Select Friend
Okta
Resource Type
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| visibility | object | ApplicationVisibility | |
| autoLaunch | boolean | Automatically signs in to the app when user signs into Okta | |
| autoSubmitToolbar | boolean | Automatically sign in when user lands on the sign-in page | |
| hide | object | Hides the app for specific end-user apps | |
| iOS | boolean | iOS | |
| web | boolean | web | |
| _links | object | Discoverable resources related to the app | |
| users | object | Link Object | |
| href | string | Link URI | |
| name | string | Link name | |
| type | string | The media type of the link. If omitted it is implicitly application/json | |
| hints | object | Describes allowed HTTP verbs for the href Object | |
| allow | list<string> | HttpMethod | |
| logo | list<object> | Link Object | |
| hints | object | Describes allowed HTTP verbs for the href Object | |
| allow | list<string> | HttpMethod | |
| href | string | Link URI | |
| name | string | Link name | |
| type | string | The media type of the link. If omitted it is implicitly application/json | |
| accessPolicy | object | Link Object | |
| href | string | Link URI | |
| name | string | Link name | |
| type | string | The media type of the link. If omitted it is implicitly application/json | |
| hints | object | Describes allowed HTTP verbs for the href Object | |
| allow | list<string> | HttpMethod | |
| activate | object | Link Object | |
| href | string | Link URI | |
| name | string | Link name | |
| type | string | The media type of the link. If omitted it is implicitly application/json | |
| hints | object | Describes allowed HTTP verbs for the href Object | |
| allow | list<string> | HttpMethod | |
| deactivate | object | Link Object | |
| href | string | Link URI | |
| name | string | Link name | |
| type | string | The media type of the link. If omitted it is implicitly application/json | |
| hints | object | Describes allowed HTTP verbs for the href Object | |
| allow | list<string> | HttpMethod | |
| groups | object | Link Object | |
| href | string | Link URI | |
| name | string | Link name | |
| type | string | The media type of the link. If omitted it is implicitly application/json | |
| hints | object | Describes allowed HTTP verbs for the href Object | |
| allow | list<string> | HttpMethod | |
| metadata | object | Link Object | |
| href | string | Link URI | |
| name | string | Link name | |
| type | string | The media type of the link. If omitted it is implicitly application/json | |
| hints | object | Describes allowed HTTP verbs for the href Object | |
| allow | list<string> | HttpMethod | |
| self | object | Link Object | |
| href | string | Link URI | |
| name | string | Link name | |
| type | string | The media type of the link. If omitted it is implicitly application/json | |
| hints | object | Describes allowed HTTP verbs for the href Object | |
| allow | list<string> | HttpMethod | |
| licensing | object | ApplicationLicensing | |
| seatCount | number | Number of licenses purchased for the app | |
| signOnMode | string | Authentication mode for the app | |
| created | number | Timestamp when the Application object was created | |
| features | list<string> | Enabled app features | |
| id | string | Unique ID for the app instance | |
| lastUpdated | number | Timestamp when the Application object was last updated | |
| label | string | User-defined display name for app | |
| accessibility | list<object> | Specifies access settings for the app | |
| selfService | boolean | Represents whether the app can be self-assignable by users | |
| errorRedirectUrl | string | Custom error page URL for the app | |
| loginRedirectUrl | string | Custom login page URL for the app | |
| status | string | App instance status | |
| name | string | Unique key for the application definition | |
| settings | object | App settings | |
| notifications | object | ApplicationSettingsNotifications | |
| vpn | object | ApplicationSettingsNotificationsVpn | |
| helpUrl | string | helpUrl | |
| message | string | message | |
| network | object | ApplicationSettingsNotificationsVpnNetwork | |
| exclude | list<string> | exclude | |
| include | list<string> | include | |
| connection | string | connection | |
| identityStoreId | string | identityStoreId | |
| implicitAssignment | boolean | implicitAssignment | |
| inlineHookId | string | inlineHookId | |
| notes | object | ApplicationSettingsNotes | |
| admin | string | admin | |
| enduser | string | enduser | |
| signOn | object | AutoLoginApplicationSettingsSignOn | |
| loginUrl | string | Primary URL of the sign-in page for this app. | |
| redirectUrl | string | Secondary URL of the sign-in page for this app |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| clientId | string | Application | Client ID of the app integration |
| createdBy | object | User that created the object | |
| id | string | User ID | |
| type | string | Type of user | |
| issuer | string | The issuer of your org authorization server. This is typically your Okta domain. | |
| scopeId | string | The name of the Okta scope for which consent is granted | |
| userId | string | User ID that granted consent (if source is END_USER) | |
| source | string | User type source that granted consent | |
| created | number | Timestamp when the object was created | |
| id | string | ID of the Grant object | |
| status | string | Status | |
| lastUpdated | number | Timestamp when the object was last updated |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| id | string | ID of the application group object | |
| groupId | string | Group | Group ID that is assigned to application. |
| lastUpdated | number | Timestamp when the object was last updated | |
| appId | string | Application | Client ID of the assigned app integration |
| priority | number | priority |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| id | string | ID of the application user object | |
| userId | string | User | User ID that is assigned to application. |
| lastUpdated | number | Timestamp when the object was last updated | |
| appId | string | Application | Client ID of the assigned app integration |
| scope | string | Indicates if the assignment is direct (USER) or by group membership (GROUP). | |
| externalId | string | The ID of the user in the target app that's linked to the Okta Application User object. |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| riskScore | number | The risk score associated with the Connected Application. | |
| appID | string | The unique identifier of Connected Application | |
| riskLevel | string | The risk level associated with the Connected Application. | |
| permissions | list<string> | The permissions associated with the Connected Application. | |
| connectedAppName | string | Name of the Connected Application. |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| created | number | When the group was created | |
| lastMembershipUpdated | number | When the group member was last updated | |
| lastUpdated | number | When was group last updated | |
| type | string | Type of the group | |
| profile | object | profile | |
| description | string | description of the group | |
| name | string | name of the group | |
| id | string | Group's unique ID |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| type | string | type | |
| group_id | string | Group | Target group id of the role assignment |
| id | string | Role Assignment ID | |
| status | string | Status of the GroupRoleAssignment | |
| created | number | When the GroupRoleAssignment was created | |
| lastUpdated | number | When the GroupRoleAssignment was lastUpdated | |
| label | string | Role | Label of the role assignment |
| assignmentType | string | assignmentType |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| id | string | ID of the group user object | |
| user_id | string | User | User ID that is assigned to group. |
| group_id | string | Group | ID of the assigned group |
| lastUpdated | number | Timestamp when the object was last updated |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| issuerMode | string | Indicates whether Okta uses the original Okta org domain URL or a custom domain URL in the request to the social IdP. Possible values: ORG_URL, CUSTOM_URL, or DYNAMIC | |
| lastUpdated | number | Timestamp when the IdP was last updated | |
| policy | object | Policy settings for IdP type | |
| accountLink | object | Policy rules to link an IdP User to an existing Okta User | |
| action | string | Specifies the account linking action for an IdP User. Possible values: AUTO, DISABLED | |
| filter | object | Allowlist for link candidates | |
| groups | object | Group memberships to determine link candidates | |
| include | list<string> | Specifies the allow list of Group identifiers to match against | |
| mapAMRClaims | boolean | Determines whether the IdP should map AMR claims from the IdP to the Okta session | |
| maxClockSkew | number | Maximum allowable clock skew when processing messages from the IdP | |
| provisioning | object | Policy rules to just-in-time (JIT) provision an IdP User as a new Okta User | |
| groups | object | Provisioning settings for a User's Group memberships | |
| action | string | Provisioning action for the IdP User's Group memberships. Possible values: NONE, APPEND, ASSIGN, SYNC | |
| assignments | list<string> | List of OKTA_GROUP Group identifiers to add an IdP User as a member with the ASSIGN action | |
| filter | list<string> | Allowlist of OKTA_GROUP Group identifiers for the APPEND or SYNC provisioning action | |
| sourceAttributeName | string | IdP User profile attribute name (case-insensitive) for an array value that contains Group memberships | |
| profileMaster | boolean | Determines if the IdP should act as a source of truth for User profile attributes | |
| action | string | Provisioning action for an IdP User during authentication. Possible values: AUTO, DISABLED | |
| conditions | object | Conditional behaviors for an IdP User during authentication | |
| deprovisioned | object | Behavior for a previously deprovisioned IdP User during authentication | |
| action | string | Action for a previously deprovisioned IdP User during authentication. Possible values: NONE, REACTIVATE | |
| suspended | object | Behavior for a previously suspended IdP User during authentication | |
| action | string | Action for a previously suspended IdP User during authentication. Possible values: NONE, UNSUSPEND | |
| subject | object | Policy rules to select the Okta sign-in identifier for the IdP User and determine matching rules | |
| filter | string | Optional regular expression pattern (opens new window) used to filter untrusted IdP usernames | |
| matchAttribute | string | Okta User profile attribute for matching a transformed IdP username. Only for matchType CUSTOM_ATTRIBUTE | |
| matchType | string | Determines the Okta User profile attribute match conditions for account linking and authentication of the transformed IdP username. Possible values: USERNAME, EMAIL, USERNAME_OR_EMAIL or CUSTOM_ATTRIBUTE | |
| userNameTemplate | object | Okta Expression Language (EL) expression to generate or transform a unique username for the IdP User | |
| template | string | Okta EL Expression to generate or transform a unique username for the IdP User | |
| status | string | Status of the IdP. Possible values: ACTIVE or INACTIVE | |
| type | string | Type of IdP. Possible values: AMAZON, APPLE, DISCORD, FACEBOOK, GITHUB, GITLAB, GOOGLE, LINKEDIN, LOGINGOV, LOGINGOV_SANDBOX, MICROSOFT, OIDC, PAYPAL, PAYPAL_SANDBOX, SALESFORCE, SAML2, SPOTIFY, X509, XERO, YAHOO, YAHOOJP | |
| properties | object | Properties specific to the type of IdP | |
| additionalAmr | list<string> | The additional Assurance Methods References (AMR) values for Smart Card IdPs. Supported values: sc (smart card), hwk (hardware-secured key), pin (personal identification number), and mfa (multifactor authentication) Applies to IDP type: X509 | |
| ialValue | string | The type of identity verification (IAL) value for the Login.gov IdP. Applies to IDP type: LOGINGOV, LOGINGOV_SANDBOX | |
| aalValue | string | The authentication assurance level (AAL) value for the Login.gov IdP. Applies to IDP type: LOGINGOV, LOGINGOV_SANDBOX | |
| id | string | Unique key for the IdP | |
| name | string | Unique name for the IdP | |
| protocol | object | Protocol settings for IdP type | |
| relayState | object | Relay state settings for IdP | |
| format | string | The format used to generate the relayState in the SAML request. FROM_URL is used if this value is null. Possible values: OPAQUE or FROM_URL | |
| settings | object | Advanced settings for the SAML 2.0 protocol | |
| nameFormat | string | The name identifier format to use | |
| honorPersistentNameId | boolean | Determines if the IdP should persist account linking when the incoming assertion NameID format is urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | |
| type | string | SAML 2.0 protocol | |
| algorithms | object | Settings for signing and verifying SAML messages | |
| request | object | Algorithm settings used to secure an <AuthnRequest> message | |
| signature | object | Algorithm settings used to sign an <AuthnRequest> message | |
| algorithm | string | The XML digital Signature Algorithm used when signing an <AuthnRequest> message. Possible values: SHA-1 or SHA-256 | |
| scope | string | Specifies whether to digitally sign <AuthnRequest> messages to the IdP. Possible values: REQUEST or NONE | |
| response | object | Algorithm settings used to verify a <SAMLResponse> message | |
| signature | object | Algorithm settings for verifying <SAMLResponse> messages and <Assertion> elements from the IdP | |
| algorithm | string | The minimum XML digital Signature Algorithm allowed when verifying a <SAMLResponse> message or <Assertion> element. Possible values: SHA-1 or SHA-256 | |
| scope | string | Specifies whether to verify a <SAMLResponse> message or <Assertion> element XML digital signature. Possible values: RESPONSE, ASSERTION, or ANY | |
| endpoints | object | SAML 2.0 HTTP binding settings for IdP and SP (Okta) | |
| acs | object | Okta's SPSSODescriptor endpoint where the IdP sends a <SAMLResponse> message | |
| binding | string | HTTP binding used to receive a <SAMLResponse> message from the IdP. Possible values: HTTP-POST | |
| type | string | Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata. Possible values: INSTANCE or ORG | |
| sso | object | IdP's SingleSignOnService endpoint where Okta sends an <AuthnRequest> message | |
| binding | string | HTTP binding used to send an <AuthnRequest> message to the IdP. Possible values: HTTP-POST or HTTP-Redirect | |
| destination | string | URI reference that indicates the address to which the <AuthnRequest> message is sent | |
| url | string | URL of the binding-specific endpoint to send an <AuthnRequest> message to the IdP | |
| created | number | Timestamp when the IdP was created |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| nskp_is_builtin | boolean | This is a Netskope generated field and is only populated for Okta inbuilt roles. | |
| created | number | When the role was created | |
| lastUpdated | number | When the role was last updated | |
| label | string | Label of the role | |
| permissions | list<object> | Permissions associated with the role | |
| lastUpdated | number | When the permission was lastUpdated | |
| conditions | string | Permission conditions. | |
| label | string | label of the permission | |
| nskp_okta_label | string | This is a Netskope generated field and is only populated for Okta inbuilt roles. | |
| created | number | When the permission was created | |
| id | string | Role ID | |
| description | string | Description of the role |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| created | number | When the RoleAssignment was created | |
| lastUpdated | number | When the RoleAssignment was lastUpdated | |
| label | string | Role | Label of the role assignment |
| assignmentType | string | assignmentType | |
| type | string | type | |
| user_id | string | User | Target user id of the role assignment (only valid if assignmentType is User) |
| id | string | Role Assignment ID | |
| status | string | Status of the RoleAssignment |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|---|---|---|
| status | string | Status of the User | |
| activated | number | When the user was activated | |
| lastLogin | number | When was the last login for the user | |
| passwordChanged | number | When was the user password last changed | |
| type | object | Type of the User | |
| lastUpdated | number | A timestamp from when the User Type was most recently updated | |
| lastUpdatedBy | string | The user ID of the most recent account to edit the User Type | |
| name | string | The name of the User Type | |
| id | string | id | |
| created | number | A timestamp from when the User Type was created | |
| createdBy | string | The user ID of the account that created the User Type | |
| default | boolean | A boolean value to indicate if this is the default User Type | |
| description | string | The human-readable description of the User Type | |
| profile | object | profile | |
| countryCode | string | countryCode | |
| postalAddress | string | postalAddress | |
| profileUrl | string | profileUrl | |
| login | string | login | |
| middleName | string | middleName | |
| nickName | string | nickName | |
| title | string | title | |
| streetAddress | string | streetAddress | |
| zipCode | string | zipCode | |
| mobilePhone | string | mobilePhone | |
| costCenter | string | costCenter | |
| organization | string | organization | |
| manager | string | manager | |
| preferredLanguage | string | preferredLanguage | |
| division | string | division | |
| honorificSuffix | string | honorificSuffix | |
| primaryPhone | string | primaryPhone | |
| state | string | state | |
| timezone | string | timezone | |
| firstName | string | firstName | |
| lastName | string | lastName | |
| department | string | department | |
| managerId | string | managerId | |
| userType | string | userType | |
| city | string | city | |
| employeeNumber | string | employeeNumber | |
| honorificPrefix | string | honorificPrefix | |
| locale | string | locale | |
| secondEmail | string | secondEmail | |
| string | |||
| displayName | string | displayName | |
| id | string | User's account ID | |
| statusChanged | number | When the user status was changed | |
| lastUpdated | number | When was User last updated | |
| credentials | object | credentials | |
| provider | object | provider | |
| type | string | type | |
| name | string | name | |
| created | number | When the user was created |
| ATTRIBUTE | TYPE | REFERS TO | DESCRIPTION |
|---|