operations:
- alias: refresh
arguments:
- dest: sessionId
src: id
operationId: refreshSession
x-okta-tags:
- Session
SessionAuthenticationMethod:
enum:
- pwd
- swk
- hwk
- otp
- sms
- tel
- geo
- fpt
- kba
- mfa
type: string
x-okta-tags:
- Session
SessionIdentityProvider:
properties:
id:
readOnly: true
type: string
type:
$ref: "#/components/schemas/SessionIdentityProviderType"
type: object
x-okta-tags:
- Session
SessionIdentityProviderType:
enum:
- ACTIVE_DIRECTORY
- LDAP
- OKTA
- FEDERATION
- SOCIAL
type: string
x-okta-tags:
- Session
SessionStatus:
enum:
- ACTIVE
- MFA_ENROLL
- MFA_REQUIRED
type: string
x-okta-tags:
- Session
SmsFactor:
properties:
profile:
$ref: "#/components/schemas/SmsFactorProfile"
x-okta-parent: "#/definitions/Factor"
x-okta-tags:
- UserFactor
SmsFactorProfile:
properties:
phoneNumber:
type: string
x-okta-parent: "#/definitions/FactorProfile"
x-okta-tags:
- UserFactor
SwaApplication:
properties:
settings:
$ref: "#/components/schemas/SwaApplicationSettings"
x-okta-defined-as:
name: template_swa
x-okta-parent: "#/definitions/BrowserPluginApplication"
x-okta-tags:
- Application
SwaApplicationSettings:
properties:
app:
$ref: "#/components/schemas/SwaApplicationSettingsApplication"
x-okta-parent: "#/definitions/ApplicationSettings"
x-okta-tags:
- Application
SwaApplicationSettingsApplication:
properties:
buttonField:
type: string
loginUrlRegex:
type: string
passwordField:
type: string
url:
type: string
usernameField:
type: string
x-okta-parent: "#/definitions/ApplicationSettingsApplication"
x-okta-tags:
- Application
SwaThreeFieldApplication:
properties:
settings:
$ref: "#/components/schemas/SwaThreeFieldApplicationSettings"
x-okta-defined-as:
name: template_swa3field
x-okta-parent: "#/definitions/BrowserPluginApplication"
x-okta-tags:
- Application
SwaThreeFieldApplicationSettings:
properties:
app:
$ref: "#/components/schemas/SwaThreeFieldApplicationSettingsApplication"
x-okta-parent: "#/definitions/ApplicationSettings"
x-okta-tags:
- Application
SwaThreeFieldApplicationSettingsApplication:
properties:
buttonSelector:
type: string
extraFieldSelector:
type: string
extraFieldValue:
type: string
loginUrlRegex:
type: string
passwordSelector:
type: string
targetUrl:
type: string
userNameSelector:
type: string
x-okta-parent: "#/definitions/ApplicationSettingsApplication"
x-okta-tags:
- Application
TempPassword:
properties:
tempPassword:
readOnly: true
type: string
x-okta-tags:
- User
TokenFactor:
properties:
profile:
$ref: "#/components/schemas/TokenFactorProfile"
x-okta-parent: "#/definitions/Factor"
x-okta-tags:
- UserFactor
TokenFactorProfile:
properties:
credentialId:
type: string
x-okta-parent: "#/definitions/FactorProfile"
x-okta-tags:
- UserFactor
TotpFactor:
properties:
profile:
$ref: "#/components/schemas/TotpFactorProfile"
x-okta-parent: "#/definitions/Factor"
x-okta-tags:
- UserFactor
TotpFactorProfile:
properties:
credentialId:
type: string
x-okta-parent: "#/definitions/FactorProfile"
x-okta-tags:
- UserFactor
U2fFactor:
properties:
profile:
$ref: "#/components/schemas/U2fFactorProfile"
x-okta-parent: "#/definitions/Factor"
x-okta-tags:
- UserFactor
U2fFactorProfile:
x-okta-parent: "#/definitions/FactorProfile"
x-okta-tags:
- UserFactor
User:
properties:
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
_links:
additionalProperties:
type: object
readOnly: true
type: object
activated:
format: date-time
readOnly: true
type: string
created:
format: date-time
readOnly: true
type: string
credentials:
$ref: "#/components/schemas/UserCredentials"
id:
readOnly: true
type: string
lastLogin:
format: date-time
readOnly: true
type: string
lastUpdated:
format: date-time
readOnly: true
type: string
passwordChanged:
format: date-time
readOnly: true
type: string
profile:
$ref: "#/components/schemas/UserProfile"
status:
$ref: "#/components/schemas/UserStatus"
statusChanged:
format: date-time
readOnly: true
type: string
transitioningToStatus:
$ref: "#/components/schemas/UserStatus"
type: object
example:
{
"id": "00ub0oNGTSWTBKOLGLNR",
"status": "ACTIVE",
"created": "2013-06-24T16:39:18.000Z",
"activated": "2013-06-24T16:39:19.000Z",
"statusChanged": "2013-06-24T16:39:19.000Z",
"lastLogin": "2013-06-24T17:39:19.000Z",
"lastUpdated": "2013-06-27T16:35:28.000Z",
"passwordChanged": "2013-06-24T16:39:19.000Z",
"profile": {
"login": "isaac.brock@example.com",
"firstName": "Isaac",
"lastName": "Brock",
"nickName": "issac",
"displayName": "Isaac Brock",
"email": "isaac.brock@example.com",
"secondEmail": "isaac@example.org",
"profileUrl": "http://www.example.com/profile",
"preferredLanguage": "en-US",
"userType": "Employee",
"organization": "Okta",
"title": "Director",
"division": "R&D",
"department": "Engineering",
"costCenter": "10",
"employeeNumber": "187",
"mobilePhone": "+1-555-415-1337",
"primaryPhone": "+1-555-514-1337",
"streetAddress": "301 Brannan St.",
"city": "San Francisco",
"state": "CA",
"zipCode": "94107",
"countryCode": "US"
},
"credentials": {
"password": {},
"recovery_question": {
"question": "Who's a major player in the cowboy scene?"
},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
},
"_links": {
"resetPassword": {
"href": "https://example.okta.com/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_password"
},
"resetFactors": {
"href": "https://example.okta.com/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_factors"
},
"expirePassword": {
"href": "https://example.okta.com/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/expire_password"
},
"forgotPassword": {
"href": "https://example.okta.com/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/forgot_password"
},
"changeRecoveryQuestion": {
"href": "https://example.okta.com/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_recovery_question"
},
"deactivate": {
"href": "https://example.okta.com/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/deactivate"
},
"changePassword": {
"href": "https://example.okta.com/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_password"
}
}
}
x-okta-crud:
- alias: create
arguments:
- dest: user
self: true
operationId: createUser
- alias: read
arguments:
[]
operationId: getUser
- alias: update
arguments:
- dest: userId
src: id
- dest: user
self: true
operationId: updateUser
- alias: delete
arguments:
- dest: userId
src: id
- dest: user
self: true
operationId: deactivateOrDeleteUser
x-okta-operations:
- alias: endAllSessions
arguments:
- dest: userId
src: id
operationId: endAllUserSessions
- alias: listAppLinks
arguments:
- dest: userId
src: id
operationId: listAppLinks
- alias: changePassword
arguments:
- dest: userId
src: id
operationId: changePassword
- alias: changeRecoveryQuestion
arguments:
- dest: userId
src: id
operationId: changeRecoveryQuestion
- alias: forgotPassword
arguments:
- dest: userId
src: id
operationId: forgotPassword
- alias: listRoles
arguments:
- dest: userId
src: id
operationId: listAssignedRoles
- alias: addRole
arguments:
- dest: userId
src: id
operationId: addRoleToUser
- alias: removeRole
arguments:
- dest: userId
src: id
operationId: removeRoleFromUser
- alias: listGroupTargetsForRole
arguments:
- dest: userId
src: id
operationId: listGroupTargetsForRole
- alias: removeGroupTargetFromRole
arguments:
- dest: userId
src: id
operationId: removeGroupTargetFromRole
- alias: addGroupTargetToRole
arguments:
- dest: userId
src: id
operationId: addGroupTargetToRole
- alias: listGroups
arguments:
- dest: userId
src: id
operationId: listUserGroups
- alias: activate
arguments:
- dest: userId
src: id
operationId: activateUser
- alias: deactivate
arguments:
- dest: userId
src: id
operationId: deactivateUser
- alias: suspend
arguments:
- dest: userId
src: id
operationId: suspendUser
- alias: unsuspend
arguments:
- dest: userId
src: id
operationId: unsuspendUser
- alias: resetPassword
arguments:
- dest: userId
src: id
operationId: resetPassword
- alias: expirePassword
arguments:
- dest: userId
src: id
operationId: expirePassword
- alias: unlock
arguments:
- dest: userId
src: id
operationId: unlockUser
- alias: resetFactors
arguments:
- dest: userId
src: id
operationId: resetAllFactors
- alias: addToGroup
arguments:
- dest: userId
src: id
operationId: addUserToGroup
- alias: addFactor
arguments:
- dest: userId
src: id
operationId: addFactor
- alias: listSupportedFactors
arguments:
- dest: userId
src: id
operationId: listSupportedFactors
- alias: listFactors
arguments:
- dest: userId
src: id
operationId: listFactors
- alias: listSupportedSecurityQuestions
arguments:
- dest: userId
src: id
operationId: listSupportedSecurityQuestions
- alias: getFactor
arguments:
- dest: userId
src: id
operationId: getFactor
x-okta-tags:
- User
UserActivationToken:
properties:
activationToken:
readOnly: true
type: string
activationUrl:
readOnly: true
type: string
type: object
x-okta-tags:
- User
UserCondition:
properties:
exclude:
items:
type: string
type: array
include:
items:
type: string
type: array
x-okta-tags:
- Policy
UserCredentials:
properties:
emails:
items:
$ref: "#/components/schemas/EmailAddress"
type: array
password:
$ref: "#/components/schemas/PasswordCredential"
provider:
$ref: "#/components/schemas/AuthenticationProvider"
recovery_question:
$ref: "#/components/schemas/RecoveryQuestionCredential"
type: object
example:
{
"password": {
"value": "tlpWENT2m"
},
"recovery_question": {
"question": "Who's a major player in the cowboy scene?",
"answer": "Annie Oakley"
},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
}
x-okta-tags:
- User
UserNextLogin:
enum:
- changePassword
type: string
x-okta-tags:
- User
UserProfile:
properties:
email:
type: string
firstName:
type: string
lastName:
type: string
login:
type: string
mobilePhone:
type: string
secondEmail:
type: string
type: object
x-okta-extensible: true
x-okta-tags:
- User
UserStatus:
enum:
- STAGED
- PROVISIONED
- ACTIVE
- RECOVERY
- PASSWORD_EXPIRED
- LOCKED_OUT
- DEPROVISIONED
- SUSPENDED
type: string
x-okta-tags:
- User
VerifyFactorRequest:
properties:
activationToken:
type: string
answer:
type: string
nextPassCode:
type: string
passCode:
type: string
tokenLifetimeSeconds:
type: integer
type: object
x-okta-tags:
- UserFactor
VerifyFactorResponse:
properties:
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
_links:
additionalProperties:
type: object
readOnly: true
type: object
expiresAt:
format: date-time
readOnly: true
type: string
factorResult:
$ref: "#/components/schemas/FactorResultType"
factorResultMessage:
readOnly: true
type: string
type: object
x-okta-tags:
- UserFactor
example:
{
"factorResult": "SUCCESS"
}
WebFactor:
properties:
profile:
$ref: "#/components/schemas/WebFactorProfile"
x-okta-parent: "#/definitions/Factor"
x-okta-tags:
- UserFactor
WebFactorProfile:
properties:
credentialId:
type: string
x-okta-parent: "#/definitions/FactorProfile"
x-okta-tags:
- UserFactor
WsFederationApplication:
properties:
settings:
$ref: "#/components/schemas/WsFederationApplicationSettings"
x-okta-defined-as:
name: template_wsfed
x-okta-parent: "#/definitions/Application"
x-okta-tags:
- Application
WsFederationApplicationSettings:
properties:
app:
$ref: "#/components/schemas/WsFederationApplicationSettingsApplication"
x-okta-parent: "#/definitions/ApplicationSettings"
x-okta-tags:
- Application
WsFederationApplicationSettingsApplication:
properties:
attributeStatements:
type: string
audienceRestriction:
type: string
authnContextClassRef:
type: string
groupFilter:
type: string
groupName:
type: string
groupValueFormat:
type: string
nameIDFormat:
type: string
realm:
type: string
siteURL:
type: string
usernameAttribute:
type: string
wReplyOverride:
type: boolean
wReplyURL:
type: string
x-okta-parent: "#/definitions/ApplicationSettingsApplication"
x-okta-tags:
- Application
AuthenticationRequest:
properties:
username:
type: string
password:
type: string
audience:
type: string
relayState:
type: string
options:
$ref: "#/components/schemas/Options"
context:
$ref: "#/components/schemas/Context"
token:
type: string
stateToken:
type: string
x-okta-tags:
- Authentication
Options:
properties:
multiOptionalFactorEnroll:
type: boolean
nullable: true
warnBeforePasswordExpired:
type: boolean
nullable: true
x-okta-tags:
- Authentication
Context:
properties:
deviceToken:
type: string
maxLength: 32
nullable: true
x-okta-tags:
- Authentication
EnrollFactorRequest:
properties:
stateToken:
type: string
factorType:
$ref: "#/components/schemas/FactorType"
provider:
$ref: "#/components/schemas/FactorProvider"
profile:
$ref: "#/components/schemas/FactorProfile"
required:
- stateToken
- factorType
- provider
- profile
x-okta-tags:
- Authentication
ActivateFactorRequest:
properties:
stateToken:
type: string
passCode:
type: string
registrationData:
type: string
clientData:
type: string
x-okta-tags:
- Authentication
AuthVerifyFactorRequest:
properties:
stateToken:
type: string
answer:
type: string
passCode:
type: string
clientData:
type: string
signatureData:
type: string
x-okta-tags:
- Authentication
AuthenticationTransaction:
properties:
stateToken:
type: string
nullable: true
type:
type: string
nullable: true
sessionToken:
type: string
nullable: true
expiresAt:
type: string
nullable: true
format: date-time
status:
$ref: "#/components/schemas/TransactionState"
relayState:
type: string
maxLength: 2048
factorResult:
$ref: "#/components/schemas/FactorResultType"
_embedded:
additionalProperties:
type: object
readOnly: true
type: object
_links:
additionalProperties:
type: object
readOnly: true
type: object
example:
{
"expiresAt": "2015-11-03T10:15:57.000Z",
"status": "SUCCESS",
"relayState": "/myapp/some/deep/link/i/want/to/return/to",
"sessionToken": "00Fpzf4en68pCXTsMjcX8JPMctzN2Wiw4LDOBL_9pe",
"_embedded": {
"user": {
"id": "00ub0oNGTSWTBKOLGLNR",
"passwordChanged": "2015-09-08T20:14:45.000Z",
"profile": {
"login": "dade.murphy@example.com",
"firstName": "Dade",
"lastName": "Murphy",
"locale": "en_US",
"timeZone": "America/Los_Angeles"
}
}
}
}
x-okta-tags:
- Authentication
TransactionState:
enum:
- UNAUTHENTICATED
- PASSWORD_WARN
- PASSWORD_EXPIRED
- RECOVERY
- RECOVERY_CHALLENGE
- PASSWORD_RESET
- LOCKED_OUT
- MFA_ENROLL
- MFA_ENROLL_ACTIVATE
- MFA_REQUIRED
- MFA_CHALLENGE
- SUCCESS
type: string
x-okta-tags:
- Authentication