openapi: 3.0.1 info: title: Okta API description: Allows customers to easily access the Okta API termsOfService: https://developer.okta.com/terms/ contact: name: Okta Developer Team url: https://developer.okta.com/ email: devex-public@okta.com license: name: Apache-2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 2.16.0 externalDocs: description: Find more info here url: https://developer.okta.com/docs/api/getting_started/design_principles.html servers: - url: https://your-subdomain.okta.com/ paths: /api/v1/apps: get: tags: - Application summary: Okta List Applications description: Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query. operationId: listApplications parameters: - name: q in: query schema: type: string - name: after in: query description: Specifies the pagination cursor for the next page of apps schema: type: string - name: limit in: query description: Specifies the number of results for a page schema: type: integer format: int32 default: -1 - name: filter in: query description: "Filters apps by status, user.id, group.id or credentials.signing.kid expression" schema: type: string - name: expand in: query description: Traverses users link relationship and optionally embeds Application User resource schema: type: string - name: includeNonDeleted in: query schema: type: boolean default: false responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Application' security: - api_token: [] post: tags: - Application summary: Okta Add Application description: Adds a new application to your Okta organization. operationId: createApplication parameters: - name: activate in: query description: Executes activation lifecycle operation when creating the app schema: type: boolean default: true - name: OktaAccessGateway-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Application' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Application' security: - api_token: [] x-codegen-request-body-name: application /api/v1/apps/{appId}: get: tags: - Application summary: Okta Get Application description: Fetches an application from your Okta organization by `id`. operationId: getApplication parameters: - name: appId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Application' security: - api_token: [] put: tags: - Application summary: Okta Update Application description: Updates an application in your organization. operationId: updateApplication parameters: - name: appId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Application' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Application' security: - api_token: [] x-codegen-request-body-name: application delete: tags: - Application summary: Okta Delete Application description: Removes an inactive application. operationId: deleteApplication parameters: - name: appId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/apps/{appId}/connections/default: get: tags: - Application summary: Okta Fetches the default Provisioning Connection for an application. description: Get default Provisioning Connection for application operationId: getDefaultProvisioningConnectionForApplication parameters: - name: appId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ProvisioningConnection' "404": description: Not Found content: {} security: - api_token: [] post: tags: - Application summary: Okta Sets the default Provisioning Connection for an application. description: Set default Provisioning Connection for application operationId: setDefaultProvisioningConnectionForApplication parameters: - name: appId in: path required: true schema: type: string - name: activate in: query schema: type: boolean requestBody: content: application/json: schema: $ref: '#/components/schemas/ProvisioningConnectionRequest' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/ProvisioningConnection' "400": description: Bad Request content: {} "404": description: Not Found content: {} security: - api_token: [] x-codegen-request-body-name: profile /api/v1/apps/{appId}/connections/default/lifecycle/activate: post: tags: - Application summary: Okta Activate default Provisioning Connection for application description: Activates the default Provisioning Connection for an application. operationId: activateDefaultProvisioningConnectionForApplication parameters: - name: appId in: path required: true schema: type: string responses: "204": description: No Content content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/apps/{appId}/connections/default/lifecycle/deactivate: post: tags: - Application summary: Okta Deactivate default Provisioning Connection for application description: Deactivates the default Provisioning Connection for an application. operationId: deactivateDefaultProvisioningConnectionForApplication parameters: - name: appId in: path required: true schema: type: string responses: "204": description: No Content content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/apps/{appId}/credentials/csrs: get: tags: - Application summary: Okta List Certificate Signing Requests for Application description: Enumerates Certificate Signing Requests for an application operationId: listCsrsForApplication parameters: - name: appId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Csr' security: - api_token: [] post: tags: - Application summary: Okta Generate Certificate Signing Request for Application description: Generates a new key pair and returns the Certificate Signing Request for it. operationId: generateCsrForApplication parameters: - name: appId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CsrMetadata' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Csr' security: - api_token: [] x-codegen-request-body-name: metadata /api/v1/apps/{appId}/credentials/csrs/{csrId}: get: tags: - Application operationId: getCsrForApplication parameters: - name: appId in: path required: true schema: type: string - name: csrId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Csr' security: - api_token: [] delete: tags: - Application operationId: revokeCsrFromApplication parameters: - name: appId in: path required: true schema: type: string - name: csrId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish: post: tags: - Application parameters: - name: appId in: path required: true schema: type: string - name: csrId in: path required: true schema: type: string responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] x-okta-multi-operation: - consumes: - application/x-x509-ca-cert encoding: base64 operationId: publishCerCert parameters: - in: body name: certificate required: true type: string - consumes: - application/x-x509-ca-cert operationId: publishBinaryCerCert parameters: - format: binary in: body name: certificate required: true type: string - consumes: - application/pkix-cert encoding: base64 operationId: publishDerCert parameters: - in: body name: certificate required: true type: string - consumes: - application/pkix-cert operationId: publishBinaryDerCert parameters: - format: binary in: body name: certificate required: true type: string - consumes: - application/x-pem-file operationId: publishBinaryPemCert parameters: - format: binary in: body name: certificate required: true type: string /api/v1/apps/{appId}/credentials/keys: get: tags: - Application summary: Okta List Key Credentials for Application description: Enumerates key credentials for an application operationId: listApplicationKeys parameters: - name: appId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] /api/v1/apps/{appId}/credentials/keys/generate: post: tags: - Application description: Generates a new X.509 certificate for an application key credential operationId: generateApplicationKey parameters: - name: appId in: path required: true schema: type: string - name: validityYears in: query schema: type: integer responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] /api/v1/apps/{appId}/credentials/keys/{keyId}: get: tags: - Application summary: Okta Get Key Credential for Application description: Gets a specific application key credential by kid operationId: getApplicationKey parameters: - name: appId in: path required: true schema: type: string - name: keyId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] /api/v1/apps/{appId}/credentials/keys/{keyId}/clone: post: tags: - Application summary: Okta Clone Application Key Credential description: Clones a X.509 certificate for an application key credential from a source application to target application. operationId: cloneApplicationKey parameters: - name: appId in: path required: true schema: type: string - name: keyId in: path required: true schema: type: string - name: targetAid in: query description: Unique key of the target Application required: true schema: type: string responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] /api/v1/apps/{appId}/credentials/secrets: get: tags: - Application summary: Okta List client secrets description: Enumerates the client's collection of secrets operationId: listClientSecretsForApplication parameters: - name: appId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/ClientSecret' security: - api_token: [] post: tags: - Application summary: Okta Add new client secret description: Adds a new secret to the client's collection of secrets. operationId: createNewClientSecretForApplication parameters: - name: appId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ClientSecretMetadata' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/ClientSecret' security: - api_token: [] x-codegen-request-body-name: metadata /api/v1/apps/{appId}/credentials/secrets/{secretId}: get: tags: - Application summary: Okta Get client secret description: Gets a specific client secret by secretId operationId: getClientSecretForApplication parameters: - name: appId in: path required: true schema: type: string - name: secretId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ClientSecret' security: - api_token: [] delete: tags: - Application description: Removes a secret from the client's collection of secrets. operationId: deleteClientSecretForApplication parameters: - name: appId in: path required: true schema: type: string - name: secretId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate: post: tags: - Application summary: Okta Activate a client secret description: Activates a specific client secret by secretId operationId: activateClientSecretForApplication parameters: - name: appId in: path required: true schema: type: string - name: secretId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ClientSecret' security: - api_token: [] /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate: post: tags: - Application summary: Okta Deactivate a client secret description: Deactivates a specific client secret by secretId operationId: deactivateClientSecretForApplication parameters: - name: appId in: path required: true schema: type: string - name: secretId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ClientSecret' security: - api_token: [] /api/v1/apps/{appId}/features: get: tags: - Application summary: Okta Fetches the Feature objects for an application. description: List Features for application operationId: listFeaturesForApplication parameters: - name: appId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/ApplicationFeature' "404": description: Not Found content: {} security: - api_token: [] /api/v1/apps/{appId}/features/{name}: get: tags: - Application summary: Okta Fetches a Feature object for an application. description: Fetches a Feature object for an application. operationId: getFeatureForApplication parameters: - name: appId in: path required: true schema: type: string - name: name in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ApplicationFeature' "404": description: Not Found content: {} security: - api_token: [] put: tags: - Application summary: Okta Updates a Feature object for an application. description: Updates a Feature object for an application. operationId: updateFeatureForApplication parameters: - name: appId in: path required: true schema: type: string - name: name in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CapabilitiesObject' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ApplicationFeature' "404": description: Not Found content: {} security: - api_token: [] x-codegen-request-body-name: capabilities /api/v1/apps/{appId}/grants: get: tags: - Application description: Lists all scope consent grants for the application operationId: listScopeConsentGrants parameters: - name: appId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OAuth2ScopeConsentGrant' security: - api_token: [] post: tags: - Application description: Grants consent for the application to request an OAuth 2.0 Okta scope operationId: grantConsentToScope parameters: - name: appId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuth2ScopeConsentGrant' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/OAuth2ScopeConsentGrant' security: - api_token: [] x-codegen-request-body-name: oAuth2ScopeConsentGrant /api/v1/apps/{appId}/grants/{grantId}: get: tags: - Application description: Fetches a single scope consent grant for the application operationId: getScopeConsentGrant parameters: - name: appId in: path required: true schema: type: string - name: grantId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OAuth2ScopeConsentGrant' security: - api_token: [] delete: tags: - Application description: Revokes permission for the application to request the given scope operationId: revokeScopeConsentGrant parameters: - name: appId in: path required: true schema: type: string - name: grantId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/apps/{appId}/groups: get: tags: - Application summary: Okta List Groups Assigned to Application description: Enumerates group assignments for an application. operationId: listApplicationGroupAssignments parameters: - name: appId in: path required: true schema: type: string - name: q in: query schema: type: string - name: after in: query description: Specifies the pagination cursor for the next page of assignments schema: type: string - name: limit in: query description: Specifies the number of results for a page schema: type: integer format: int32 default: -1 - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/ApplicationGroupAssignment' security: - api_token: [] /api/v1/apps/{appId}/groups/{groupId}: get: tags: - Application summary: Okta Get Assigned Group for Application description: Fetches an application group assignment operationId: getApplicationGroupAssignment parameters: - name: appId in: path required: true schema: type: string - name: groupId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ApplicationGroupAssignment' security: - api_token: [] put: tags: - Application summary: Okta Assign Group to Application description: Assigns a group to an application operationId: createApplicationGroupAssignment parameters: - name: appId in: path required: true schema: type: string - name: groupId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationGroupAssignment' required: false responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ApplicationGroupAssignment' security: - api_token: [] x-codegen-request-body-name: applicationGroupAssignment delete: tags: - Application summary: Okta Remove Group from Application description: Removes a group assignment from an application. operationId: deleteApplicationGroupAssignment parameters: - name: appId in: path required: true schema: type: string - name: groupId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/apps/{appId}/lifecycle/activate: post: tags: - Application summary: Okta Activate Application description: Activates an inactive application. operationId: activateApplication parameters: - name: appId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/apps/{appId}/lifecycle/deactivate: post: tags: - Application summary: Okta Deactivate Application description: Deactivates an active application. operationId: deactivateApplication parameters: - name: appId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/apps/{appId}/logo: post: tags: - Application summary: "Okta The file must be in PNG, JPG, or GIF format, and less than 1 MB in size. For best results use landscape orientation, a transparent background, and a minimum size of 420px by 120px to prevent upscaling." description: Update the logo for an application. operationId: uploadApplicationLogo parameters: - name: appId in: path required: true schema: type: string requestBody: content: multipart/form-data: schema: required: - file type: object properties: file: type: string format: binary required: true responses: "201": description: Created content: {} "400": description: Bad Request content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/apps/{appId}/policies/{policyId}: put: tags: - Application summary: Okta Update application policy description: Assign an application to a specific policy. This unassigns the application from its currently assigned policy. operationId: updateApplicationPolicy parameters: - name: appId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/apps/{appId}/sso/saml/metadata: get: tags: - Application description: Previews SAML metadata based on a specific key credential for an application operationId: previewSAMLAppMetadata parameters: - name: appId in: path required: true schema: type: string - name: kid in: query description: unique key identifier of an Application Key Credential required: true schema: type: string responses: "200": description: Success content: application/xml: schema: type: object properties: EntityDescriptor: type: object properties: IDPSSODescriptor: type: object properties: KeyDescriptor: type: object properties: KeyInfo: type: object properties: X509Data: type: object properties: X509Certificate: type: string use: type: string xml: attribute: true NameIDFormat: type: array items: type: string SingleLogoutService: type: object properties: Binding: type: string xml: attribute: true Location: type: string xml: attribute: true SingleSignOnService: type: object properties: Binding: type: string xml: attribute: true Location: type: string xml: attribute: true WantAuthnRequestsSigned: type: boolean xml: attribute: true protocolSupportEnumeration: type: string xml: attribute: true entityID: type: string xml: attribute: true security: - api_token: [] /api/v1/apps/{appId}/tokens: get: tags: - Application description: Lists all tokens for the application operationId: listOAuth2TokensForApplication parameters: - name: appId in: path required: true schema: type: string - name: expand in: query schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OAuth2Token' security: - api_token: [] delete: tags: - Application description: Revokes all tokens for the specified application operationId: revokeOAuth2TokensForApplication parameters: - name: appId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/apps/{appId}/tokens/{tokenId}: get: tags: - Application description: Gets a token for the specified application operationId: getOAuth2TokenForApplication parameters: - name: appId in: path required: true schema: type: string - name: tokenId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OAuth2Token' security: - api_token: [] delete: tags: - Application description: Revokes the specified token for the specified application operationId: revokeOAuth2TokenForApplication parameters: - name: appId in: path required: true schema: type: string - name: tokenId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/apps/{appId}/users: get: tags: - Application summary: Okta List Users Assigned to Application description: "Enumerates all assigned [application users](#application-user-model) for an application." operationId: listApplicationUsers parameters: - name: appId in: path required: true schema: type: string - name: q in: query schema: type: string - name: query_scope in: query schema: type: string - name: after in: query description: specifies the pagination cursor for the next page of assignments schema: type: string - name: limit in: query description: specifies the number of results for a page schema: type: integer format: int32 default: -1 - name: filter in: query schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/AppUser' security: - api_token: [] post: tags: - Application summary: Okta Assign User to Application for SSO & Provisioning description: "Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request." operationId: assignUserToApplication parameters: - name: appId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AppUser' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AppUser' security: - api_token: [] x-codegen-request-body-name: appUser /api/v1/apps/{appId}/users/{userId}: get: tags: - Application summary: Okta Get Assigned User for Application description: Fetches a specific user assignment for application by `id`. operationId: getApplicationUser parameters: - name: appId in: path required: true schema: type: string - name: userId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AppUser' security: - api_token: [] post: tags: - Application summary: Okta Update Application Profile for Assigned User description: Updates a user's profile for an application operationId: updateApplicationUser parameters: - name: appId in: path required: true schema: type: string - name: userId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AppUser' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AppUser' security: - api_token: [] x-codegen-request-body-name: appUser delete: tags: - Application summary: Okta Remove User from Application description: Removes an assignment for a user from an application. operationId: deleteApplicationUser parameters: - name: appId in: path required: true schema: type: string - name: userId in: path required: true schema: type: string - name: sendEmail in: query schema: type: boolean default: false x-okta-added-version: 1.5.0 x-okta-added-version: 1.5.0 responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/authenticators: get: tags: - Authenticator summary: Okta Lists all available Authenticators description: List Authenticators operationId: listAuthenticators responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Authenticator' security: - api_token: [] post: tags: - Authenticator summary: Okta Create an Authenticator description: Create Authenticator operationId: createAuthenticator parameters: - name: activate in: query schema: type: boolean requestBody: content: application/json: schema: $ref: '#/components/schemas/Authenticator' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Authenticator' security: - api_token: [] x-codegen-request-body-name: authenticator /api/v1/authenticators/{authenticatorId}: get: tags: - Authenticator description: Success operationId: getAuthenticator parameters: - name: authenticatorId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Authenticator' security: - api_token: [] put: tags: - Authenticator summary: Okta Update Authenticator description: Updates an authenticator operationId: updateAuthenticator parameters: - name: authenticatorId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Authenticator' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Authenticator' security: - api_token: [] x-codegen-request-body-name: authenticator /api/v1/authenticators/{authenticatorId}/lifecycle/activate: post: tags: - Authenticator description: Success operationId: activateAuthenticator parameters: - name: authenticatorId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Authenticator' security: - api_token: [] /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate: post: tags: - Authenticator description: Success operationId: deactivateAuthenticator parameters: - name: authenticatorId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Authenticator' security: - api_token: [] /api/v1/authorizationServers: get: tags: - AuthorizationServer description: Success operationId: listAuthorizationServers parameters: - name: q in: query schema: type: string - name: limit in: query schema: type: string - name: after in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/AuthorizationServer' security: - api_token: [] post: tags: - AuthorizationServer description: Success operationId: createAuthorizationServer requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthorizationServer' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AuthorizationServer' "201": description: Created content: {} security: - api_token: [] x-codegen-request-body-name: authorizationServer /api/v1/authorizationServers/{authServerId}: get: tags: - AuthorizationServer description: Success operationId: getAuthorizationServer parameters: - name: authServerId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AuthorizationServer' security: - api_token: [] put: tags: - AuthorizationServer description: Success operationId: updateAuthorizationServer parameters: - name: authServerId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthorizationServer' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AuthorizationServer' security: - api_token: [] x-codegen-request-body-name: authorizationServer delete: tags: - AuthorizationServer description: Success operationId: deleteAuthorizationServer parameters: - name: authServerId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/claims: get: tags: - AuthorizationServer description: Success operationId: listOAuth2Claims parameters: - name: authServerId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OAuth2Claim' security: - api_token: [] post: tags: - AuthorizationServer description: Success operationId: createOAuth2Claim parameters: - name: authServerId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuth2Claim' required: true responses: "200": description: Created content: application/json: schema: $ref: '#/components/schemas/OAuth2Claim' "201": description: Success content: {} security: - api_token: [] x-codegen-request-body-name: oAuth2Claim /api/v1/authorizationServers/{authServerId}/claims/{claimId}: get: tags: - AuthorizationServer description: Success operationId: getOAuth2Claim parameters: - name: authServerId in: path required: true schema: type: string - name: claimId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OAuth2Claim' security: - api_token: [] put: tags: - AuthorizationServer description: Success operationId: updateOAuth2Claim parameters: - name: authServerId in: path required: true schema: type: string - name: claimId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuth2Claim' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OAuth2Claim' security: - api_token: [] x-codegen-request-body-name: oAuth2Claim delete: tags: - AuthorizationServer description: Success operationId: deleteOAuth2Claim parameters: - name: authServerId in: path required: true schema: type: string - name: claimId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/clients: get: tags: - AuthorizationServer description: Success operationId: listOAuth2ClientsForAuthorizationServer parameters: - name: authServerId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OAuth2Client' security: - api_token: [] /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens: get: tags: - AuthorizationServer description: Success operationId: listRefreshTokensForAuthorizationServerAndClient parameters: - name: authServerId in: path required: true schema: type: string - name: clientId in: path required: true schema: type: string - name: expand in: query schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: -1 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OAuth2RefreshToken' security: - api_token: [] delete: tags: - AuthorizationServer description: Success operationId: revokeRefreshTokensForAuthorizationServerAndClient parameters: - name: authServerId in: path required: true schema: type: string - name: clientId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}: get: tags: - AuthorizationServer description: Success operationId: getRefreshTokenForAuthorizationServerAndClient parameters: - name: authServerId in: path required: true schema: type: string - name: clientId in: path required: true schema: type: string - name: tokenId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OAuth2RefreshToken' security: - api_token: [] delete: tags: - AuthorizationServer description: Success operationId: revokeRefreshTokenForAuthorizationServerAndClient parameters: - name: authServerId in: path required: true schema: type: string - name: clientId in: path required: true schema: type: string - name: tokenId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/credentials/keys: get: tags: - AuthorizationServer description: Success operationId: listAuthorizationServerKeys parameters: - name: authServerId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] /api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate: post: tags: - AuthorizationServer description: Success operationId: rotateAuthorizationServerKeys parameters: - name: authServerId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/JwkUse' required: true responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] x-codegen-request-body-name: use /api/v1/authorizationServers/{authServerId}/lifecycle/activate: post: tags: - AuthorizationServer description: Success operationId: activateAuthorizationServer parameters: - name: authServerId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/lifecycle/deactivate: post: tags: - AuthorizationServer description: Success operationId: deactivateAuthorizationServer parameters: - name: authServerId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/policies: get: tags: - AuthorizationServer description: Success operationId: listAuthorizationServerPolicies parameters: - name: authServerId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/AuthorizationServerPolicy' security: - api_token: [] post: tags: - AuthorizationServer description: Success operationId: createAuthorizationServerPolicy parameters: - name: authServerId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthorizationServerPolicy' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AuthorizationServerPolicy' "201": description: Created content: {} security: - api_token: [] x-codegen-request-body-name: policy /api/v1/authorizationServers/{authServerId}/policies/{policyId}: get: tags: - AuthorizationServer description: Success operationId: getAuthorizationServerPolicy parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AuthorizationServerPolicy' security: - api_token: [] put: tags: - AuthorizationServer description: Success operationId: updateAuthorizationServerPolicy parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthorizationServerPolicy' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AuthorizationServerPolicy' security: - api_token: [] x-codegen-request-body-name: policy delete: tags: - AuthorizationServer description: Success operationId: deleteAuthorizationServerPolicy parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate: post: tags: - AuthorizationServer description: Activate Authorization Server Policy operationId: activateAuthorizationServerPolicy parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate: post: tags: - AuthorizationServer description: Deactivate Authorization Server Policy operationId: deactivateAuthorizationServerPolicy parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules: get: tags: - AuthorizationServer description: Enumerates all policy rules for the specified Custom Authorization Server and Policy. operationId: listAuthorizationServerPolicyRules parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/AuthorizationServerPolicyRule' security: - api_token: [] post: tags: - AuthorizationServer description: Creates a policy rule for the specified Custom Authorization Server and Policy. operationId: createAuthorizationServerPolicyRule parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthorizationServerPolicyRule' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AuthorizationServerPolicyRule' security: - api_token: [] x-codegen-request-body-name: policyRule /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}: get: tags: - AuthorizationServer description: Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy. operationId: getAuthorizationServerPolicyRule parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string - name: ruleId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AuthorizationServerPolicyRule' security: - api_token: [] put: tags: - AuthorizationServer description: Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy. operationId: updateAuthorizationServerPolicyRule parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string - name: ruleId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthorizationServerPolicyRule' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/AuthorizationServerPolicyRule' security: - api_token: [] x-codegen-request-body-name: policyRule delete: tags: - AuthorizationServer description: Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy. operationId: deleteAuthorizationServerPolicyRule parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string - name: ruleId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate: post: tags: - AuthorizationServer description: Activate Authorization Server Policy Rule operationId: activateAuthorizationServerPolicyRule parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string - name: ruleId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate: post: tags: - AuthorizationServer description: Deactivate Authorization Server Policy Rule operationId: deactivateAuthorizationServerPolicyRule parameters: - name: authServerId in: path required: true schema: type: string - name: policyId in: path required: true schema: type: string - name: ruleId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/authorizationServers/{authServerId}/scopes: get: tags: - AuthorizationServer description: Success operationId: listOAuth2Scopes parameters: - name: authServerId in: path required: true schema: type: string - name: q in: query schema: type: string - name: filter in: query schema: type: string - name: cursor in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: -1 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OAuth2Scope' security: - api_token: [] post: tags: - AuthorizationServer description: Success operationId: createOAuth2Scope parameters: - name: authServerId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuth2Scope' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OAuth2Scope' "201": description: Success content: {} security: - api_token: [] x-codegen-request-body-name: oAuth2Scope /api/v1/authorizationServers/{authServerId}/scopes/{scopeId}: get: tags: - AuthorizationServer description: Success operationId: getOAuth2Scope parameters: - name: authServerId in: path required: true schema: type: string - name: scopeId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OAuth2Scope' security: - api_token: [] put: tags: - AuthorizationServer description: Success operationId: updateOAuth2Scope parameters: - name: authServerId in: path required: true schema: type: string - name: scopeId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/OAuth2Scope' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OAuth2Scope' security: - api_token: [] x-codegen-request-body-name: oAuth2Scope delete: tags: - AuthorizationServer description: Success operationId: deleteOAuth2Scope parameters: - name: authServerId in: path required: true schema: type: string - name: scopeId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/brands: get: tags: - Brand summary: Okta List Brands description: List all the brands in your org. operationId: listBrands responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Brand' security: - api_token: [] /api/v1/brands/{brandId}: get: tags: - Brand summary: Okta Get Brand description: Fetches a brand by `brandId` operationId: getBrand parameters: - name: brandId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Brand' "404": description: Not Found content: {} security: - api_token: [] put: tags: - Brand summary: Okta Update Brand description: Updates a brand by `brandId` operationId: updateBrand parameters: - name: brandId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Brand' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Brand' "400": description: Bad Request content: {} security: - api_token: [] x-codegen-request-body-name: brand /api/v1/brands/{brandId}/templates/email: get: tags: - Brand summary: Okta List Email Templates description: List email templates in your organization with pagination. operationId: listEmailTemplates parameters: - name: brandId in: path required: true schema: type: string - name: after in: query description: Specifies the pagination cursor for the next page of email templates. schema: type: string - name: limit in: query description: Specifies the number of results returned (maximum 200) schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/EmailTemplate' security: - api_token: [] /api/v1/brands/{brandId}/templates/email/{templateName}: get: tags: - Brand summary: Okta Get Email Template description: Fetch an email template by templateName operationId: getEmailTemplate parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EmailTemplate' security: - api_token: [] /api/v1/brands/{brandId}/templates/email/{templateName}/customizations: get: tags: - Brand summary: Okta List Email Template Customization description: List all email customizations for an email template operationId: listEmailTemplateCustomizations parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/EmailTemplateCustomization' security: - api_token: [] post: tags: - Brand summary: Okta Create Email Template Customization description: Create an email customization operationId: createEmailTemplateCustomization parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/EmailTemplateCustomizationRequest' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EmailTemplateCustomization' "409": description: Conflict content: {} security: - api_token: [] x-codegen-request-body-name: customization delete: tags: - Brand summary: Okta Delete Email Template Customization description: Delete all customizations for an email template. Also known as “Reset to Default”. operationId: deleteEmailTemplateCustomizations parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string responses: "204": description: Success content: {} security: - api_token: [] /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}: get: tags: - Brand summary: Okta Get Email Template Customization description: Fetch an email customization by id. operationId: getEmailTemplateCustomization parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string - name: customizationId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EmailTemplateCustomization' security: - api_token: [] put: tags: - Brand summary: Okta Update Email Customization description: Update an email customization operationId: updateEmailTemplateCustomization parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string - name: customizationId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/EmailTemplateCustomizationRequest' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EmailTemplateCustomization' "409": description: Conflict content: {} security: - api_token: [] x-codegen-request-body-name: customization delete: tags: - Brand summary: Okta Delete Email Customization description: Delete an email customization operationId: deleteEmailTemplateCustomization parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string - name: customizationId in: path required: true schema: type: string responses: "204": description: No Content content: {} "409": description: Conflict content: {} security: - api_token: [] /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview: get: tags: - Brand summary: Okta Get Preview Content of Email Customization description: Get a preview of an email template customization. operationId: getEmailTemplateCustomizationPreview parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string - name: customizationId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EmailTemplateContent' security: - api_token: [] /api/v1/brands/{brandId}/templates/email/{templateName}/default-content: get: tags: - Brand summary: Okta Get Default Content of Email Template description: Fetch the default content for an email template. operationId: getEmailTemplateDefaultContent parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EmailTemplateContent' security: - api_token: [] /api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview: get: tags: - Brand summary: Okta Get Preview of Email Template Default Content description: Fetch a preview of an email template's default content by populating velocity references with the current user's environment. operationId: getEmailTemplateDefaultContentPreview parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EmailTemplateContent' security: - api_token: [] /api/v1/brands/{brandId}/templates/email/{templateName}/test: post: tags: - Brand summary: Okta Get Preview of Email Template Default Content description: "Send a test email to the current users primary and secondary email addresses. The email content is selected based on the following priority: An email customization specifically for the users locale. The default language of email customizations. The email templates default content." operationId: sendTestEmail parameters: - name: brandId in: path required: true schema: type: string - name: templateName in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/EmailTemplateTestRequest' required: true responses: "204": description: No Content content: {} security: - api_token: [] x-codegen-request-body-name: customization /api/v1/brands/{brandId}/themes: get: tags: - Brand summary: Okta Get Brand Themes description: List all the themes in your brand operationId: listBrandThemes parameters: - name: brandId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/ThemeResponse' security: - api_token: [] /api/v1/brands/{brandId}/themes/{themeId}: get: tags: - Brand summary: Okta Get a theme for a brand description: Fetches a theme for a brand operationId: getBrandTheme parameters: - name: brandId in: path required: true schema: type: string - name: themeId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ThemeResponse' security: - api_token: [] put: tags: - Brand summary: Okta Update a theme for a brand description: Updates a theme for a brand operationId: updateBrandTheme parameters: - name: brandId in: path required: true schema: type: string - name: themeId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Theme' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ThemeResponse' "400": description: Bad Request content: {} "404": description: Not Found content: {} security: - api_token: [] x-codegen-request-body-name: theme /api/v1/brands/{brandId}/themes/{themeId}/background-image: post: tags: - Brand summary: Okta Updates the background image for your Theme description: Updates the background image for your Theme operationId: uploadBrandThemeBackgroundImage parameters: - name: brandId in: path required: true schema: type: string - name: themeId in: path required: true schema: type: string requestBody: content: multipart/form-data: schema: required: - file type: object properties: file: type: string format: binary required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/ImageUploadResponse' "400": description: Bad Request content: {} "404": description: Not Found content: {} security: - api_token: [] delete: tags: - Brand summary: Okta Deletes a Theme background image description: Deletes a Theme background image operationId: deleteBrandThemeBackgroundImage parameters: - name: brandId in: path required: true schema: type: string - name: themeId in: path required: true schema: type: string responses: "204": description: No Content content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/brands/{brandId}/themes/{themeId}/favicon: post: tags: - Brand summary: Okta Updates the favicon for your theme description: Updates the favicon for your theme operationId: uploadBrandThemeFavicon parameters: - name: brandId in: path required: true schema: type: string - name: themeId in: path required: true schema: type: string requestBody: content: multipart/form-data: schema: required: - file type: object properties: file: type: string format: binary required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/ImageUploadResponse' "400": description: Bad Request content: {} "404": description: Not Found content: {} security: - api_token: [] delete: tags: - Brand summary: Deletes a Theme favicon. The org then uses the Okta default favicon. description: Deletes a Theme favicon. The org then uses the Okta default favicon. operationId: deleteBrandThemeFavicon parameters: - name: brandId in: path required: true schema: type: string - name: themeId in: path required: true schema: type: string responses: "204": description: No Content content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/brands/{brandId}/themes/{themeId}/logo: post: tags: - Brand summary: Okta Update a themes logo description: Updates the logo for your Theme operationId: uploadBrandThemeLogo parameters: - name: brandId in: path required: true schema: type: string - name: themeId in: path required: true schema: type: string requestBody: content: multipart/form-data: schema: required: - file type: object properties: file: type: string format: binary required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ImageUploadResponse' "400": description: Bad Request content: {} "404": description: Not Found content: {} security: - api_token: [] delete: tags: - Brand summary: Deletes a Theme logo. The org then uses the Okta default logo. description: Deletes a Theme logo. The org then uses the Okta default logo. operationId: deleteBrandThemeLogo parameters: - name: brandId in: path required: true schema: type: string - name: themeId in: path required: true schema: type: string responses: "204": description: No Content content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/domains: get: tags: - Domain summary: Okta List Domains description: List all verified custom Domains for the org. operationId: listDomains responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/DomainListResponse' security: - api_token: [] post: tags: - Domain summary: Okta Create Domain description: Creates your domain. operationId: createDomain requestBody: content: application/json: schema: $ref: '#/components/schemas/Domain' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Domain' security: - api_token: [] x-codegen-request-body-name: domain /api/v1/domains/{domainId}: get: tags: - Domain summary: Okta Get Domain description: Fetches a Domain by `id`. operationId: getDomain parameters: - name: domainId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Domain' security: - api_token: [] delete: tags: - Domain summary: Okta Delete Domain description: Deletes a Domain by `id`. operationId: deleteDomain parameters: - name: domainId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/domains/{domainId}/certificate: put: tags: - Domain summary: Okta Create Certificate description: Creates the Certificate for the Domain. operationId: createCertificate parameters: - name: domainId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/DomainCertificate' required: true responses: "204": description: No Content content: {} security: - api_token: [] x-codegen-request-body-name: certificate /api/v1/domains/{domainId}/verify: post: tags: - Domain summary: Okta Verify Domain description: Verifies the Domain by `id`. operationId: verifyDomain parameters: - name: domainId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Domain' security: - api_token: [] /api/v1/eventHooks: get: tags: - EventHook description: Success operationId: listEventHooks responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/EventHook' security: - api_token: [] post: tags: - EventHook description: Success operationId: createEventHook requestBody: content: application/json: schema: $ref: '#/components/schemas/EventHook' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EventHook' security: - api_token: [] x-codegen-request-body-name: eventHook /api/v1/eventHooks/{eventHookId}: get: tags: - EventHook description: Success operationId: getEventHook parameters: - name: eventHookId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EventHook' security: - api_token: [] put: tags: - EventHook description: Success operationId: updateEventHook parameters: - name: eventHookId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/EventHook' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EventHook' security: - api_token: [] x-codegen-request-body-name: eventHook delete: tags: - EventHook description: Success operationId: deleteEventHook parameters: - name: eventHookId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/eventHooks/{eventHookId}/lifecycle/activate: post: tags: - EventHook description: Success operationId: activateEventHook parameters: - name: eventHookId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EventHook' security: - api_token: [] /api/v1/eventHooks/{eventHookId}/lifecycle/deactivate: post: tags: - EventHook description: Success operationId: deactivateEventHook parameters: - name: eventHookId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EventHook' security: - api_token: [] /api/v1/eventHooks/{eventHookId}/lifecycle/verify: post: tags: - EventHook description: Success operationId: verifyEventHook parameters: - name: eventHookId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/EventHook' security: - api_token: [] /api/v1/features: get: tags: - Feature description: Success operationId: listFeatures responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Feature' security: - api_token: [] /api/v1/features/{featureId}: get: tags: - Feature description: Success operationId: getFeature parameters: - name: featureId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Feature' security: - api_token: [] /api/v1/features/{featureId}/dependencies: get: tags: - Feature description: Success operationId: listFeatureDependencies parameters: - name: featureId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Feature' security: - api_token: [] /api/v1/features/{featureId}/dependents: get: tags: - Feature description: Success operationId: listFeatureDependents parameters: - name: featureId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Feature' security: - api_token: [] /api/v1/features/{featureId}/{lifecycle}: post: tags: - Feature description: Success operationId: updateFeatureLifecycle parameters: - name: featureId in: path required: true schema: type: string - name: lifecycle in: path required: true schema: type: string - name: mode in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Feature' security: - api_token: [] /api/v1/groups: get: tags: - Group summary: Okta List Groups description: Enumerates groups in your organization with pagination. A subset of groups can be returned that match a supported filter expression or query. operationId: listGroups parameters: - name: q in: query description: Searches the name property of groups for matching value schema: type: string - name: filter in: query description: Filter expression for groups schema: type: string - name: after in: query description: Specifies the pagination cursor for the next page of groups schema: type: string - name: limit in: query description: Specifies the number of group results in a page schema: type: integer format: int32 default: 10000 - name: expand in: query description: "If specified, it causes additional metadata to be included in the response." schema: type: string - name: search in: query description: "Searches for groups with a supported filtering expression for all attributes except for _embedded, _links, and objectClass" schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Group' security: - api_token: [] post: tags: - Group summary: Okta Add Group description: Adds a new group with `OKTA_GROUP` type to your organization. operationId: createGroup requestBody: content: application/json: schema: $ref: '#/components/schemas/Group' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Group' security: - api_token: [] x-codegen-request-body-name: group /api/v1/groups/rules: get: tags: - Group summary: Okta List Group Rules description: Lists all group rules for your organization. operationId: listGroupRules parameters: - name: limit in: query description: Specifies the number of rule results in a page schema: type: integer format: int32 default: 50 - name: after in: query description: Specifies the pagination cursor for the next page of rules schema: type: string - name: search in: query description: Specifies the keyword to search fules for schema: type: string - name: expand in: query description: "If specified as `groupIdToGroupNameMap`, then show group names" schema: type: string x-okta-added-version: 1.3.0 x-okta-added-version: 1.3.0 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/GroupRule' security: - api_token: [] post: tags: - Group summary: Okta Create Group Rule description: Creates a group rule to dynamically add users to the specified group if they match the condition operationId: createGroupRule requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupRule' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/GroupRule' security: - api_token: [] x-codegen-request-body-name: groupRule /api/v1/groups/rules/{ruleId}: get: tags: - Group summary: Okta Get Group Rule description: Fetches a specific group rule by id from your organization operationId: getGroupRule parameters: - name: ruleId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/GroupRule' security: - api_token: [] put: tags: - Group description: Updates a group rule. Only `INACTIVE` rules can be updated. operationId: updateGroupRule parameters: - name: ruleId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupRule' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/GroupRule' security: - api_token: [] x-codegen-request-body-name: groupRule delete: tags: - Group summary: Okta Delete a group Rule description: Removes a specific group rule by id from your organization operationId: deleteGroupRule parameters: - name: ruleId in: path required: true schema: type: string - name: removeUsers in: query description: Indicates whether to keep or remove users from groups assigned by this rule. schema: type: boolean responses: "202": description: Accepted content: {} security: - api_token: [] /api/v1/groups/rules/{ruleId}/lifecycle/activate: post: tags: - Group summary: Okta Activate a group Rule description: Activates a specific group rule by id from your organization operationId: activateGroupRule parameters: - name: ruleId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/groups/rules/{ruleId}/lifecycle/deactivate: post: tags: - Group summary: Okta Deactivate a group Rule description: Deactivates a specific group rule by id from your organization operationId: deactivateGroupRule parameters: - name: ruleId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/groups/{groupId}: get: tags: - Group summary: Okta List Group Rules description: Fetches a group from your organization. operationId: getGroup parameters: - name: groupId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Group' security: - api_token: [] put: tags: - Group summary: Okta Update Group description: Updates the profile for a group with `OKTA_GROUP` type from your organization. operationId: updateGroup parameters: - name: groupId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Group' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Group' security: - api_token: [] x-codegen-request-body-name: group delete: tags: - Group summary: Okta Remove Group description: Removes a group with `OKTA_GROUP` type from your organization. operationId: deleteGroup parameters: - name: groupId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/groups/{groupId}/apps: get: tags: - Group summary: Okta List Assigned Applications description: Enumerates all applications that are assigned to a group. operationId: listAssignedApplicationsForGroup parameters: - name: groupId in: path required: true schema: type: string - name: after in: query description: Specifies the pagination cursor for the next page of apps schema: type: string - name: limit in: query description: Specifies the number of app results for a page schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Application' security: - api_token: [] /api/v1/groups/{groupId}/roles: get: tags: - Group description: Success operationId: listGroupAssignedRoles parameters: - name: groupId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Role' security: - api_token: [] post: tags: - Group description: Assigns a Role to a Group operationId: assignRoleToGroup parameters: - name: groupId in: path required: true schema: type: string - name: disableNotifications in: query schema: type: boolean requestBody: content: application/json: schema: $ref: '#/components/schemas/AssignRoleRequest' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Role' "201": description: Success content: {} security: - api_token: [] x-codegen-request-body-name: assignRoleRequest /api/v1/groups/{groupId}/roles/{roleId}: get: tags: - Group description: Success operationId: getRole parameters: - name: groupId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Role' security: - api_token: [] delete: tags: - Group description: Unassigns a Role from a Group operationId: removeRoleFromGroup parameters: - name: groupId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps: get: tags: - Group description: "Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID." operationId: listApplicationTargetsForApplicationAdministratorRoleForGroup parameters: - name: groupId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/CatalogApplication' security: - api_token: [] /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}: put: tags: - Group description: Success operationId: addApplicationTargetToAdminRoleGivenToGroup parameters: - name: groupId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: appName in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] delete: tags: - Group description: Success operationId: removeApplicationTargetFromApplicationAdministratorRoleGivenToGroup parameters: - name: groupId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: appName in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/groups/{groupId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}: put: tags: - Group summary: Okta Add App Instance Target to App Administrator Role given to a Group description: Add App Instance Target to App Administrator Role given to a Group operationId: addApplicationInstanceTargetToAppAdminRoleGivenToGroup parameters: - name: groupId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: appName in: path required: true schema: type: string - name: applicationId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] delete: tags: - Group summary: Okta Remove App Instance Target to App Administrator Role given to a Group description: Remove App Instance Target to App Administrator Role given to a Group operationId: removeApplicationTargetFromAdministratorRoleGivenToGroup parameters: - name: groupId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: appName in: path required: true schema: type: string - name: applicationId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/groups/{groupId}/roles/{roleId}/targets/groups: get: tags: - Group description: Success operationId: listGroupTargetsForGroupRole parameters: - name: groupId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Group' security: - api_token: [] /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}: put: tags: - Group operationId: addGroupTargetToGroupAdministratorRoleForGroup parameters: - name: groupId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: targetGroupId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] delete: tags: - Group operationId: removeGroupTargetFromGroupAdministratorRoleGivenToGroup parameters: - name: groupId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: targetGroupId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/groups/{groupId}/users: get: tags: - Group summary: Okta List Group Members description: Enumerates all users that are a member of a group. operationId: listGroupUsers parameters: - name: groupId in: path required: true schema: type: string - name: after in: query description: Specifies the pagination cursor for the next page of users schema: type: string - name: limit in: query description: Specifies the number of user results in a page schema: type: integer format: int32 default: 1000 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/User' security: - api_token: [] /api/v1/groups/{groupId}/users/{userId}: put: tags: - Group summary: Okta Add User to Group description: Adds a user to a group with 'OKTA_GROUP' type. operationId: addUserToGroup parameters: - name: groupId in: path required: true schema: type: string - name: userId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] delete: tags: - Group summary: Okta Remove User from Group description: Removes a user from a group with 'OKTA_GROUP' type. operationId: removeUserFromGroup parameters: - name: groupId in: path required: true schema: type: string - name: userId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/idps: get: tags: - IdentityProvider summary: Okta List Identity Providers description: Enumerates IdPs in your organization with pagination. A subset of IdPs can be returned that match a supported filter expression or query. operationId: listIdentityProviders parameters: - name: q in: query description: Searches the name property of IdPs for matching value schema: type: string - name: after in: query description: Specifies the pagination cursor for the next page of IdPs schema: type: string - name: limit in: query description: Specifies the number of IdP results in a page schema: type: integer format: int32 default: 20 - name: type in: query description: Filters IdPs by type schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityProvider' security: - api_token: [] post: tags: - IdentityProvider summary: Okta Add Identity Provider description: Adds a new IdP to your organization. operationId: createIdentityProvider requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentityProvider' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/IdentityProvider' security: - api_token: [] x-codegen-request-body-name: identityProvider /api/v1/idps/credentials/keys: get: tags: - IdentityProvider summary: Okta List Keys description: Enumerates IdP key credentials. operationId: listIdentityProviderKeys parameters: - name: after in: query description: Specifies the pagination cursor for the next page of keys schema: type: string - name: limit in: query description: Specifies the number of key results in a page schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] post: tags: - IdentityProvider summary: Okta Add X.509 Certificate Public Key description: Adds a new X.509 certificate credential to the IdP key store. operationId: createIdentityProviderKey requestBody: content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] x-codegen-request-body-name: jsonWebKey /api/v1/idps/credentials/keys/{keyId}: get: tags: - IdentityProvider summary: Okta Get Key description: Gets a specific IdP Key Credential by `kid` operationId: getIdentityProviderKey parameters: - name: keyId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] delete: tags: - IdentityProvider summary: Okta Delete Key description: Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP. operationId: deleteIdentityProviderKey parameters: - name: keyId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/idps/{idpId}: get: tags: - IdentityProvider summary: Okta Get Identity Provider description: Fetches an IdP by `id`. operationId: getIdentityProvider parameters: - name: idpId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/IdentityProvider' security: - api_token: [] put: tags: - IdentityProvider summary: Okta Update Identity Provider description: Updates the configuration for an IdP. operationId: updateIdentityProvider parameters: - name: idpId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentityProvider' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/IdentityProvider' security: - api_token: [] x-codegen-request-body-name: identityProvider delete: tags: - IdentityProvider summary: Okta Delete Identity Provider description: Removes an IdP from your organization. operationId: deleteIdentityProvider parameters: - name: idpId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/idps/{idpId}/credentials/csrs: get: tags: - IdentityProvider summary: Okta List Certificate Signing Requests for IdP description: Enumerates Certificate Signing Requests for an IdP operationId: listCsrsForIdentityProvider parameters: - name: idpId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Csr' security: - api_token: [] post: tags: - IdentityProvider summary: Okta Generate Certificate Signing Request for IdP description: Generates a new key pair and returns a Certificate Signing Request for it. operationId: generateCsrForIdentityProvider parameters: - name: idpId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CsrMetadata' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Csr' security: - api_token: [] x-codegen-request-body-name: metadata /api/v1/idps/{idpId}/credentials/csrs/{csrId}: get: tags: - IdentityProvider description: Gets a specific Certificate Signing Request model by id operationId: getCsrForIdentityProvider parameters: - name: idpId in: path required: true schema: type: string - name: csrId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Csr' security: - api_token: [] delete: tags: - IdentityProvider description: Revoke a Certificate Signing Request and delete the key pair from the IdP operationId: revokeCsrForIdentityProvider parameters: - name: idpId in: path required: true schema: type: string - name: csrId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/idps/{idpId}/credentials/csrs/{csrId}/lifecycle/publish: post: tags: - IdentityProvider description: Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP. parameters: - name: idpId in: path required: true schema: type: string - name: csrId in: path required: true schema: type: string responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] x-okta-multi-operation: - consumes: - application/x-x509-ca-cert encoding: base64 operationId: publishCerCertForIdentityProvider parameters: - in: body name: certificate required: true type: string - consumes: - application/x-x509-ca-cert operationId: publishBinaryCerCertForIdentityProvider parameters: - format: binary in: body name: certificate required: true type: string - consumes: - application/pkix-cert encoding: base64 operationId: publishDerCertForIdentityProvider parameters: - in: body name: certificate required: true type: string - consumes: - application/pkix-cert operationId: publishBinaryDerCertForIdentityProvider parameters: - format: binary in: body name: certificate required: true type: string - consumes: - application/x-pem-file operationId: publishBinaryPemCertForIdentityProvider parameters: - format: binary in: body name: certificate required: true type: string /api/v1/idps/{idpId}/credentials/keys: get: tags: - IdentityProvider summary: Okta List Signing Key Credentials for IdP description: Enumerates signing key credentials for an IdP operationId: listIdentityProviderSigningKeys parameters: - name: idpId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] /api/v1/idps/{idpId}/credentials/keys/generate: post: tags: - IdentityProvider summary: Okta Generate New IdP Signing Key Credential description: Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP operationId: generateIdentityProviderSigningKey parameters: - name: idpId in: path required: true schema: type: string - name: validityYears in: query description: expiry of the IdP Key Credential required: true schema: type: integer format: int32 responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] /api/v1/idps/{idpId}/credentials/keys/{keyId}: get: tags: - IdentityProvider summary: Okta Get Signing Key Credential for IdP description: Gets a specific IdP Key Credential by `kid` operationId: getIdentityProviderSigningKey parameters: - name: idpId in: path required: true schema: type: string - name: keyId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] /api/v1/idps/{idpId}/credentials/keys/{keyId}/clone: post: tags: - IdentityProvider summary: Okta Clone Signing Key Credential for IdP description: Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP operationId: cloneIdentityProviderKey parameters: - name: idpId in: path required: true schema: type: string - name: keyId in: path required: true schema: type: string - name: targetIdpId in: query required: true schema: type: string responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/JsonWebKey' security: - api_token: [] /api/v1/idps/{idpId}/lifecycle/activate: post: tags: - IdentityProvider summary: Okta Activate Identity Provider description: Activates an inactive IdP. operationId: activateIdentityProvider parameters: - name: idpId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/IdentityProvider' security: - api_token: [] /api/v1/idps/{idpId}/lifecycle/deactivate: post: tags: - IdentityProvider summary: Okta Deactivate Identity Provider description: Deactivates an active IdP. operationId: deactivateIdentityProvider parameters: - name: idpId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/IdentityProvider' security: - api_token: [] /api/v1/idps/{idpId}/users: get: tags: - IdentityProvider summary: Okta Find Users description: Find all the users linked to an identity provider operationId: listIdentityProviderApplicationUsers parameters: - name: idpId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityProviderApplicationUser' security: - api_token: [] /api/v1/idps/{idpId}/users/{userId}: get: tags: - IdentityProvider description: Fetches a linked IdP user by ID operationId: getIdentityProviderApplicationUser parameters: - name: idpId in: path required: true schema: type: string - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/IdentityProviderApplicationUser' security: - api_token: [] post: tags: - IdentityProvider summary: Okta Link a user to a Social IdP without a transaction description: Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type operationId: linkUserToIdentityProvider parameters: - name: idpId in: path required: true schema: type: string - name: userId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UserIdentityProviderLinkRequest' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/IdentityProviderApplicationUser' security: - api_token: [] x-codegen-request-body-name: userIdentityProviderLinkRequest delete: tags: - IdentityProvider summary: Okta Unlink User from IdP description: Removes the link between the Okta user and the IdP user. operationId: unlinkUserFromIdentityProvider parameters: - name: idpId in: path required: true schema: type: string - name: userId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/idps/{idpId}/users/{userId}/credentials/tokens: get: tags: - IdentityProvider summary: Okta Social Authentication Token Operation description: Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth. operationId: listSocialAuthTokens parameters: - name: idpId in: path required: true schema: type: string - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/SocialAuthToken' security: - api_token: [] /api/v1/inlineHooks: get: tags: - InlineHook description: Success operationId: listInlineHooks parameters: - name: type in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/InlineHook' security: - api_token: [] post: tags: - InlineHook description: Success operationId: createInlineHook requestBody: content: application/json: schema: $ref: '#/components/schemas/InlineHook' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/InlineHook' security: - api_token: [] x-codegen-request-body-name: inlineHook /api/v1/inlineHooks/{inlineHookId}: get: tags: - InlineHook description: Gets an inline hook by ID operationId: getInlineHook parameters: - name: inlineHookId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/InlineHook' security: - api_token: [] put: tags: - InlineHook description: Updates an inline hook by ID operationId: updateInlineHook parameters: - name: inlineHookId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/InlineHook' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/InlineHook' security: - api_token: [] x-codegen-request-body-name: inlineHook delete: tags: - InlineHook description: "Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion." operationId: deleteInlineHook parameters: - name: inlineHookId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/inlineHooks/{inlineHookId}/execute: post: tags: - InlineHook description: Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes. operationId: executeInlineHook parameters: - name: inlineHookId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/InlineHookPayload' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/InlineHookResponse' security: - api_token: [] x-codegen-request-body-name: payloadData /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate: post: tags: - InlineHook description: Activates the Inline Hook matching the provided id operationId: activateInlineHook parameters: - name: inlineHookId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/InlineHook' security: - api_token: [] /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate: post: tags: - InlineHook description: Deactivates the Inline Hook matching the provided id operationId: deactivateInlineHook parameters: - name: inlineHookId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/InlineHook' security: - api_token: [] /api/v1/logs: get: tags: - Log summary: Fetch a list of events from your Okta organization system log. description: The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API operationId: getLogs parameters: - name: since in: query schema: type: string format: date-time - name: until in: query schema: type: string format: date-time - name: filter in: query schema: type: string - name: q in: query schema: type: string - name: limit in: query schema: type: integer default: 100 - name: sortOrder in: query schema: type: string default: ASCENDING - name: after in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/LogEvent' security: - api_token: [] /api/v1/mappings: get: tags: - ProfileMapping description: Enumerates Profile Mappings in your organization with pagination. operationId: listProfileMappings parameters: - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: -1 - name: sourceId in: query schema: type: string - name: targetId in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/ProfileMapping' security: - api_token: [] /api/v1/mappings/{mappingId}: get: tags: - ProfileMapping summary: Okta Get Profile Mapping description: Fetches a single Profile Mapping referenced by its ID. operationId: getProfileMapping parameters: - name: mappingId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ProfileMapping' security: - api_token: [] post: tags: - ProfileMapping summary: Okta Update Profile Mapping description: "Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings." operationId: updateProfileMapping parameters: - name: mappingId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ProfileMapping' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ProfileMapping' security: - api_token: [] x-codegen-request-body-name: profileMapping /api/v1/meta/schemas/apps/{appInstanceId}/default: get: tags: - UserSchema summary: Okta Fetches the Schema for an App User description: Fetches the Schema for an App User operationId: getApplicationUserSchema parameters: - name: appInstanceId in: path required: true schema: type: string responses: "200": description: successful operation content: application/json: schema: $ref: '#/components/schemas/UserSchema' security: - api_token: [] post: tags: - UserSchema summary: Okta Partial updates on the User Profile properties of the Application User Schema. description: Partial updates on the User Profile properties of the Application User Schema. operationId: updateApplicationUserProfile parameters: - name: appInstanceId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UserSchema' required: false responses: "200": description: successful operation content: application/json: schema: $ref: '#/components/schemas/UserSchema' security: - api_token: [] x-codegen-request-body-name: body /api/v1/meta/schemas/group/default: get: tags: - GroupSchema summary: Okta Fetches the group schema description: Fetches the group schema operationId: getGroupSchema responses: "200": description: successful operation content: application/json: schema: $ref: '#/components/schemas/GroupSchema' security: - api_token: [] post: tags: - GroupSchema summary: "Okta Updates, adds ore removes one or more custom Group Profile properties in the schema" description: "Updates, adds ore removes one or more custom Group Profile properties in the schema" operationId: updateGroupSchema requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupSchema' required: false responses: "200": description: successful operation content: application/json: schema: $ref: '#/components/schemas/GroupSchema' security: - api_token: [] x-codegen-request-body-name: body /api/v1/meta/schemas/user/linkedObjects: get: tags: - LinkedObject description: Success operationId: listLinkedObjectDefinitions responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/LinkedObject' security: - api_token: [] post: tags: - LinkedObject description: Success operationId: addLinkedObjectDefinition requestBody: content: application/json: schema: $ref: '#/components/schemas/LinkedObject' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/LinkedObject' security: - api_token: [] x-codegen-request-body-name: linkedObject /api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}: get: tags: - LinkedObject description: Success operationId: getLinkedObjectDefinition parameters: - name: linkedObjectName in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/LinkedObject' security: - api_token: [] delete: tags: - LinkedObject description: Success operationId: deleteLinkedObjectDefinition parameters: - name: linkedObjectName in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/meta/schemas/user/{schemaId}: get: tags: - UserSchema summary: Okta Fetches the schema for a Schema Id. description: Fetches the schema for a Schema Id. operationId: getUserSchema parameters: - name: schemaId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserSchema' security: - api_token: [] post: tags: - UserSchema description: Partial updates on the User Profile properties of the user schema. operationId: updateUserProfile parameters: - name: schemaId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UserSchema' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserSchema' security: - api_token: [] x-codegen-request-body-name: userSchema /api/v1/meta/types/user: get: tags: - UserType description: Fetches all User Types in your org operationId: listUserTypes responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/UserType' security: - api_token: [] post: tags: - UserType description: "Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10." operationId: createUserType requestBody: content: application/json: schema: $ref: '#/components/schemas/UserType' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserType' security: - api_token: [] x-codegen-request-body-name: userType /api/v1/meta/types/user/{typeId}: get: tags: - UserType description: Fetches a User Type by ID. The special identifier `default` may be used to fetch the default User Type. operationId: getUserType parameters: - name: typeId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserType' security: - api_token: [] put: tags: - UserType description: Replace an existing User Type operationId: replaceUserType parameters: - name: typeId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UserType' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserType' security: - api_token: [] x-codegen-request-body-name: userType post: tags: - UserType description: Updates an existing User Type operationId: updateUserType parameters: - name: typeId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UserType' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserType' security: - api_token: [] x-codegen-request-body-name: userType delete: tags: - UserType description: "Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users" operationId: deleteUserType parameters: - name: typeId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/org: get: tags: - Org summary: Okta Get org settings description: Get settings of your organization. operationId: getOrgSettings responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgSetting' security: - api_token: [] put: tags: - Org summary: Okta Update Org setting description: Update settings of your organization. operationId: updateOrgSetting requestBody: content: application/json: schema: $ref: '#/components/schemas/OrgSetting' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgSetting' security: - api_token: [] x-codegen-request-body-name: orgSetting post: tags: - Org summary: Okta Partial update Org setting description: Partial update settings of your organization. operationId: partialUpdateOrgSetting requestBody: content: application/json: schema: $ref: '#/components/schemas/OrgSetting' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgSetting' security: - api_token: [] x-codegen-request-body-name: orgSetting /api/v1/org/contacts: get: tags: - Org summary: Okta Get org contact types description: Gets Contact Types of your organization. operationId: getOrgContactTypes responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OrgContactTypeObj' security: - api_token: [] /api/v1/org/contacts/{contactType}: get: tags: - Org summary: Okta Get org contact user description: Retrieves the URL of the User associated with the specified Contact Type. operationId: getOrgContactUser parameters: - name: contactType in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgContactUser' security: - api_token: [] put: tags: - Org summary: Okta Update org contact user description: Updates the User associated with the specified Contact Type. operationId: updateOrgContactUser parameters: - name: contactType in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UserIdString' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgContactUser' security: - api_token: [] x-codegen-request-body-name: userId /api/v1/org/logo: post: tags: - Org summary: Okta Update org logo description: Updates the logo for your organization. operationId: updateOrgLogo requestBody: content: multipart/form-data: schema: required: - file type: object properties: file: type: string format: binary required: true responses: "201": description: Created content: {} security: - api_token: [] /api/v1/org/preferences: get: tags: - Org summary: Okta Get org preferences description: Gets preferences of your organization. operationId: getOrgPreferences responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgPreferences' security: - api_token: [] /api/v1/org/preferences/hideEndUserFooter: post: tags: - Org summary: Show Okta UI Footer description: Hide the Okta UI footer for all end users of your organization. operationId: hideOktaUIFooter responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgPreferences' security: - api_token: [] /api/v1/org/preferences/showEndUserFooter: post: tags: - Org summary: Show Okta UI Footer description: Makes the Okta UI footer visible for all end users of your organization. operationId: showOktaUIFooter responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgPreferences' security: - api_token: [] /api/v1/org/privacy/oktaCommunication: get: tags: - Org summary: Get Okta Communication Settings description: Gets Okta Communication Settings of your organization. operationId: getOktaCommunicationSettings responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgOktaCommunicationSetting' security: - api_token: [] /api/v1/org/privacy/oktaCommunication/optIn: post: tags: - Org summary: Opt in all users to Okta Communication emails description: Opts in all users of this org to Okta Communication emails. operationId: optInUsersToOktaCommunicationEmails responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgOktaCommunicationSetting' security: - api_token: [] /api/v1/org/privacy/oktaCommunication/optOut: post: tags: - Org summary: Opt out all users from Okta Communication emails description: Opts out all users of this org from Okta Communication emails. operationId: optOutUsersFromOktaCommunicationEmails responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgOktaCommunicationSetting' security: - api_token: [] /api/v1/org/privacy/oktaSupport: get: tags: - Org summary: Get Okta Support settings description: Gets Okta Support Settings of your organization. operationId: getOrgOktaSupportSettings responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgOktaSupportSettingsObj' security: - api_token: [] /api/v1/org/privacy/oktaSupport/extend: post: tags: - Org summary: Extend Okta Support description: Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time. operationId: extendOktaSupport responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgOktaSupportSettingsObj' security: - api_token: [] /api/v1/org/privacy/oktaSupport/grant: post: tags: - Org summary: Grant Okta Support description: Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours. operationId: grantOktaSupport responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgOktaSupportSettingsObj' security: - api_token: [] /api/v1/org/privacy/oktaSupport/revoke: post: tags: - Org summary: Extend Okta Support description: Revokes Okta Support access to your organization. operationId: revokeOktaSupport responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OrgOktaSupportSettingsObj' security: - api_token: [] /api/v1/policies: get: tags: - Policy description: Gets all policies with the specified type. operationId: listPolicies parameters: - name: type in: query required: true schema: type: string - name: status in: query schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Policy' security: - api_token: [] post: tags: - Policy description: Creates a policy. operationId: createPolicy parameters: - name: activate in: query schema: type: boolean default: true requestBody: content: application/json: schema: $ref: '#/components/schemas/Policy' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Policy' security: - api_token: [] x-codegen-request-body-name: policy /api/v1/policies/{policyId}: get: tags: - Policy description: Gets a policy. operationId: getPolicy parameters: - name: policyId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Policy' security: - api_token: [] put: tags: - Policy description: Updates a policy. operationId: updatePolicy parameters: - name: policyId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Policy' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Policy' security: - api_token: [] x-codegen-request-body-name: policy delete: tags: - Policy description: Removes a policy. operationId: deletePolicy parameters: - name: policyId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/policies/{policyId}/lifecycle/activate: post: tags: - Policy description: Activates a policy. operationId: activatePolicy parameters: - name: policyId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/policies/{policyId}/lifecycle/deactivate: post: tags: - Policy description: Deactivates a policy. operationId: deactivatePolicy parameters: - name: policyId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/policies/{policyId}/rules: get: tags: - Policy description: Enumerates all policy rules. operationId: listPolicyRules parameters: - name: policyId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/PolicyRule' security: - api_token: [] post: tags: - Policy description: Creates a policy rule. operationId: createPolicyRule parameters: - name: policyId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyRule' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/PolicyRule' security: - api_token: [] x-codegen-request-body-name: policyRule /api/v1/policies/{policyId}/rules/{ruleId}: get: tags: - Policy description: Gets a policy rule. operationId: getPolicyRule parameters: - name: policyId in: path required: true schema: type: string - name: ruleId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/PolicyRule' security: - api_token: [] put: tags: - Policy description: Updates a policy rule. operationId: updatePolicyRule parameters: - name: policyId in: path required: true schema: type: string - name: ruleId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyRule' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/PolicyRule' security: - api_token: [] x-codegen-request-body-name: policyRule delete: tags: - Policy description: Removes a policy rule. operationId: deletePolicyRule parameters: - name: policyId in: path required: true schema: type: string - name: ruleId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate: post: tags: - Policy description: Activates a policy rule. operationId: activatePolicyRule parameters: - name: policyId in: path required: true schema: type: string - name: ruleId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate: post: tags: - Policy description: Deactivates a policy rule. operationId: deactivatePolicyRule parameters: - name: policyId in: path required: true schema: type: string - name: ruleId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/roles/{roleTypeOrRoleId}/subscriptions: get: tags: - Subscription summary: Okta List all subscriptions of a Custom Role description: When roleType List all subscriptions of a Role. Else when roleId List subscriptions of a Custom Role operationId: listRoleSubscriptions parameters: - name: roleTypeOrRoleId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Subscription' "404": description: Not Found content: {} security: - api_token: [] /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}: get: tags: - Subscription summary: Okta Get subscriptions of a Custom Role with a specific notification type description: When roleType Get subscriptions of a Role with a specific notification type. Else when roleId Get subscription of a Custom Role with a specific notification type. operationId: getRoleSubscriptionByNotificationType parameters: - name: roleTypeOrRoleId in: path required: true schema: type: string - name: notificationType in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Subscription' "404": description: Not Found content: {} security: - api_token: [] /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/subscribe: post: tags: - Subscription summary: Okta Subscribe a Custom Role to a specific notification type description: "When roleType Subscribes a Role to a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Subscribes a Custom Role to a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role." operationId: subscribeRoleSubscriptionByNotificationType parameters: - name: roleTypeOrRoleId in: path required: true schema: type: string - name: notificationType in: path required: true schema: type: string responses: "200": description: Success content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/roles/{roleTypeOrRoleId}/subscriptions/{notificationType}/unsubscribe: post: tags: - Subscription summary: Okta Unsubscribe a Custom Role from a specific notification type description: "When roleType Unsubscribes a Role from a specific notification type. When you change the subscription status of a Role, it overrides the subscription of any individual user of that Role. Else when roleId Unsubscribes a Custom Role from a specific notification type. When you change the subscription status of a Custom Role, it overrides the subscription of any individual user of that Custom Role." operationId: unsubscribeRoleSubscriptionByNotificationType parameters: - name: roleTypeOrRoleId in: path required: true schema: type: string - name: notificationType in: path required: true schema: type: string responses: "200": description: Success content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/sessions: post: tags: - Session summary: Okta Create Session with Session Token description: "Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL." operationId: createSession requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateSessionRequest' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Session' "400": description: Bad Request content: {} security: - api_token: [] x-codegen-request-body-name: createSessionRequest /api/v1/sessions/{sessionId}: get: tags: - Session description: Get details about a session. operationId: getSession parameters: - name: sessionId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Session' security: - api_token: [] delete: tags: - Session summary: Okta Close Session operationId: endSession parameters: - name: sessionId in: path required: true schema: type: string responses: "204": description: No Content content: {} "400": description: Bad Request content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/sessions/{sessionId}/lifecycle/refresh: post: tags: - Session summary: Okta Refresh Session operationId: refreshSession parameters: - name: sessionId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Session' "404": description: Not Found content: {} security: - api_token: [] /api/v1/templates/sms: get: tags: - Template summary: Okta List SMS Templates description: Enumerates custom SMS templates in your organization. A subset of templates can be returned that match a template type. operationId: listSmsTemplates parameters: - name: templateType in: query schema: type: string x-openapi-v3-schema-ref: '#/definitions/SmsTemplateType' x-openapi-v3-schema-ref: '#/definitions/SmsTemplateType' responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/SmsTemplate' security: - api_token: [] post: tags: - Template summary: Okta Add SMS Template description: Adds a new custom SMS template to your organization. operationId: createSmsTemplate requestBody: content: application/json: schema: $ref: '#/components/schemas/SmsTemplate' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/SmsTemplate' security: - api_token: [] x-codegen-request-body-name: smsTemplate /api/v1/templates/sms/{templateId}: get: tags: - Template summary: Okta Get SMS Template description: Fetches a specific template by `id` operationId: getSmsTemplate parameters: - name: templateId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/SmsTemplate' security: - api_token: [] put: tags: - Template summary: Okta Update SMS Template description: Updates the SMS template. operationId: updateSmsTemplate parameters: - name: templateId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SmsTemplate' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/SmsTemplate' security: - api_token: [] x-codegen-request-body-name: smsTemplate post: tags: - Template summary: Okta Partial SMS Template Update description: 'Updates only some of the SMS template properties:' operationId: partialUpdateSmsTemplate parameters: - name: templateId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SmsTemplate' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/SmsTemplate' security: - api_token: [] x-codegen-request-body-name: smsTemplate delete: tags: - Template summary: Okta Remove SMS Template description: Removes an SMS template. operationId: deleteSmsTemplate parameters: - name: templateId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/threats/configuration: get: tags: - ThreatInsight description: Gets current ThreatInsight configuration operationId: getCurrentConfiguration responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ThreatInsightConfiguration' security: - api_token: [] post: tags: - ThreatInsight description: Updates ThreatInsight configuration operationId: updateConfiguration requestBody: content: application/json: schema: $ref: '#/components/schemas/ThreatInsightConfiguration' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ThreatInsightConfiguration' security: - api_token: [] x-codegen-request-body-name: ThreatInsightConfiguration /api/v1/trustedOrigins: get: tags: - TrustedOrigin description: Success operationId: listOrigins parameters: - name: q in: query schema: type: string - name: filter in: query schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: -1 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/TrustedOrigin' security: - api_token: [] post: tags: - TrustedOrigin description: Success operationId: createOrigin requestBody: content: application/json: schema: $ref: '#/components/schemas/TrustedOrigin' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/TrustedOrigin' security: - api_token: [] x-codegen-request-body-name: trustedOrigin /api/v1/trustedOrigins/{trustedOriginId}: get: tags: - TrustedOrigin description: Success operationId: getOrigin parameters: - name: trustedOriginId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/TrustedOrigin' security: - api_token: [] put: tags: - TrustedOrigin description: Success operationId: updateOrigin parameters: - name: trustedOriginId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/TrustedOrigin' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/TrustedOrigin' security: - api_token: [] x-codegen-request-body-name: trustedOrigin delete: tags: - TrustedOrigin description: Success operationId: deleteOrigin parameters: - name: trustedOriginId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate: post: tags: - TrustedOrigin description: Success operationId: activateOrigin parameters: - name: trustedOriginId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/TrustedOrigin' security: - api_token: [] /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate: post: tags: - TrustedOrigin description: Success operationId: deactivateOrigin parameters: - name: trustedOriginId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/TrustedOrigin' security: - api_token: [] /api/v1/users: get: tags: - User summary: Okta List Users description: "Lists users that do not have a status of 'DEPROVISIONED' (by default), up to the maximum (200 for most orgs), with pagination in most cases. A subset of users can be returned that match a supported filter expression or search criteria." operationId: listUsers parameters: - name: q in: query description: "Finds a user that matches firstName, lastName, and email properties" schema: type: string - name: after in: query description: Specifies the pagination cursor for the next page of users schema: type: string - name: limit in: query description: Specifies the number of results returned schema: type: integer format: int32 default: 10 - name: filter in: query description: Filters users with a supported expression for a subset of properties schema: type: string - name: search in: query description: Searches for users with a supported filtering expression for most properties schema: type: string - name: sortBy in: query schema: type: string - name: sortOrder in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/User' security: - api_token: [] post: tags: - User summary: Okta Create User description: Creates a new user in your Okta organization with or without credentials. operationId: createUser parameters: - name: activate in: query description: Executes activation lifecycle operation when creating the user schema: type: boolean default: true - name: provider in: query description: Indicates whether to create a user with a specified authentication provider schema: type: boolean default: false - name: nextLogin in: query description: "With activate=true, set nextLogin to \"changePassword\" to have the password be EXPIRED, so user must change it the next time they log in." schema: type: string x-okta-added-version: 0.14.0 x-openapi-v3-schema-ref: '#/definitions/UserNextLogin' x-okta-added-version: 0.14.0 x-openapi-v3-schema-ref: '#/definitions/UserNextLogin' requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateUserRequest' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/User' security: - api_token: [] x-codegen-request-body-name: body /api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}: put: tags: - User operationId: setLinkedObjectForUser parameters: - name: associatedUserId in: path required: true schema: type: string - name: primaryRelationshipName in: path required: true schema: type: string - name: primaryUserId in: path required: true schema: type: string responses: "204": description: Success content: {} security: - api_token: [] /api/v1/users/{userId}: get: tags: - User summary: Okta Get User description: Fetches a user from your Okta organization. operationId: getUser parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/User' security: - api_token: [] put: tags: - User summary: Okta Update User description: Update a user's profile and/or credentials using strict-update semantics. operationId: updateUser parameters: - name: userId in: path required: true schema: type: string - name: strict in: query schema: type: boolean x-okta-added-version: 1.10.0 x-okta-added-version: 1.10.0 requestBody: content: application/json: schema: $ref: '#/components/schemas/User' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/User' security: - api_token: [] x-codegen-request-body-name: user post: tags: - User description: Update a user's profile or credentials with partial update semantics. operationId: partialUpdateUser parameters: - name: userId in: path required: true schema: type: string - name: strict in: query schema: type: boolean requestBody: content: application/json: schema: $ref: '#/components/schemas/User' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/User' security: - api_token: [] x-codegen-request-body-name: user delete: tags: - User summary: Okta Delete User description: Deletes a user permanently. This operation can only be performed on users that have a `DEPROVISIONED` status. **This action cannot be recovered!** operationId: deactivateOrDeleteUser parameters: - name: userId in: path required: true schema: type: string - name: sendEmail in: query schema: type: boolean default: false x-okta-added-version: 1.5.0 x-okta-added-version: 1.5.0 responses: "202": description: ACCEPTED content: {} security: - api_token: [] /api/v1/users/{userId}/appLinks: get: tags: - User summary: Okta Get Assigned App Links description: Fetches appLinks for all direct or indirect (via group membership) assigned applications. operationId: listAppLinks parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/AppLink' security: - api_token: [] /api/v1/users/{userId}/clients: get: tags: - User description: Lists all client resources for which the specified user has grants or tokens. operationId: listUserClients parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OAuth2Client' security: - api_token: [] /api/v1/users/{userId}/clients/{clientId}/grants: get: tags: - User description: Lists all grants for a specified user and client operationId: listGrantsForUserAndClient parameters: - name: userId in: path required: true schema: type: string - name: clientId in: path required: true schema: type: string - name: expand in: query schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OAuth2ScopeConsentGrant' security: - api_token: [] delete: tags: - User description: Revokes all grants for the specified user and client operationId: revokeGrantsForUserAndClient parameters: - name: userId in: path required: true schema: type: string - name: clientId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/clients/{clientId}/tokens: get: tags: - User description: Lists all refresh tokens issued for the specified User and Client. operationId: listRefreshTokensForUserAndClient parameters: - name: userId in: path required: true schema: type: string - name: clientId in: path required: true schema: type: string - name: expand in: query schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OAuth2RefreshToken' security: - api_token: [] delete: tags: - User description: Revokes all refresh tokens issued for the specified User and Client. operationId: revokeTokensForUserAndClient parameters: - name: userId in: path required: true schema: type: string - name: clientId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}: get: tags: - User description: Gets a refresh token issued for the specified User and Client. operationId: getRefreshTokenForUserAndClient parameters: - name: userId in: path required: true schema: type: string - name: clientId in: path required: true schema: type: string - name: tokenId in: path required: true schema: type: string - name: expand in: query schema: type: string - name: limit in: query schema: type: integer default: 20 - name: after in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OAuth2RefreshToken' security: - api_token: [] delete: tags: - User description: Revokes the specified refresh token. operationId: revokeTokenForUserAndClient parameters: - name: userId in: path required: true schema: type: string - name: clientId in: path required: true schema: type: string - name: tokenId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/credentials/change_password: post: tags: - User summary: Okta Change Password description: "Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential" operationId: changePassword parameters: - name: userId in: path required: true schema: type: string - name: strict in: query schema: type: boolean x-okta-added-version: 1.10.0 x-okta-added-version: 1.10.0 requestBody: content: application/json: schema: $ref: '#/components/schemas/ChangePasswordRequest' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserCredentials' security: - api_token: [] x-codegen-request-body-name: changePasswordRequest /api/v1/users/{userId}/credentials/change_recovery_question: post: tags: - User summary: Okta Change Recovery Question description: "Changes a user's recovery question & answer credential by validating the user's current password. This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential" operationId: changeRecoveryQuestion parameters: - name: userId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UserCredentials' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserCredentials' security: - api_token: [] x-codegen-request-body-name: userCredentials /api/v1/users/{userId}/credentials/forgot_password: post: tags: - User summary: Okta Forgot Password parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ForgotPasswordResponse' security: - api_token: [] x-okta-multi-operation: - description: Generates a one-time token (OTT) that can be used to reset a user's password operationId: forgotPasswordGenerateOneTimeToken parameters: - default: true in: query name: sendEmail type: boolean - description: Sets a new password for a user by validating the user's answer to their current recovery question operationId: forgotPasswordSetNewPassword parameters: - in: body name: user required: true schema: $ref: '#/definitions/UserCredentials' - default: true in: query name: sendEmail type: boolean /api/v1/users/{userId}/factors: get: tags: - UserFactor description: Enumerates all the enrolled factors for the specified user operationId: listFactors parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/UserFactor' security: - api_token: [] post: tags: - UserFactor summary: Okta Enroll Factor description: Enrolls a user with a supported factor. operationId: enrollFactor parameters: - name: userId in: path required: true schema: type: string - name: updatePhone in: query schema: type: boolean default: false - name: templateId in: query description: id of SMS template (only for SMS factor) schema: type: string - name: tokenLifetimeSeconds in: query schema: type: integer format: int32 default: 300 x-okta-added-version: 1.3.0 x-okta-added-version: 1.3.0 - name: activate in: query schema: type: boolean default: false x-okta-added-version: 1.3.0 x-okta-added-version: 1.3.0 requestBody: description: Factor content: application/json: schema: $ref: '#/components/schemas/UserFactor' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserFactor' security: - api_token: [] x-codegen-request-body-name: body /api/v1/users/{userId}/factors/catalog: get: tags: - UserFactor description: Enumerates all the supported factors that can be enrolled for the specified user operationId: listSupportedFactors parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/UserFactor' security: - api_token: [] /api/v1/users/{userId}/factors/questions: get: tags: - UserFactor description: Enumerates all available security questions for a user's `question` factor operationId: listSupportedSecurityQuestions parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/SecurityQuestion' security: - api_token: [] /api/v1/users/{userId}/factors/{factorId}: get: tags: - UserFactor description: Fetches a factor for the specified user operationId: getFactor parameters: - name: userId in: path required: true schema: type: string - name: factorId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserFactor' security: - api_token: [] delete: tags: - UserFactor description: "Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor." operationId: deleteFactor parameters: - name: userId in: path required: true schema: type: string - name: factorId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate: post: tags: - UserFactor summary: Okta Activate Factor description: The `sms` and `token:software:totp` factor types require activation to complete the enrollment process. operationId: activateFactor parameters: - name: userId in: path required: true schema: type: string - name: factorId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ActivateFactorRequest' required: false responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserFactor' security: - api_token: [] x-codegen-request-body-name: body /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}: get: tags: - UserFactor description: Polls factors verification transaction for status. operationId: getFactorTransactionStatus parameters: - name: userId in: path required: true schema: type: string - name: factorId in: path required: true schema: type: string - name: transactionId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/VerifyUserFactorResponse' security: - api_token: [] /api/v1/users/{userId}/factors/{factorId}/verify: post: tags: - UserFactor summary: Okta Verify MFA Factor description: Verifies an OTP for a `token` or `token:hardware` factor operationId: verifyFactor parameters: - name: userId in: path required: true schema: type: string - name: factorId in: path required: true schema: type: string - name: templateId in: query schema: type: string - name: tokenLifetimeSeconds in: query schema: type: integer format: int32 default: 300 x-okta-added-version: 1.3.0 x-okta-added-version: 1.3.0 - name: X-Forwarded-For in: header schema: type: string x-okta-added-version: 1.11.0 x-okta-added-version: 1.11.0 - name: User-Agent in: header schema: type: string x-okta-added-version: 1.11.0 x-okta-added-version: 1.11.0 - name: Accept-Language in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/VerifyFactorRequest' required: false responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/VerifyUserFactorResponse' security: - api_token: [] x-codegen-request-body-name: body /api/v1/users/{userId}/grants: get: tags: - User description: Lists all grants for the specified user operationId: listUserGrants parameters: - name: userId in: path required: true schema: type: string - name: scopeId in: query schema: type: string - name: expand in: query schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/OAuth2ScopeConsentGrant' security: - api_token: [] delete: tags: - User description: Revokes all grants for a specified user operationId: revokeUserGrants parameters: - name: userId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/grants/{grantId}: get: tags: - User description: Gets a grant for the specified user operationId: getUserGrant parameters: - name: userId in: path required: true schema: type: string - name: grantId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/OAuth2ScopeConsentGrant' security: - api_token: [] delete: tags: - User description: Revokes one grant for a specified user operationId: revokeUserGrant parameters: - name: userId in: path required: true schema: type: string - name: grantId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/groups: get: tags: - User summary: Okta Get Member Groups description: Fetches the groups of which the user is a member. operationId: listUserGroups parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Group' security: - api_token: [] /api/v1/users/{userId}/idps: get: tags: - User summary: Okta Listing IdPs associated with a user description: Lists the IdPs associated with the user. operationId: listUserIdentityProviders parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityProvider' security: - api_token: [] /api/v1/users/{userId}/lifecycle/activate: post: tags: - User summary: Okta Activate User description: Activates a user. This operation can only be performed on users with a `STAGED` status. Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation. The user will have a status of `ACTIVE` when the activation process is complete. operationId: activateUser parameters: - name: userId in: path required: true schema: type: string - name: sendEmail in: query description: Sends an activation email to the user if true required: true schema: type: boolean default: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserActivationToken' security: - api_token: [] /api/v1/users/{userId}/lifecycle/deactivate: post: tags: - User summary: Okta Deactivate User description: "Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. While the asynchronous operation (triggered by HTTP header `Prefer: respond-async`) is proceeding the user's `transitioningToStatus` property is `DEPROVISIONED`. The user's status is `DEPROVISIONED` when the deactivation process is complete." operationId: deactivateUser parameters: - name: userId in: path required: true schema: type: string - name: sendEmail in: query schema: type: boolean default: false x-okta-added-version: 1.5.0 x-okta-added-version: 1.5.0 responses: "200": description: OK content: {} security: - api_token: [] /api/v1/users/{userId}/lifecycle/expire_password?tempPassword=false: post: tags: - User summary: Okta Expire Password description: This operation transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login. operationId: expirePassword parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/User' security: - api_token: [] /api/v1/users/{userId}/lifecycle/expire_password?tempPassword=true: post: tags: - User summary: Okta Expire Password description: This operation transitions the user to the status of `PASSWORD_EXPIRED` and the user's password is reset to a temporary password that is returned. operationId: expirePasswordAndGetTemporaryPassword parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/TempPassword' security: - api_token: [] /api/v1/users/{userId}/lifecycle/reactivate: post: tags: - User summary: Okta Reactivate User description: "Reactivates a user. This operation can only be performed on users with a `PROVISIONED` status. This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user)." operationId: reactivateUser parameters: - name: userId in: path required: true schema: type: string - name: sendEmail in: query description: Sends an activation email to the user if true schema: type: boolean default: false responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/UserActivationToken' security: - api_token: [] /api/v1/users/{userId}/lifecycle/reset_factors: post: tags: - User summary: Okta Reset Factors description: This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors. operationId: resetFactors parameters: - name: userId in: path required: true schema: type: string responses: "200": description: OK content: {} security: - api_token: [] /api/v1/users/{userId}/lifecycle/reset_password: post: tags: - User summary: Okta Reset Password description: Generates a one-time token (OTT) that can be used to reset a user's password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow. operationId: resetPassword parameters: - name: userId in: path required: true schema: type: string - name: sendEmail in: query required: true schema: type: boolean responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/ResetPasswordToken' security: - api_token: [] /api/v1/users/{userId}/lifecycle/suspend: post: tags: - User summary: Okta Suspend User description: Suspends a user. This operation can only be performed on users with an `ACTIVE` status. The user will have a status of `SUSPENDED` when the process is complete. operationId: suspendUser parameters: - name: userId in: path required: true schema: type: string responses: "200": description: OK content: {} security: - api_token: [] /api/v1/users/{userId}/lifecycle/unlock: post: tags: - User summary: Okta Unlock User description: Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE` status. Users will be able to login with their current password. operationId: unlockUser parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/users/{userId}/lifecycle/unsuspend: post: tags: - User summary: Okta Unsuspend User description: Unsuspends a user and returns them to the `ACTIVE` state. This operation can only be performed on users that have a `SUSPENDED` status. operationId: unsuspendUser parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/users/{userId}/linkedObjects/{relationshipName}: get: tags: - User description: "Get linked objects for a user, relationshipName can be a primary or associated relationship name" operationId: getLinkedObjectsForUser parameters: - name: userId in: path required: true schema: type: string - name: relationshipName in: path required: true schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: -1 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/ResponseLinks' security: - api_token: [] delete: tags: - User description: "Delete linked objects for a user, relationshipName can be ONLY a primary relationship name" operationId: removeLinkedObjectForUser parameters: - name: userId in: path required: true schema: type: string - name: relationshipName in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/roles: get: tags: - User description: Lists all roles assigned to a user. operationId: listAssignedRolesForUser parameters: - name: userId in: path required: true schema: type: string - name: expand in: query schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Role' security: - api_token: [] post: tags: - User description: Assigns a role to a user. operationId: assignRoleToUser parameters: - name: userId in: path required: true schema: type: string - name: disableNotifications in: query schema: type: boolean requestBody: content: application/json: schema: $ref: '#/components/schemas/AssignRoleRequest' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Role' security: - api_token: [] x-codegen-request-body-name: assignRoleRequest /api/v1/users/{userId}/roles/{roleId}: get: tags: - User description: Gets role that is assigne to user. operationId: getUserRole parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Role' security: - api_token: [] delete: tags: - User description: Unassigns a role from a user. operationId: removeRoleFromUser parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps: get: tags: - User description: "Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID." operationId: listApplicationTargetsForApplicationAdministratorRoleForUser parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/CatalogApplication' security: - api_token: [] put: tags: - User description: Success operationId: addAllAppsAsTargetToRole parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}: put: tags: - User description: Success operationId: addApplicationTargetToAdminRoleForUser parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: appName in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] delete: tags: - User description: Success operationId: removeApplicationTargetFromApplicationAdministratorRoleForUser parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: appName in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/roles/{roleId}/targets/catalog/apps/{appName}/{applicationId}: put: tags: - User summary: Okta Add App Instance Target to App Administrator Role given to a User description: Add App Instance Target to App Administrator Role given to a User operationId: addApplicationTargetToAppAdminRoleForUser parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: appName in: path required: true schema: type: string - name: applicationId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] delete: tags: - User summary: Okta Remove App Instance Target to App Administrator Role given to a User description: Remove App Instance Target to App Administrator Role given to a User operationId: removeApplicationTargetFromAdministratorRoleForUser parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: appName in: path required: true schema: type: string - name: applicationId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/roles/{roleId}/targets/groups: get: tags: - User description: Success operationId: listGroupTargetsForRole parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: after in: query schema: type: string - name: limit in: query schema: type: integer format: int32 default: 20 responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Group' security: - api_token: [] /api/v1/users/{userId}/roles/{roleId}/targets/groups/{groupId}: put: tags: - User description: Success operationId: addGroupTargetToRole parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: groupId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] delete: tags: - User description: Success operationId: removeGroupTargetFromRole parameters: - name: userId in: path required: true schema: type: string - name: roleId in: path required: true schema: type: string - name: groupId in: path required: true schema: type: string responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/sessions: delete: tags: - User description: Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user. operationId: clearUserSessions parameters: - name: userId in: path required: true schema: type: string - name: oauthTokens in: query description: Revoke issued OpenID Connect and OAuth refresh and access tokens schema: type: boolean default: false responses: "204": description: No Content content: {} security: - api_token: [] /api/v1/users/{userId}/subscriptions: get: tags: - User summary: Okta List subscriptions of a User description: List subscriptions of a User. Only lists subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users. operationId: listUserSubscriptions parameters: - name: userId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/Subscription' "404": description: Not Found content: {} security: - api_token: [] /api/v1/users/{userId}/subscriptions/{notificationType}: get: tags: - User summary: Okta Get the subscription of a User with a specific notification type description: Get the subscriptions of a User with a specific notification type. Only gets subscriptions for current user. An AccessDeniedException message is sent if requests are made from other users. operationId: getUserSubscriptionByNotificationType parameters: - name: userId in: path required: true schema: type: string - name: notificationType in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/Subscription' "404": description: Not Found content: {} security: - api_token: [] /api/v1/users/{userId}/subscriptions/{notificationType}/subscribe: post: tags: - Subscription summary: Okta Subscribe to a specific notification type description: Subscribes a User to a specific notification type. Only the current User can subscribe to a specific notification type. An AccessDeniedException message is sent if requests are made from other users. operationId: subscribeUserSubscriptionByNotificationType parameters: - name: userId in: path required: true schema: type: string - name: notificationType in: path required: true schema: type: string responses: "200": description: Success content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe: post: tags: - Subscription summary: Okta Unsubscribe from a specific notification type description: Unsubscribes a User from a specific notification type. Only the current User can unsubscribe from a specific notification type. An AccessDeniedException message is sent if requests are made from other users. operationId: unsubscribeUserSubscriptionByNotificationType parameters: - name: userId in: path required: true schema: type: string - name: notificationType in: path required: true schema: type: string responses: "200": description: Success content: {} "404": description: Not Found content: {} security: - api_token: [] /api/v1/zones: get: tags: - NetworkZone summary: Okta List Network Zones description: Enumerates network zones added to your organization with pagination. A subset of zones can be returned that match a supported filter expression or query. operationId: listNetworkZones parameters: - name: after in: query description: Specifies the pagination cursor for the next page of network zones schema: type: string - name: limit in: query description: Specifies the number of results for a page schema: type: integer format: int32 default: -1 - name: filter in: query description: Filters zones by usage or id expression schema: type: string responses: "200": description: Success content: application/json: schema: type: array items: $ref: '#/components/schemas/NetworkZone' security: - api_token: [] post: tags: - NetworkZone summary: Okta Add Network Zone description: Adds a new network zone to your Okta organization. operationId: createNetworkZone requestBody: content: application/json: schema: $ref: '#/components/schemas/NetworkZone' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/NetworkZone' security: - api_token: [] x-codegen-request-body-name: zone /api/v1/zones/{zoneId}: get: tags: - NetworkZone summary: Okta Get Network Zone description: Fetches a network zone from your Okta organization by `id`. operationId: getNetworkZone parameters: - name: zoneId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/NetworkZone' security: - api_token: [] put: tags: - NetworkZone summary: Okta Update Network Zone description: Updates a network zone in your organization. operationId: updateNetworkZone parameters: - name: zoneId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/NetworkZone' required: true responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/NetworkZone' security: - api_token: [] x-codegen-request-body-name: zone delete: tags: - NetworkZone summary: Okta Delete Network Zone description: Removes network zone. operationId: deleteNetworkZone parameters: - name: zoneId in: path required: true schema: type: string responses: "200": description: Success content: {} security: - api_token: [] /api/v1/zones/{zoneId}/lifecycle/activate: post: tags: - NetworkZone summary: Okta Activate Network Zone description: Activate Network Zone operationId: activateNetworkZone parameters: - name: zoneId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/NetworkZone' security: - api_token: [] /api/v1/zones/{zoneId}/lifecycle/deactivate: post: tags: - NetworkZone summary: Okta Deactivate Network Zone description: Deactivates a network zone. operationId: deactivateNetworkZone parameters: - name: zoneId in: path required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: '#/components/schemas/NetworkZone' security: - api_token: [] components: schemas: AccessPolicy: type: object x-okta-parent: '#/definitions/Policy' x-okta-tags: - Policy AccessPolicyConstraint: type: object properties: methods: type: array items: type: string reauthenticateIn: type: string types: type: array items: type: string x-okta-tags: - Policy AccessPolicyConstraints: type: object properties: knowledge: $ref: '#/components/schemas/KnowledgeConstraint' possession: $ref: '#/components/schemas/PossessionConstraint' x-okta-tags: - Policy AccessPolicyRule: type: object properties: actions: $ref: '#/components/schemas/AccessPolicyRuleActions' conditions: $ref: '#/components/schemas/AccessPolicyRuleConditions' name: type: string x-okta-parent: '#/definitions/PolicyRule' x-okta-tags: - Policy AccessPolicyRuleActions: type: object properties: appSignOn: $ref: '#/components/schemas/AccessPolicyRuleApplicationSignOn' x-okta-parent: '#/definitions/PolicyRuleActions' x-okta-tags: - Policy AccessPolicyRuleApplicationSignOn: type: object properties: access: type: string verificationMethod: $ref: '#/components/schemas/VerificationMethod' x-okta-tags: - Policy AccessPolicyRuleConditions: type: object properties: device: $ref: '#/components/schemas/DeviceAccessPolicyRuleCondition' elCondition: $ref: '#/components/schemas/AccessPolicyRuleCustomCondition' userType: $ref: '#/components/schemas/UserTypeCondition' x-okta-parent: '#/definitions/PolicyRuleConditions' x-okta-tags: - Policy AccessPolicyRuleCustomCondition: type: object properties: condition: type: string x-okta-tags: - Policy AcsEndpoint: type: object properties: index: type: integer url: type: string x-okta-tags: - Application ActivateFactorRequest: type: object properties: attestation: type: string clientData: type: string passCode: type: string registrationData: type: string stateToken: type: string x-okta-tags: - UserFactor AllowedForEnum: type: string enum: - recovery - sso - any - none x-okta-tags: - Authenticator AppAndInstanceConditionEvaluatorAppOrInstance: type: object properties: id: type: string readOnly: true name: type: string type: type: string enum: - APP_TYPE - APP x-okta-tags: - Policy AppAndInstancePolicyRuleCondition: type: object properties: exclude: type: array items: $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance' include: type: array items: $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance' x-okta-tags: - Policy AppInstancePolicyRuleCondition: type: object properties: exclude: type: array items: type: string include: type: array items: type: string x-okta-tags: - Policy AppLink: type: object properties: appAssignmentId: type: string readOnly: true appInstanceId: type: string readOnly: true appName: type: string readOnly: true credentialsSetup: type: boolean readOnly: true hidden: type: boolean readOnly: true id: type: string readOnly: true label: type: string readOnly: true linkUrl: type: string readOnly: true logoUrl: type: string readOnly: true sortOrder: type: integer readOnly: true x-okta-tags: - User AppUser: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true created: type: string format: date-time readOnly: true credentials: $ref: '#/components/schemas/AppUserCredentials' externalId: type: string readOnly: true id: type: string lastSync: type: string format: date-time readOnly: true lastUpdated: type: string format: date-time readOnly: true passwordChanged: type: string format: date-time readOnly: true profile: type: object additionalProperties: type: object properties: {} scope: type: string status: type: string readOnly: true statusChanged: type: string format: date-time readOnly: true syncState: type: string readOnly: true x-okta-crud: - alias: update arguments: - dest: appId parentSrc: appId - dest: userId src: id - dest: appUser self: true operationId: updateApplicationUser - alias: delete arguments: - dest: appId parentSrc: appId - dest: userId src: id operationId: deleteApplicationUser x-okta-tags: - Application AppUserCredentials: type: object properties: password: $ref: '#/components/schemas/AppUserPasswordCredential' userName: type: string x-okta-tags: - Application AppUserPasswordCredential: type: object properties: value: type: string format: password x-okta-tags: - Application Application: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true accessibility: $ref: '#/components/schemas/ApplicationAccessibility' created: type: string format: date-time readOnly: true credentials: $ref: '#/components/schemas/ApplicationCredentials' features: type: array items: type: string id: type: string readOnly: true label: type: string lastUpdated: type: string format: date-time readOnly: true licensing: $ref: '#/components/schemas/ApplicationLicensing' name: type: string readOnly: true profile: type: object additionalProperties: type: object properties: {} settings: $ref: '#/components/schemas/ApplicationSettings' signOnMode: $ref: '#/components/schemas/ApplicationSignOnMode' status: type: string readOnly: true enum: - ACTIVE - INACTIVE - DELETED visibility: $ref: '#/components/schemas/ApplicationVisibility' x-okta-crud: - alias: read arguments: - dest: appId src: id operationId: getApplication - alias: update arguments: - dest: appId src: id - dest: application self: true operationId: updateApplication - alias: delete arguments: - dest: appId src: id operationId: deleteApplication x-okta-operations: - alias: activate arguments: - dest: appId src: id operationId: activateApplication - alias: deactivate arguments: - dest: appId src: id operationId: deactivateApplication - alias: listApplicationUsers arguments: - dest: appId src: id operationId: listApplicationUsers - alias: assignUserToApplication arguments: - dest: appId src: id operationId: assignUserToApplication - alias: getApplicationUser arguments: - dest: appId src: id operationId: getApplicationUser - alias: createApplicationGroupAssignment arguments: - dest: appId src: id operationId: createApplicationGroupAssignment - alias: getApplicationGroupAssignment arguments: - dest: appId src: id operationId: getApplicationGroupAssignment - alias: cloneApplicationKey arguments: - dest: appId src: id operationId: cloneApplicationKey - alias: getApplicationKey arguments: - dest: appId src: id operationId: getApplicationKey - alias: listGroupAssignments arguments: - dest: appId src: id operationId: listApplicationGroupAssignments - alias: listKeys arguments: - dest: appId src: id operationId: listApplicationKeys - alias: generateKey arguments: - dest: appId src: id operationId: generateApplicationKey - alias: generateCsr arguments: - dest: appId src: id operationId: generateCsrForApplication - alias: getCsr arguments: - dest: appId src: id operationId: getCsrForApplication - alias: revokeCsr arguments: - dest: appId src: id operationId: revokeCsrFromApplication - alias: listCsrs arguments: - dest: appId src: id operationId: listCsrsForApplication - alias: publishCerCert arguments: - dest: appId src: id operationId: publishCerCert - alias: publishBinaryCerCert arguments: - dest: appId src: id operationId: publishBinaryCerCert - alias: publishDerCert arguments: - dest: appId src: id operationId: publishDerCert - alias: publishBinaryDerCert arguments: - dest: appId src: id operationId: publishBinaryDerCert - alias: publishBinaryPemCert arguments: - dest: appId src: id operationId: publishBinaryPemCert - alias: listOAuth2Tokens arguments: - dest: appId src: id operationId: listOAuth2TokensForApplication - alias: revokeOAuth2TokenForApplication arguments: - dest: appId src: id operationId: revokeOAuth2TokenForApplication - alias: getOAuth2Token arguments: - dest: appId src: id operationId: getOAuth2TokenForApplication - alias: revokeOAuth2Tokens arguments: - dest: appId src: id operationId: revokeOAuth2TokensForApplication - alias: listScopeConsentGrants arguments: - dest: appId src: id operationId: listScopeConsentGrants - alias: grantConsentToScope arguments: - dest: appId src: id operationId: grantConsentToScope - alias: revokeScopeConsentGrant arguments: - dest: appId src: id operationId: revokeScopeConsentGrant - alias: getScopeConsentGrant arguments: - dest: appId src: id operationId: getScopeConsentGrant - alias: uploadApplicationLogo operationId: uploadApplicationLogo - alias: getFeatureForApplication arguments: - dest: appId src: id operationId: getFeatureForApplication - alias: updateFeatureForApplication arguments: - dest: appId src: id operationId: updateFeatureForApplication - alias: updateApplicationPolicy arguments: - dest: appId src: id operationId: updateApplicationPolicy x-okta-tags: - Application x-openapi-v3-discriminator: mapping: AUTO_LOGIN: '#/definitions/AutoLoginApplication' BASIC_AUTH: '#/definitions/BasicAuthApplication' BOOKMARK: '#/definitions/BookmarkApplication' BROWSER_PLUGIN: '#/definitions/BrowserPluginApplication' OPENID_CONNECT: '#/definitions/OpenIdConnectApplication' SAML_1_1: '#/definitions/SamlApplication' SAML_2_0: '#/definitions/SamlApplication' SECURE_PASSWORD_STORE: '#/definitions/SecurePasswordStoreApplication' WS_FEDERATION: '#/definitions/WsFederationApplication' propertyName: signOnMode ApplicationAccessibility: type: object properties: errorRedirectUrl: type: string loginRedirectUrl: type: string selfService: type: boolean x-okta-tags: - Application ApplicationCredentials: type: object properties: signing: $ref: '#/components/schemas/ApplicationCredentialsSigning' userNameTemplate: $ref: '#/components/schemas/ApplicationCredentialsUsernameTemplate' x-okta-tags: - Application ApplicationCredentialsOAuthClient: type: object properties: autoKeyRotation: type: boolean client_id: type: string client_secret: type: string pkce_required: type: boolean token_endpoint_auth_method: $ref: '#/components/schemas/OAuthEndpointAuthenticationMethod' x-okta-tags: - Application ApplicationCredentialsScheme: type: string enum: - SHARED_USERNAME_AND_PASSWORD - EXTERNAL_PASSWORD_SYNC - EDIT_USERNAME_AND_PASSWORD - EDIT_PASSWORD_ONLY - ADMIN_SETS_CREDENTIALS x-okta-tags: - Application ApplicationCredentialsSigning: type: object properties: kid: type: string lastRotated: type: string format: date-time readOnly: true nextRotation: type: string format: date-time readOnly: true rotationMode: type: string use: $ref: '#/components/schemas/ApplicationCredentialsSigningUse' x-okta-tags: - Application ApplicationCredentialsSigningUse: type: string enum: - sig x-okta-tags: - AuthorizationServer ApplicationCredentialsUsernameTemplate: type: object properties: pushStatus: type: string suffix: type: string template: type: string type: type: string x-okta-tags: - Application ApplicationFeature: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true capabilities: $ref: '#/components/schemas/CapabilitiesObject' description: type: string name: type: string status: $ref: '#/components/schemas/EnabledStatus' x-okta-operations: - alias: listFeaturesForApplication operationId: listFeaturesForApplication x-okta-tags: - Application ApplicationGroupAssignment: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true priority: type: integer profile: type: object additionalProperties: type: object properties: {} x-okta-crud: - alias: delete arguments: - dest: appId parentSrc: appId - dest: groupId src: id operationId: deleteApplicationGroupAssignment x-okta-tags: - Application ApplicationLicensing: type: object properties: seatCount: type: integer x-okta-tags: - Application ApplicationSettings: type: object properties: app: $ref: '#/components/schemas/ApplicationSettingsApplication' implicitAssignment: type: boolean inlineHookId: type: string notes: $ref: '#/components/schemas/ApplicationSettingsNotes' notifications: $ref: '#/components/schemas/ApplicationSettingsNotifications' x-okta-tags: - Application ApplicationSettingsApplication: type: object properties: acsUrl: type: string buttonField: type: string loginUrlRegex: type: string orgName: type: string passwordField: type: string url: type: string usernameField: type: string x-okta-tags: - Application ApplicationSettingsNotes: type: object properties: admin: type: string enduser: type: string x-okta-tags: - Application ApplicationSettingsNotifications: type: object properties: vpn: $ref: '#/components/schemas/ApplicationSettingsNotificationsVpn' x-okta-tags: - Application ApplicationSettingsNotificationsVpn: type: object properties: helpUrl: type: string message: type: string network: $ref: '#/components/schemas/ApplicationSettingsNotificationsVpnNetwork' x-okta-tags: - Application ApplicationSettingsNotificationsVpnNetwork: type: object properties: connection: type: string exclude: type: array items: type: string include: type: array items: type: string x-okta-tags: - Application ApplicationSignOnMode: type: string enum: - BOOKMARK - BASIC_AUTH - BROWSER_PLUGIN - SECURE_PASSWORD_STORE - AUTO_LOGIN - WS_FEDERATION - SAML_2_0 - OPENID_CONNECT - SAML_1_1 x-okta-tags: - Application ApplicationVisibility: type: object properties: appLinks: type: object additionalProperties: type: boolean autoLaunch: type: boolean autoSubmitToolbar: type: boolean hide: $ref: '#/components/schemas/ApplicationVisibilityHide' x-okta-tags: - Application ApplicationVisibilityHide: type: object properties: iOS: type: boolean web: type: boolean x-okta-tags: - Application AssignRoleRequest: type: object properties: type: $ref: '#/components/schemas/RoleType' x-okta-tags: - Role AuthenticationProvider: type: object properties: name: type: string type: $ref: '#/components/schemas/AuthenticationProviderType' x-okta-tags: - User AuthenticationProviderType: type: string enum: - ACTIVE_DIRECTORY - FEDERATION - LDAP - OKTA - SOCIAL - IMPORT x-okta-tags: - User Authenticator: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true created: type: string format: date-time readOnly: true id: type: string readOnly: true key: type: string lastUpdated: type: string format: date-time readOnly: true name: type: string provider: $ref: '#/components/schemas/AuthenticatorProvider' settings: $ref: '#/components/schemas/AuthenticatorSettings' status: $ref: '#/components/schemas/AuthenticatorStatus' type: $ref: '#/components/schemas/AuthenticatorType' x-okta-crud: - alias: read arguments: [] operationId: getAuthenticator - alias: update arguments: - dest: authenticatorId src: id - dest: authenticator self: true operationId: updateAuthenticator x-okta-operations: - alias: activate arguments: - dest: authenticatorId src: id operationId: activateAuthenticator - alias: deactivate arguments: - dest: authenticatorId src: id operationId: deactivateAuthenticator x-okta-tags: - Authenticator AuthenticatorProvider: type: object properties: configuration: $ref: '#/components/schemas/AuthenticatorProviderConfiguration' type: type: string x-okta-tags: - Authenticator AuthenticatorProviderConfiguration: type: object properties: authPort: type: integer host: type: string hostName: type: string instanceId: type: string integrationKey: type: string secretKey: type: string sharedSecret: type: string userNameTemplate: $ref: '#/components/schemas/AuthenticatorProviderConfigurationUserNamePlate' x-okta-tags: - Authenticator AuthenticatorProviderConfigurationUserNamePlate: type: object properties: template: type: string x-okta-tags: - Authenticator AuthenticatorSettings: type: object properties: allowedFor: $ref: '#/components/schemas/AllowedForEnum' appInstanceId: type: string channelBinding: $ref: '#/components/schemas/ChannelBinding' compliance: $ref: '#/components/schemas/Compliance' tokenLifetimeInMinutes: type: integer userVerification: $ref: '#/components/schemas/UserVerificationEnum' x-okta-tags: - Authenticator AuthenticatorStatus: type: string enum: - ACTIVE - INACTIVE x-okta-tags: - Authenticator AuthenticatorType: type: string enum: - app - password - security_question - phone - email - security_key - federated x-okta-tags: - Authenticator AuthorizationServer: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true audiences: type: array items: type: string created: type: string format: date-time readOnly: true credentials: $ref: '#/components/schemas/AuthorizationServerCredentials' default: type: boolean readOnly: true description: type: string id: type: string readOnly: true issuer: type: string issuerMode: type: string enum: - ORG_URL - CUSTOM_URL - DYNAMIC lastUpdated: type: string format: date-time readOnly: true name: type: string status: type: string enum: - ACTIVE - INACTIVE x-okta-crud: - alias: create arguments: - dest: authorizationServer self: true operationId: createAuthorizationServer - alias: read arguments: [] operationId: getAuthorizationServer - alias: update arguments: - dest: authServerId src: id - dest: authorizationServer self: true operationId: updateAuthorizationServer - alias: delete arguments: - dest: authServerId src: id - dest: authorizationServer self: true operationId: deleteAuthorizationServer x-okta-operations: - alias: listOAuth2Claims arguments: - dest: authServerId src: id operationId: listOAuth2Claims - alias: createOAuth2Claim arguments: - dest: authServerId src: id operationId: createOAuth2Claim - alias: deleteOAuth2Claim arguments: - dest: authServerId src: id operationId: deleteOAuth2Claim - alias: getOAuth2Claim arguments: - dest: authServerId src: id operationId: getOAuth2Claim - alias: updateOAuth2Claim arguments: - dest: authServerId src: id operationId: updateOAuth2Claim - alias: listOAuth2Clients arguments: - dest: authServerId src: id operationId: listOAuth2ClientsForAuthorizationServer - alias: revokeRefreshTokensForClient arguments: - dest: authServerId src: id operationId: revokeRefreshTokensForAuthorizationServerAndClient - alias: listRefreshTokensForClient arguments: - dest: authServerId src: id operationId: listRefreshTokensForAuthorizationServerAndClient - alias: getRefreshTokenForClient arguments: - dest: authServerId src: id operationId: getRefreshTokenForAuthorizationServerAndClient - alias: revokeRefreshTokenForClient arguments: - dest: authServerId src: id operationId: revokeRefreshTokenForAuthorizationServerAndClient - alias: listKeys arguments: - dest: authServerId src: id operationId: listAuthorizationServerKeys - alias: rotateKeys arguments: - dest: authServerId src: id operationId: rotateAuthorizationServerKeys - alias: activate arguments: - dest: authServerId src: id operationId: activateAuthorizationServer - alias: deactivate arguments: - dest: authServerId src: id operationId: deactivateAuthorizationServer - alias: listPolicies arguments: - dest: authServerId src: id operationId: listAuthorizationServerPolicies - alias: createPolicy arguments: - dest: authServerId src: id operationId: createAuthorizationServerPolicy - alias: deletePolicy arguments: - dest: authServerId src: id operationId: deleteAuthorizationServerPolicy - alias: getPolicy arguments: - dest: authServerId src: id operationId: getAuthorizationServerPolicy - alias: updatePolicy arguments: - dest: authServerId src: id operationId: updateAuthorizationServerPolicy - alias: listOAuth2Scopes arguments: - dest: authServerId src: id operationId: listOAuth2Scopes - alias: createOAuth2Scope arguments: - dest: authServerId src: id operationId: createOAuth2Scope - alias: deleteOAuth2Scope arguments: - dest: authServerId src: id operationId: deleteOAuth2Scope - alias: getOAuth2Scope arguments: - dest: authServerId src: id operationId: getOAuth2Scope - alias: updateOAuth2Scope arguments: - dest: authServerId src: id operationId: updateOAuth2Scope x-okta-tags: - AuthorizationServer AuthorizationServerCredentials: type: object properties: signing: $ref: '#/components/schemas/AuthorizationServerCredentialsSigningConfig' x-okta-tags: - Application AuthorizationServerCredentialsRotationMode: type: string enum: - AUTO - MANUAL x-okta-tags: - AuthorizationServer AuthorizationServerCredentialsSigningConfig: type: object properties: kid: type: string lastRotated: type: string format: date-time readOnly: true nextRotation: type: string format: date-time readOnly: true rotationMode: $ref: '#/components/schemas/AuthorizationServerCredentialsRotationMode' use: $ref: '#/components/schemas/AuthorizationServerCredentialsUse' x-okta-tags: - AuthorizationServer AuthorizationServerCredentialsUse: type: string enum: - sig x-okta-tags: - AuthorizationServer AuthorizationServerPolicy: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true conditions: $ref: '#/components/schemas/PolicyRuleConditions' created: type: string format: date-time readOnly: true description: type: string id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true name: type: string priority: type: integer status: type: string enum: - ACTIVE - INACTIVE system: type: boolean type: $ref: '#/components/schemas/PolicyType' x-okta-crud: - alias: read arguments: - dest: policyId src: id operationId: getAuthorizationServerPolicy - alias: update arguments: - dest: policyId src: id - dest: policy self: true operationId: updateAuthorizationServerPolicy - alias: delete arguments: - dest: policyId src: id operationId: deleteAuthorizationServerPolicy x-okta-operations: - alias: listPolicyRules arguments: - dest: policyId src: id operationId: listAuthorizationServerPolicyRules - alias: createPolicyRule arguments: - dest: policyId src: id operationId: createAuthorizationServerPolicyRule - alias: getPolicyRule arguments: - dest: policyId src: id operationId: getAuthorizationServerPolicyRule - alias: deletePolicyRule arguments: - dest: policyId src: id operationId: deleteAuthorizationServerPolicyRule - alias: activate arguments: - dest: policyId src: id operationId: activateAuthorizationServerPolicy - alias: deactivate arguments: - dest: policyId src: id operationId: deactivateAuthorizationServerPolicy x-okta-tags: - AuthorizationServer AuthorizationServerPolicyRule: type: object properties: actions: $ref: '#/components/schemas/AuthorizationServerPolicyRuleActions' conditions: $ref: '#/components/schemas/AuthorizationServerPolicyRuleConditions' created: type: string format: date-time readOnly: true id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true name: type: string priority: type: integer status: type: string default: ACTIVE enum: - ACTIVE - INACTIVE system: type: boolean default: false type: type: string enum: - RESOURCE_ACCESS x-okta-crud: - alias: update arguments: - dest: ruleId src: id - dest: policyRule self: true - dest: policyId parentSrc: id operationId: updateAuthorizationServerPolicyRule - alias: delete arguments: - dest: ruleId src: id - dest: policyId parentSrc: policyId operationId: deleteAuthorizationServerPolicyRule x-okta-operations: - alias: activate arguments: - dest: ruleId src: id - dest: policyId parentSrc: policyId operationId: activateAuthorizationServerPolicyRule - alias: deactivate arguments: - dest: ruleId src: id - dest: policyId parentSrc: policyId operationId: deactivateAuthorizationServerPolicyRule x-okta-tags: - AuthorizationServerPolicy AuthorizationServerPolicyRuleActions: type: object properties: token: $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleAction' x-okta-tags: - AuthorizationServerPolicy AuthorizationServerPolicyRuleConditions: type: object properties: clients: $ref: '#/components/schemas/ClientPolicyCondition' grantTypes: $ref: '#/components/schemas/GrantTypePolicyRuleCondition' people: $ref: '#/components/schemas/PolicyPeopleCondition' scopes: $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition' x-okta-tags: - AuthorizationServerPolicy AutoLoginApplication: type: object properties: credentials: $ref: '#/components/schemas/SchemeApplicationCredentials' settings: $ref: '#/components/schemas/AutoLoginApplicationSettings' x-okta-parent: '#/definitions/Application' x-okta-tags: - Application AutoLoginApplicationSettings: type: object properties: signOn: $ref: '#/components/schemas/AutoLoginApplicationSettingsSignOn' x-okta-parent: '#/definitions/ApplicationSettings' x-okta-tags: - Application AutoLoginApplicationSettingsSignOn: type: object properties: loginUrl: type: string redirectUrl: type: string x-okta-tags: - Application BasicApplicationSettings: type: object properties: app: $ref: '#/components/schemas/BasicApplicationSettingsApplication' x-okta-parent: '#/definitions/ApplicationSettings' x-okta-tags: - Application BasicApplicationSettingsApplication: type: object properties: authURL: type: string url: type: string x-okta-parent: '#/definitions/ApplicationSettingsApplication' x-okta-tags: - Application BasicAuthApplication: type: object properties: credentials: $ref: '#/components/schemas/SchemeApplicationCredentials' name: type: object settings: $ref: '#/components/schemas/BasicApplicationSettings' x-okta-defined-as: name: template_basic_auth x-okta-parent: '#/definitions/Application' x-okta-tags: - Application BeforeScheduledActionPolicyRuleCondition: type: object properties: duration: $ref: '#/components/schemas/Duration' lifecycleAction: $ref: '#/components/schemas/ScheduledUserLifecycleAction' x-okta-tags: - Policy BookmarkApplication: type: object properties: name: type: object settings: $ref: '#/components/schemas/BookmarkApplicationSettings' x-okta-defined-as: name: bookmark x-okta-parent: '#/definitions/Application' x-okta-tags: - Application BookmarkApplicationSettings: type: object properties: app: $ref: '#/components/schemas/BookmarkApplicationSettingsApplication' x-okta-parent: '#/definitions/ApplicationSettings' x-okta-tags: - Application BookmarkApplicationSettingsApplication: type: object properties: requestIntegration: type: boolean url: type: string x-okta-parent: '#/definitions/ApplicationSettingsApplication' x-okta-tags: - Application Brand: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true agreeToCustomPrivacyPolicy: type: boolean customPrivacyPolicyUrl: type: string id: type: string readOnly: true removePoweredByOkta: type: boolean x-okta-crud: - alias: read arguments: - dest: brandId src: id operationId: getBrand - alias: update arguments: - dest: brandId src: id - dest: brand self: true operationId: updateBrand x-okta-tags: - Brand BrowserPluginApplication: type: object properties: credentials: $ref: '#/components/schemas/SchemeApplicationCredentials' x-okta-parent: '#/definitions/Application' x-okta-tags: - Application x-openapi-v3-discriminator: mapping: template_swa: '#/definitions/SwaApplication' template_swa3field: '#/definitions/SwaThreeFieldApplication' propertyName: name CallUserFactor: type: object properties: profile: $ref: '#/components/schemas/CallUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor CallUserFactorProfile: type: object properties: phoneExtension: type: string phoneNumber: type: string x-okta-tags: - UserFactor CapabilitiesCreateObject: type: object properties: lifecycleCreate: $ref: '#/components/schemas/LifecycleCreateSettingObject' x-okta-tags: - Application CapabilitiesObject: type: object properties: create: $ref: '#/components/schemas/CapabilitiesCreateObject' update: $ref: '#/components/schemas/CapabilitiesUpdateObject' x-okta-tags: - Application CapabilitiesUpdateObject: type: object properties: lifecycleDeactivate: $ref: '#/components/schemas/LifecycleDeactivateSettingObject' password: $ref: '#/components/schemas/PasswordSettingObject' profile: $ref: '#/components/schemas/ProfileSettingObject' x-okta-tags: - Application CatalogApplication: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true category: type: string description: type: string displayName: type: string features: type: array items: type: string id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true name: type: string signOnModes: type: array items: type: string status: $ref: '#/components/schemas/CatalogApplicationStatus' verificationStatus: type: string website: type: string x-okta-tags: - Role CatalogApplicationStatus: type: string enum: - ACTIVE - INACTIVE x-okta-tags: - Role ChangeEnum: type: string enum: - KEEP_EXISTING - CHANGE x-okta-tags: - Application ChangePasswordRequest: type: object properties: newPassword: $ref: '#/components/schemas/PasswordCredential' oldPassword: $ref: '#/components/schemas/PasswordCredential' x-okta-tags: - User ChannelBinding: type: object properties: required: $ref: '#/components/schemas/RequiredEnum' style: type: string x-okta-tags: - Authenticator ClientPolicyCondition: type: object properties: include: type: array items: type: string x-okta-tags: - Policy ClientSecret: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true client_secret: type: string created: type: string format: date-time readOnly: true id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true secret_hash: type: string status: type: string enum: - ACTIVE - INACTIVE x-okta-tags: - Application ClientSecretMetadata: type: object properties: client_secret: type: string x-okta-tags: - Application Compliance: type: object properties: fips: $ref: '#/components/schemas/FipsEnum' x-okta-tags: - Authenticator ContextPolicyRuleCondition: type: object properties: expression: type: string x-okta-tags: - Policy CreateSessionRequest: type: object properties: sessionToken: type: string x-okta-tags: - Session CreateUserRequest: type: object properties: credentials: $ref: '#/components/schemas/UserCredentials' groupIds: type: array items: type: string profile: $ref: '#/components/schemas/UserProfile' type: $ref: '#/components/schemas/UserType' x-okta-tags: - User Csr: type: object properties: created: type: string format: date-time readOnly: true csr: type: string readOnly: true id: type: string readOnly: true kty: type: string readOnly: true x-okta-tags: - Application CsrMetadata: type: object properties: subject: $ref: '#/components/schemas/CsrMetadataSubject' subjectAltNames: $ref: '#/components/schemas/CsrMetadataSubjectAltNames' x-okta-tags: - Application CsrMetadataSubject: type: object properties: commonName: type: string countryName: type: string localityName: type: string organizationName: type: string organizationalUnitName: type: string stateOrProvinceName: type: string x-okta-tags: - Application CsrMetadataSubjectAltNames: type: object properties: dnsNames: type: array items: type: string x-okta-tags: - Application CustomHotpUserFactor: type: object properties: factorProfileId: type: string profile: $ref: '#/components/schemas/CustomHotpUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor CustomHotpUserFactorProfile: type: object properties: sharedSecret: type: string x-okta-tags: - UserFactor DNSRecord: type: object properties: expiration: type: string fqdn: type: string recordType: $ref: '#/components/schemas/DNSRecordType' values: type: array items: type: string x-okta-tags: - Domain DNSRecordType: type: string enum: - TXT - CNAME x-okta-tags: - Domain DeviceAccessPolicyRuleCondition: type: object properties: managed: type: boolean registered: type: boolean x-okta-parent: '#/definitions/DevicePolicyRuleCondition' x-okta-tags: - Policy DevicePolicyRuleCondition: type: object properties: migrated: type: boolean platform: $ref: '#/components/schemas/DevicePolicyRuleConditionPlatform' rooted: type: boolean trustLevel: type: string enum: - ANY - TRUSTED x-okta-tags: - Policy DevicePolicyRuleConditionPlatform: type: object properties: supportedMDMFrameworks: type: array items: type: string enum: - AFW - SAFE - NATIVE types: type: array items: type: string enum: - IOS - ANDROID - OSX - WINDOWS x-okta-tags: - Policy Domain: type: object properties: certificateSourceType: $ref: '#/components/schemas/DomainCertificateSourceType' dnsRecords: type: array items: $ref: '#/components/schemas/DNSRecord' domain: type: string id: type: string readOnly: true publicCertificate: $ref: '#/components/schemas/DomainCertificateMetadata' validationStatus: $ref: '#/components/schemas/DomainValidationStatus' x-okta-tags: - Domain DomainCertificate: type: object properties: certificate: type: string certificateChain: type: string privateKey: type: string type: $ref: '#/components/schemas/DomainCertificateType' x-okta-operations: - alias: createCertificate arguments: - dest: certificate self: true operationId: createCertificate x-okta-tags: - Domain DomainCertificateMetadata: type: object properties: expiration: type: string fingerprint: type: string subject: type: string x-okta-tags: - Domain DomainCertificateSourceType: type: string enum: - MANUAL - OKTA_MANAGED x-okta-tags: - Domain DomainCertificateType: type: string enum: - PEM x-okta-tags: - Domain DomainListResponse: type: object properties: domains: type: array items: $ref: '#/components/schemas/Domain' x-okta-tags: - Domain DomainValidationStatus: type: string enum: - NOT_STARTED - IN_PROGRESS - VERIFIED - FAILED_TO_VERIFY - DOMAIN_TAKEN - COMPLETED x-okta-tags: - Domain Duration: type: object properties: number: type: integer unit: type: string x-okta-tags: - Policy EmailTemplate: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true name: type: string readOnly: true x-okta-crud: - alias: read operationId: getEmailTemplate x-okta-operations: - alias: getEmailTemplate operationId: getEmailTemplate - alias: deleteEmailTemplateCustomizations operationId: deleteEmailTemplateCustomizations - alias: listEmailTemplateCustomizations operationId: listEmailTemplateCustomizations - alias: createEmailTemplateCustomization operationId: createEmailTemplateCustomization - alias: deleteEmailTemplateCustomization operationId: deleteEmailTemplateCustomization - alias: getEmailTemplateCustomization operationId: getEmailTemplateCustomization - alias: updateEmailTemplateCustomization operationId: updateEmailTemplateCustomization - alias: getEmailTemplateCustomizationPreview operationId: getEmailTemplateCustomizationPreview - alias: getEmailTemplateDefaultContent operationId: getEmailTemplateDefaultContent - alias: getEmailTemplateDefaultContentPreview operationId: getEmailTemplateDefaultContentPreview - alias: sendTestEmail operationId: sendTestEmail x-okta-tags: - Brands EmailTemplateContent: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true body: type: string fromAddress: type: string fromName: type: string subject: type: string x-okta-tags: - Brands EmailTemplateCustomization: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true body: type: string created: type: string format: date-time readOnly: true id: type: string readOnly: true isDefault: type: boolean language: type: string description: unique under each email template lastUpdated: type: string format: date-time readOnly: true subject: type: string x-okta-tags: - Brands EmailTemplateCustomizationRequest: type: object properties: body: type: string isDefault: type: boolean language: type: string description: unique under each email template subject: type: string x-okta-tags: - Brands EmailTemplateTestRequest: type: object properties: customizationId: type: string x-okta-tags: - Brands EmailTemplateTouchPointVariant: type: string enum: - OKTA_DEFAULT - FULL_THEME x-okta-tags: - Brand EmailUserFactor: type: object properties: profile: $ref: '#/components/schemas/EmailUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor EmailUserFactorProfile: type: object properties: email: type: string x-okta-tags: - UserFactor EnabledStatus: type: string enum: - ENABLED - DISABLED x-okta-tags: - Common EndUserDashboardTouchPointVariant: type: string enum: - OKTA_DEFAULT - WHITE_LOGO_BACKGROUND - FULL_THEME - LOGO_ON_FULL_WHITE_BACKGROUND x-okta-tags: - Brand ErrorPageTouchPointVariant: type: string enum: - OKTA_DEFAULT - BACKGROUND_SECONDARY_COLOR - BACKGROUND_IMAGE x-okta-tags: - Brand EventHook: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true channel: $ref: '#/components/schemas/EventHookChannel' created: type: string format: date-time readOnly: true createdBy: type: string events: $ref: '#/components/schemas/EventSubscriptions' id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true name: type: string status: type: string enum: - ACTIVE - INACTIVE verificationStatus: type: string enum: - UNVERIFIED - VERIFIED x-okta-crud: - alias: create arguments: - dest: eventHook self: true operationId: createEventHook - alias: read arguments: [] operationId: getEventHook - alias: update arguments: - dest: eventHookId src: id - dest: eventHook self: true operationId: updateEventHook - alias: delete arguments: - dest: eventHookId src: id operationId: deleteEventHook x-okta-operations: - alias: activate arguments: - dest: eventHookId src: id operationId: activateEventHook - alias: deactivate arguments: - dest: eventHookId src: id operationId: deactivateEventHook - alias: verify arguments: - dest: eventHookId src: id operationId: verifyEventHook x-okta-tags: - EventHook EventHookChannel: type: object properties: config: $ref: '#/components/schemas/EventHookChannelConfig' type: type: string enum: - HTTP version: type: string x-okta-tags: - EventHook EventHookChannelConfig: type: object properties: authScheme: $ref: '#/components/schemas/EventHookChannelConfigAuthScheme' headers: type: array items: $ref: '#/components/schemas/EventHookChannelConfigHeader' uri: type: string x-okta-tags: - EventHook EventHookChannelConfigAuthScheme: type: object properties: key: type: string type: $ref: '#/components/schemas/EventHookChannelConfigAuthSchemeType' value: type: string x-okta-tags: - EventHook EventHookChannelConfigAuthSchemeType: type: string enum: - HEADER x-okta-tags: - EventHook EventHookChannelConfigHeader: type: object properties: key: type: string value: type: string x-okta-tags: - EventHook EventSubscriptions: type: object properties: items: type: array items: type: string type: type: string enum: - EVENT_TYPE - FLOW_EVENT discriminator: propertyName: type x-okta-tags: - EventHook FactorProvider: type: string enum: - OKTA - RSA - FIDO - GOOGLE - SYMANTEC - DUO - YUBICO - CUSTOM - APPLE x-okta-tags: - UserFactor FactorResultType: type: string enum: - SUCCESS - CHALLENGE - WAITING - FAILED - REJECTED - TIMEOUT - TIME_WINDOW_EXCEEDED - PASSCODE_REPLAYED - ERROR - CANCELLED x-okta-tags: - UserFactor FactorStatus: type: string enum: - PENDING_ACTIVATION - ACTIVE - INACTIVE - NOT_SETUP - ENROLLED - DISABLED - EXPIRED x-okta-tags: - UserFactor FactorType: type: string enum: - call - email - hotp - push - question - signed_nonce - sms - token:hardware - token:hotp - token:software:totp - token - u2f - web - webauthn x-okta-tags: - UserFactor Feature: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true description: type: string id: type: string readOnly: true name: type: string stage: $ref: '#/components/schemas/FeatureStage' status: $ref: '#/components/schemas/EnabledStatus' type: $ref: '#/components/schemas/FeatureType' x-okta-crud: - alias: read arguments: [] operationId: getFeature x-okta-operations: - alias: updateLifecycle arguments: - dest: featureId src: id operationId: updateFeatureLifecycle - alias: getDependents arguments: - dest: featureId src: id operationId: listFeatureDependents - alias: getDependencies arguments: - dest: featureId src: id operationId: listFeatureDependencies x-okta-tags: - Feature FeatureStage: type: object properties: state: $ref: '#/components/schemas/FeatureStageState' value: $ref: '#/components/schemas/FeatureStageValue' x-okta-tags: - Feature FeatureStageState: type: string enum: - OPEN - CLOSED x-okta-tags: - Feature FeatureStageValue: type: string enum: - EA - BETA x-okta-tags: - Feature FeatureType: type: string enum: - self-service x-okta-tags: - Feature FipsEnum: type: string enum: - REQUIRED - OPTIONAL x-okta-tags: - Authenticator ForgotPasswordResponse: type: object properties: resetPasswordUrl: type: string readOnly: true x-okta-tags: - User GrantTypePolicyRuleCondition: type: object properties: include: type: array items: type: string x-okta-tags: - Policy Group: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true created: type: string format: date-time readOnly: true id: type: string readOnly: true lastMembershipUpdated: type: string format: date-time readOnly: true lastUpdated: type: string format: date-time readOnly: true objectClass: type: array readOnly: true items: type: string profile: $ref: '#/components/schemas/GroupProfile' type: $ref: '#/components/schemas/GroupType' x-okta-crud: - alias: update arguments: - dest: groupId src: id - dest: group self: true operationId: updateGroup - alias: delete arguments: - dest: groupId src: id operationId: deleteGroup x-okta-operations: - alias: removeUser arguments: - dest: groupId src: id operationId: removeUserFromGroup - alias: listUsers arguments: - dest: groupId src: id operationId: listGroupUsers - alias: listApplications arguments: - dest: groupId src: id operationId: listAssignedApplicationsForGroup - alias: assignRole arguments: - dest: groupId src: id operationId: assignRoleToGroup x-okta-tags: - Group GroupCondition: type: object properties: exclude: type: array items: type: string include: type: array items: type: string x-okta-tags: - Policy GroupPolicyRuleCondition: type: object properties: exclude: type: array items: type: string include: type: array items: type: string x-okta-tags: - Policy GroupProfile: type: object properties: description: type: string name: type: string x-okta-extensible: true x-okta-tags: - Group GroupRule: type: object properties: actions: $ref: '#/components/schemas/GroupRuleAction' conditions: $ref: '#/components/schemas/GroupRuleConditions' created: type: string format: date-time readOnly: true id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true name: type: string status: $ref: '#/components/schemas/GroupRuleStatus' type: type: string x-okta-crud: - alias: update arguments: - dest: ruleId src: id - dest: groupRule self: true operationId: updateGroupRule - alias: delete arguments: - dest: ruleId src: id operationId: deleteGroupRule x-okta-operations: - alias: activate arguments: - dest: ruleId src: id operationId: activateGroupRule - alias: deactivate arguments: - dest: ruleId src: id operationId: deactivateGroupRule x-okta-tags: - GroupRule GroupRuleAction: type: object properties: assignUserToGroups: $ref: '#/components/schemas/GroupRuleGroupAssignment' x-okta-tags: - GroupRule GroupRuleConditions: type: object properties: expression: $ref: '#/components/schemas/GroupRuleExpression' people: $ref: '#/components/schemas/GroupRulePeopleCondition' x-okta-tags: - GroupRule GroupRuleExpression: type: object properties: type: type: string value: type: string x-okta-tags: - GroupRule GroupRuleGroupAssignment: type: object properties: groupIds: type: array items: type: string x-okta-tags: - GroupRule GroupRuleGroupCondition: type: object properties: exclude: type: array items: type: string include: type: array items: type: string x-okta-tags: - GroupRule GroupRulePeopleCondition: type: object properties: groups: $ref: '#/components/schemas/GroupRuleGroupCondition' users: $ref: '#/components/schemas/GroupRuleUserCondition' x-okta-tags: - GroupRule GroupRuleStatus: type: string enum: - ACTIVE - INACTIVE - INVALID x-okta-tags: - GroupRule GroupRuleUserCondition: type: object properties: exclude: type: array items: type: string include: type: array items: type: string x-okta-tags: - GroupRule GroupSchema: type: object properties: $schema: type: string readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true created: type: string readOnly: true definitions: $ref: '#/components/schemas/GroupSchemaDefinitions' description: type: string id: type: string readOnly: true lastUpdated: type: string readOnly: true name: type: string readOnly: true properties: $ref: '#/components/schemas/UserSchemaProperties' title: type: string type: type: string readOnly: true x-okta-tags: - GroupSchema GroupSchemaAttribute: type: object properties: description: type: string enum: type: array items: type: string externalName: type: string externalNamespace: type: string items: $ref: '#/components/schemas/UserSchemaAttributeItems' master: $ref: '#/components/schemas/UserSchemaAttributeMaster' maxLength: type: integer minLength: type: integer mutability: type: string oneOf: type: array items: $ref: '#/components/schemas/UserSchemaAttributeEnum' permissions: type: array items: $ref: '#/components/schemas/UserSchemaAttributePermission' required: type: boolean scope: $ref: '#/components/schemas/UserSchemaAttributeScope' title: type: string type: $ref: '#/components/schemas/UserSchemaAttributeType' union: $ref: '#/components/schemas/UserSchemaAttributeUnion' unique: type: string x-okta-tags: - GroupSchema GroupSchemaBase: type: object properties: id: type: string readOnly: true properties: $ref: '#/components/schemas/GroupSchemaBaseProperties' required: type: array items: type: string type: type: string x-okta-tags: - GroupSchema GroupSchemaBaseProperties: type: object properties: description: $ref: '#/components/schemas/GroupSchemaAttribute' name: $ref: '#/components/schemas/GroupSchemaAttribute' x-okta-tags: - GroupSchema GroupSchemaCustom: type: object properties: id: type: string readOnly: true properties: type: object additionalProperties: $ref: '#/components/schemas/GroupSchemaAttribute' required: type: array items: type: string type: type: string x-okta-tags: - GroupSchema GroupSchemaDefinitions: type: object properties: base: $ref: '#/components/schemas/GroupSchemaBase' custom: $ref: '#/components/schemas/GroupSchemaCustom' x-okta-tags: - GroupSchema GroupType: type: string enum: - OKTA_GROUP - APP_GROUP - BUILT_IN x-okta-tags: - Group HardwareUserFactor: type: object properties: profile: $ref: '#/components/schemas/HardwareUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor HardwareUserFactorProfile: type: object properties: credentialId: type: string x-okta-tags: - UserFactor IdentityProvider: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true created: type: string format: date-time readOnly: true id: type: string readOnly: true issuerMode: type: string enum: - ORG_URL - CUSTOM_URL - DYNAMIC lastUpdated: type: string format: date-time readOnly: true name: type: string policy: $ref: '#/components/schemas/IdentityProviderPolicy' protocol: $ref: '#/components/schemas/Protocol' status: type: string enum: - ACTIVE - INACTIVE type: type: string enum: - SAML2 - GOOGLE - FACEBOOK - LINKEDIN - MICROSOFT - OIDC - OKTA - IWA - AgentlessDSSO - X509 x-okta-known-values: - SAML2 - GOOGLE - FACEBOOK - LINKEDIN - MICROSOFT - OIDC - OKTA - IWA - AgentlessDSSO - X509 x-okta-crud: - alias: create arguments: - dest: idpTrust self: true operationId: createIdentityProvider - alias: read arguments: [] operationId: getIdentityProvider - alias: update arguments: - dest: idpId src: id - dest: idpTrust self: true operationId: updateIdentityProvider - alias: delete arguments: - dest: idpId src: id operationId: deleteIdentityProvider x-okta-operations: - alias: listSigningCsrs arguments: - dest: idpId src: id operationId: listCsrsForIdentityProvider - alias: generateCsr arguments: - dest: idpId src: id operationId: generateCsrForIdentityProvider - alias: deleteSigningCsr arguments: - dest: idpId src: id operationId: revokeCsrForIdentityProvider - alias: getSigningCsr arguments: - dest: idpId src: id operationId: getCsrForIdentityProvider - alias: listSigningKeys arguments: - dest: idpId src: id operationId: listIdentityProviderSigningKeys - alias: generateSigningKey arguments: - dest: idpId src: id operationId: generateIdentityProviderSigningKey - alias: getSigningKey arguments: - dest: idpId src: id operationId: getIdentityProviderSigningKey - alias: cloneKey arguments: - dest: idpId src: id operationId: cloneIdentityProviderKey - alias: activate arguments: - dest: idpId src: id operationId: activateIdentityProvider - alias: deactivate arguments: - dest: idpId src: id operationId: deactivateIdentityProvider - alias: listUsers arguments: - dest: idpId src: id operationId: listIdentityProviderApplicationUsers - alias: unlinkUser arguments: - dest: idpId src: id operationId: unlinkUserFromIdentityProvider - alias: getUser arguments: - dest: idpId src: id operationId: getIdentityProviderApplicationUser - alias: linkUser arguments: - dest: idpId src: id operationId: linkUserToIdentityProvider - alias: listSocialAuthTokens arguments: - dest: idpId src: id operationId: listSocialAuthTokens x-okta-tags: - IdentityProvider IdentityProviderApplicationUser: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true created: type: string externalId: type: string id: type: string readOnly: true lastUpdated: type: string profile: type: object additionalProperties: type: object properties: {} x-okta-tags: - IdentityProvider IdentityProviderCredentials: type: object properties: client: $ref: '#/components/schemas/IdentityProviderCredentialsClient' signing: $ref: '#/components/schemas/IdentityProviderCredentialsSigning' trust: $ref: '#/components/schemas/IdentityProviderCredentialsTrust' x-okta-tags: - IdentityProvider IdentityProviderCredentialsClient: type: object properties: client_id: type: string client_secret: type: string x-okta-tags: - IdentityProvider IdentityProviderCredentialsSigning: type: object properties: kid: type: string privateKey: type: string teamId: type: string x-okta-tags: - IdentityProvider IdentityProviderCredentialsTrust: type: object properties: audience: type: string issuer: type: string kid: type: string revocation: type: string enum: - CRL - DELTA_CRL - OCSP revocationCacheLifetime: type: integer x-okta-tags: - IdentityProvider IdentityProviderPolicy: type: object properties: accountLink: $ref: '#/components/schemas/PolicyAccountLink' maxClockSkew: type: integer provisioning: $ref: '#/components/schemas/Provisioning' subject: $ref: '#/components/schemas/PolicySubject' x-okta-parent: '#/definitions/Policy' x-okta-tags: - Policy IdentityProviderPolicyRuleCondition: type: object properties: idpIds: type: array items: type: string provider: type: string enum: - ANY - OKTA - SPECIFIC_IDP x-okta-tags: - Policy IdpPolicyRuleAction: type: object properties: providers: type: array items: $ref: '#/components/schemas/IdpPolicyRuleActionProvider' x-okta-tags: - Policy IdpPolicyRuleActionProvider: type: object properties: id: type: string readOnly: true type: type: string x-okta-tags: - Policy IframeEmbedScopeAllowedApps: type: string enum: - OKTA_ENDUSER x-okta-tags: - Role ImageUploadResponse: type: object properties: url: type: string readOnly: true x-okta-tags: - Brand InactivityPolicyRuleCondition: type: object properties: number: type: integer unit: type: string x-okta-tags: - Policy InlineHook: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true channel: $ref: '#/components/schemas/InlineHookChannel' created: type: string format: date-time readOnly: true id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true name: type: string status: $ref: '#/components/schemas/InlineHookStatus' type: $ref: '#/components/schemas/InlineHookType' version: type: string x-okta-crud: - alias: create arguments: - dest: inlineHook self: true operationId: createInlineHook - alias: read arguments: [] operationId: getInlineHook - alias: update arguments: - dest: inlineHookId src: id - dest: inlineHook self: true operationId: updateInlineHook - alias: delete arguments: - dest: inlineHookId src: id operationId: deleteInlineHook x-okta-operations: - alias: activate arguments: - dest: inlineHookId src: id operationId: activateInlineHook - alias: deactivate arguments: - dest: inlineHookId src: id operationId: deactivateInlineHook - alias: execute arguments: - dest: inlineHookId src: id operationId: executeInlineHook x-okta-tags: - InlineHook InlineHookChannel: type: object properties: config: $ref: '#/components/schemas/InlineHookChannelConfig' type: type: string enum: - HTTP version: type: string x-okta-tags: - InlineHook InlineHookChannelConfig: type: object properties: authScheme: $ref: '#/components/schemas/InlineHookChannelConfigAuthScheme' headers: type: array items: $ref: '#/components/schemas/InlineHookChannelConfigHeaders' method: type: string uri: type: string x-okta-tags: - InlineHook InlineHookChannelConfigAuthScheme: type: object properties: key: type: string type: type: string value: type: string x-okta-tags: - InlineHook InlineHookChannelConfigHeaders: type: object properties: key: type: string value: type: string x-okta-tags: - InlineHook InlineHookPayload: type: object x-okta-extensible: true x-okta-tags: - InlineHook InlineHookResponse: type: object properties: commands: type: array items: $ref: '#/components/schemas/InlineHookResponseCommands' x-okta-tags: - InlineHook InlineHookResponseCommandValue: type: object properties: op: type: string path: type: string value: type: string x-okta-tags: - InlineHook InlineHookResponseCommands: type: object properties: type: type: string value: type: array items: $ref: '#/components/schemas/InlineHookResponseCommandValue' x-okta-tags: - InlineHook InlineHookStatus: type: string enum: - ACTIVE - INACTIVE x-okta-tags: - InlineHook InlineHookType: type: string enum: - com.okta.oauth2.tokens.transform - com.okta.import.transform - com.okta.saml.tokens.transform - com.okta.user.pre-registration - com.okta.user.credential.password.import x-okta-tags: - InlineHook IonField: type: object properties: form: $ref: '#/components/schemas/IonForm' label: type: string mutable: type: boolean name: type: string required: type: boolean secret: type: boolean type: type: string value: type: object additionalProperties: type: object properties: {} visible: type: boolean x-okta-tags: - Ion IonForm: type: object properties: accepts: type: string href: type: string method: type: string name: type: string produces: type: string refresh: type: integer rel: type: array items: type: string relatesTo: type: array items: type: string value: type: array readOnly: true items: $ref: '#/components/schemas/IonField' x-okta-tags: - Ion JsonWebKey: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true alg: type: string created: type: string format: date-time e: type: string expiresAt: type: string format: date-time key_ops: type: array items: type: string kid: type: string kty: type: string lastUpdated: type: string format: date-time "n": type: string status: type: string use: type: string x5c: type: array items: type: string x5t: type: string x5t#S256: type: string x5u: type: string x-okta-tags: - Application JwkUse: type: object properties: use: type: string enum: - sig x-okta-tags: - Application KnowledgeConstraint: type: object x-okta-parent: '#/definitions/AccessPolicyConstraint' x-okta-tags: - Policy LifecycleCreateSettingObject: type: object properties: status: $ref: '#/components/schemas/EnabledStatus' x-okta-tags: - Application LifecycleDeactivateSettingObject: type: object properties: status: $ref: '#/components/schemas/EnabledStatus' x-okta-tags: - Application LifecycleExpirationPolicyRuleCondition: type: object properties: lifecycleStatus: type: string number: type: integer unit: type: string x-okta-tags: - Policy LinkedObject: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true associated: $ref: '#/components/schemas/LinkedObjectDetails' primary: $ref: '#/components/schemas/LinkedObjectDetails' x-okta-crud: - alias: create arguments: - dest: linkedObjectDefinition self: true operationId: addLinkedObjectDefinition - alias: read arguments: [] operationId: getLinkedObjectDefinition - alias: delete arguments: - dest: linkedObjectName self: true operationId: deleteLinkedObjectDefinition x-okta-tags: - LinkedObject LinkedObjectDetails: type: object properties: description: type: string name: type: string title: type: string type: $ref: '#/components/schemas/LinkedObjectDetailsType' x-okta-tags: - LinkedObject LinkedObjectDetailsType: type: string enum: - USER x-okta-tags: - LinkedObject LogActor: type: object properties: alternateId: type: string readOnly: true detail: type: object additionalProperties: type: object properties: {} readOnly: true displayName: type: string readOnly: true id: type: string readOnly: true type: type: string readOnly: true x-okta-tags: - Log LogAuthenticationContext: type: object properties: authenticationProvider: $ref: '#/components/schemas/LogAuthenticationProvider' authenticationStep: type: integer readOnly: true credentialProvider: $ref: '#/components/schemas/LogCredentialProvider' credentialType: $ref: '#/components/schemas/LogCredentialType' externalSessionId: type: string readOnly: true interface: type: string readOnly: true issuer: $ref: '#/components/schemas/LogIssuer' x-okta-tags: - Log LogAuthenticationProvider: type: string enum: - OKTA_AUTHENTICATION_PROVIDER - ACTIVE_DIRECTORY - LDAP - FEDERATION - SOCIAL - FACTOR_PROVIDER x-okta-tags: - Log LogClient: type: object properties: device: type: string readOnly: true geographicalContext: $ref: '#/components/schemas/LogGeographicalContext' id: type: string readOnly: true ipAddress: type: string readOnly: true userAgent: $ref: '#/components/schemas/LogUserAgent' zone: type: string readOnly: true x-okta-tags: - Log LogCredentialProvider: type: string enum: - OKTA_AUTHENTICATION_PROVIDER - OKTA_CREDENTIAL_PROVIDER - RSA - SYMANTEC - GOOGLE - DUO - YUBIKEY - APPLE x-okta-tags: - Log LogCredentialType: type: string enum: - OTP - SMS - PASSWORD - ASSERTION - IWA - EMAIL - OAUTH2 - JWT x-okta-tags: - Log LogDebugContext: type: object properties: debugData: type: object additionalProperties: type: object properties: {} readOnly: true x-okta-tags: - Log LogEvent: type: object properties: actor: $ref: '#/components/schemas/LogActor' authenticationContext: $ref: '#/components/schemas/LogAuthenticationContext' client: $ref: '#/components/schemas/LogClient' debugContext: $ref: '#/components/schemas/LogDebugContext' displayMessage: type: string readOnly: true eventType: type: string readOnly: true legacyEventType: type: string readOnly: true outcome: $ref: '#/components/schemas/LogOutcome' published: type: string format: date-time readOnly: true request: $ref: '#/components/schemas/LogRequest' securityContext: $ref: '#/components/schemas/LogSecurityContext' severity: $ref: '#/components/schemas/LogSeverity' target: type: array readOnly: true items: $ref: '#/components/schemas/LogTarget' transaction: $ref: '#/components/schemas/LogTransaction' uuid: type: string readOnly: true version: type: string readOnly: true x-okta-tags: - Log LogGeographicalContext: type: object properties: city: type: string readOnly: true country: type: string readOnly: true geolocation: $ref: '#/components/schemas/LogGeolocation' postalCode: type: string readOnly: true state: type: string readOnly: true x-okta-tags: - Log LogGeolocation: type: object properties: lat: type: number format: double readOnly: true lon: type: number format: double readOnly: true x-okta-tags: - Log LogIpAddress: type: object properties: geographicalContext: $ref: '#/components/schemas/LogGeographicalContext' ip: type: string readOnly: true source: type: string readOnly: true version: type: string readOnly: true x-okta-tags: - Log LogIssuer: type: object properties: id: type: string readOnly: true type: type: string readOnly: true x-okta-tags: - Log LogOutcome: type: object properties: reason: type: string readOnly: true result: type: string readOnly: true x-okta-tags: - Log LogRequest: type: object properties: ipChain: type: array readOnly: true items: $ref: '#/components/schemas/LogIpAddress' x-okta-tags: - Log LogSecurityContext: type: object properties: asNumber: type: integer readOnly: true asOrg: type: string readOnly: true domain: type: string readOnly: true isProxy: type: boolean readOnly: true isp: type: string readOnly: true x-okta-tags: - Log LogSeverity: type: string enum: - DEBUG - INFO - WARN - ERROR x-okta-tags: - Log LogTarget: type: object properties: alternateId: type: string readOnly: true detailEntry: type: object additionalProperties: type: object properties: {} readOnly: true displayName: type: string readOnly: true id: type: string readOnly: true type: type: string readOnly: true x-okta-tags: - Log LogTransaction: type: object properties: detail: type: object additionalProperties: type: object properties: {} readOnly: true id: type: string readOnly: true type: type: string readOnly: true x-okta-tags: - Log LogUserAgent: type: object properties: browser: type: string readOnly: true os: type: string readOnly: true rawUserAgent: type: string readOnly: true x-okta-tags: - Log MDMEnrollmentPolicyRuleCondition: type: object properties: blockNonSafeAndroid: type: boolean enrollment: type: string enum: - OMM - ANY_OR_NONE x-okta-tags: - Policy MultifactorEnrollmentPolicy: allOf: - $ref: '#/components/schemas/Policy' - type: object properties: conditions: $ref: '#/components/schemas/PolicyRuleConditions' settings: $ref: '#/components/schemas/MultifactorEnrollmentPolicySettings' x-okta-parent: '#/definitions/Policy' x-okta-tags: - Policy MultifactorEnrollmentPolicyAuthenticatorSettings: type: object properties: constraints: type: object properties: aaguidGroups: type: array items: type: string x-okta-lifecycle: features: - WEBAUTHN_MDS_CATALOG_BASED_AAGUID_ALLOWLIST enroll: type: object properties: self: $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorStatus' key: $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorType' x-okta-tags: - Policy MultifactorEnrollmentPolicyAuthenticatorStatus: type: string enum: - NOT_ALLOWED - OPTIONAL - REQUIRED x-okta-tags: - Policy MultifactorEnrollmentPolicyAuthenticatorType: type: string enum: - custom_app - custom_otp - duo - external_idp - google_otp - okta_email - okta_password - okta_verify - onprem_mfa - phone_number - rsa_token - security_question - symantec_vip - webauthn - yubikey_token x-okta-tags: - Policy MultifactorEnrollmentPolicySettings: type: object properties: authenticators: type: array items: $ref: '#/components/schemas/MultifactorEnrollmentPolicyAuthenticatorSettings' type: $ref: '#/components/schemas/MultifactorEnrollmentPolicySettingsType' x-okta-tags: - Policy MultifactorEnrollmentPolicySettingsType: type: string enum: - AUTHENTICATORS x-okta-tags: - Policy NetworkZone: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true asns: type: array items: type: string created: type: string format: date-time readOnly: true gateways: type: array items: $ref: '#/components/schemas/NetworkZoneAddress' id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true locations: type: array items: $ref: '#/components/schemas/NetworkZoneLocation' name: type: string proxies: type: array items: $ref: '#/components/schemas/NetworkZoneAddress' proxyType: type: string status: $ref: '#/components/schemas/NetworkZoneStatus' system: type: boolean type: $ref: '#/components/schemas/NetworkZoneType' usage: $ref: '#/components/schemas/NetworkZoneUsage' x-okta-crud: - alias: read arguments: - dest: zoneId src: id operationId: getNetworkZone - alias: update arguments: - dest: zoneId src: id - dest: zone self: true operationId: updateNetworkZone - alias: delete arguments: - dest: zoneId src: id operationId: deleteNetworkZone x-okta-operations: - alias: activate arguments: - dest: zoneId src: id operationId: activateNetworkZone - alias: deactivate arguments: - dest: zoneId src: id operationId: deactivateNetworkZone x-okta-tags: - NetworkZone NetworkZoneAddress: type: object properties: type: $ref: '#/components/schemas/NetworkZoneAddressType' value: type: string x-okta-tags: - NetworkZone NetworkZoneAddressType: type: string enum: - CIDR - RANGE x-okta-tags: - NetworkZone NetworkZoneLocation: type: object properties: country: type: string region: type: string x-okta-tags: - NetworkZone NetworkZoneStatus: type: string enum: - ACTIVE - INACTIVE x-okta-tags: - NetworkZone NetworkZoneType: type: string enum: - IP - DYNAMIC x-okta-tags: - NetworkZone NetworkZoneUsage: type: string enum: - POLICY - BLOCKLIST x-okta-tags: - NetworkZone NotificationType: type: string enum: - CONNECTOR_AGENT - USER_LOCKED_OUT - APP_IMPORT - LDAP_AGENT - AD_AGENT - OKTA_ANNOUNCEMENT - OKTA_ISSUE - OKTA_UPDATE - IWA_AGENT - USER_DEPROVISION - REPORT_SUSPICIOUS_ACTIVITY - RATELIMIT_NOTIFICATION x-okta-tags: - Subscription OAuth2Actor: type: object properties: id: type: string readOnly: true type: type: string x-okta-tags: - Application OAuth2Claim: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true alwaysIncludeInToken: type: boolean claimType: type: string enum: - IDENTITY - RESOURCE conditions: $ref: '#/components/schemas/OAuth2ClaimConditions' group_filter_type: type: string enum: - STARTS_WITH - EQUALS - CONTAINS - REGEX id: type: string readOnly: true name: type: string status: type: string enum: - ACTIVE - INACTIVE system: type: boolean value: type: string valueType: type: string enum: - EXPRESSION - GROUPS - SYSTEM x-okta-tags: - Application OAuth2ClaimConditions: type: object properties: scopes: type: array items: type: string x-okta-tags: - Application OAuth2Client: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true client_id: type: string readOnly: true client_name: type: string readOnly: true client_uri: type: string readOnly: true logo_uri: type: string readOnly: true x-okta-tags: - Application OAuth2RefreshToken: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true clientId: type: string created: type: string format: date-time readOnly: true createdBy: $ref: '#/components/schemas/OAuth2Actor' expiresAt: type: string format: date-time readOnly: true id: type: string readOnly: true issuer: type: string lastUpdated: type: string format: date-time readOnly: true scopes: type: array items: type: string status: type: string enum: - ACTIVE - REVOKED userId: type: string x-okta-tags: - Application OAuth2Scope: type: object properties: consent: type: string enum: - REQUIRED - IMPLICIT - ADMIN default: type: boolean description: type: string displayName: type: string id: type: string readOnly: true metadataPublish: type: string enum: - ALL_CLIENTS - NO_CLIENTS name: type: string system: type: boolean x-okta-tags: - Application OAuth2ScopeConsentGrant: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true clientId: type: string created: type: string format: date-time readOnly: true createdBy: $ref: '#/components/schemas/OAuth2Actor' id: type: string readOnly: true issuer: type: string lastUpdated: type: string format: date-time readOnly: true scopeId: type: string source: $ref: '#/components/schemas/OAuth2ScopeConsentGrantSource' status: $ref: '#/components/schemas/OAuth2ScopeConsentGrantStatus' userId: type: string x-okta-tags: - Application OAuth2ScopeConsentGrantSource: type: string enum: - END_USER - ADMIN x-okta-tags: - Application OAuth2ScopeConsentGrantStatus: type: string enum: - ACTIVE - REVOKED x-okta-tags: - Application OAuth2ScopesMediationPolicyRuleCondition: type: object properties: include: type: array items: type: string x-okta-tags: - Application OAuth2Token: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true clientId: type: string created: type: string format: date-time readOnly: true expiresAt: type: string format: date-time readOnly: true id: type: string readOnly: true issuer: type: string lastUpdated: type: string format: date-time readOnly: true scopes: type: array items: type: string status: type: string enum: - ACTIVE - REVOKED userId: type: string x-okta-tags: - Application OAuthApplicationCredentials: type: object properties: oauthClient: $ref: '#/components/schemas/ApplicationCredentialsOAuthClient' x-okta-parent: '#/definitions/ApplicationCredentials' x-okta-tags: - Application OAuthAuthorizationPolicy: type: object x-okta-parent: '#/definitions/Policy' x-okta-tags: - Policy OAuthEndpointAuthenticationMethod: type: string enum: - none - client_secret_post - client_secret_basic - client_secret_jwt - private_key_jwt x-okta-tags: - Application OAuthGrantType: type: string enum: - authorization_code - implicit - password - refresh_token - client_credentials - saml2_bearer - device_code - token_exchange - interaction_code x-okta-tags: - Application OAuthResponseType: type: string enum: - code - token - id_token x-okta-tags: - Application OktaSignOnPolicy: type: object properties: conditions: $ref: '#/components/schemas/OktaSignOnPolicyConditions' x-okta-parent: '#/definitions/Policy' x-okta-tags: - Policy OktaSignOnPolicyConditions: type: object properties: people: $ref: '#/components/schemas/PolicyPeopleCondition' x-okta-parent: '#/definitions/PolicyRuleConditions' x-okta-tags: - Policy OktaSignOnPolicyRule: type: object properties: actions: $ref: '#/components/schemas/OktaSignOnPolicyRuleActions' conditions: $ref: '#/components/schemas/OktaSignOnPolicyRuleConditions' name: type: string x-okta-parent: '#/definitions/PolicyRule' x-okta-tags: - Policy OktaSignOnPolicyRuleActions: type: object properties: signon: $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonActions' x-okta-parent: '#/definitions/PolicyRuleActions' x-okta-tags: - Policy OktaSignOnPolicyRuleConditions: type: object properties: authContext: $ref: '#/components/schemas/PolicyRuleAuthContextCondition' network: $ref: '#/components/schemas/PolicyNetworkCondition' people: $ref: '#/components/schemas/PolicyPeopleCondition' x-okta-parent: '#/definitions/PolicyRuleConditions' x-okta-tags: - Policy OktaSignOnPolicyRuleSignonActions: type: object properties: access: type: string enum: - ALLOW - DENY factorLifetime: type: integer factorPromptMode: type: string enum: - ALWAYS - DEVICE - SESSION rememberDeviceByDefault: type: boolean default: false requireFactor: type: boolean default: false session: $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonSessionActions' x-okta-tags: - Policy OktaSignOnPolicyRuleSignonSessionActions: type: object properties: maxSessionIdleMinutes: type: integer maxSessionLifetimeMinutes: type: integer usePersistentCookie: type: boolean default: false x-okta-tags: - Policy OpenIdConnectApplication: type: object properties: credentials: $ref: '#/components/schemas/OAuthApplicationCredentials' name: type: object settings: $ref: '#/components/schemas/OpenIdConnectApplicationSettings' x-okta-defined-as: name: oidc_client x-okta-parent: '#/definitions/Application' x-okta-tags: - Application OpenIdConnectApplicationConsentMethod: type: string enum: - REQUIRED - TRUSTED x-okta-tags: - Application OpenIdConnectApplicationIdpInitiatedLogin: type: object properties: default_scope: type: array items: type: string mode: type: string x-okta-tags: - Application OpenIdConnectApplicationIssuerMode: type: string enum: - CUSTOM_URL - ORG_URL - DYNAMIC x-okta-tags: - Application OpenIdConnectApplicationSettings: type: object properties: oauthClient: $ref: '#/components/schemas/OpenIdConnectApplicationSettingsClient' x-okta-parent: '#/definitions/ApplicationSettings' x-okta-tags: - Application OpenIdConnectApplicationSettingsClient: type: object properties: application_type: $ref: '#/components/schemas/OpenIdConnectApplicationType' client_uri: type: string consent_method: $ref: '#/components/schemas/OpenIdConnectApplicationConsentMethod' grant_types: type: array items: $ref: '#/components/schemas/OAuthGrantType' idp_initiated_login: $ref: '#/components/schemas/OpenIdConnectApplicationIdpInitiatedLogin' initiate_login_uri: type: string issuer_mode: $ref: '#/components/schemas/OpenIdConnectApplicationIssuerMode' jwks: $ref: '#/components/schemas/OpenIdConnectApplicationSettingsClientKeys' logo_uri: type: string policy_uri: type: string post_logout_redirect_uris: type: array items: type: string redirect_uris: type: array items: type: string refresh_token: $ref: '#/components/schemas/OpenIdConnectApplicationSettingsRefreshToken' response_types: type: array items: $ref: '#/components/schemas/OAuthResponseType' tos_uri: type: string wildcard_redirect: type: string x-okta-tags: - Application OpenIdConnectApplicationSettingsClientKeys: type: object properties: keys: type: array items: $ref: '#/components/schemas/JsonWebKey' x-okta-tags: - Application OpenIdConnectApplicationSettingsRefreshToken: type: object properties: leeway: type: integer rotation_type: $ref: '#/components/schemas/OpenIdConnectRefreshTokenRotationType' x-okta-tags: - Application OpenIdConnectApplicationType: type: string enum: - web - native - browser - service x-okta-tags: - Application OpenIdConnectRefreshTokenRotationType: type: string enum: - rotate - static x-okta-tags: - Application Org2OrgApplication: type: object properties: name: type: object settings: $ref: '#/components/schemas/Org2OrgApplicationSettings' x-okta-defined-as: name: okta_org2org x-okta-parent: '#/definitions/SamlApplication' x-okta-tags: - Application Org2OrgApplicationSettings: type: object properties: app: $ref: '#/components/schemas/Org2OrgApplicationSettingsApp' x-okta-parent: '#/definitions/SamlApplicationSettings' x-okta-tags: - Application Org2OrgApplicationSettingsApp: type: object properties: acsUrl: type: string audRestriction: type: string baseUrl: type: string x-okta-parent: '#/definitions/ApplicationSettingsApplication' x-okta-tags: - Application OrgContactType: type: string enum: - BILLING - TECHNICAL x-okta-tags: - Org OrgContactTypeObj: type: object properties: _links: type: object contactType: $ref: '#/components/schemas/OrgContactType' x-okta-tags: - Org OrgContactUser: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true userId: type: string x-okta-operations: - alias: updateContactUser arguments: - dest: userId src: userId operationId: updateOrgContactUser x-okta-tags: - Org OrgOktaCommunicationSetting: type: object properties: _links: type: object optOutEmailUsers: type: boolean readOnly: true x-okta-operations: - alias: optInUsersToOktaCommunicationEmails operationId: optInUsersToOktaCommunicationEmails - alias: optOutUsersFromOktaCommunicationEmails operationId: optOutUsersFromOktaCommunicationEmails x-okta-tags: - Org OrgOktaSupportSetting: type: string enum: - DISABLED - ENABLED x-okta-tags: - Org OrgOktaSupportSettingsObj: type: object properties: _links: type: object expiration: type: string format: date-time readOnly: true support: $ref: '#/components/schemas/OrgOktaSupportSetting' x-okta-operations: - alias: extendOktaSupport operationId: extendOktaSupport - alias: grantOktaSupport operationId: grantOktaSupport - alias: revokeOktaSupport operationId: revokeOktaSupport x-okta-tags: - Org OrgPreferences: type: object properties: _links: type: object showEndUserFooter: type: boolean readOnly: true x-okta-operations: - alias: hideEndUserFooter operationId: hideOktaUIFooter - alias: showEndUserFooter operationId: showOktaUIFooter x-okta-tags: - Org OrgSetting: type: object properties: _links: type: object address1: type: string address2: type: string city: type: string companyName: type: string country: type: string created: type: string format: date-time readOnly: true endUserSupportHelpURL: type: string expiresAt: type: string format: date-time readOnly: true id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true phoneNumber: type: string postalCode: type: string state: type: string status: type: string readOnly: true subdomain: type: string readOnly: true supportPhoneNumber: type: string website: type: string x-okta-crud: - alias: read arguments: - dest: orgSetting self: true operationId: getOrgSettings - alias: update arguments: - dest: orgSetting self: true operationId: updateOrgSetting x-okta-operations: - alias: partialUpdate arguments: - dest: orgSetting self: true operationId: partialUpdateOrgSetting - alias: getContactTypes operationId: getOrgContactTypes - alias: getOrgContactUser operationId: getOrgContactUser - alias: getSupportSettings operationId: getOrgOktaSupportSettings - alias: communicationSettings operationId: getOktaCommunicationSettings - alias: orgPreferences operationId: getOrgPreferences - alias: showFooter arguments: - dest: orgSetting self: true operationId: showOktaUIFooter - alias: hideFooter arguments: - dest: orgSetting self: true operationId: hideOktaUIFooter - alias: updateOrgLogo operationId: updateOrgLogo x-okta-tags: - Org PasswordCredential: type: object properties: hash: $ref: '#/components/schemas/PasswordCredentialHash' hook: $ref: '#/components/schemas/PasswordCredentialHook' value: type: string format: password x-okta-tags: - User PasswordCredentialHash: type: object properties: algorithm: $ref: '#/components/schemas/PasswordCredentialHashAlgorithm' salt: type: string saltOrder: type: string value: type: string workFactor: type: integer x-okta-tags: - User PasswordCredentialHashAlgorithm: type: string enum: - BCRYPT - SHA-512 - SHA-256 - SHA-1 - MD5 x-okta-tags: - User PasswordCredentialHook: type: object properties: type: type: string x-okta-tags: - User PasswordDictionary: type: object properties: common: $ref: '#/components/schemas/PasswordDictionaryCommon' x-okta-tags: - Policy PasswordDictionaryCommon: type: object properties: exclude: type: boolean default: false x-okta-tags: - Policy PasswordExpirationPolicyRuleCondition: type: object properties: number: type: integer unit: type: string x-okta-tags: - Policy PasswordPolicy: type: object properties: conditions: $ref: '#/components/schemas/PasswordPolicyConditions' settings: $ref: '#/components/schemas/PasswordPolicySettings' x-okta-parent: '#/definitions/Policy' x-okta-tags: - Policy PasswordPolicyAuthenticationProviderCondition: type: object properties: include: type: array items: type: string provider: type: string enum: - ACTIVE_DIRECTORY - ANY - LDAP - OKTA x-okta-tags: - Policy PasswordPolicyConditions: type: object properties: authProvider: $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderCondition' people: $ref: '#/components/schemas/PolicyPeopleCondition' x-okta-parent: '#/definitions/PolicyRuleConditions' x-okta-tags: - Policy PasswordPolicyDelegationSettings: type: object properties: options: $ref: '#/components/schemas/PasswordPolicyDelegationSettingsOptions' x-okta-tags: - Policy PasswordPolicyDelegationSettingsOptions: type: object properties: skipUnlock: type: boolean x-okta-tags: - Policy PasswordPolicyPasswordSettings: type: object properties: age: $ref: '#/components/schemas/PasswordPolicyPasswordSettingsAge' complexity: $ref: '#/components/schemas/PasswordPolicyPasswordSettingsComplexity' lockout: $ref: '#/components/schemas/PasswordPolicyPasswordSettingsLockout' x-okta-tags: - Policy PasswordPolicyPasswordSettingsAge: type: object properties: expireWarnDays: type: integer historyCount: type: integer maxAgeDays: type: integer minAgeMinutes: type: integer x-okta-tags: - Policy PasswordPolicyPasswordSettingsComplexity: type: object properties: dictionary: $ref: '#/components/schemas/PasswordDictionary' excludeAttributes: type: array items: type: string excludeUsername: type: boolean default: true minLength: type: integer minLowerCase: type: integer minNumber: type: integer minSymbol: type: integer minUpperCase: type: integer x-okta-tags: - Policy PasswordPolicyPasswordSettingsLockout: type: object properties: autoUnlockMinutes: type: integer maxAttempts: type: integer showLockoutFailures: type: boolean userLockoutNotificationChannels: type: array items: type: string x-okta-tags: - Policy PasswordPolicyRecoveryEmail: type: object properties: properties: $ref: '#/components/schemas/PasswordPolicyRecoveryEmailProperties' status: type: string readOnly: true enum: - ACTIVE - INACTIVE x-okta-tags: - Policy PasswordPolicyRecoveryEmailProperties: type: object properties: recoveryToken: $ref: '#/components/schemas/PasswordPolicyRecoveryEmailRecoveryToken' x-okta-tags: - Policy PasswordPolicyRecoveryEmailRecoveryToken: type: object properties: tokenLifetimeMinutes: type: integer x-okta-tags: - Policy PasswordPolicyRecoveryFactorSettings: type: object properties: status: type: string default: INACTIVE enum: - ACTIVE - INACTIVE x-okta-tags: - Policy PasswordPolicyRecoveryFactors: type: object properties: okta_call: $ref: '#/components/schemas/PasswordPolicyRecoveryFactorSettings' okta_email: $ref: '#/components/schemas/PasswordPolicyRecoveryEmail' okta_sms: $ref: '#/components/schemas/PasswordPolicyRecoveryFactorSettings' recovery_question: $ref: '#/components/schemas/PasswordPolicyRecoveryQuestion' x-okta-tags: - Policy PasswordPolicyRecoveryQuestion: type: object properties: properties: $ref: '#/components/schemas/PasswordPolicyRecoveryQuestionProperties' status: type: string readOnly: true enum: - ACTIVE - INACTIVE x-okta-tags: - Policy PasswordPolicyRecoveryQuestionComplexity: type: object properties: minLength: type: integer readOnly: true x-okta-tags: - Policy PasswordPolicyRecoveryQuestionProperties: type: object properties: complexity: $ref: '#/components/schemas/PasswordPolicyRecoveryQuestionComplexity' x-okta-tags: - Policy PasswordPolicyRecoverySettings: type: object properties: factors: $ref: '#/components/schemas/PasswordPolicyRecoveryFactors' x-okta-tags: - Policy PasswordPolicyRule: type: object properties: actions: $ref: '#/components/schemas/PasswordPolicyRuleActions' conditions: $ref: '#/components/schemas/PasswordPolicyRuleConditions' name: type: string x-okta-parent: '#/definitions/PolicyRule' x-okta-tags: - Policy PasswordPolicyRuleAction: type: object properties: access: type: string enum: - ALLOW - DENY x-okta-tags: - Policy PasswordPolicyRuleActions: type: object properties: passwordChange: $ref: '#/components/schemas/PasswordPolicyRuleAction' selfServicePasswordReset: $ref: '#/components/schemas/PasswordPolicyRuleAction' selfServiceUnlock: $ref: '#/components/schemas/PasswordPolicyRuleAction' x-okta-parent: '#/definitions/PolicyRuleActions' x-okta-tags: - Policy PasswordPolicyRuleConditions: type: object properties: network: $ref: '#/components/schemas/PolicyNetworkCondition' people: $ref: '#/components/schemas/PolicyPeopleCondition' x-okta-parent: '#/definitions/PolicyRuleConditions' x-okta-tags: - Policy PasswordPolicySettings: type: object properties: delegation: $ref: '#/components/schemas/PasswordPolicyDelegationSettings' password: $ref: '#/components/schemas/PasswordPolicyPasswordSettings' recovery: $ref: '#/components/schemas/PasswordPolicyRecoverySettings' x-okta-tags: - Policy PasswordSettingObject: type: object properties: change: $ref: '#/components/schemas/ChangeEnum' seed: $ref: '#/components/schemas/SeedEnum' status: $ref: '#/components/schemas/EnabledStatus' x-okta-tags: - Application PlatformConditionEvaluatorPlatform: type: object properties: os: $ref: '#/components/schemas/PlatformConditionEvaluatorPlatformOperatingSystem' type: type: string enum: - DESKTOP - MOBILE - OTHER - ANY x-okta-tags: - Policy PlatformConditionEvaluatorPlatformOperatingSystem: type: object properties: expression: type: string type: type: string enum: - ANDROID - IOS - WINDOWS - OSX - OTHER - ANY version: $ref: '#/components/schemas/PlatformConditionEvaluatorPlatformOperatingSystemVersion' x-okta-tags: - Policy PlatformConditionEvaluatorPlatformOperatingSystemVersion: type: object properties: matchType: type: string enum: - EXPRESSION - SEMVER value: type: string x-okta-tags: - Policy PlatformPolicyRuleCondition: type: object properties: exclude: type: array items: $ref: '#/components/schemas/PlatformConditionEvaluatorPlatform' include: type: array items: $ref: '#/components/schemas/PlatformConditionEvaluatorPlatform' x-okta-tags: - Policy Policy: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true conditions: $ref: '#/components/schemas/PolicyRuleConditions' created: type: string format: date-time readOnly: true description: type: string id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true name: type: string priority: type: integer status: type: string enum: - ACTIVE - INACTIVE system: type: boolean type: $ref: '#/components/schemas/PolicyType' x-okta-crud: - alias: read arguments: - dest: policyId src: id operationId: getPolicy - alias: update arguments: - dest: policyId src: id - dest: policy self: true operationId: updatePolicy - alias: delete arguments: - dest: policyId src: id operationId: deletePolicy x-okta-operations: - alias: activate arguments: - dest: policyId src: id operationId: activatePolicy - alias: deactivate arguments: - dest: policyId src: id operationId: deactivatePolicy - alias: listPolicyRules arguments: - dest: policyId src: id operationId: listPolicyRules - alias: createRule arguments: - dest: policyId src: id operationId: createPolicyRule - alias: getPolicyRule arguments: - dest: policyId src: id operationId: getPolicyRule x-okta-tags: - Policy x-openapi-v3-discriminator: mapping: ACCESS_POLICY: '#/definitions/AccessPolicy' IDP_DISCOVERY: '#/definitions/IdentityProviderPolicy' MFA_ENROLL: '#/definitions/MultifactorEnrollmentPolicy' OAUTH_AUTHORIZATION_POLICY: '#/definitions/OAuthAuthorizationPolicy' OKTA_SIGN_ON: '#/definitions/OktaSignOnPolicy' PASSWORD: '#/definitions/PasswordPolicy' PROFILE_ENROLLMENT: '#/definitions/ProfileEnrollmentPolicy' propertyName: type PolicyAccountLink: type: object properties: action: type: string enum: - AUTO - DISABLED filter: $ref: '#/components/schemas/PolicyAccountLinkFilter' x-okta-tags: - Policy PolicyAccountLinkFilter: type: object properties: groups: $ref: '#/components/schemas/PolicyAccountLinkFilterGroups' x-okta-tags: - Policy PolicyAccountLinkFilterGroups: type: object properties: include: type: array items: type: string x-okta-tags: - Policy PolicyNetworkCondition: type: object properties: connection: type: string enum: - ANYWHERE - ZONE exclude: type: array items: type: string include: type: array items: type: string x-okta-tags: - Policy PolicyPeopleCondition: type: object properties: groups: $ref: '#/components/schemas/GroupCondition' users: $ref: '#/components/schemas/UserCondition' x-okta-tags: - Policy PolicyRule: type: object properties: actions: $ref: '#/components/schemas/PolicyRuleActions' conditions: $ref: '#/components/schemas/PolicyRuleConditions' created: type: string format: date-time readOnly: true id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true name: type: string priority: type: integer status: type: string default: ACTIVE enum: - ACTIVE - INACTIVE system: type: boolean default: false type: type: string enum: - SIGN_ON - PASSWORD x-okta-crud: - alias: update arguments: - dest: ruleId src: id - dest: policyRule self: true - dest: policyId parentSrc: id operationId: updatePolicyRule - alias: delete arguments: - dest: ruleId src: id - dest: policyId parentSrc: policyId operationId: deletePolicyRule x-okta-operations: - alias: activate arguments: - dest: ruleId src: id - dest: policyId parentSrc: policyId operationId: activatePolicyRule - alias: deactivate arguments: - dest: ruleId src: id - dest: policyId parentSrc: policyId operationId: deactivatePolicyRule x-okta-tags: - Policy x-openapi-v3-discriminator: mapping: ACCESS_POLICY: '#/definitions/AccessPolicyRule' PASSWORD: '#/definitions/PasswordPolicyRule' PROFILE_ENROLLMENT: '#/definitions/ProfileEnrollmentPolicyRule' SIGN_ON: '#/definitions/OktaSignOnPolicyRule' propertyName: type PolicyRuleActions: type: object properties: enroll: $ref: '#/components/schemas/PolicyRuleActionsEnroll' idp: $ref: '#/components/schemas/IdpPolicyRuleAction' passwordChange: $ref: '#/components/schemas/PasswordPolicyRuleAction' selfServicePasswordReset: $ref: '#/components/schemas/PasswordPolicyRuleAction' selfServiceUnlock: $ref: '#/components/schemas/PasswordPolicyRuleAction' signon: $ref: '#/components/schemas/OktaSignOnPolicyRuleSignonActions' x-okta-tags: - Policy PolicyRuleActionsEnroll: type: object properties: self: $ref: '#/components/schemas/PolicyRuleActionsEnrollSelf' x-okta-tags: - Policy PolicyRuleActionsEnrollSelf: type: string enum: - CHALLENGE - LOGIN - NEVER x-okta-tags: - Policy PolicyRuleAuthContextCondition: type: object properties: authType: type: string enum: - ANY - RADIUS x-okta-tags: - Policy PolicyRuleConditions: type: object properties: app: $ref: '#/components/schemas/AppAndInstancePolicyRuleCondition' apps: $ref: '#/components/schemas/AppInstancePolicyRuleCondition' authContext: $ref: '#/components/schemas/PolicyRuleAuthContextCondition' authProvider: $ref: '#/components/schemas/PasswordPolicyAuthenticationProviderCondition' beforeScheduledAction: $ref: '#/components/schemas/BeforeScheduledActionPolicyRuleCondition' clients: $ref: '#/components/schemas/ClientPolicyCondition' context: $ref: '#/components/schemas/ContextPolicyRuleCondition' device: $ref: '#/components/schemas/DevicePolicyRuleCondition' grantTypes: $ref: '#/components/schemas/GrantTypePolicyRuleCondition' groups: $ref: '#/components/schemas/GroupPolicyRuleCondition' identityProvider: $ref: '#/components/schemas/IdentityProviderPolicyRuleCondition' mdmEnrollment: $ref: '#/components/schemas/MDMEnrollmentPolicyRuleCondition' network: $ref: '#/components/schemas/PolicyNetworkCondition' people: $ref: '#/components/schemas/PolicyPeopleCondition' platform: $ref: '#/components/schemas/PlatformPolicyRuleCondition' risk: $ref: '#/components/schemas/RiskPolicyRuleCondition' riskScore: $ref: '#/components/schemas/RiskScorePolicyRuleCondition' scopes: $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition' userIdentifier: $ref: '#/components/schemas/UserIdentifierPolicyRuleCondition' userStatus: $ref: '#/components/schemas/UserStatusPolicyRuleCondition' users: $ref: '#/components/schemas/UserPolicyRuleCondition' x-okta-tags: - Policy PolicySubject: type: object properties: filter: type: string format: type: array items: type: string matchAttribute: type: string matchType: $ref: '#/components/schemas/PolicySubjectMatchType' userNameTemplate: $ref: '#/components/schemas/PolicyUserNameTemplate' x-okta-tags: - Policy PolicySubjectMatchType: type: string enum: - USERNAME - EMAIL - USERNAME_OR_EMAIL - CUSTOM_ATTRIBUTE x-okta-tags: - Policy PolicyType: type: string enum: - OAUTH_AUTHORIZATION_POLICY - OKTA_SIGN_ON - PASSWORD - IDP_DISCOVERY - PROFILE_ENROLLMENT - ACCESS_POLICY - MFA_ENROLL x-okta-tags: - Policy PolicyUserNameTemplate: type: object properties: template: type: string x-okta-tags: - Policy PossessionConstraint: type: object properties: deviceBound: type: string hardwareProtection: type: string phishingResistant: type: string userPresence: type: string x-okta-parent: '#/definitions/AccessPolicyConstraint' x-okta-tags: - Policy PreRegistrationInlineHook: type: object properties: inlineHookId: type: string x-okta-tags: - Policy ProfileEnrollmentPolicy: type: object x-okta-parent: '#/definitions/Policy' x-okta-tags: - Policy ProfileEnrollmentPolicyRule: type: object properties: actions: $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleActions' name: type: string x-okta-parent: '#/definitions/PolicyRule' x-okta-tags: - Policy ProfileEnrollmentPolicyRuleAction: type: object properties: access: type: string activationRequirements: $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleActivationRequirement' preRegistrationInlineHooks: type: array items: $ref: '#/components/schemas/PreRegistrationInlineHook' profileAttributes: type: array items: $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleProfileAttribute' targetGroupIds: type: array items: type: string uiSchemaId: type: string unknownUserAction: type: string x-okta-tags: - Policy ProfileEnrollmentPolicyRuleActions: type: object properties: profileEnrollment: $ref: '#/components/schemas/ProfileEnrollmentPolicyRuleAction' x-okta-parent: '#/definitions/PolicyRuleActions' x-okta-tags: - Policy ProfileEnrollmentPolicyRuleActivationRequirement: type: object properties: emailVerification: type: boolean x-okta-tags: - Policy ProfileEnrollmentPolicyRuleProfileAttribute: type: object properties: label: type: string name: type: string required: type: boolean x-okta-tags: - Policy ProfileMapping: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true id: type: string readOnly: true properties: type: object additionalProperties: $ref: '#/components/schemas/ProfileMappingProperty' readOnly: true source: $ref: '#/components/schemas/ProfileMappingSource' target: $ref: '#/components/schemas/ProfileMappingSource' x-okta-crud: - alias: read arguments: - dest: mappingId src: id operationId: getProfileMapping - alias: update arguments: - dest: mappingId src: id operationId: updateProfileMapping x-okta-tags: - ProfileMapping ProfileMappingProperty: type: object properties: expression: type: string pushStatus: $ref: '#/components/schemas/ProfileMappingPropertyPushStatus' x-okta-tags: - ProfileMapping ProfileMappingPropertyPushStatus: type: object enum: - PUSH - DONT_PUSH x-okta-tags: - ProfileMapping ProfileMappingSource: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true id: type: string readOnly: true name: type: string readOnly: true type: type: string readOnly: true x-okta-tags: - ProfileMapping ProfileSettingObject: type: object properties: status: $ref: '#/components/schemas/EnabledStatus' x-okta-tags: - Application Protocol: type: object properties: algorithms: $ref: '#/components/schemas/ProtocolAlgorithms' credentials: $ref: '#/components/schemas/IdentityProviderCredentials' endpoints: $ref: '#/components/schemas/ProtocolEndpoints' issuer: $ref: '#/components/schemas/ProtocolEndpoint' relayState: $ref: '#/components/schemas/ProtocolRelayState' scopes: type: array items: type: string settings: $ref: '#/components/schemas/ProtocolSettings' type: type: string enum: - SAML2 - OIDC - OAUTH2 - MTLS x-okta-tags: - IdentityProvider ProtocolAlgorithmType: type: object properties: signature: $ref: '#/components/schemas/ProtocolAlgorithmTypeSignature' x-okta-tags: - IdentityProvider ProtocolAlgorithmTypeSignature: type: object properties: algorithm: type: string scope: type: string enum: - RESPONSE - TOKEN - ANY - REQUEST - NONE x-okta-tags: - IdentityProvider ProtocolAlgorithms: type: object properties: request: $ref: '#/components/schemas/ProtocolAlgorithmType' response: $ref: '#/components/schemas/ProtocolAlgorithmType' x-okta-tags: - IdentityProvider ProtocolEndpoint: type: object properties: binding: type: string enum: - HTTP-POST - HTTP-REDIRECT destination: type: string type: type: string enum: - INSTANCE - ORG url: type: string x-okta-tags: - IdentityProvider ProtocolEndpoints: type: object properties: acs: $ref: '#/components/schemas/ProtocolEndpoint' authorization: $ref: '#/components/schemas/ProtocolEndpoint' jwks: $ref: '#/components/schemas/ProtocolEndpoint' metadata: $ref: '#/components/schemas/ProtocolEndpoint' slo: $ref: '#/components/schemas/ProtocolEndpoint' sso: $ref: '#/components/schemas/ProtocolEndpoint' token: $ref: '#/components/schemas/ProtocolEndpoint' userInfo: $ref: '#/components/schemas/ProtocolEndpoint' x-okta-tags: - IdentityProvider ProtocolRelayState: type: object properties: format: $ref: '#/components/schemas/ProtocolRelayStateFormat' x-okta-tags: - IdentityProvider ProtocolRelayStateFormat: type: string enum: - OPAQUE - FROM_URL x-okta-tags: - IdentityProvider ProtocolSettings: type: object properties: nameFormat: type: string x-okta-tags: - IdentityProvider Provisioning: type: object properties: action: type: string enum: - AUTO - CALLOUT - DISABLED conditions: $ref: '#/components/schemas/ProvisioningConditions' groups: $ref: '#/components/schemas/ProvisioningGroups' profileMaster: type: boolean x-okta-tags: - IdentityProvider ProvisioningConditions: type: object properties: deprovisioned: $ref: '#/components/schemas/ProvisioningDeprovisionedCondition' suspended: $ref: '#/components/schemas/ProvisioningSuspendedCondition' x-okta-tags: - IdentityProvider ProvisioningConnection: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true authScheme: $ref: '#/components/schemas/ProvisioningConnectionAuthScheme' status: $ref: '#/components/schemas/ProvisioningConnectionStatus' x-okta-operations: - alias: getDefaultProvisioningConnectionForApplication operationId: getDefaultProvisioningConnectionForApplication - alias: activateDefaultProvisioningConnectionForApplication operationId: activateDefaultProvisioningConnectionForApplication - alias: deactivateDefaultProvisioningConnectionForApplication operationId: deactivateDefaultProvisioningConnectionForApplication x-okta-tags: - Application ProvisioningConnectionAuthScheme: type: string enum: - TOKEN - UNKNOWN x-okta-tags: - Application ProvisioningConnectionProfile: type: object properties: authScheme: $ref: '#/components/schemas/ProvisioningConnectionAuthScheme' token: type: string x-okta-operations: - alias: setDefaultProvisioningConnectionForApplication operationId: setDefaultProvisioningConnectionForApplication x-okta-tags: - Application ProvisioningConnectionRequest: type: object properties: profile: $ref: '#/components/schemas/ProvisioningConnectionProfile' x-okta-tags: - Application ProvisioningConnectionStatus: type: string enum: - DISABLED - ENABLED - UNKNOWN x-okta-tags: - Application ProvisioningDeprovisionedCondition: type: object properties: action: type: string enum: - NONE - REACTIVATE x-okta-tags: - IdentityProvider ProvisioningGroups: type: object properties: action: type: string enum: - NONE - APPEND - SYNC - ASSIGN assignments: type: array items: type: string filter: type: array items: type: string sourceAttributeName: type: string x-okta-tags: - IdentityProvider ProvisioningSuspendedCondition: type: object properties: action: type: string enum: - NONE - UNSUSPEND x-okta-tags: - IdentityProvider PushUserFactor: type: object properties: expiresAt: type: string format: date-time factorResult: $ref: '#/components/schemas/FactorResultType' profile: $ref: '#/components/schemas/PushUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor PushUserFactorProfile: type: object properties: credentialId: type: string deviceToken: type: string deviceType: type: string name: type: string platform: type: string version: type: string x-okta-tags: - UserFactor RecoveryQuestionCredential: type: object properties: answer: type: string question: type: string x-okta-tags: - User RequiredEnum: type: string enum: - ALWAYS - HIGH_RISK_ONLY - NEVER x-okta-tags: - Authenticator ResetPasswordToken: type: object properties: resetPasswordUrl: type: string readOnly: true x-okta-tags: - User ResponseLinks: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true x-okta-tags: - User RiskPolicyRuleCondition: type: object properties: behaviors: uniqueItems: true type: array items: type: string x-okta-tags: - Policy RiskScorePolicyRuleCondition: type: object properties: level: type: string x-okta-tags: - Policy Role: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true assignmentType: $ref: '#/components/schemas/RoleAssignmentType' created: type: string format: date-time readOnly: true description: type: string id: type: string readOnly: true label: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true status: $ref: '#/components/schemas/RoleStatus' type: $ref: '#/components/schemas/RoleType' x-okta-operations: - alias: addAdminGroupTarget arguments: - dest: roleId src: id - dest: groupId parentSrc: id operationId: addGroupTargetToGroupAdministratorRoleForGroup - alias: addAppInstanceTargetToAdminRole arguments: - dest: roleId src: id - dest: groupId parentSrc: id operationId: addApplicationInstanceTargetToAppAdminRoleGivenToGroup - alias: addAppTargetToAdminRole arguments: - dest: roleId src: id - dest: groupId parentSrc: id operationId: addApplicationTargetToAdminRoleGivenToGroup - alias: addAllAppsAsTargetToRole arguments: - dest: roleId src: id - dest: userId parentSrc: id operationId: addAllAppsAsTargetToRole - alias: addAppTargetToAppAdminRoleForUser arguments: - dest: roleId src: id - dest: userId parentSrc: id operationId: addApplicationTargetToAppAdminRoleForUser - alias: addAppTargetToAdminRoleForUser arguments: - dest: roleId src: id - dest: userId parentSrc: id operationId: addApplicationTargetToAdminRoleForUser x-okta-tags: - User RoleAssignmentType: type: string enum: - GROUP - USER x-okta-tags: - Role RoleStatus: type: string enum: - ACTIVE - INACTIVE x-okta-tags: - User RoleType: type: string enum: - SUPER_ADMIN - ORG_ADMIN - APP_ADMIN - USER_ADMIN - HELP_DESK_ADMIN - READ_ONLY_ADMIN - MOBILE_ADMIN - API_ACCESS_MANAGEMENT_ADMIN - REPORT_ADMIN - GROUP_MEMBERSHIP_ADMIN - CUSTOM x-okta-tags: - Role SamlApplication: type: object properties: settings: $ref: '#/components/schemas/SamlApplicationSettings' x-okta-parent: '#/definitions/Application' x-okta-tags: - Application x-openapi-v3-discriminator: mapping: okta_org2org: '#/definitions/Org2OrgApplication' propertyName: name SamlApplicationSettings: type: object properties: signOn: $ref: '#/components/schemas/SamlApplicationSettingsSignOn' x-okta-parent: '#/definitions/ApplicationSettings' x-okta-tags: - Application SamlApplicationSettingsSignOn: type: object properties: acsEndpoints: type: array items: $ref: '#/components/schemas/AcsEndpoint' allowMultipleAcsEndpoints: type: boolean assertionSigned: type: boolean attributeStatements: type: array items: $ref: '#/components/schemas/SamlAttributeStatement' audience: type: string audienceOverride: type: string authnContextClassRef: type: string defaultRelayState: type: string destination: type: string destinationOverride: type: string digestAlgorithm: type: string honorForceAuthn: type: boolean idpIssuer: type: string inlineHooks: type: array items: $ref: '#/components/schemas/SignOnInlineHook' recipient: type: string recipientOverride: type: string requestCompressed: type: boolean responseSigned: type: boolean samlSignedRequestEnabled: type: boolean signatureAlgorithm: type: string slo: $ref: '#/components/schemas/SingleLogout' spCertificate: $ref: '#/components/schemas/SpCertificate' spIssuer: type: string ssoAcsUrl: type: string ssoAcsUrlOverride: type: string subjectNameIdFormat: type: string subjectNameIdTemplate: type: string x-okta-tags: - Application SamlAttributeStatement: type: object properties: filterType: type: string filterValue: type: string name: type: string namespace: type: string type: type: string values: type: array items: type: string x-okta-tags: - Application ScheduledUserLifecycleAction: type: object properties: status: type: string enum: - ACTIVE - INACTIVE - PENDING - DELETED - EXPIRED_PASSWORD - ACTIVATING - SUSPENDED - DELETING x-okta-tags: - Policy SchemeApplicationCredentials: type: object properties: password: $ref: '#/components/schemas/PasswordCredential' revealPassword: type: boolean scheme: $ref: '#/components/schemas/ApplicationCredentialsScheme' signing: $ref: '#/components/schemas/ApplicationCredentialsSigning' userName: type: string x-okta-parent: '#/definitions/ApplicationCredentials' x-okta-tags: - Application Scope: type: object properties: allowedOktaApps: type: array items: $ref: '#/components/schemas/IframeEmbedScopeAllowedApps' stringValue: type: string type: $ref: '#/components/schemas/ScopeType' x-okta-tags: - Role ScopeType: type: string enum: - CORS - REDIRECT - IFRAME_EMBED x-okta-tags: - Role SecurePasswordStoreApplication: type: object properties: credentials: $ref: '#/components/schemas/SchemeApplicationCredentials' name: type: object settings: $ref: '#/components/schemas/SecurePasswordStoreApplicationSettings' x-okta-defined-as: name: template_sps x-okta-parent: '#/definitions/Application' x-okta-tags: - Application SecurePasswordStoreApplicationSettings: type: object properties: app: $ref: '#/components/schemas/SecurePasswordStoreApplicationSettingsApplication' x-okta-parent: '#/definitions/ApplicationSettings' x-okta-tags: - Application SecurePasswordStoreApplicationSettingsApplication: type: object properties: optionalField1: type: string optionalField1Value: type: string optionalField2: type: string optionalField2Value: type: string optionalField3: type: string optionalField3Value: type: string passwordField: type: string url: type: string usernameField: type: string x-okta-parent: '#/definitions/ApplicationSettingsApplication' x-okta-tags: - Application SecurityQuestion: type: object properties: answer: type: string question: type: string questionText: type: string x-okta-tags: - UserFactor SecurityQuestionUserFactor: type: object properties: profile: $ref: '#/components/schemas/SecurityQuestionUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor SecurityQuestionUserFactorProfile: type: object properties: answer: type: string question: type: string questionText: type: string x-okta-tags: - UserFactor SeedEnum: type: string enum: - OKTA - RANDOM x-okta-tags: - Application Session: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true amr: type: array readOnly: true items: $ref: '#/components/schemas/SessionAuthenticationMethod' createdAt: type: string format: date-time readOnly: true expiresAt: type: string format: date-time readOnly: true id: type: string readOnly: true idp: $ref: '#/components/schemas/SessionIdentityProvider' lastFactorVerification: type: string format: date-time readOnly: true lastPasswordVerification: type: string format: date-time readOnly: true login: type: string readOnly: true status: $ref: '#/components/schemas/SessionStatus' userId: type: string readOnly: true x-okta-crud: - alias: read arguments: - dest: sessionId src: id operationId: getSession - alias: delete arguments: - dest: sessionId src: id operationId: endSession x-okta-operations: - alias: refresh arguments: - dest: sessionId src: id operationId: refreshSession x-okta-tags: - Session SessionAuthenticationMethod: type: string enum: - pwd - swk - hwk - otp - sms - tel - geo - fpt - kba - mfa - mca - sc x-okta-tags: - Session SessionIdentityProvider: type: object properties: id: type: string readOnly: true type: $ref: '#/components/schemas/SessionIdentityProviderType' x-okta-tags: - Session SessionIdentityProviderType: type: string enum: - ACTIVE_DIRECTORY - LDAP - OKTA - FEDERATION - SOCIAL x-okta-tags: - Session SessionStatus: type: string enum: - ACTIVE - MFA_ENROLL - MFA_REQUIRED x-okta-tags: - Session SignInPageTouchPointVariant: type: string enum: - OKTA_DEFAULT - BACKGROUND_SECONDARY_COLOR - BACKGROUND_IMAGE x-okta-tags: - Brand SignOnInlineHook: type: object properties: id: type: string x-okta-tags: - Application SingleLogout: type: object properties: enabled: type: boolean issuer: type: string logoutUrl: type: string x-okta-tags: - Application SmsTemplate: type: object properties: created: type: string format: date-time readOnly: true id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true name: type: string template: type: string translations: $ref: '#/components/schemas/SmsTemplateTranslations' type: $ref: '#/components/schemas/SmsTemplateType' x-okta-crud: - alias: create arguments: - dest: smsTemplate self: true operationId: createSmsTemplate - alias: read arguments: [] operationId: getSmsTemplate - alias: update arguments: - dest: templateId src: id - dest: smsTemplate self: true operationId: updateSmsTemplate - alias: delete arguments: - dest: templateId src: id operationId: deleteSmsTemplate x-okta-operations: - alias: partialUpdate arguments: - dest: templateId src: id - dest: smsTemplate self: true operationId: partialUpdateSmsTemplate x-okta-tags: - Template SmsTemplateTranslations: type: object x-okta-extensible: true x-okta-tags: - Template SmsTemplateType: type: string enum: - SMS_VERIFY_CODE x-okta-tags: - Template SmsUserFactor: type: object properties: profile: $ref: '#/components/schemas/SmsUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor SmsUserFactorProfile: type: object properties: phoneNumber: type: string x-okta-tags: - UserFactor SocialAuthToken: type: object properties: expiresAt: type: string format: date-time readOnly: true id: type: string readOnly: true scopes: type: array items: type: string token: type: string tokenAuthScheme: type: string tokenType: type: string x-okta-tags: - IdentityProvider SpCertificate: type: object properties: x5c: type: array items: type: string x-okta-tags: - Application Subscription: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true channels: type: array items: type: string notificationType: $ref: '#/components/schemas/NotificationType' status: $ref: '#/components/schemas/SubscriptionStatus' x-okta-operations: - alias: listRoleSubscriptions operationId: listRoleSubscriptions - alias: getRoleSubscriptionByNotificationType operationId: getRoleSubscriptionByNotificationType - alias: getUserSubscriptionByNotificationType operationId: getUserSubscriptionByNotificationType - alias: listUserSubscriptions operationId: listUserSubscriptions - alias: subscribeUserSubscriptionByNotificationType operationId: subscribeUserSubscriptionByNotificationType - alias: unsubscribeRoleSubscriptionByNotificationType operationId: unsubscribeRoleSubscriptionByNotificationType - alias: subscribeRoleSubscriptionByNotificationType operationId: subscribeRoleSubscriptionByNotificationType - alias: unsubscribeUserSubscriptionByNotificationType operationId: unsubscribeUserSubscriptionByNotificationType x-okta-tags: - Role SubscriptionStatus: type: string enum: - subscribed - unsubscribed x-okta-tags: - Role SwaApplication: type: object properties: name: type: object settings: $ref: '#/components/schemas/SwaApplicationSettings' x-okta-defined-as: name: template_swa x-okta-parent: '#/definitions/BrowserPluginApplication' x-okta-tags: - Application SwaApplicationSettings: type: object properties: app: $ref: '#/components/schemas/SwaApplicationSettingsApplication' x-okta-parent: '#/definitions/ApplicationSettings' x-okta-tags: - Application SwaApplicationSettingsApplication: type: object properties: buttonField: type: string checkbox: type: string loginUrlRegex: type: string passwordField: type: string redirectUrl: type: string url: type: string usernameField: type: string x-okta-parent: '#/definitions/ApplicationSettingsApplication' x-okta-tags: - Application SwaThreeFieldApplication: type: object properties: name: type: object settings: $ref: '#/components/schemas/SwaThreeFieldApplicationSettings' x-okta-defined-as: name: template_swa3field x-okta-parent: '#/definitions/BrowserPluginApplication' x-okta-tags: - Application SwaThreeFieldApplicationSettings: type: object properties: app: $ref: '#/components/schemas/SwaThreeFieldApplicationSettingsApplication' x-okta-parent: '#/definitions/ApplicationSettings' x-okta-tags: - Application SwaThreeFieldApplicationSettingsApplication: type: object properties: buttonSelector: type: string extraFieldSelector: type: string extraFieldValue: type: string loginUrlRegex: type: string passwordSelector: type: string targetURL: type: string userNameSelector: type: string x-okta-parent: '#/definitions/ApplicationSettingsApplication' x-okta-tags: - Application TempPassword: type: object properties: tempPassword: type: string readOnly: true x-okta-tags: - User Theme: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true backgroundImage: type: string readOnly: true emailTemplateTouchPointVariant: $ref: '#/components/schemas/EmailTemplateTouchPointVariant' endUserDashboardTouchPointVariant: $ref: '#/components/schemas/EndUserDashboardTouchPointVariant' errorPageTouchPointVariant: $ref: '#/components/schemas/ErrorPageTouchPointVariant' primaryColorContrastHex: type: string primaryColorHex: type: string secondaryColorContrastHex: type: string secondaryColorHex: type: string signInPageTouchPointVariant: $ref: '#/components/schemas/SignInPageTouchPointVariant' x-okta-crud: - alias: read operationId: getBrandTheme - alias: update operationId: updateBrandTheme x-okta-operations: - alias: uploadBrandThemeLogo operationId: uploadBrandThemeLogo - alias: deleteBrandThemeLogo operationId: deleteBrandThemeLogo - alias: updateBrandThemeFavicon operationId: uploadBrandThemeFavicon - alias: deleteBrandThemeFavicon operationId: deleteBrandThemeFavicon - alias: updateBrandThemeBackgroundImage operationId: uploadBrandThemeBackgroundImage - alias: deleteBrandThemeBackgroundImage operationId: deleteBrandThemeBackgroundImage x-okta-tags: - Brand ThemeResponse: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true backgroundImage: type: string readOnly: true emailTemplateTouchPointVariant: $ref: '#/components/schemas/EmailTemplateTouchPointVariant' endUserDashboardTouchPointVariant: $ref: '#/components/schemas/EndUserDashboardTouchPointVariant' errorPageTouchPointVariant: $ref: '#/components/schemas/ErrorPageTouchPointVariant' favicon: type: string readOnly: true id: type: string readOnly: true logo: type: string readOnly: true primaryColorContrastHex: type: string primaryColorHex: type: string secondaryColorContrastHex: type: string secondaryColorHex: type: string signInPageTouchPointVariant: $ref: '#/components/schemas/SignInPageTouchPointVariant' x-okta-tags: - Brand ThreatInsightConfiguration: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true action: type: string created: type: string format: date-time readOnly: true excludeZones: type: array items: type: string lastUpdated: type: string format: date-time readOnly: true x-okta-crud: - alias: read arguments: [] operationId: getCurrentConfiguration - alias: update arguments: - dest: threatInsightConfiguration self: true operationId: updateConfiguration x-okta-tags: - ThreatInsight TokenAuthorizationServerPolicyRuleAction: type: object properties: accessTokenLifetimeMinutes: type: integer inlineHook: $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleActionInlineHook' refreshTokenLifetimeMinutes: type: integer refreshTokenWindowMinutes: type: integer x-okta-tags: - AuthorizationServerPolicy TokenAuthorizationServerPolicyRuleActionInlineHook: type: object properties: id: type: string x-okta-tags: - AuthorizationServerPolicy TokenUserFactor: type: object properties: profile: $ref: '#/components/schemas/TokenUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor TokenUserFactorProfile: type: object properties: credentialId: type: string x-okta-tags: - UserFactor TotpUserFactor: type: object properties: profile: $ref: '#/components/schemas/TotpUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor TotpUserFactorProfile: type: object properties: credentialId: type: string x-okta-tags: - UserFactor TrustedOrigin: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true created: type: string format: date-time readOnly: true createdBy: type: string id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true lastUpdatedBy: type: string name: type: string origin: type: string scopes: type: array items: $ref: '#/components/schemas/Scope' status: type: string x-okta-crud: - alias: create arguments: - dest: trustedOrigin self: true operationId: createOrigin - alias: read arguments: [] operationId: getOrigin - alias: update arguments: - dest: trustedOriginId src: id - dest: trustedOrigin self: true operationId: updateOrigin - alias: delete arguments: - dest: trustedOriginId src: id operationId: deleteOrigin x-okta-tags: - TrustedOrigin U2fUserFactor: type: object properties: profile: $ref: '#/components/schemas/U2fUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor U2fUserFactorProfile: type: object properties: credentialId: type: string x-okta-tags: - UserFactor User: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true activated: type: string format: date-time readOnly: true created: type: string format: date-time readOnly: true credentials: $ref: '#/components/schemas/UserCredentials' id: type: string readOnly: true lastLogin: type: string format: date-time readOnly: true lastUpdated: type: string format: date-time readOnly: true passwordChanged: type: string format: date-time readOnly: true profile: $ref: '#/components/schemas/UserProfile' status: $ref: '#/components/schemas/UserStatus' statusChanged: type: string format: date-time readOnly: true transitioningToStatus: $ref: '#/components/schemas/UserStatus' type: $ref: '#/components/schemas/UserType' x-okta-crud: - alias: create arguments: - dest: user self: true operationId: createUser - alias: read arguments: [] operationId: getUser - alias: update arguments: - dest: userId src: id - dest: user self: true operationId: updateUser - alias: delete arguments: - dest: userId src: id - dest: user self: true operationId: deactivateOrDeleteUser x-okta-operations: - alias: listAppLinks arguments: - dest: userId src: id operationId: listAppLinks - alias: changePassword arguments: - dest: userId src: id operationId: changePassword - alias: changeRecoveryQuestion arguments: - dest: userId src: id operationId: changeRecoveryQuestion - alias: forgotPasswordSetNewPassword arguments: - dest: userId src: id operationId: forgotPasswordSetNewPassword - alias: forgotPasswordGenerateOneTimeToken arguments: - dest: userId src: id operationId: forgotPasswordGenerateOneTimeToken - alias: assignRole arguments: - dest: userId src: id operationId: assignRoleToUser - alias: getRole arguments: - dest: userId src: id operationId: getUserRole - alias: removeRole arguments: - dest: userId src: id operationId: removeRoleFromUser - alias: listGroupTargets arguments: - dest: userId src: id operationId: listGroupTargetsForRole - alias: removeGroupTarget arguments: - dest: userId src: id operationId: removeGroupTargetFromRole - alias: addGroupTarget arguments: - dest: userId src: id operationId: addGroupTargetToRole - alias: listAssignedRoles arguments: - dest: userId src: id operationId: listAssignedRolesForUser - alias: addAllAppsAsTarget arguments: - dest: userId src: id operationId: addAllAppsAsTargetToRole - alias: listGroups arguments: - dest: userId src: id operationId: listUserGroups - alias: listGrants arguments: - dest: userId src: id operationId: listUserGrants - alias: revokeGrants arguments: - dest: userId src: id operationId: revokeUserGrants - alias: revokeGrant arguments: - dest: userId src: id operationId: revokeUserGrant - alias: revokeGrantsForUserAndClient arguments: - dest: userId src: id operationId: revokeGrantsForUserAndClient - alias: listRefreshTokensForUserAndClient arguments: - dest: userId src: id operationId: listRefreshTokensForUserAndClient - alias: revokeTokenForUserAndClient arguments: - dest: userId src: id operationId: revokeTokenForUserAndClient - alias: getRefreshTokenForUserAndClient arguments: - dest: userId src: id operationId: getRefreshTokenForUserAndClient - alias: revokeTokensForUserAndClient arguments: - dest: userId src: id operationId: revokeTokensForUserAndClient - alias: listClients arguments: - dest: userId src: id operationId: listUserClients - alias: activate arguments: - dest: userId src: id operationId: activateUser - alias: reactivate arguments: - dest: userId src: id operationId: reactivateUser - alias: deactivate arguments: - dest: userId src: id operationId: deactivateUser - alias: suspend arguments: - dest: userId src: id operationId: suspendUser - alias: unsuspend arguments: - dest: userId src: id operationId: unsuspendUser - alias: resetPassword arguments: - dest: userId src: id operationId: resetPassword - alias: expirePassword arguments: - dest: userId src: id operationId: expirePassword - alias: expirePasswordAndGetTemporaryPassword arguments: - dest: userId src: id operationId: expirePasswordAndGetTemporaryPassword - alias: unlock arguments: - dest: userId src: id operationId: unlockUser - alias: resetFactors arguments: - dest: userId src: id operationId: resetFactors - alias: deleteFactor arguments: - dest: userId src: id operationId: deleteFactor - alias: addToGroup arguments: - dest: userId src: id description: Adds a user to a group with 'OKTA_GROUP' type operationId: addUserToGroup - alias: enrollFactor arguments: - dest: userId src: id operationId: enrollFactor - alias: listSupportedFactors arguments: - dest: userId src: id operationId: listSupportedFactors - alias: listFactors arguments: - dest: userId src: id operationId: listFactors - alias: listSupportedSecurityQuestions arguments: - dest: userId src: id operationId: listSupportedSecurityQuestions - alias: getFactor arguments: - dest: userId src: id operationId: getFactor - alias: setLinkedObject arguments: - dest: associatedUserId src: id operationId: setLinkedObjectForUser - alias: listIdentityProviders arguments: - dest: userId src: id operationId: listUserIdentityProviders - alias: getLinkedObjects arguments: - dest: userId src: id operationId: getLinkedObjectsForUser - alias: clearSessions arguments: - dest: userId src: id operationId: clearUserSessions - alias: removeLinkedObject arguments: - dest: userId src: id operationId: removeLinkedObjectForUser x-okta-tags: - User UserActivationToken: type: object properties: activationToken: type: string readOnly: true activationUrl: type: string readOnly: true x-okta-tags: - User UserCondition: type: object properties: exclude: type: array items: type: string include: type: array items: type: string x-okta-tags: - Policy UserCredentials: type: object properties: password: $ref: '#/components/schemas/PasswordCredential' provider: $ref: '#/components/schemas/AuthenticationProvider' recovery_question: $ref: '#/components/schemas/RecoveryQuestionCredential' x-okta-tags: - User UserFactor: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true created: type: string format: date-time readOnly: true factorType: $ref: '#/components/schemas/FactorType' id: type: string readOnly: true lastUpdated: type: string format: date-time readOnly: true provider: $ref: '#/components/schemas/FactorProvider' status: $ref: '#/components/schemas/FactorStatus' verify: $ref: '#/components/schemas/VerifyFactorRequest' x-okta-crud: - alias: delete arguments: - dest: factorId src: id - dest: userId parentSrc: id operationId: deleteFactor x-okta-operations: - alias: activate arguments: - dest: factorId src: id - dest: userId parentSrc: id operationId: activateFactor - alias: verify arguments: - dest: factorId src: id - dest: userId parentSrc: id operationId: verifyFactor x-okta-tags: - UserFactor x-openapi-v3-discriminator: mapping: call: '#/definitions/CallUserFactor' email: '#/definitions/EmailUserFactor' hotp: '#/definitions/CustomHotpUserFactor' push: '#/definitions/PushUserFactor' question: '#/definitions/SecurityQuestionUserFactor' sms: '#/definitions/SmsUserFactor' token: '#/definitions/TokenUserFactor' token:hardware: '#/definitions/HardwareUserFactor' token:hotp: '#/definitions/CustomHotpUserFactor' token:software:totp: '#/definitions/TotpUserFactor' u2f: '#/definitions/U2fUserFactor' web: '#/definitions/WebUserFactor' webauthn: '#/definitions/WebAuthnUserFactor' propertyName: factorType UserIdString: type: object properties: userId: type: string x-okta-parent: '#/definitions/OrgContactUser' x-okta-tags: - Org UserIdentifierConditionEvaluatorPattern: type: object properties: matchType: type: string enum: - SUFFIX - EXPRESSION - STARTS_WITH - EQUALS - CONTAINS value: type: string x-okta-tags: - Policy UserIdentifierPolicyRuleCondition: type: object properties: attribute: type: string patterns: type: array items: $ref: '#/components/schemas/UserIdentifierConditionEvaluatorPattern' type: type: string enum: - IDENTIFIER - ATTRIBUTE x-okta-tags: - Policy UserIdentityProviderLinkRequest: type: object properties: externalId: type: string x-okta-tags: - Policy UserLifecycleAttributePolicyRuleCondition: type: object properties: attributeName: type: string matchingValue: type: string x-okta-tags: - Policy UserNextLogin: type: string enum: - changePassword x-okta-tags: - User UserPolicyRuleCondition: type: object properties: exclude: type: array items: type: string inactivity: $ref: '#/components/schemas/InactivityPolicyRuleCondition' include: type: array items: type: string lifecycleExpiration: $ref: '#/components/schemas/LifecycleExpirationPolicyRuleCondition' passwordExpiration: $ref: '#/components/schemas/PasswordExpirationPolicyRuleCondition' userLifecycleAttribute: $ref: '#/components/schemas/UserLifecycleAttributePolicyRuleCondition' x-okta-tags: - Policy UserProfile: type: object properties: city: type: string costCenter: type: string countryCode: type: string department: type: string displayName: type: string division: type: string email: type: string employeeNumber: type: string firstName: type: string honorificPrefix: type: string honorificSuffix: type: string lastName: type: string locale: type: string login: type: string manager: type: string managerId: type: string middleName: type: string mobilePhone: type: string nickName: type: string organization: type: string postalAddress: type: string preferredLanguage: type: string primaryPhone: type: string profileUrl: type: string secondEmail: type: string state: type: string streetAddress: type: string timezone: type: string title: type: string userType: type: string zipCode: type: string x-okta-extensible: true x-okta-tags: - User UserSchema: type: object properties: $schema: type: string readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true created: type: string readOnly: true definitions: $ref: '#/components/schemas/UserSchemaDefinitions' id: type: string readOnly: true lastUpdated: type: string readOnly: true name: type: string readOnly: true properties: $ref: '#/components/schemas/UserSchemaProperties' title: type: string type: type: string readOnly: true x-okta-tags: - UserSchema UserSchemaAttribute: type: object properties: description: type: string enum: type: array items: type: string externalName: type: string externalNamespace: type: string items: $ref: '#/components/schemas/UserSchemaAttributeItems' master: $ref: '#/components/schemas/UserSchemaAttributeMaster' maxLength: type: integer minLength: type: integer mutability: type: string oneOf: type: array items: $ref: '#/components/schemas/UserSchemaAttributeEnum' pattern: type: string permissions: type: array items: $ref: '#/components/schemas/UserSchemaAttributePermission' required: type: boolean scope: $ref: '#/components/schemas/UserSchemaAttributeScope' title: type: string type: $ref: '#/components/schemas/UserSchemaAttributeType' union: $ref: '#/components/schemas/UserSchemaAttributeUnion' unique: type: string x-okta-tags: - UserSchema UserSchemaAttributeEnum: type: object properties: const: type: string title: type: string x-okta-tags: - UserSchema UserSchemaAttributeItems: type: object properties: enum: type: array items: type: string oneOf: type: array items: $ref: '#/components/schemas/UserSchemaAttributeEnum' type: type: string x-okta-tags: - UserSchema UserSchemaAttributeMaster: type: object properties: priority: type: array items: $ref: '#/components/schemas/UserSchemaAttributeMasterPriority' type: $ref: '#/components/schemas/UserSchemaAttributeMasterType' x-okta-tags: - UserSchema UserSchemaAttributeMasterPriority: type: object properties: type: type: string value: type: string x-okta-tags: - UserSchema UserSchemaAttributeMasterType: type: string enum: - PROFILE_MASTER - OKTA - OVERRIDE x-okta-tags: - UserSchema UserSchemaAttributePermission: type: object properties: action: type: string principal: type: string x-okta-tags: - UserSchema UserSchemaAttributeScope: type: object enum: - SELF - NONE x-okta-tags: - UserSchema UserSchemaAttributeType: type: string enum: - string - boolean - number - integer - array x-okta-tags: - UserSchema UserSchemaAttributeUnion: type: object enum: - DISABLE - ENABLE x-okta-tags: - UserSchema UserSchemaBase: type: object properties: id: type: string readOnly: true properties: $ref: '#/components/schemas/UserSchemaBaseProperties' required: type: array items: type: string type: type: string x-okta-tags: - UserSchema UserSchemaBaseProperties: type: object properties: city: $ref: '#/components/schemas/UserSchemaAttribute' costCenter: $ref: '#/components/schemas/UserSchemaAttribute' countryCode: $ref: '#/components/schemas/UserSchemaAttribute' department: $ref: '#/components/schemas/UserSchemaAttribute' displayName: $ref: '#/components/schemas/UserSchemaAttribute' division: $ref: '#/components/schemas/UserSchemaAttribute' email: $ref: '#/components/schemas/UserSchemaAttribute' employeeNumber: $ref: '#/components/schemas/UserSchemaAttribute' firstName: $ref: '#/components/schemas/UserSchemaAttribute' honorificPrefix: $ref: '#/components/schemas/UserSchemaAttribute' honorificSuffix: $ref: '#/components/schemas/UserSchemaAttribute' lastName: $ref: '#/components/schemas/UserSchemaAttribute' locale: $ref: '#/components/schemas/UserSchemaAttribute' login: $ref: '#/components/schemas/UserSchemaAttribute' manager: $ref: '#/components/schemas/UserSchemaAttribute' managerId: $ref: '#/components/schemas/UserSchemaAttribute' middleName: $ref: '#/components/schemas/UserSchemaAttribute' mobilePhone: $ref: '#/components/schemas/UserSchemaAttribute' nickName: $ref: '#/components/schemas/UserSchemaAttribute' organization: $ref: '#/components/schemas/UserSchemaAttribute' postalAddress: $ref: '#/components/schemas/UserSchemaAttribute' preferredLanguage: $ref: '#/components/schemas/UserSchemaAttribute' primaryPhone: $ref: '#/components/schemas/UserSchemaAttribute' profileUrl: $ref: '#/components/schemas/UserSchemaAttribute' secondEmail: $ref: '#/components/schemas/UserSchemaAttribute' state: $ref: '#/components/schemas/UserSchemaAttribute' streetAddress: $ref: '#/components/schemas/UserSchemaAttribute' timezone: $ref: '#/components/schemas/UserSchemaAttribute' title: $ref: '#/components/schemas/UserSchemaAttribute' userType: $ref: '#/components/schemas/UserSchemaAttribute' zipCode: $ref: '#/components/schemas/UserSchemaAttribute' x-okta-tags: - UserSchema UserSchemaDefinitions: type: object properties: base: $ref: '#/components/schemas/UserSchemaBase' custom: $ref: '#/components/schemas/UserSchemaPublic' x-okta-tags: - UserSchema UserSchemaProperties: type: object properties: profile: $ref: '#/components/schemas/UserSchemaPropertiesProfile' x-okta-tags: - UserSchema UserSchemaPropertiesProfile: type: object properties: allOf: type: array items: $ref: '#/components/schemas/UserSchemaPropertiesProfileItem' x-okta-tags: - UserSchema UserSchemaPropertiesProfileItem: type: object properties: $ref: type: string x-okta-tags: - UserSchema UserSchemaPublic: type: object properties: id: type: string readOnly: true properties: type: object additionalProperties: $ref: '#/components/schemas/UserSchemaAttribute' required: type: array items: type: string type: type: string x-okta-tags: - UserSchema UserStatus: type: string enum: - ACTIVE - DEPROVISIONED - LOCKED_OUT - PASSWORD_EXPIRED - PROVISIONED - RECOVERY - STAGED - SUSPENDED x-okta-tags: - User UserStatusPolicyRuleCondition: type: object properties: value: type: string enum: - ACTIVE - INACTIVE - PENDING - DELETED - EXPIRED_PASSWORD - ACTIVATING - SUSPENDED - DELETING x-okta-tags: - Policy UserType: type: object properties: _links: type: object additionalProperties: type: object properties: {} readOnly: true created: type: string format: date-time readOnly: true createdBy: type: string readOnly: true default: type: boolean readOnly: true description: type: string displayName: type: string id: type: string lastUpdated: type: string format: date-time readOnly: true lastUpdatedBy: type: string readOnly: true name: type: string x-okta-crud: - alias: create arguments: - dest: userType self: true operationId: createUserType - alias: update arguments: - dest: typeId src: id - dest: userType self: true operationId: updateUserType - alias: read arguments: - dest: typeId src: id operationId: getUserType - alias: delete arguments: - dest: typeId src: id operationId: deleteUserType x-okta-operations: - alias: replaceUserType arguments: - dest: roleId src: id operationId: replaceUserType x-okta-tags: - UserType UserTypeCondition: type: object properties: exclude: type: array items: type: string include: type: array items: type: string x-okta-tags: - Policy UserVerificationEnum: type: string enum: - REQUIRED - PREFERRED x-okta-tags: - Authenticator VerificationMethod: type: object properties: constraints: type: array items: $ref: '#/components/schemas/AccessPolicyConstraints' factorMode: type: string inactivityPeriod: type: string reauthenticateIn: type: string type: type: string x-okta-tags: - Policy VerifyFactorRequest: type: object properties: activationToken: type: string answer: type: string attestation: type: string clientData: type: string nextPassCode: type: string passCode: type: string registrationData: type: string stateToken: type: string x-okta-tags: - UserFactor VerifyUserFactorResponse: type: object properties: _embedded: type: object additionalProperties: type: object properties: {} readOnly: true _links: type: object additionalProperties: type: object properties: {} readOnly: true expiresAt: type: string format: date-time readOnly: true factorResult: type: string enum: - SUCCESS - EXPIRED - CHALLENGE - WAITING - FAILED - REJECTED - TIMEOUT - TIME_WINDOW_EXCEEDED - PASSCODE_REPLAYED - ERROR factorResultMessage: type: string x-okta-tags: - UserFactor WebAuthnUserFactor: type: object properties: profile: $ref: '#/components/schemas/WebAuthnUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor WebAuthnUserFactorProfile: type: object properties: authenticatorName: type: string credentialId: type: string x-okta-tags: - UserFactor WebUserFactor: type: object properties: profile: $ref: '#/components/schemas/WebUserFactorProfile' x-okta-parent: '#/definitions/UserFactor' x-okta-tags: - UserFactor WebUserFactorProfile: type: object properties: credentialId: type: string x-okta-tags: - UserFactor WsFederationApplication: type: object properties: name: type: object settings: $ref: '#/components/schemas/WsFederationApplicationSettings' x-okta-defined-as: name: template_wsfed x-okta-parent: '#/definitions/Application' x-okta-tags: - Application WsFederationApplicationSettings: type: object properties: app: $ref: '#/components/schemas/WsFederationApplicationSettingsApplication' x-okta-parent: '#/definitions/ApplicationSettings' x-okta-tags: - Application WsFederationApplicationSettingsApplication: type: object properties: attributeStatements: type: string audienceRestriction: type: string authnContextClassRef: type: string groupFilter: type: string groupName: type: string groupValueFormat: type: string nameIDFormat: type: string realm: type: string siteURL: type: string usernameAttribute: type: string wReplyOverride: type: boolean wReplyURL: type: string x-okta-parent: '#/definitions/ApplicationSettingsApplication' x-okta-tags: - Application securitySchemes: api_token: type: apiKey description: "SSWS {API Token}" name: Authorization in: header tags: - name: Application - name: Authenticator - name: AuthorizationServer - name: Brand - name: Domain - name: EventHook - name: Feature - name: Group - name: GroupSchema - name: IdentityProvider - name: InlineHook - name: LinkedObject - name: Log - name: NetworkZone - name: Org - name: Policy - name: ProfileMapping - name: Session - name: Subscription - name: Template - name: ThreatInsight - name: TrustedOrigin - name: User - name: UserFactor - name: UserSchema - name: UserType