Okta Component
Manage users, groups, applications, and authentication policies in Okta.
Component key: okta-management-api
Description
Okta is an identity and access management platform that helps organizations manage user authentication, authorization, and security policies. This component allows you to interact with the Okta Management API.
API Documentation
This component was built using the Okta API Documentation
Connections
API Token
Configuring an API Token
- Log into your Okta Admin Console e.g., (https://your-domain.okta.com/admin)
- Navigate to Security > API > Tokens
- Select Create Token and provide a descriptive name
- Copy the token value immediately (it will only be shown once)
- From the integration connection fill in the required fields:
- Okta Domain: Your Okta domain e.g., (
dev-12345.okta.com) - API Token: The token obtained from your Okta admin console
- Okta Domain: Your Okta domain e.g., (
| Input | Notes | Example |
|---|---|---|
API Token password / Required apiToken | API Token generated in your Okta Admin Console. [Learn more](https://developer.okta.com/docs/guides/create-an-api-token/main/). | |
Okta Domain string / Required oktaDomainUrl | The base URL for the Okta API. Depending on your cloud environment, you can choose the correct one [here](https://developer.okta.com/docs/reference/api-overview/). | your-org.okta.com |
OAuth 2.0 Authorization Code
Configuring OAuth 2.0 Authorization Code
- Log into your Okta Admin Console e.g., (https://your-domain.okta.com/admin)
- Navigate to Applications > Applications > Create App Integration
- Select OIDC - OpenID Connect and Web Application
- Configure the application:
- App integration name: Okta Integration
- Sign-in redirect URIs:
https://oauth2.prismatic.io/callback - Grant type: Authorization Code
- Grant required API scopes in the Okta API Scopes tab
- Copy the Client ID and Client Secret from the General tab
- From the integration connection fill in the required fields:
- Okta Domain: Your Okta domain e.g., (
dev-12345.okta.com) - Client ID: The Client ID from your Okta application
- Client Secret: The Client Secret from your Okta application
- Okta Domain: Your Okta domain e.g., (
| Input | Default | Notes | Example |
|---|---|---|---|
Authorize URL template / Required Hidden Field authorizeUrl | https://{{#oktaDomainUrl}}/oauth2/v1/authorize | The OAuth 2.0 Authorization URL for Okta's API. | https://{{#oktaDomainUrl}}/oauth2/v1/authorize |
Client ID string / Required clientId | Client Id of your Okta's application. [Learn more](https://developer.okta.com/docs/guides/implement-grant-type/authcode/main/) | 11111111-2222-3333-4444-555555555555 | |
Client secret value password / Required clientSecret | Client Secret generated in your Okta's application. [Learn more](https://developer.okta.com/docs/guides/implement-grant-type/authcode/main/). | 11111111-2222-3333-4444-555555555555 | |
Okta Domain string / Required oktaDomainUrl | The base URL for the Okta API. Depending on your cloud environment, you can choose the correct one [here](https://developer.okta.com/docs/reference/api-overview/). | your-org.okta.com | |
Scopes string scopes | Okta API permission scopes are set on the OAuth application. | ||
Token URL template / Required Hidden Field tokenUrl | https://{{#oktaDomainUrl}}/oauth2/v1/token | The OAuth 2.0 Token URL for Okta's API. | https://{{#oktaDomainUrl}}/oauth2/v1/token |
Triggers
Event Hook
Receive event hooks from Okta when a specified event occurs. | key: eventHook
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Event Hook Filters code eventHookFilter | The optional filter defined on a specific event type. | |
Event Hook Items string Value List eventHookItems | The list of event types to subscribe to. | |
Dynamic Event Hook Items code eventHookItemsCode | The list of event types to subscribe to in code format. | |
Event Hook URL Headers string Key Value List eventHookUrlHeaders | Optional headers to include in the webhook request. | { "X-Custom-Header": "value" } |
You can configure an Okta Event Hook to send real time notifications to a flow's webhook URL when specific events occur in your Okta organization (user created, user deactivated, application assigned, etc.).
How it Works
This trigger responds to Okta event hook requests with the verification response that Okta expects during the initial setup and processes incoming event notifications.
Event Types
Okta supports numerous event types including:
- User lifecycle events (user.lifecycle.create, user.lifecycle.activate, user.lifecycle.deactivate)
- Authentication events (user.authentication.auth_via_mfa, user.authentication.auth_via_password)
- Application events (application.user_membership.add, application.user_membership.remove)
- Group membership events (group.user_membership.add, group.user_membership.remove)
New System Logs
Fetches system logs created on a recurring schedule. | key: newSystemLogsPollingTrigger
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Filter string filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators [click here](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=filter&t=request). | lastUpdated gt "2013-06-01T00:00:00.000Z" |
New Users
Fetches users created on a recurring schedule. | key: newUsersPollingTrigger
| Input | Notes |
|---|---|
Connection connection / Required connection |
Updated Users
Fetches users updated on a recurring schedule. | key: updatedUsersPollingTrigger
| Input | Notes |
|---|---|
Connection connection / Required connection |
Data Sources
Select Application
A picklist of Applications in your Okta Org. | key: selectApplication | type: picklist
| Input | Notes |
|---|---|
Connection connection / Required connection |
{
"result": [
{
"label": "My Application",
"key": "appId"
},
{
"label": "Another Application",
"key": "anotherAppId"
}
]
}
Select Event Hook
A picklist of Event Hooks in your Okta Org. | key: selectEventHook | type: picklist
| Input | Notes |
|---|---|
Connection connection / Required connection |
{
"result": [
{
"label": "My Event Hook",
"key": "eventHookId"
}
]
}
Select Group
A picklist of groups in your Okta Org. | key: selectGroup | type: picklist
| Input | Notes |
|---|---|
Connection connection / Required connection |
{
"result": [
{
"label": "My Group",
"key": "groupId"
},
{
"label": "Another Group",
"key": "anotherGroupId"
}
]
}
Select Realm
A picklist of Realms in your Okta Org. | key: selectRealm | type: picklist
| Input | Notes |
|---|---|
Connection connection / Required connection |
{
"result": [
{
"label": "My Realm",
"key": "realmId"
},
{
"label": "Another Realm",
"key": "anotherRealmId"
}
]
}
Select User
A picklist of users in your Okta Org. | key: selectUser | type: picklist
| Input | Notes |
|---|---|
Connection connection / Required connection |
{
"result": [
{
"label": "My User",
"key": "userId"
},
{
"label": "Another User",
"key": "anotherUserId"
}
]
}
Select User Factor
A picklist of a user's factors in your Okta Org. | key: selectUserFactor | type: picklist
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
User ID string / Required userId | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"result": [
{
"label": "Security Question",
"key": "factorId"
},
{
"label": "Another Factor",
"key": "anotherFactorId"
}
]
}
Select User Type
A picklist of User Types in your Okta Org. | key: selectUserType | type: picklist
| Input | Notes |
|---|---|
Connection connection / Required connection |
{
"result": [
{
"label": "My User",
"key": "userId"
},
{
"label": "Another User",
"key": "anotherUserId"
}
]
}
Actions
Activate Event Hook
Activate a specific event hook. | key: activateEventHook
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Event Hook ID string / Required eventHookId | The ID of the event hook. | 1234567890abcdef |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
}
Activate User
Activate a user by ID or login. | key: activateUser
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 | |
Send Email boolean sendEmail | false | Sends a deactivation email to the admin if true. |
{
"data": {
"activationToken": "XE6wE17zmphl3KqAPFxO",
"activationUrl": "https://{yourOktaDomain}/welcome/XE6wE17zmphl3KqAPFxO"
}
}
Add User to Group
Add a user to a group. | key: addUserToGroup
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Group ID string / Required groupId | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
User ID string / Required userId | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"success": true,
"message": "User 123 added to group 123"
}
}
Assign Application to User
Assigns an application to a user with app-specific profile and credentials. | key: assignApplicationToUser
| Input | Notes | Example |
|---|---|---|
Application ID string / Required applicationId | The unique identifier for the application. | 0oab1234XYZ5678 |
Connection connection / Required connection | ||
Password password password | The user's password. | P@ssw0rd! |
Profile code profile | The app-specific profile for the user. | |
Scope string scope | Specifies the scope of the application. | |
User ID string / Required userId | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Username string username | The username of the user to whom the application will be assigned. | johndoe |
{
"data": {
"success": true,
"message": "User 123 added to group 123"
}
}
Clear User Sessions
Clears all active sessions for a user, forcing re-authentication on next access. | key: clearUserSessions
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Forget Devices boolean forgetDevices | false | Clears the user's remembered factors for all devices. | |
OAuth Tokens boolean oauthTokens | false | Revokes issued OpenID Connect and OAuth refresh and access tokens. | |
User ID string / Required userId | ID of an existing Okta user. | 00ub0oNGTSWTBKOLGLNR |
{
"data": {
"id": "userId",
"status": "SESSIONS_CLEARED"
}
}
Create Event Hook
Create a new event hook. | key: createEventHook
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Do Not Activate on Create boolean doNotActivateOnCreate | false | If true, the event hook will not be activated and a verification request will not be sent. | |
Event Hook Description string eventHookDescription | The description of the event hook. | This is my event hook. | |
Event Hook Filters code eventHookFilter | The optional filter defined on a specific event type. | ||
Event Hook Items string Value List eventHookItems | The list of event types to subscribe to. | ||
Dynamic Event Hook Items code eventHookItemsCode | The list of event types to subscribe to in code format. | ||
Event Hook Name string / Required eventHookName | The name of the event hook. | My Event Hook | |
Event Hook URL string / Required eventHookUrl | The URL of the event hook. | https://example.com/webhook | |
Event Hook URL Headers string Key Value List eventHookUrlHeaders | Optional headers to include in the webhook request. | { "X-Custom-Header": "value" } |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
}
Create Group
Create a group in Okta. | key: createGroup
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Group Description string description | A brief description of the group. | This group contains all members of the engineering team. |
Group Name string / Required name | The name of the group. | Engineering Team |
{
"data": {
"id": "00g1emaKYZTWRYYRRTSK",
"created": "2015-02-06T10:11:28.000Z",
"lastUpdated": "2015-10-05T19:16:43.000Z",
"lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
"objectClass": [
"okta:user_group"
],
"type": "OKTA_GROUP",
"profile": {
"name": "West Coast users",
"description": "All users West of The Rockies"
},
"_links": {
"logo": [
{
"name": "medium",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-medium.png",
"type": "image/png"
},
{
"name": "large",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-large.png",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
},
"apps": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"
}
}
}
}
Create User
Create a new user. | key: createUser
| Input | Default | Notes | Example |
|---|---|---|---|
Activate boolean activate | true | Executes an activation lifecycle operation when creating the user. Defaults to true. | |
Answer string answer | The user's recovery answer. | Blue | |
Connection connection / Required connection | |||
Department string / Required department | The user's department. | Engineering | |
Email string / Required email | The user's email address. | john.doe@example.com | |
Employee Number string / Required employeeNumber | The user's employee number. | 12345 | |
First Name string / Required firstName | The user's first name. | John | |
Group IDs code groupIds | List of group IDs to assign the user to. | ||
Hash Password code hashPassword | The user's password hash. | ||
Last Name string / Required lastName | The user's last name. | Doe | |
Locale string / Required locale | en_US | The user's default location for purposes of localizing items such as currency, date time format, numerical representations, and so on. A locale value is a concatenation of the ISO 639-1 two-letter language code, an underscore, and the ISO 3166-1 two-letter country code. | en_US |
Login string / Required login | The unique identifier for the user (username). | johndoe | |
Mobile Phone string mobilePhone | The user's mobile phone number. | 15551234567 | |
Next Login string nextLogin | With activate=true, if nextLogin=changePassword, a user is created, activated, and the password is set to EXPIRED. The user must change it the next time they sign in. | changePassword | |
Password password password | The user's password. If not provided, an activation email will be sent to the user. | P@ssw0rd! | |
Profile Extra Attributes code profileExtraInputs | List of additional profile attributes to include in the request. This can be used to include attributes that are not explicitly supported by this component. See [Okta's API documentation](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/updateUser!path=profile&t=request) for a list of supported attributes. | ||
Provider boolean provider | false | Indicates whether to create a user with a specified authentication provider. | |
Provider Name string providerName | The name of the provider for the user. | OKTA | |
Provider Type string providerType | The type of the provider for the user. | ||
Question string question | The user's recovery question. | What is your favorite color? | |
Realm ID string realmId | The ID of the realm to which the user belongs. | 00g1abcd2EFGHijkL3m4 | |
Type string type | The type of the user. | Employee |
{
"data": {
"id": "00u118oQYT4TBGuay0g4",
"status": "ACTIVE",
"created": "2022-04-04T15:56:05.000Z",
"activated": null,
"statusChanged": null,
"lastLogin": "2022-05-04T19:50:52.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"passwordChanged": "2022-04-04T16:00:22.000Z",
"type": {
"id": "oty1162QAr8hJjTaq0g4"
},
"profile": {
"firstName": "Alice",
"lastName": "Smith",
"mobilePhone": null,
"secondEmail": null,
"login": "alice.smith@example.com",
"email": "alice.smith@example.com"
},
"realmId": "guo1afiNtSnZYILxO0g4",
"credentials": {
"password": {},
"provider": {}
},
"_links": {
"self": {}
}
}
}
Deactivate Event Hook
Deactivate a specific event hook. | key: deactivateEventHook
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Event Hook ID string / Required eventHookId | The ID of the event hook. | 1234567890abcdef |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
}
Deactivate User
Deactivate a user by ID or login. | key: deactivateUser
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 | |
Send Email boolean sendEmail | false | Sends a deactivation email to the admin if true. |
{
"data": {
"id": "userId",
"status": "DEPROVISIONED"
}
}
Delete All Event Hooks
Delete an event hook by ID. | key: deleteAllEventHooks
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Event Hook URL string eventHookUrl | If provided, only event hooks with this URL will be deleted. If not provided, all event hooks will be deleted. | https://example.com/webhook |
{
"data": [
{
"id": "who8tsqyrhCdmetzx135",
"deleted": true
}
]
}
Delete Event Hook
Delete an event hook by ID. | key: deleteEventHook
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Event Hook ID string / Required eventHookId | The ID of the event hook. | 1234567890abcdef |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"deleted": true
}
}
Delete Group
Delete a group by ID. | key: deleteGroup
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Group ID string / Required groupId | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00g1emaKYZTWRYYRRTSK",
"status": "DELETED"
}
}
Delete User
Delete a user by ID or login. | key: deleteUser
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 | |
Send Email boolean sendEmail | false | Sends a deactivation email to the admin if true. |
{
"data": {
"id": "userId",
"status": "DELETED"
}
}
Get Application
Retrieve an application by ID. | key: getApplication
| Input | Notes | Example |
|---|---|---|
Application ID string / Required applicationId | The unique identifier for the application. | 0oab1234XYZ5678 |
Connection connection / Required connection | ||
Expand string expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
{
"data": {
"id": "0oa1gjh63g214q0Hq0g4",
"orn": "orn:okta:idp:00o1n8sbwArJ7OQRw406:apps:testorgone_customsaml20app_1:0oa1gjh63g214q0Hq0g4",
"name": "testorgone_customsaml20app_1",
"label": "Custom Saml 2.0 App",
"status": "ACTIVE",
"lastUpdated": "2016-08-09T20:12:19.000Z",
"created": "2016-08-09T20:12:19.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"testorgone_customsaml20app_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "templateName",
"type": "BUILT_IN"
},
"signing": {}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"signOn": {
"defaultRelayState": "",
"ssoAcsUrl": "https://{yourOktaDomain}",
"idpIssuer": "https://www.okta.com/org.externalKey",
"audience": "https://example.com/tenant/123",
"recipient": "https://recipient.okta.com",
"destination": "https://destination.okta.com",
"subjectNameIdTemplate": "user.userName",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA256",
"honorForceAuthn": true,
"authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"slo": {
"enabled": true,
"spIssuer": "https://testorgone.okta.com",
"logoutUrl": "https://testorgone.okta.com/logout"
},
"participateSlo": {
"enabled": true,
"logoutRequestUrl": "https://testorgone.okta.com/logout/participate",
"sessionIndexRequired": true,
"bindingType": "REDIRECT"
},
"spCertificate": {
"x5c": [
"MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV\r\n"
]
},
"assertionEncryption": {
"enabled": false,
"requestCompressed": false,
"allowMultipleAcsEndpoints": false,
"acsEndpoints": [],
"attributeStatements": [],
"_links": {
"logo": [
{
"name": "medium",
"href": "https://testorgone.okta.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png",
"type": "image/png"
}
],
"appLinks": [
{
"name": "testorgone_customsaml20app_1_link",
"href": "https://testorgone.okta.com/home/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/aln1gofChJaerOVfY0g4",
"type": "text/html"
}
],
"help": {
"href": "https://testorgone-admin.okta.com/app/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/setup/help/SAML_2_0/instructions",
"type": "text/html"
},
"users": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/users"
},
"deactivate": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/lifecycle/deactivate"
},
"groups": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/groups"
},
"metadata": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/sso/saml/metadata",
"type": "application/xml"
}
},
"_embedded": {
"user": {
"id": "00ucw2RPGIUNTDQOYPOF",
"externalId": null,
"created": "2014-03-21T23:31:35.000Z",
"lastUpdated": "2014-03-21T23:31:35.000Z",
"scope": "USER",
"status": "ACTIVE",
"statusChanged": "2014-03-21T23:31:35.000Z",
"passwordChanged": null,
"syncState": "DISABLED",
"lastSync": null,
"credentials": {
"userName": "user@example.com"
},
"_links": {
"app": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabizCHPNYALCHDUIOD"
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
}
}
},
"id": "0oabkvBLDEKCNXBGYUAS",
"name": "template_swa",
"label": "Sample Plugin App",
"status": "ACTIVE",
"lastUpdated": "2013-09-11T17:58:54.000Z",
"created": "2013-09-11T17:46:08.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"login": true
}
},
"features": [],
"signOnMode": "BROWSER_PLUGIN",
"credentials": {
"scheme": "EDIT_USERNAME_AND_PASSWORD",
"userNameTemplate": {
"template": "source.login",
"type": "BUILT_IN"
}
},
"settings": {
"app": {
"buttonField": "btn-login",
"passwordField": "txtbox-password",
"usernameField": "txtbox-username",
"url": "https://example.com/login.html"
}
},
"_links": {
"logo": [
{
"href": "https://example.okta.com/img/logos/logo_1.png",
"name": "medium",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/users"
},
"groups": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/groups"
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/lifecycle/deactivate"
}
},
"_embedded": {
"user": {
"id": "00ucw2RPGIUNTDQOYPOF",
"externalId": null,
"created": "2014-06-10T15:16:01.000Z",
"lastUpdated": "2014-06-10T15:17:38.000Z",
"scope": "USER",
"status": "ACTIVE",
"statusChanged": "2014-06-10T15:16:01.000Z",
"passwordChanged": "2014-06-10T15:17:38.000Z",
"syncState": "DISABLED",
"lastSync": null,
"credentials": {
"userName": "user@example.com",
"password": {}
},
"_links": {
"app": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
}
}
}
}
}
}
}
}
}
}
Get Application User Assignment
Retrieves a specific user assignment for a specific app. | key: getApplicationUserAssignment
| Input | Notes | Example |
|---|---|---|
Application ID string / Required applicationId | The unique identifier for the application. | 0oab1234XYZ5678 |
Connection connection / Required connection | ||
Expand string expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
User ID string / Required userId | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00u1dnq5S0CfjlkpABCD",
"externalId": "00u5edt3PNbbjzvIABCD",
"created": "2024-01-31T18:25:01.000Z",
"lastUpdated": "2024-01-31T18:25:03.000Z",
"scope": "USER",
"status": "PROVISIONED",
"statusChanged": "2024-01-31T18:25:03.000Z",
"passwordChanged": null,
"syncState": "SYNCHRONIZED",
"lastSync": "2024-01-31T18:25:03.000Z",
"credentials": {
"userName": "saml.test@example.com"
},
"profile": {
"secondEmail": null,
"lastName": "Test",
"mobilePhone": null,
"displayName": "Saml O Test",
"email": "saml.test@example.com",
"salesforceGroups": [],
"role": "Tester",
"firstName": "Saml",
"streetAddress": null,
"profile": "Standard Platform User"
},
"_links": {
"app": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oajiqIRNXPPJBNZMGYL"
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD"
}
},
"_embedded": {
"user": {
"id": "00u1dnq5S0CfjlkpABCD",
"status": "ACTIVE",
"created": "2024-01-09T15:36:04.000Z",
"activated": "2024-01-09T15:36:05.000Z",
"statusChanged": "2024-01-09T15:36:05.000Z",
"lastLogin": null,
"lastUpdated": "2024-01-09T15:36:05.000Z",
"passwordChanged": "2024-01-09T15:36:05.000Z",
"type": {
"id": "otyzhh29g7Python90g3"
},
"profile": {
"firstName": "Saml",
"lastName": "Test",
"mobilePhone": null,
"secondEmail": null,
"login": "saml.test@example.com",
"email": "saml.test@example.com"
},
"credentials": {
"password": {},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
},
"_links": {
"suspend": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/suspend",
"method": "POST"
},
"schema": {
"href": "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscarho9g7PythoN23z9"
},
"resetPassword": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/reset_password",
"method": "POST"
},
"expirePassword": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/expire_password",
"method": "POST"
},
"changeRecoveryQuestion": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_recovery_question",
"method": "POST"
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD"
},
"type": {
"href": "https://{yourOktaDomain}/api/v1/meta/types/user/otyzhh29g7Python90g3"
},
"changePassword": {
"href": "https://rain.okta1.com/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_password",
"method": "POST"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/deactivate",
"method": "POST"
}
}
}
}
}
}
Get Event Hook
Get an event hook by ID. | key: getEventHook
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Event Hook ID string / Required eventHookId | The ID of the event hook. | 1234567890abcdef |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
}
Get Group
Retrieve a group by ID. | key: getGroup
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Group ID string / Required groupId | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00g1emaKYZTWRYYRRTSK",
"created": "2015-02-06T10:11:28.000Z",
"lastUpdated": "2015-10-05T19:16:43.000Z",
"lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
"objectClass": [
"okta:user_group"
],
"type": "OKTA_GROUP",
"profile": {
"name": "West Coast users",
"description": "All users West of The Rockies"
},
"_links": {
"logo": [
{
"name": "medium",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-medium.png",
"type": "image/png"
},
{
"name": "large",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-large.png",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
},
"apps": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"
}
}
}
}
Get System Logs
Retrieves system log events for security monitoring and compliance auditing. Max 10000 records can be fetched at once. | key: getSystemLogs
| Input | Default | Notes | Example |
|---|---|---|---|
After string after | The cursor for the next page of results. This value is obtained from the `Link` header of the response. | abc123 | |
Connection connection / Required connection | |||
Fetch All boolean fetchAll | false | If true, fetches all pages of results. | |
Filter string filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators [click here](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=filter&t=request). | lastUpdated gt "2013-06-01T00:00:00.000Z" | |
Limit string limit | Specifies the number of results returned. Defaults to 200. | 100 | |
q string q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta | |
Since string since | Filters the lower time bound of the log events published property for bounded queries or persistence time for polling queries. | 7 days prior to until | |
Sort Order string sortOrder | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. | ||
Until string until | Filters the upper time bound of the log events published property for bounded queries or persistence time for polling queries. | current time |
{
"data": [
{
"actor": {
"id": "00uttidj01jqL21aM1d6",
"type": "User",
"alternateId": "john.doe@example.com",
"displayName": "John Doe",
"detailEntry": null
},
"client": {
"userAgent": {
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36",
"os": "Mac OS X",
"browser": "CHROME"
},
"zone": null,
"device": "Computer",
"id": null,
"ipAddress": "10.0.0.1",
"geographicalContext": {
"city": "New York",
"state": "New York",
"country": "United States",
"postalCode": 10013,
"geolocation": {
"lat": 40.3157,
"lon": -74.01
}
}
},
"device": {
"id": "guofdhyjex1feOgbN1d9",
"name": "Mac15,6",
"os_platform": "OSX",
"os_version": "14.6.0",
"managed": false,
"registered": true,
"device_integrator": null,
"disk_encryption_type": "ALL_INTERNAL_VOLUMES",
"screen_lock_type": "BIOMETRIC",
"jailbreak": null,
"secure_hardware_present": true
},
"authenticationContext": {
"authenticationProvider": null,
"credentialProvider": null,
"credentialType": null,
"issuer": null,
"interface": null,
"authenticationStep": 0,
"rootSessionId": "idxBager62CSveUkTxvgRtonA",
"externalSessionId": "idxBager62CSveUkTxvgRtonA"
},
"displayMessage": "User login to Okta",
"eventType": "user.session.start",
"outcome": {
"result": "SUCCESS",
"reason": null
},
"published": "2024-08-13T15:58:20.353Z",
"securityContext": {
"asNumber": 394089,
"asOrg": "ASN 0000",
"isp": "google",
"domain": null,
"isProxy": false
},
"severity": "INFO",
"debugContext": {
"debugData": {
"requestId": "ab609228fe84ce59cdcbfa690bcce016",
"requestUri": "/idp/idx/authenticators/poll",
"url": "/idp/idx/authenticators/poll"
}
},
"legacyEventType": "core.user_auth.login_success",
"transaction": {
"type": "WEB",
"id": "ab609228fe84ce59cdcbfa690bgce016",
"detail": null
},
"uuid": "dc9fd3c0-598c-11ef-8478-2b7584bf8d5a",
"version": 0,
"request": {
"ipChain": [
{
"ip": "10.0.0.1",
"geographicalContext": {
"city": "New York",
"state": "New York",
"country": "United States",
"postalCode": 10013,
"geolocation": {
"lat": 40.3157,
"lon": -74.01
}
},
"version": "V4",
"source": null
}
]
},
"target": [
{
"id": "pfdfdhyjf0HMbkP2e1d7",
"type": "AuthenticatorEnrollment",
"alternateId": "unknown",
"displayName": "Okta Verify",
"detailEntry": null
},
{
"id": "0oatxlef9sQvvqInq5d6",
"type": "AppInstance",
"alternateId": "Okta Admin Console",
"displayName": "Okta Admin Console",
"detailEntry": null
}
]
}
]
}
Get User
Retrieve a user by ID or login. | key: getUser
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Expand string expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00u118oQYT4TBGuay0g4",
"status": "ACTIVE",
"created": "2022-04-04T15:56:05.000Z",
"activated": null,
"statusChanged": null,
"lastLogin": "2022-05-04T19:50:52.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"passwordChanged": "2022-04-04T16:00:22.000Z",
"type": {
"id": "oty1162QAr8hJjTaq0g4"
},
"profile": {
"firstName": "Alice",
"lastName": "Smith",
"mobilePhone": null,
"secondEmail": null,
"login": "alice.smith@example.com",
"email": "alice.smith@example.com"
},
"realmId": "guo1afiNtSnZYILxO0g4",
"credentials": {
"password": {},
"provider": {}
},
"_links": {
"self": {}
}
}
}
List Applications
List applications with optional search and filtering. | key: listApplications
| Input | Default | Notes | Example |
|---|---|---|---|
After string after | The cursor for the next page of results. This value is obtained from the `Link` header of the response. | abc123 | |
Connection connection / Required connection | |||
Expand string expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks | |
Fetch All boolean fetchAll | false | If true, fetches all pages of results. | |
Filter string filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators [click here](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=filter&t=request). | lastUpdated gt "2013-06-01T00:00:00.000Z" | |
Include Non-Deleted boolean includeNonDeleted | false | When true, both deleted and non-deleted applications are returned. | |
Limit string limit | Specifies the number of results returned. Defaults to 200. | 100 | |
q string q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta | |
Use Optimization boolean useOptimization | false | When true, the response will be optimized for faster retrieval. This may exclude some properties from the response. |
{
"data": [
{
"id": "0oa1gjh63g214q0Hq0g4",
"orn": "orn:okta:idp:00o1n8sbwArJ7OQRw406:apps:testorgone_customsaml20app_1:0oa1gjh63g214q0Hq0g4",
"name": "testorgone_customsaml20app_1",
"label": "Custom Saml 2.0 App",
"status": "ACTIVE",
"lastUpdated": "2016-08-09T20:12:19.000Z",
"created": "2016-08-09T20:12:19.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"testorgone_customsaml20app_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "templateName",
"type": "BUILT_IN"
},
"signing": {}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"signOn": {
"defaultRelayState": "",
"ssoAcsUrl": "https://{yourOktaDomain}",
"idpIssuer": "https://www.okta.com/org.externalKey",
"audience": "https://example.com/tenant/123",
"recipient": "https://recipient.okta.com",
"destination": "https://destination.okta.com",
"subjectNameIdTemplate": "user.userName",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA256",
"honorForceAuthn": true,
"authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"slo": {
"enabled": true,
"spIssuer": "https://testorgone.okta.com",
"logoutUrl": "https://testorgone.okta.com/logout"
},
"participateSlo": {
"enabled": true,
"logoutRequestUrl": "https://testorgone.okta.com/logout/participate",
"sessionIndexRequired": true,
"bindingType": "REDIRECT"
},
"spCertificate": {
"x5c": [
"MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV\r\n"
]
},
"assertionEncryption": {
"enabled": false,
"requestCompressed": false,
"allowMultipleAcsEndpoints": false,
"acsEndpoints": [],
"attributeStatements": [],
"_links": {
"logo": [
{
"name": "medium",
"href": "https://testorgone.okta.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png",
"type": "image/png"
}
],
"appLinks": [
{
"name": "testorgone_customsaml20app_1_link",
"href": "https://testorgone.okta.com/home/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/aln1gofChJaerOVfY0g4",
"type": "text/html"
}
],
"help": {
"href": "https://testorgone-admin.okta.com/app/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/setup/help/SAML_2_0/instructions",
"type": "text/html"
},
"users": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/users"
},
"deactivate": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/lifecycle/deactivate"
},
"groups": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/groups"
},
"metadata": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/sso/saml/metadata",
"type": "application/xml"
}
},
"_embedded": {
"user": {
"id": "00ucw2RPGIUNTDQOYPOF",
"externalId": null,
"created": "2014-03-21T23:31:35.000Z",
"lastUpdated": "2014-03-21T23:31:35.000Z",
"scope": "USER",
"status": "ACTIVE",
"statusChanged": "2014-03-21T23:31:35.000Z",
"passwordChanged": null,
"syncState": "DISABLED",
"lastSync": null,
"credentials": {
"userName": "user@example.com"
},
"_links": {
"app": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabizCHPNYALCHDUIOD"
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
}
}
},
"id": "0oabkvBLDEKCNXBGYUAS",
"name": "template_swa",
"label": "Sample Plugin App",
"status": "ACTIVE",
"lastUpdated": "2013-09-11T17:58:54.000Z",
"created": "2013-09-11T17:46:08.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"login": true
}
},
"features": [],
"signOnMode": "BROWSER_PLUGIN",
"credentials": {
"scheme": "EDIT_USERNAME_AND_PASSWORD",
"userNameTemplate": {
"template": "source.login",
"type": "BUILT_IN"
}
},
"settings": {
"app": {
"buttonField": "btn-login",
"passwordField": "txtbox-password",
"usernameField": "txtbox-username",
"url": "https://example.com/login.html"
}
},
"_links": {
"logo": [
{
"href": "https://example.okta.com/img/logos/logo_1.png",
"name": "medium",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/users"
},
"groups": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/groups"
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/lifecycle/deactivate"
}
},
"_embedded": {
"user": {
"id": "00ucw2RPGIUNTDQOYPOF",
"externalId": null,
"created": "2014-06-10T15:16:01.000Z",
"lastUpdated": "2014-06-10T15:17:38.000Z",
"scope": "USER",
"status": "ACTIVE",
"statusChanged": "2014-06-10T15:16:01.000Z",
"passwordChanged": "2014-06-10T15:17:38.000Z",
"syncState": "DISABLED",
"lastSync": null,
"credentials": {
"userName": "user@example.com",
"password": {}
},
"_links": {
"app": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
}
}
}
}
}
}
}
}
}
]
}
List Event Hooks
List all event hooks. | key: listEventHooks
| Input | Notes |
|---|---|
Connection connection / Required connection |
{
"data": [
{
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
},
{
"id": "who8vt36qfNpCGz9H1e6",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook with Filter",
"description": "An event hook using an Okta Expression Language filter",
"created": "2023-07-07T13:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T13:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"group.user_membership.add"
],
"filter": {
"type": "EXPRESSION_LANGUAGE",
"eventFilterMap": [
{
"event": "group.user_membership.add",
"condition": {
"version": null,
"expression": "event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName eq 'Sales'].size()>0"
}
}
]
}
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userAdded",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
]
}
List Group Members
Retrieves all users who are members of the specified group. | key: listGroupMembers
| Input | Default | Notes | Example |
|---|---|---|---|
After string after | The cursor for the next page of results. This value is obtained from the `Link` header of the response. | abc123 | |
Connection connection / Required connection | |||
Fetch All boolean fetchAll | false | If true, fetches all pages of results. | |
Group ID string / Required groupId | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 | |
Limit string limit | Specifies the number of results returned. Defaults to 200. | 100 |
{
"data": [
{
"id": "00u118oQYT4TBTemp0g4",
"status": "ACTIVE",
"created": "2022-04-04T15:56:05.000Z",
"activated": null,
"statusChanged": null,
"lastLogin": "2022-05-04T19:50:52.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"passwordChanged": "2022-04-04T16:00:22.000Z",
"type": {
"id": "oty1162QAr8hJjTaq0g4"
},
"profile": {
"firstName": "Alice",
"lastName": "Smith",
"mobilePhone": null,
"secondEmail": null,
"login": "alice.smith@example.com",
"email": "alice.smith@example.com"
},
"credentials": {
"password": {},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
},
"_links": {
"self": {
"href": "http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4"
}
}
}
]
}
List Groups
List groups with optional search and filtering. | key: listGroups
| Input | Default | Notes | Example |
|---|---|---|---|
After string after | The cursor for the next page of results. This value is obtained from the `Link` header of the response. | abc123 | |
Connection connection / Required connection | |||
Extra Parameters string Key Value List extraParameters | List of additional parameters to include in the request. This can be used to include parameters that are not explicitly supported by this component. See Okta's API documentation for a list of supported parameters. | {after: 'abc123'} | |
Fetch All boolean fetchAll | false | If true, fetches all pages of results. | |
Filter string filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators [click here](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=filter&t=request). | lastUpdated gt "2013-06-01T00:00:00.000Z" | |
Limit string limit | Specifies the number of results returned. Defaults to 200. | 100 | |
q string q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta | |
Search string search | A search string to filter results. See Okta's documentation for supported search fields and operators [click here](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=search&t=request). | profile.firstName eq "John" | |
Sort By string sortBy | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName | |
Sort Order string sortOrder | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. |
{
"data": [
{
"id": "00g1emaKYZTWRYYRRTSK",
"created": "2015-02-06T10:11:28.000Z",
"lastUpdated": "2015-10-05T19:16:43.000Z",
"lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
"objectClass": [
"okta:user_group"
],
"type": "OKTA_GROUP",
"profile": {
"name": "West Coast users",
"description": "All users West of The Rockies"
},
"_links": {
"logo": [
{
"name": "medium",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-medium.png",
"type": "image/png"
},
{
"name": "large",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-large.png",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
},
"apps": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"
}
}
}
]
}
List Policies
List policies with optional search and filtering. | key: listPolicies
| Input | Default | Notes | Example |
|---|---|---|---|
After string after | The cursor for the next page of results. This value is obtained from the `Link` header of the response. | abc123 | |
Connection connection / Required connection | |||
Expand string expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks | |
Fetch All boolean fetchAll | false | If true, fetches all pages of results. | |
Limit string limit | Specifies the number of results returned. Defaults to 200. | 100 | |
q string q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta | |
Resource ID string resourceId | Reference to the associated authorization server. | 00g1abcd2EFGH3IJK4l5 | |
Sort By string sortBy | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName | |
Status string status | Specifies the status of the policies to return. | ||
Type string / Required type | Specifies the type of policy to return. The following policy types are available only with the Okta Identity Engine. |
{
"data": [
{
"type": "ACCESS_POLICY",
"id": "policyId",
"status": "ACTIVE",
"name": "Policy name",
"description": "Policy description",
"priority": 1,
"system": true,
"conditions": null,
"created": "2024-04-25T17:35:02.000Z",
"lastUpdated": "2024-04-25T17:35:02.000Z",
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/policies/{policyId}",
"hints": {
"allow": [
"GET",
"PUT"
]
}
},
"rules": {
"href": "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules",
"hints": {
"allow": [
"GET",
"POST"
]
}
}
}
}
]
}
List Realms
Lists all realms in your org. | key: listRealms
| Input | Default | Notes | Example |
|---|---|---|---|
After string after | The cursor for the next page of results. This value is obtained from the `Link` header of the response. | abc123 | |
Connection connection / Required connection | |||
Fetch All boolean fetchAll | false | If true, fetches all pages of results. | |
Limit string limit | Specifies the number of results returned. Defaults to 200. | 100 | |
Search string search | A search string to filter results. See Okta's documentation for supported search fields and operators [click here](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=search&t=request). | profile.firstName eq "John" | |
Sort By string sortBy | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName | |
Sort Order string sortOrder | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. |
{
"data": [
{
"id": "guox9jQ16k9V8IFEL0g3",
"created": "2022-04-04T15:56:05.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"isDefault": false,
"profile": {
"name": "Car Co",
"realmType": "PARTNER",
"domains": [
"atko.com",
"user.com"
]
},
"_links": {
"self": {
"rel": "self",
"href": "http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3",
"method": "GET"
}
}
}
]
}
List User Applications
List applications for a specific user. | key: listUserApplications
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": [
{
"id": "00ub0oNGTSWTBKOLGLNR",
"label": "Google Apps Mail",
"linkUrl": "https://{yourOktaDomain}/home/google/0oa3omz2i9XRNSRIHBZO/50",
"logoUrl": "https://{yourOktaDomain}/img/logos/google-mail.png",
"appName": "google",
"appInstanceId": "0oa3omz2i9XRNSRIHBZO",
"appAssignmentId": "0ua3omz7weMMMQJERBKY",
"credentialsSetup": false,
"hidden": false,
"sortOrder": 0
},
{
"id": "00ub0oNGTSWTBKOLGLNR",
"label": "Google Apps Calendar",
"linkUrl": "https://{yourOktaDomain}/home/google/0oa3omz2i9XRNSRIHBZO/54",
"logoUrl": "https://{yourOktaDomain}/img/logos/google-calendar.png",
"appName": "google",
"appInstanceId": "0oa3omz2i9XRNSRIHBZO",
"appAssignmentId": "0ua3omz7weMMMQJERBKY",
"credentialsSetup": false,
"hidden": false,
"sortOrder": 1
},
{
"id": "00ub0oNGTSWTBKOLGLNR",
"label": "Box",
"linkUrl": "https://{yourOktaDomain}/home/boxnet/0oa3ompioiQCSTOYXVBK/72",
"logoUrl": "https://{yourOktaDomain}/img/logos/box.png",
"appName": "boxnet",
"appInstanceId": "0oa3ompioiQCSTOYXVBK",
"appAssignmentId": "0ua3omx46lYEZLPPRWBO",
"credentialsSetup": false,
"hidden": false,
"sortOrder": 3
},
{
"id": "00ub0oNGTSWTBKOLGLNR",
"label": "Salesforce.com",
"linkUrl": "https://{yourOktaDomain}/home/salesforce/0oa12ecnxtBQMKOXJSMF/46",
"logoUrl": "https://{yourOktaDomain}/img/logos/salesforce_logo.png",
"appName": "salesforce",
"appInstanceId": "0oa12ecnxtBQMKOXJSMF",
"appAssignmentId": "0ua173qgj5VAVOBQMCVB",
"credentialsSetup": true,
"hidden": false,
"sortOrder": 2
}
]
}
List User Factors
Lists all enrolled factors for the specified user that are included in the highest priority authenticator enrollment policy that applies to the user. | key: listUserFactors
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
User ID string / Required userId | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": [
{
"id": "ufs2bysphxKODSZKWVCT",
"factorType": "question",
"provider": "OKTA",
"vendorName": "OKTA",
"status": "ACTIVE",
"created": "2014-04-15T18:10:06.000Z",
"lastUpdated": "2014-04-15T18:10:06.000Z",
"profile": {
"question": "favorite_art_piece",
"questionText": "What is your favorite piece of art?"
},
"_links": {
"questions": {
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/questions",
"hints": {
"allow": [
"GET"
]
}
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ufs2bysphxKODSZKWVCT",
"hints": {
"allow": [
"GET",
"DELETE"
]
}
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL",
"hints": {
"allow": [
"GET"
]
}
}
}
},
{
"id": "ostf2gsyictRQDSGTDZE",
"factorType": "token:software:totp",
"provider": "OKTA",
"status": "PENDING_ACTIVATION",
"created": "2014-06-27T20:27:33.000Z",
"lastUpdated": "2014-06-27T20:27:33.000Z",
"profile": {
"credentialId": "dade.murphy@example.com"
},
"_links": {
"next": {
"name": "activate",
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf2gsyictRQDSGTDZE/lifecycle/activate",
"hints": {
"allow": [
"POST"
]
}
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf2gsyictRQDSGTDZE",
"hints": {
"allow": [
"GET"
]
}
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL",
"hints": {
"allow": [
"GET"
]
}
}
},
"_embedded": {
"activation": {
"timeStep": 30,
"sharedSecret": "HE64TMLL2IUZW2ZLB",
"encoding": "base32",
"keyLength": 16
}
}
}
]
}
List User Groups
List groups for a specific user. | key: listUserGroups
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": [
{
"id": "0gabcd1234",
"profile": {
"name": "Cloud app users",
"description": "Users can access cloud apps"
}
},
{
"id": "0gefgh5678",
"profile": {
"name": "Internal app users",
"description": "Users can access internal apps"
}
}
]
}
List User Types
Lists all user types in your org. | key: listUserTypes
| Input | Notes |
|---|---|
Connection connection / Required connection |
{
"data": [
{
"id": "otyfnly5cQjJT9PnR0g4",
"displayName": "New user type",
"name": "newUserType",
"description": "A new custom user type",
"createdBy": "sprz9fj1ycBcsgopy1d6",
"lastUpdatedBy": "sprz9fj1ycBcsgopy1d6",
"created": "2021-07-05T20:40:38.000Z",
"lastUpdated": "2021-07-05T20:40:38.000Z",
"default": false,
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
},
"schema": {
"href": "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
}
}
},
{
"id": "otyz9fj2jMiRBC1ZT1d6",
"displayName": "User",
"name": "user",
"description": "Okta user profile template with default permission settings",
"createdBy": "sprz9fj1ycBcsgopy1d6",
"lastUpdatedBy": "sprz9fj1ycBcsgopy1d6",
"created": "2021-07-05T20:40:38.000Z",
"lastUpdated": "2021-07-05T20:40:38.000Z",
"default": true,
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
},
"schema": {
"href": "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
}
}
}
]
}
List Users
List users with optional search and filtering. | key: listUsers
| Input | Default | Notes | Example |
|---|---|---|---|
After string after | The cursor for the next page of results. This value is obtained from the `Link` header of the response. | abc123 | |
Connection connection / Required connection | |||
Extra Parameters string Key Value List extraParameters | List of additional parameters to include in the request. This can be used to include parameters that are not explicitly supported by this component. See Okta's API documentation for a list of supported parameters. | {after: 'abc123'} | |
Fetch All boolean fetchAll | false | If true, fetches all pages of results. | |
Filter string filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators [click here](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=filter&t=request). | lastUpdated gt "2013-06-01T00:00:00.000Z" | |
Limit string limit | Specifies the number of results returned. Defaults to 200. | 100 | |
q string q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta | |
Search string search | A search string to filter results. See Okta's documentation for supported search fields and operators [click here](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=search&t=request). | profile.firstName eq "John" | |
Sort By string sortBy | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName | |
Sort Order string sortOrder | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. |
{
"data": [
{
"id": "00u118oQYT4TBGuay0g4",
"status": "ACTIVE",
"created": "2022-04-04T15:56:05.000Z",
"activated": null,
"statusChanged": null,
"lastLogin": "2022-05-04T19:50:52.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"passwordChanged": "2022-04-04T16:00:22.000Z",
"type": {
"id": "oty1162QAr8hJjTaq0g4"
},
"profile": {
"firstName": "Alice",
"lastName": "Smith",
"mobilePhone": null,
"secondEmail": null,
"login": "alice.smith@example.com",
"email": "alice.smith@example.com"
},
"realmId": "guo1afiNtSnZYILxO0g4",
"credentials": {
"password": {},
"provider": {}
},
"_links": {
"self": {}
}
}
]
}
Raw Request
Send raw HTTP request to Okta. | key: rawRequest
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Data string data | The HTTP body payload to send to the URL. | {"exampleKey": "Example Data"} | |
File Data string Key Value List fileData | File Data to be sent as a multipart form upload. | [{key: "example.txt", value: "My File Contents"}] | |
File Data File Names string Key Value List fileDataFileNames | File names to apply to the file data inputs. Keys must match the file data keys above. | ||
Form Data string Key Value List formData | The Form Data to be sent as a multipart form upload. | [{"key": "Example Key", "value": new Buffer("Hello World")}] | |
Header string Key Value List headers | A list of headers to send with the request. | User-Agent: curl/7.64.1 | |
Max Retry Count string maxRetries | 0 | The maximum number of retries to attempt. Specify 0 for no retries. | |
Method string / Required method | The HTTP method to use. | ||
Query Parameter string Key Value List queryParams | A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2. | ||
Response Type string / Required responseType | json | The type of data you expect in the response. You can request json, text, or binary data. | |
Retry On All Errors boolean retryAllErrors | false | If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors. | |
Retry Delay (ms) string retryDelayMS | 0 | The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled. | |
Timeout string timeout | The maximum time that a client will await a response to its request | 2000 | |
URL string / Required url | Input the path only (/users), The base URL is already included (https://{yourOktaDomain}.com/api/v1). For example, to connect to https://{yourOktaDomain}.com/api/v1/users, only /users is entered in this field. | /users | |
Use Exponential Backoff boolean useExponentialBackoff | false | Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored. |
Reactivate User
Reactivate a user by ID or login. | key: reactivateUser
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 | |
Send Email boolean sendEmail | false | Sends a deactivation email to the admin if true. |
{
"data": {
"activationToken": "XE6wE17zmphl3KqAPFxO",
"activationUrl": "https://{yourOktaDomain}/welcome/XE6wE17zmphl3KqAPFxO"
}
}
Remove Application User Assignment
Removes an application assignment from a user, revoking access to the application. | key: removeApplicationUserAssignment
| Input | Default | Notes | Example |
|---|---|---|---|
Application ID string / Required applicationId | The unique identifier for the application. | 0oab1234XYZ5678 | |
Connection connection / Required connection | |||
Send Email boolean sendEmail | false | Sends a deactivation email to the admin if true. | |
User ID string / Required userId | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00u1dnq5S0CfjlkpABCD",
"status": "DELETED"
}
}
Remove User from Group
Remove a user from a group. | key: removeUserFromGroup
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Group ID string / Required groupId | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
User ID string / Required userId | The unique identifier for the user to be removed from the group. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"success": true,
"message": "User 123 removed from group 123"
}
}
Reset User Password
Reset a user's password by ID or login. | key: resetUserPassword
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 | |
Revoke Sessions boolean revokeSessions | false | If true, revokes all of the user's active sessions. | |
Send Email boolean / Required sendEmail | true | Sends a deactivation email to the admin if true. |
{
"data": {
"summary": "Reset password without sending email",
"resetPasswordUrl": "https://{yourOktaDomain}/reset_password/XE6wE17zmphl3KqAPFxO"
}
}
Set User Password
Set a user's password by ID or login. | key: setUserPassword
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
New Hash Password code newHashPassword | The new password hash for the user. | ||
New Password password / Required newPassword | The new password for the user. | P@ssw0rd! | |
Old Hash Password code oldHashPassword | The old password hash for the user. | ||
Old Password password / Required oldPassword | The old password for the user. | P@ssw0rd! | |
Revoke Sessions boolean revokeSessions | false | If true, revokes all of the user's active sessions. | |
User ID string / Required userId | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"password": {},
"recovery_question": {
"question": "Who's a major player in the cowboy scene?"
},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
}
}
Suspend User
Suspend a user by ID or login. | key: suspendUser
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "userId",
"status": "SUSPENDED"
}
}
Unenroll User Factor
Unenrolls a specific factor for the specified user. | key: unenrollUserFactor
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
Factor ID string / Required factorId | ID of an existing user factor. | opf1abcd2EFGHijkL3m4 | |
Remove Recovery Enrollment boolean removeRecoveryEnrollment | false | If true, removes the phone number as both a recovery method and a factor. This parameter is only used for the sms and call factors. | |
User ID string / Required userId | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "opf1abcd2EFGHijkL3m4",
"status": "UNENROLLED"
}
}
Unlock User
Unlock a user by ID or login. | key: unlockUser
| Input | Default | Notes | Example |
|---|---|---|---|
Connection connection / Required connection | |||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 | |
Send Email boolean sendEmail | false | Sends a deactivation email to the admin if true. |
{
"data": {
"id": "userId",
"status": "ACTIVE"
}
}
Unsuspend User
Unsuspend a user by ID or login. | key: unsuspendUser
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "userId",
"status": "ACTIVE"
}
}
Update Application User Assignment
Updates the app-specific profile and credentials for a user's application assignment. | key: updateApplicationUserAssignment
| Input | Notes | Example |
|---|---|---|
Application ID string / Required applicationId | The unique identifier for the application. | 0oab1234XYZ5678 |
Connection connection / Required connection | ||
Password password password | The user's password. | P@ssw0rd! |
Profile code profile | The app-specific profile for the user. Either the profile or password/username must be provided. | |
User ID string / Required userId | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Username string username | The username of the user to whom the application will be assigned. | johndoe |
{
"data": {
"credentials": {
"userName": "rae.cloud@example.com",
"password": {
"value": "updatedP@55word"
}
}
}
}
Update Group
Updates profile information for an existing group. | key: updateGroup
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Group Description string description | A brief description of the group. | This group contains all members of the engineering team. |
Group ID string / Required groupId | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
Group Name string name | The name of the group. | Engineering Team |
{
"data": {
"id": "00g1emaKYZTWRYYRRTSK",
"created": "2015-02-06T10:11:28.000Z",
"lastUpdated": "2015-10-05T19:16:43.000Z",
"lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
"objectClass": [
"okta:user_group"
],
"type": "OKTA_GROUP",
"profile": {
"name": "West Coast users",
"description": "All users West of The Rockies"
},
"_links": {
"logo": [
{
"name": "medium",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-medium.png",
"type": "image/png"
},
{
"name": "large",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-large.png",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
},
"apps": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"
}
}
}
}
Update User
Update a user by ID or login. | key: updateUser
| Input | Default | Notes | Example |
|---|---|---|---|
Answer string answer | The user's recovery answer. | Blue | |
Connection connection / Required connection | |||
Department string department | The user's department. | Engineering | |
Email string email | The user's email address. | john.doe@example.com | |
Employee Number string employeeNumber | The user's employee number. | 12345 | |
First Name string firstName | The user's first name. | John | |
Hash Password code hashPassword | The user's password hash. | ||
ID string / Required id | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 | |
Last Name string lastName | The user's last name. | Doe | |
Locale string locale | en_US | The user's default location for purposes of localizing items such as currency, date time format, numerical representations, and so on. A locale value is a concatenation of the ISO 639-1 two-letter language code, an underscore, and the ISO 3166-1 two-letter country code. | en_US |
Login string login | The unique identifier for the user (username). | johndoe | |
Mobile Phone string mobilePhone | The user's mobile phone number. | 15551234567 | |
Password password password | The user's password. If not provided, an activation email will be sent to the user. | P@ssw0rd! | |
Profile Extra Attributes code profileExtraInputs | List of additional profile attributes to include in the request. This can be used to include attributes that are not explicitly supported by this component. See [Okta's API documentation](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/updateUser!path=profile&t=request) for a list of supported attributes. | ||
Question string question | The user's recovery question. | What is your favorite color? | |
Realm ID string realmId | The ID of the realm to which the user belongs. | 00g1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00u118oQYT4TBGuay0g4",
"status": "ACTIVE",
"created": "2022-04-04T15:56:05.000Z",
"activated": null,
"statusChanged": null,
"lastLogin": "2022-05-04T19:50:52.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"passwordChanged": "2022-04-04T16:00:22.000Z",
"type": {
"id": "oty1162QAr8hJjTaq0g4"
},
"profile": {
"firstName": "Alice",
"lastName": "Smith",
"mobilePhone": null,
"secondEmail": null,
"login": "alice.smith@example.com",
"email": "alice.smith@example.com"
},
"realmId": "guo1afiNtSnZYILxO0g4",
"credentials": {
"password": {},
"provider": {}
},
"_links": {
"self": {}
}
}
}
Verify Event Hook
Verify a specific event hook. | key: verifyEventHook
| Input | Notes | Example |
|---|---|---|
Connection connection / Required connection | ||
Event Hook ID string / Required eventHookId | The ID of the event hook. | 1234567890abcdef |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
}
Changelog
2025-10-15
Enhanced event hook options with improved user-friendly labels and added new event types including user impersonation, unsuspend, and admin app access events.
2025-10-01
Initial release of Okta component with comprehensive integration capabilities