ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
created | number | Timestamp when the Application object was created | |
name | string | Unique key for the application definition | |
id | string | Unique ID for the app instance | |
signOnMode | string | Authentication mode for the app | |
lastUpdated | number | Timestamp when the Application object was last updated | |
settings | object | App settings | |
identityStoreId | string | identityStoreId | |
implicitAssignment | boolean | implicitAssignment | |
inlineHookId | string | inlineHookId | |
notes | object | ApplicationSettingsNotes | |
admin | string | admin | |
enduser | string | enduser | |
signOn | object | AutoLoginApplicationSettingsSignOn | |
loginUrl | string | Primary URL of the sign-in page for this app. | |
redirectUrl | string | Secondary URL of the sign-in page for this app | |
notifications | object | ApplicationSettingsNotifications | |
vpn | object | ApplicationSettingsNotificationsVpn | |
helpUrl | string | helpUrl | |
message | string | message | |
network | object | ApplicationSettingsNotificationsVpnNetwork | |
connection | string | connection | |
exclude | list<string> | exclude | |
include | list<string> | include | |
features | list<string> | Enabled app features | |
label | string | User-defined display name for app | |
accessibility | list<object> | Specifies access settings for the app | |
errorRedirectUrl | string | Custom error page URL for the app | |
loginRedirectUrl | string | Custom login page URL for the app | |
selfService | boolean | Represents whether the app can be self-assignable by users | |
licensing | object | ApplicationLicensing | |
seatCount | number | Number of licenses purchased for the app | |
status | string | App instance status | |
visibility | object | ApplicationVisibility | |
autoLaunch | boolean | Automatically signs in to the app when user signs into Okta | |
autoSubmitToolbar | boolean | Automatically sign in when user lands on the sign-in page | |
hide | object | Hides the app for specific end-user apps | |
iOS | boolean | iOS | |
web | boolean | web | |
_links | object | Discoverable resources related to the app | |
self | object | Link Object | |
hints | object | Describes allowed HTTP verbs for the href Object | |
allow | list<string> | HttpMethod | |
href | string | Link URI | |
name | string | Link name | |
type | string | The media type of the link. If omitted it is implicitly application/json | |
users | object | Link Object | |
href | string | Link URI | |
name | string | Link name | |
type | string | The media type of the link. If omitted it is implicitly application/json | |
hints | object | Describes allowed HTTP verbs for the href Object | |
allow | list<string> | HttpMethod | |
logo | list<object> | Link Object | |
href | string | Link URI | |
name | string | Link name | |
type | string | The media type of the link. If omitted it is implicitly application/json | |
hints | object | Describes allowed HTTP verbs for the href Object | |
allow | list<string> | HttpMethod | |
accessPolicy | object | Link Object | |
href | string | Link URI | |
name | string | Link name | |
type | string | The media type of the link. If omitted it is implicitly application/json | |
hints | object | Describes allowed HTTP verbs for the href Object | |
allow | list<string> | HttpMethod | |
activate | object | Link Object | |
href | string | Link URI | |
name | string | Link name | |
type | string | The media type of the link. If omitted it is implicitly application/json | |
hints | object | Describes allowed HTTP verbs for the href Object | |
allow | list<string> | HttpMethod | |
deactivate | object | Link Object | |
type | string | The media type of the link. If omitted it is implicitly application/json | |
hints | object | Describes allowed HTTP verbs for the href Object | |
allow | list<string> | HttpMethod | |
href | string | Link URI | |
name | string | Link name | |
groups | object | Link Object | |
type | string | The media type of the link. If omitted it is implicitly application/json | |
hints | object | Describes allowed HTTP verbs for the href Object | |
allow | list<string> | HttpMethod | |
href | string | Link URI | |
name | string | Link name | |
metadata | object | Link Object | |
href | string | Link URI | |
name | string | Link name | |
type | string | The media type of the link. If omitted it is implicitly application/json | |
hints | object | Describes allowed HTTP verbs for the href Object | |
allow | list<string> | HttpMethod |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
id | string | ID of the Grant object | |
issuer | string | The issuer of your org authorization server. This is typically your Okta domain. | |
status | string | Status | |
clientId | string | Application | Client ID of the app integration |
createdBy | object | User that created the object | |
id | string | User ID | |
type | string | Type of user | |
scopeId | string | The name of the Okta scope for which consent is granted | |
userId | string | User ID that granted consent (if source is END_USER) | |
source | string | User type source that granted consent | |
created | number | Timestamp when the object was created | |
lastUpdated | number | Timestamp when the object was last updated |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
lastUpdated | number | Timestamp when the object was last updated | |
appId | string | Application | Client ID of the assigned app integration |
priority | number | priority | |
id | string | ID of the application group object | |
groupId | string | Group | Group ID that is assigned to application. |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
lastUpdated | number | Timestamp when the object was last updated | |
appId | string | Application | Client ID of the assigned app integration |
scope | string | Indicates if the assignment is direct (USER) or by group membership (GROUP). | |
externalId | string | The ID of the user in the target app that's linked to the Okta Application User object. | |
id | string | ID of the application user object | |
userId | string | User | User ID that is assigned to application. |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
permissions | list<string> | The permissions associated with the Connected Application. | |
connectedAppName | string | Name of the Connected Application. | |
riskScore | number | The risk score associated with the Connected Application. | |
appID | string | The unique identifier of Connected Application | |
riskLevel | string | The risk level associated with the Connected Application. |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
created | number | When the group was created | |
lastMembershipUpdated | number | When the group member was last updated | |
lastUpdated | number | When was group last updated | |
type | string | Type of the group | |
profile | object | profile | |
description | string | description of the group | |
name | string | name | |
id | string | Group's unique ID |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
id | string | Role Assignment ID | |
status | string | Status of the GroupRoleAssignment | |
created | number | When the GroupRoleAssignment was created | |
lastUpdated | number | When the GroupRoleAssignment was lastUpdated | |
label | string | Role | Label of the role assignment |
assignmentType | string | assignmentType | |
type | string | type | |
group_id | string | Group | Target group id of the role assignment |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
id | string | ID of the group user object | |
user_id | string | User | User ID that is assigned to group. |
group_id | string | Group | ID of the assigned group |
lastUpdated | number | Timestamp when the object was last updated |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
status | string | Status of the IdP. Possible values: ACTIVE or INACTIVE | |
type | string | Type of IdP. Possible values: AMAZON, APPLE, DISCORD, FACEBOOK, GITHUB, GITLAB, GOOGLE, LINKEDIN, LOGINGOV, LOGINGOV_SANDBOX, MICROSOFT, OIDC, PAYPAL, PAYPAL_SANDBOX, SALESFORCE, SAML2, SPOTIFY, X509, XERO, YAHOO, YAHOOJP | |
created | number | Timestamp when the IdP was created | |
id | string | Unique key for the IdP | |
issuerMode | string | Indicates whether Okta uses the original Okta org domain URL or a custom domain URL in the request to the social IdP. Possible values: ORG_URL, CUSTOM_URL, or DYNAMIC | |
lastUpdated | number | Timestamp when the IdP was last updated | |
name | string | Unique name for the IdP | |
policy | object | Policy settings for IdP type | |
accountLink | object | Policy rules to link an IdP User to an existing Okta User | |
action | string | Specifies the account linking action for an IdP User. Possible values: AUTO, DISABLED | |
filter | object | Allowlist for link candidates | |
groups | object | Group memberships to determine link candidates | |
include | list<string> | Specifies the allow list of Group identifiers to match against | |
mapAMRClaims | boolean | Determines whether the IdP should map AMR claims from the IdP to the Okta session | |
maxClockSkew | number | Maximum allowable clock skew when processing messages from the IdP | |
provisioning | object | Policy rules to just-in-time (JIT) provision an IdP User as a new Okta User | |
conditions | object | Conditional behaviors for an IdP User during authentication | |
deprovisioned | object | Behavior for a previously deprovisioned IdP User during authentication | |
action | string | Action for a previously deprovisioned IdP User during authentication. Possible values: NONE, REACTIVATE | |
suspended | object | Behavior for a previously suspended IdP User during authentication | |
action | string | Action for a previously suspended IdP User during authentication. Possible values: NONE, UNSUSPEND | |
groups | object | Provisioning settings for a User's Group memberships | |
action | string | Provisioning action for the IdP User's Group memberships. Possible values: NONE, APPEND, ASSIGN, SYNC | |
assignments | list<string> | List of OKTA_GROUP Group identifiers to add an IdP User as a member with the ASSIGN action | |
filter | list<string> | Allowlist of OKTA_GROUP Group identifiers for the APPEND or SYNC provisioning action | |
sourceAttributeName | string | IdP User profile attribute name (case-insensitive) for an array value that contains Group memberships | |
profileMaster | boolean | Determines if the IdP should act as a source of truth for User profile attributes | |
action | string | Provisioning action for an IdP User during authentication. Possible values: AUTO, DISABLED | |
subject | object | Policy rules to select the Okta sign-in identifier for the IdP User and determine matching rules | |
filter | string | Optional regular expression pattern (opens new window) used to filter untrusted IdP usernames | |
matchAttribute | string | Okta User profile attribute for matching a transformed IdP username. Only for matchType CUSTOM_ATTRIBUTE | |
matchType | string | Determines the Okta User profile attribute match conditions for account linking and authentication of the transformed IdP username. Possible values: USERNAME, EMAIL, USERNAME_OR_EMAIL or CUSTOM_ATTRIBUTE | |
userNameTemplate | object | Okta Expression Language (EL) expression to generate or transform a unique username for the IdP User | |
template | string | Okta EL Expression to generate or transform a unique username for the IdP User | |
protocol | object | Protocol settings for IdP type | |
algorithms | object | Settings for signing and verifying SAML messages | |
request | object | Algorithm settings used to secure an <AuthnRequest> message | |
signature | object | Algorithm settings used to sign an <AuthnRequest> message | |
algorithm | string | The XML digital Signature Algorithm used when signing an <AuthnRequest> message. Possible values: SHA-1 or SHA-256 | |
scope | string | Specifies whether to digitally sign <AuthnRequest> messages to the IdP. Possible values: REQUEST or NONE | |
response | object | Algorithm settings used to verify a <SAMLResponse> message | |
signature | object | Algorithm settings for verifying <SAMLResponse> messages and <Assertion> elements from the IdP | |
algorithm | string | The minimum XML digital Signature Algorithm allowed when verifying a <SAMLResponse> message or <Assertion> element. Possible values: SHA-1 or SHA-256 | |
scope | string | Specifies whether to verify a <SAMLResponse> message or <Assertion> element XML digital signature. Possible values: RESPONSE, ASSERTION, or ANY | |
endpoints | object | SAML 2.0 HTTP binding settings for IdP and SP (Okta) | |
acs | object | Okta's SPSSODescriptor endpoint where the IdP sends a <SAMLResponse> message | |
binding | string | HTTP binding used to receive a <SAMLResponse> message from the IdP. Possible values: HTTP-POST | |
type | string | Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata. Possible values: INSTANCE or ORG | |
sso | object | IdP's SingleSignOnService endpoint where Okta sends an <AuthnRequest> message | |
binding | string | HTTP binding used to send an <AuthnRequest> message to the IdP. Possible values: HTTP-POST or HTTP-Redirect | |
destination | string | URI reference that indicates the address to which the <AuthnRequest> message is sent | |
url | string | URL of the binding-specific endpoint to send an <AuthnRequest> message to the IdP | |
relayState | object | Relay state settings for IdP | |
format | string | The format used to generate the relayState in the SAML request. FROM_URL is used if this value is null. Possible values: OPAQUE or FROM_URL | |
settings | object | Advanced settings for the SAML 2.0 protocol | |
honorPersistentNameId | boolean | Determines if the IdP should persist account linking when the incoming assertion NameID format is urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | |
nameFormat | string | The name identifier format to use | |
type | string | SAML 2.0 protocol | |
properties | object | Properties specific to the type of IdP | |
ialValue | string | The type of identity verification (IAL) value for the Login.gov IdP. Applies to IDP type: LOGINGOV, LOGINGOV_SANDBOX | |
aalValue | string | The authentication assurance level (AAL) value for the Login.gov IdP. Applies to IDP type: LOGINGOV, LOGINGOV_SANDBOX | |
additionalAmr | list<string> | The additional Assurance Methods References (AMR) values for Smart Card IdPs. Supported values: sc (smart card), hwk (hardware-secured key), pin (personal identification number), and mfa (multifactor authentication) Applies to IDP type: X509 |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
id | string | Role ID | |
description | string | Description of the role | |
created | number | When the role was created | |
lastUpdated | number | When the role was last updated | |
label | string | Label of the role | |
permissions | list<object> | Permissions associated with the role | |
label | string | label of the permission | |
created | number | When the permission was created | |
lastUpdated | number | When the permission was lastUpdated | |
conditions | string | Permission conditions. |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
lastUpdated | number | When the RoleAssignment was lastUpdated | |
label | string | Role | Label of the role assignment |
assignmentType | string | assignmentType | |
type | string | type | |
user_id | string | User | Target user id of the role assignment (only valid if assignmentType is User) |
id | string | Role Assignment ID | |
status | string | Status of the RoleAssignment | |
created | number | When the RoleAssignment was created |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|---|---|---|
activated | number | When the user was activated | |
statusChanged | number | When the user status was changed | |
lastLogin | number | When was the last login for the user | |
lastUpdated | number | When was User last updated | |
passwordChanged | number | When was the user password last changed | |
provider | object | provider | |
type | string | type | |
name | string | name | |
id | string | User's account ID | |
created | number | When the user was created | |
profile | object | profile | |
displayName | string | displayName | |
managerId | string | managerId | |
preferredLanguage | string | preferredLanguage | |
primaryPhone | string | primaryPhone | |
state | string | state | |
title | string | title | |
login | string | login | |
city | string | city | |
userType | string | userType | |
zipCode | string | zipCode | |
firstName | string | firstName | |
streetAddress | string | streetAddress | |
nickName | string | nickName | |
profileUrl | string | profileUrl | |
string | |||
honorificSuffix | string | honorificSuffix | |
locale | string | locale | |
postalAddress | string | postalAddress | |
costCenter | string | costCenter | |
countryCode | string | countryCode | |
middleName | string | middleName | |
organization | string | organization | |
department | string | department | |
employeeNumber | string | employeeNumber | |
division | string | division | |
honorificPrefix | string | honorificPrefix | |
manager | string | manager | |
lastName | string | lastName | |
secondEmail | string | secondEmail | |
mobilePhone | string | mobilePhone | |
timezone | string | timezone | |
status | string | Status of the User | |
type | object | Type of the User | |
lastUpdated | number | A timestamp from when the User Type was most recently updated | |
lastUpdatedBy | string | The user ID of the most recent account to edit the User Type | |
name | string | The name of the User Type | |
id | string | id | |
created | number | A timestamp from when the User Type was created | |
createdBy | string | The user ID of the account that created the User Type | |
default | boolean | A boolean value to indicate if this is the default User Type | |
description | string | The human-readable description of the User Type |
ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
---|