Okta Component
Manage users, groups, applications, and authentication policies in Okta.
Component key: okta-management-api
Description
Okta is an identity and access management platform that helps organizations manage user authentication, authorization, and security policies. This component allows you to interact with the Okta Management API.
API Documentation
This component was built using the Okta API Documentation
Connections
API Token
To authenticate with Okta APIs using an API token, generate a token from the Okta Admin Console. API tokens provide programmatic access to Okta resources and are tied to a specific admin user's permissions.
For more information about API tokens, refer to the Okta documentation.
Prerequisites
- An Okta tenant with administrative access
- An admin account with appropriate permissions for the required operations
Setup Steps
To generate an API token:
- Log into the Okta Admin Console (e.g.,
https://your-domain.okta.com/admin) - Navigate to Security > API > Tokens
- Click Create Token
- Enter a descriptive name for the token (e.g., "Integration API Token")
- Click Create Token
- Copy the token value immediately — it will only be displayed once
API tokens should be stored securely and never shared or committed to version control. The token cannot be retrieved again after closing the dialog. If lost, a new token must be created.
Configure the Connection
- Enter the Okta Domain (e.g.,
dev-12345.okta.comoryour-org.okta.com) - Enter the API Token that was generated
The Okta Domain should be entered without the https:// protocol. For example, use dev-12345.okta.com instead of https://dev-12345.okta.com. The domain format depends on the Okta cloud environment. Refer to the Okta API documentation for the correct domain format.
API tokens inherit the permissions of the admin user who created them. Ensure the admin account has the necessary permissions for the operations the integration will perform. For more granular control and service-to-service authentication, consider using OAuth 2.0 Client Credentials instead.
| Input | Notes | Example |
|---|---|---|
| API Token | API Token generated in your Okta Admin Console. Learn more. | |
| Okta Domain | The base URL for the Okta API. Depending on your cloud environment, you can choose the correct one here. | your-org.okta.com |
OAuth 2.0 Client Credentials
To access Okta's own APIs (Users, Groups, Applications, etc.) to manage an Okta tenant, OAuth 2.0 Client Credentials with private_key_jwt authentication is required. This is the recommended authentication method for server-to-server integrations that need to manage Okta resources programmatically.
For more information about OAuth for Okta service apps, refer to the Okta documentation.
Prerequisites
- An Okta tenant with administrative access
- Administrative permissions to create OAuth 2.0 service applications
Setup Steps
- Log into the Okta Admin Console (e.g.,
https://your-domain.okta.com/admin) - Navigate to Applications > Applications > Create App Integration
- Select API Services as the application type and click Next
- Configure the application:
- App integration name: Enter a descriptive name (e.g., "Okta Management Integration")
- Click Save
- After creating the application, navigate to the General tab and copy the Client ID
- Generate a public/private key pair for JWT signing:
- Use OpenSSL or another tool to generate an RSA key pair:
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem
- Use OpenSSL or another tool to generate an RSA key pair:
- Register the public key with the Okta service app:
- In the application settings, scroll to the Public Keys section under Client Credentials
- Click Add Key
- Paste the contents of the public key (
public.pem) and click Save
- Grant required OAuth 2.0 scopes to the application:
- Navigate to the Okta API Scopes tab
- Click Grant for each required scope (e.g.,
okta.users.read,okta.groups.read,okta.apps.read) - Refer to Okta's scope documentation for available scopes
- Assign admin roles to the service app (if needed for specific operations):
- Navigate to Security > Administrators
- Click Add Administrator
- Search for the service app by name
- Assign appropriate admin roles based on required permissions
Configure the Connection
- Enter the Okta Domain (e.g.,
dev-12345.okta.comoryour-org.okta.com) - Enter the Client ID from the service application
- Paste the Private Key in PEM format (the entire contents of
private.pem, including the-----BEGIN PRIVATE KEY-----and-----END PRIVATE KEY-----lines) - Enter the Scopes as a space-separated list (e.g.,
okta.users.read okta.groups.read okta.apps.read)
The Okta Domain should be entered without the https:// protocol. For example, use dev-12345.okta.com instead of https://dev-12345.okta.com. The domain format depends on the Okta cloud environment. Refer to the Okta API documentation for the correct domain format.
The OAuth 2.0 scopes granted to the service app determine which Okta APIs can be accessed. Additionally, some operations require the service app to be assigned specific admin roles. Review the Okta scopes documentation and admin role documentation to determine the appropriate scopes and roles for the use case.
| Input | Notes | Example |
|---|---|---|
| Client ID | Client Id of your Okta service application. The application must have the appropriate OAuth 2.0 scopes granted and admin roles assigned. Learn more | 0oa1234567abcdefg890 |
| Okta Domain | The base URL for the Okta API. Depending on your cloud environment, you can choose the correct one here. | your-org.okta.com |
| Private Key (PEM format) | The private key in PEM format used to sign the JWT assertion. Generate a key pair and register the public key with your Okta service app. Learn more | |
| Scopes | Space-separated list of Okta API permission scopes. Common scopes include okta.users.read, okta.users.manage, okta.groups.read, okta.groups.manage, okta.apps.read, etc. Learn more |
OAuth 2.0 Authorization Code
To connect to Okta using OAuth 2.0 Authorization Code flow, create an OpenID Connect (OIDC) web application in the Okta Admin Console. This authentication method allows end-users to authorize the integration to access Okta APIs on their behalf.
For more information about OAuth 2.0 Authorization Code, refer to the Okta documentation.
Prerequisites
- An Okta tenant with administrative access
- Administrative permissions to create OAuth applications
Setup Steps
- Log into the Okta Admin Console (e.g.,
https://your-domain.okta.com/admin) - Navigate to Applications > Applications > Create App Integration
- Select OIDC - OpenID Connect as the sign-in method
- Select Web Application as the application type and click Next
- Configure the application settings:
- App integration name: Enter a descriptive name (e.g., "Okta Integration")
- Grant type: Ensure Authorization Code is selected
- Sign-in redirect URIs: Add the OAuth callback URL:
https://oauth2.prismatic.io/callback - Controlled access: Configure based on requirements (e.g., allow all users or specific groups)
- Click Save to create the application
- Navigate to the Okta API Scopes tab
- Grant the required API scopes by clicking Grant for each needed scope
- Refer to Okta's scope documentation for available scopes
- Navigate back to the General tab
- Copy the Client ID and Client secret values
The client secret may be hidden by default. Click Show to reveal and copy it. Store the secret securely as it provides access to the OAuth application.
Configure the Connection
- Enter the Okta Domain (e.g.,
dev-12345.okta.comoryour-org.okta.com) - Enter the Client ID from the OAuth application
- Enter the Client Secret from the OAuth application
- Optionally, specify Scopes if custom scopes are required (note that API scopes are typically set on the OAuth application itself)
The Okta Domain should be entered without the https:// protocol. For example, use dev-12345.okta.com instead of https://dev-12345.okta.com. The domain format depends on the Okta cloud environment. Refer to the Okta API documentation for the correct domain format.
For OAuth 2.0 Authorization Code applications, API scopes are typically configured directly in the Okta OAuth application under the Okta API Scopes tab. The scopes determine which Okta APIs can be accessed by the integration. Ensure the appropriate scopes are granted based on the use case.
| Input | Notes | Example |
|---|---|---|
| Authorize URL | The OAuth 2.0 Authorization URL for Okta's API. | https://{{#oktaDomainUrl}}/oauth2/v1/authorize |
| Client ID | Client Id of your Okta's application. Learn more | 11111111-2222-3333-4444-555555555555 |
| Client secret value | Client Secret generated in your Okta's application. Learn more. | 11111111-2222-3333-4444-555555555555 |
| Okta Domain | The base URL for the Okta API. Depending on your cloud environment, you can choose the correct one here. | your-org.okta.com |
| Scopes | Okta API permission scopes are set on the OAuth application. | |
| Token URL | The OAuth 2.0 Token URL for Okta's API. | https://{{#oktaDomainUrl}}/oauth2/v1/token |
Triggers
Event Hook
Receive event hooks from Okta when a specified event occurs. | key: eventHook
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Event Hook Filters | The optional filter defined on a specific event type. | |
| Event Hook Items | The list of event types to subscribe to. | |
| Dynamic Event Hook Items | The list of event types to subscribe to in code format. | |
| Event Hook URL Headers | Optional headers to include in the webhook request. | { "X-Custom-Header": "value" } |
You can configure an Okta Event Hook to send real time notifications to a flow's webhook URL when specific events occur in your Okta organization (user created, user deactivated, application assigned, etc.).
How it Works
This trigger responds to Okta event hook requests with the verification response that Okta expects during the initial setup and processes incoming event notifications.
Event Types
Okta supports numerous event types including:
- User lifecycle events (user.lifecycle.create, user.lifecycle.activate, user.lifecycle.deactivate)
- Authentication events (user.authentication.auth_via_mfa, user.authentication.auth_via_password)
- Application events (application.user_membership.add, application.user_membership.remove)
- Group membership events (group.user_membership.add, group.user_membership.remove)
New System Logs
Fetches system logs created on a recurring schedule. | key: newSystemLogsPollingTrigger
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators click here. | lastUpdated gt "2013-06-01T00:00:00.000Z" |
New Users
Fetches users created on a recurring schedule. | key: newUsersPollingTrigger
| Input | Notes | Example |
|---|---|---|
| Connection |
Updated Users
Fetches users updated on a recurring schedule. | key: updatedUsersPollingTrigger
| Input | Notes | Example |
|---|---|---|
| Connection |
Data Sources
Select Application
A picklist of Applications in your Okta Org. | key: selectApplication | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection |
{
"result": [
{
"label": "My Application",
"key": "appId"
},
{
"label": "Another Application",
"key": "anotherAppId"
}
]
}
Select Event Hook
A picklist of Event Hooks in your Okta Org. | key: selectEventHook | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection |
{
"result": [
{
"label": "My Event Hook",
"key": "eventHookId"
}
]
}
Select Group
A picklist of groups in your Okta Org. | key: selectGroup | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection |
{
"result": [
{
"label": "My Group",
"key": "groupId"
},
{
"label": "Another Group",
"key": "anotherGroupId"
}
]
}
Select Realm
A picklist of Realms in your Okta Org. | key: selectRealm | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection |
{
"result": [
{
"label": "My Realm",
"key": "realmId"
},
{
"label": "Another Realm",
"key": "anotherRealmId"
}
]
}
Select User
A picklist of users in your Okta Org. | key: selectUser | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection |
{
"result": [
{
"label": "My User",
"key": "userId"
},
{
"label": "Another User",
"key": "anotherUserId"
}
]
}
Select User Factor
A picklist of a user's factors in your Okta Org. | key: selectUserFactor | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"result": [
{
"label": "Security Question",
"key": "factorId"
},
{
"label": "Another Factor",
"key": "anotherFactorId"
}
]
}
Select User Type
A picklist of User Types in your Okta Org. | key: selectUserType | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection |
{
"result": [
{
"label": "My User",
"key": "userId"
},
{
"label": "Another User",
"key": "anotherUserId"
}
]
}
Actions
Activate Event Hook
Activate a specific event hook. | key: activateEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Event Hook ID | The ID of the event hook. | who8zne7Y5lQr9Yi80g4 |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
}
Activate User
Activate a user by ID or login. | key: activateUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Send Email | When true, sends a deactivation email to the admin. | false |
{
"data": {
"activationToken": "XE6wE17zmphl3KqAPFxO",
"activationUrl": "https://{yourOktaDomain}/welcome/XE6wE17zmphl3KqAPFxO"
}
}
Add User to Group
Add a user to a group. | key: addUserToGroup
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"success": true,
"message": "User 123 added to group 123"
}
}
Assign Application to User
Assigns an application to a user with app-specific profile and credentials. | key: assignApplicationToUser
| Input | Notes | Example |
|---|---|---|
| Application ID | The unique identifier for the application. | 0oab1234XYZ5678 |
| Connection | ||
| Password | The user's password. | P@ssw0rd! |
| Profile | The app-specific profile for the user. | |
| Scope | Specifies the scope of the application. | |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Username | The username of the user to whom the application will be assigned. | johndoe |
{
"data": {
"success": true,
"message": "User 123 added to group 123"
}
}
Clear User Sessions
Clears all active sessions for a user, forcing re-authentication on next access. | key: clearUserSessions
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Forget Devices | Clears the user's remembered factors for all devices. | false |
| OAuth Tokens | Revokes issued OpenID Connect and OAuth refresh and access tokens. | false |
| User ID | ID of an existing Okta user. | 00ub0oNGTSWTBKOLGLNR |
{
"data": {
"id": "userId",
"status": "SESSIONS_CLEARED"
}
}
Create Event Hook
Create a new event hook. | key: createEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Do Not Activate on Create | When true, the event hook will not be activated and a verification request will not be sent. | false |
| Event Hook Description | The description of the event hook. | This is my event hook. |
| Event Hook Filters | The optional filter defined on a specific event type. | |
| Event Hook Items | The list of event types to subscribe to. | |
| Dynamic Event Hook Items | The list of event types to subscribe to in code format. | |
| Event Hook Name | The name of the event hook. | My Event Hook |
| Event Hook URL | The URL of the event hook. | https://example.com/webhook |
| Event Hook URL Headers | Optional headers to include in the webhook request. | { "X-Custom-Header": "value" } |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
}
Create Group
Create a group in Okta. | key: createGroup
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Group Description | A brief description of the group. | This group contains all members of the engineering team. |
| Group Name | The name of the group. | Engineering Team |
{
"data": {
"id": "00g1emaKYZTWRYYRRTSK",
"created": "2015-02-06T10:11:28.000Z",
"lastUpdated": "2015-10-05T19:16:43.000Z",
"lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
"objectClass": [
"okta:user_group"
],
"type": "OKTA_GROUP",
"profile": {
"name": "West Coast users",
"description": "All users West of The Rockies"
},
"_links": {
"logo": [
{
"name": "medium",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-medium.png",
"type": "image/png"
},
{
"name": "large",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-large.png",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
},
"apps": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"
}
}
}
}
Create User
Create a new user. | key: createUser
| Input | Notes | Example |
|---|---|---|
| Activate | When true, executes an activation lifecycle operation when creating the user. | true |
| Answer | The user's recovery answer. | Blue |
| Connection | ||
| Department | The user's department. | Engineering |
The user's email address. | john.doe@example.com | |
| Employee Number | The user's employee number. | 12345 |
| First Name | The user's first name. | John |
| Group IDs | List of group IDs to assign the user to. | |
| Hash Password | The user's password hash. | |
| Last Name | The user's last name. | Doe |
| Locale | The user's default location for purposes of localizing items such as currency, date time format, numerical representations, and so on. A locale value is a concatenation of the ISO 639-1 two-letter language code, an underscore, and the ISO 3166-1 two-letter country code. | en_US |
| Login | The unique identifier for the user (username). | johndoe |
| Mobile Phone | The user's mobile phone number. | 15551234567 |
| Next Login | With activate=true, if nextLogin=changePassword, a user is created, activated, and the password is set to EXPIRED. The user must change it the next time they sign in. | changePassword |
| Password | The user's password. If not provided, an activation email will be sent to the user. | P@ssw0rd! |
| Profile Extra Attributes | List of additional profile attributes to include in the request. This can be used to include attributes that are not explicitly supported by this component. See Okta's API documentation for a list of supported attributes. | |
| Provider | Indicates whether to create a user with a specified authentication provider. | false |
| Provider Name | The name of the provider for the user. | OKTA |
| Provider Type | The type of the provider for the user. | |
| Question | The user's recovery question. | What is your favorite color? |
| Realm ID | The ID of the realm to which the user belongs. | 00g1abcd2EFGHijkL3m4 |
| Type | The type of the user. | Employee |
{
"data": {
"id": "00u118oQYT4TBGuay0g4",
"status": "ACTIVE",
"created": "2022-04-04T15:56:05.000Z",
"activated": null,
"statusChanged": null,
"lastLogin": "2022-05-04T19:50:52.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"passwordChanged": "2022-04-04T16:00:22.000Z",
"type": {
"id": "oty1162QAr8hJjTaq0g4"
},
"profile": {
"firstName": "Alice",
"lastName": "Smith",
"mobilePhone": null,
"secondEmail": null,
"login": "alice.smith@example.com",
"email": "alice.smith@example.com"
},
"realmId": "guo1afiNtSnZYILxO0g4",
"credentials": {
"password": {},
"provider": {}
},
"_links": {
"self": {}
}
}
}
Deactivate Event Hook
Deactivate a specific event hook. | key: deactivateEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Event Hook ID | The ID of the event hook. | who8zne7Y5lQr9Yi80g4 |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
}
Deactivate User
Deactivate a user by ID or login. | key: deactivateUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Send Email | When true, sends a deactivation email to the admin. | false |
{
"data": {
"id": "userId",
"status": "DEPROVISIONED"
}
}
Delete All Event Hooks
Delete an event hook by ID. | key: deleteAllEventHooks
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Event Hook URL | If provided, only event hooks with this URL will be deleted. If not provided, all event hooks will be deleted. | https://example.com/webhook |
{
"data": [
{
"id": "who8tsqyrhCdmetzx135",
"deleted": true
}
]
}
Delete Event Hook
Delete an event hook by ID. | key: deleteEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Event Hook ID | The ID of the event hook. | who8zne7Y5lQr9Yi80g4 |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"deleted": true
}
}
Delete Group
Delete a group by ID. | key: deleteGroup
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00g1emaKYZTWRYYRRTSK",
"status": "DELETED"
}
}
Delete User
Delete a user by ID or login. | key: deleteUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Send Email | When true, sends a deactivation email to the admin. | false |
{
"data": {
"id": "userId",
"status": "DELETED"
}
}
Get Application
Retrieve an application by ID. | key: getApplication
| Input | Notes | Example |
|---|---|---|
| Application ID | The unique identifier for the application. | 0oab1234XYZ5678 |
| Connection | ||
| Expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
{
"data": {
"id": "0oa1gjh63g214q0Hq0g4",
"orn": "orn:okta:idp:00o1n8sbwArJ7OQRw406:apps:testorgone_customsaml20app_1:0oa1gjh63g214q0Hq0g4",
"name": "testorgone_customsaml20app_1",
"label": "Custom Saml 2.0 App",
"status": "ACTIVE",
"lastUpdated": "2016-08-09T20:12:19.000Z",
"created": "2016-08-09T20:12:19.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"testorgone_customsaml20app_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "templateName",
"type": "BUILT_IN"
},
"signing": {}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"signOn": {
"defaultRelayState": "",
"ssoAcsUrl": "https://{yourOktaDomain}",
"idpIssuer": "https://www.okta.com/org.externalKey",
"audience": "https://example.com/tenant/123",
"recipient": "https://recipient.okta.com",
"destination": "https://destination.okta.com",
"subjectNameIdTemplate": "user.userName",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA256",
"honorForceAuthn": true,
"authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"slo": {
"enabled": true,
"spIssuer": "https://testorgone.okta.com",
"logoutUrl": "https://testorgone.okta.com/logout"
},
"participateSlo": {
"enabled": true,
"logoutRequestUrl": "https://testorgone.okta.com/logout/participate",
"sessionIndexRequired": true,
"bindingType": "REDIRECT"
},
"spCertificate": {
"x5c": [
"MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV\r\n"
]
},
"assertionEncryption": {
"enabled": false,
"requestCompressed": false,
"allowMultipleAcsEndpoints": false,
"acsEndpoints": [],
"attributeStatements": [],
"_links": {
"logo": [
{
"name": "medium",
"href": "https://testorgone.okta.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png",
"type": "image/png"
}
],
"appLinks": [
{
"name": "testorgone_customsaml20app_1_link",
"href": "https://testorgone.okta.com/home/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/aln1gofChJaerOVfY0g4",
"type": "text/html"
}
],
"help": {
"href": "https://testorgone-admin.okta.com/app/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/setup/help/SAML_2_0/instructions",
"type": "text/html"
},
"users": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/users"
},
"deactivate": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/lifecycle/deactivate"
},
"groups": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/groups"
},
"metadata": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/sso/saml/metadata",
"type": "application/xml"
}
},
"_embedded": {
"user": {
"id": "00ucw2RPGIUNTDQOYPOF",
"externalId": null,
"created": "2014-03-21T23:31:35.000Z",
"lastUpdated": "2014-03-21T23:31:35.000Z",
"scope": "USER",
"status": "ACTIVE",
"statusChanged": "2014-03-21T23:31:35.000Z",
"passwordChanged": null,
"syncState": "DISABLED",
"lastSync": null,
"credentials": {
"userName": "user@example.com"
},
"_links": {
"app": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabizCHPNYALCHDUIOD"
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
}
}
},
"id": "0oabkvBLDEKCNXBGYUAS",
"name": "template_swa",
"label": "Sample Plugin App",
"status": "ACTIVE",
"lastUpdated": "2013-09-11T17:58:54.000Z",
"created": "2013-09-11T17:46:08.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"login": true
}
},
"features": [],
"signOnMode": "BROWSER_PLUGIN",
"credentials": {
"scheme": "EDIT_USERNAME_AND_PASSWORD",
"userNameTemplate": {
"template": "source.login",
"type": "BUILT_IN"
}
},
"settings": {
"app": {
"buttonField": "btn-login",
"passwordField": "txtbox-password",
"usernameField": "txtbox-username",
"url": "https://example.com/login.html"
}
},
"_links": {
"logo": [
{
"href": "https://example.okta.com/img/logos/logo_1.png",
"name": "medium",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/users"
},
"groups": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/groups"
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/lifecycle/deactivate"
}
},
"_embedded": {
"user": {
"id": "00ucw2RPGIUNTDQOYPOF",
"externalId": null,
"created": "2014-06-10T15:16:01.000Z",
"lastUpdated": "2014-06-10T15:17:38.000Z",
"scope": "USER",
"status": "ACTIVE",
"statusChanged": "2014-06-10T15:16:01.000Z",
"passwordChanged": "2014-06-10T15:17:38.000Z",
"syncState": "DISABLED",
"lastSync": null,
"credentials": {
"userName": "user@example.com",
"password": {}
},
"_links": {
"app": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
}
}
}
}
}
}
}
}
}
}
Get Application User Assignment
Retrieves a specific user assignment for a specific app. | key: getApplicationUserAssignment
| Input | Notes | Example |
|---|---|---|
| Application ID | The unique identifier for the application. | 0oab1234XYZ5678 |
| Connection | ||
| Expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00u1dnq5S0CfjlkpABCD",
"externalId": "00u5edt3PNbbjzvIABCD",
"created": "2024-01-31T18:25:01.000Z",
"lastUpdated": "2024-01-31T18:25:03.000Z",
"scope": "USER",
"status": "PROVISIONED",
"statusChanged": "2024-01-31T18:25:03.000Z",
"passwordChanged": null,
"syncState": "SYNCHRONIZED",
"lastSync": "2024-01-31T18:25:03.000Z",
"credentials": {
"userName": "saml.test@example.com"
},
"profile": {
"secondEmail": null,
"lastName": "Test",
"mobilePhone": null,
"displayName": "Saml O Test",
"email": "saml.test@example.com",
"salesforceGroups": [],
"role": "Tester",
"firstName": "Saml",
"streetAddress": null,
"profile": "Standard Platform User"
},
"_links": {
"app": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oajiqIRNXPPJBNZMGYL"
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD"
}
},
"_embedded": {
"user": {
"id": "00u1dnq5S0CfjlkpABCD",
"status": "ACTIVE",
"created": "2024-01-09T15:36:04.000Z",
"activated": "2024-01-09T15:36:05.000Z",
"statusChanged": "2024-01-09T15:36:05.000Z",
"lastLogin": null,
"lastUpdated": "2024-01-09T15:36:05.000Z",
"passwordChanged": "2024-01-09T15:36:05.000Z",
"type": {
"id": "otyzhh29g7Python90g3"
},
"profile": {
"firstName": "Saml",
"lastName": "Test",
"mobilePhone": null,
"secondEmail": null,
"login": "saml.test@example.com",
"email": "saml.test@example.com"
},
"credentials": {
"password": {},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
},
"_links": {
"suspend": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/suspend",
"method": "POST"
},
"schema": {
"href": "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscarho9g7PythoN23z9"
},
"resetPassword": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/reset_password",
"method": "POST"
},
"expirePassword": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/expire_password",
"method": "POST"
},
"changeRecoveryQuestion": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_recovery_question",
"method": "POST"
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD"
},
"type": {
"href": "https://{yourOktaDomain}/api/v1/meta/types/user/otyzhh29g7Python90g3"
},
"changePassword": {
"href": "https://rain.okta1.com/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_password",
"method": "POST"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/deactivate",
"method": "POST"
}
}
}
}
}
}
Get Event Hook
Get an event hook by ID. | key: getEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Event Hook ID | The ID of the event hook. | who8zne7Y5lQr9Yi80g4 |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
}
Get Group
Retrieve a group by ID. | key: getGroup
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00g1emaKYZTWRYYRRTSK",
"created": "2015-02-06T10:11:28.000Z",
"lastUpdated": "2015-10-05T19:16:43.000Z",
"lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
"objectClass": [
"okta:user_group"
],
"type": "OKTA_GROUP",
"profile": {
"name": "West Coast users",
"description": "All users West of The Rockies"
},
"_links": {
"logo": [
{
"name": "medium",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-medium.png",
"type": "image/png"
},
{
"name": "large",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-large.png",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
},
"apps": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"
}
}
}
}
Get System Logs
Retrieves system log events for security monitoring and compliance auditing. Max 10000 records can be fetched at once. | key: getSystemLogs
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | ||
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators click here. | lastUpdated gt "2013-06-01T00:00:00.000Z" |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta |
| Since | Filters the lower time bound of the log events published property for bounded queries or persistence time for polling queries. | 7 days prior to until |
| Sort Order | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. | |
| Until | Filters the upper time bound of the log events published property for bounded queries or persistence time for polling queries. | current time |
{
"data": [
{
"actor": {
"id": "00uttidj01jqL21aM1d6",
"type": "User",
"alternateId": "john.doe@example.com",
"displayName": "John Doe",
"detailEntry": null
},
"client": {
"userAgent": {
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36",
"os": "Mac OS X",
"browser": "CHROME"
},
"zone": null,
"device": "Computer",
"id": null,
"ipAddress": "10.0.0.1",
"geographicalContext": {
"city": "New York",
"state": "New York",
"country": "United States",
"postalCode": 10013,
"geolocation": {
"lat": 40.3157,
"lon": -74.01
}
}
},
"device": {
"id": "guofdhyjex1feOgbN1d9",
"name": "Mac15,6",
"os_platform": "OSX",
"os_version": "14.6.0",
"managed": false,
"registered": true,
"device_integrator": null,
"disk_encryption_type": "ALL_INTERNAL_VOLUMES",
"screen_lock_type": "BIOMETRIC",
"jailbreak": null,
"secure_hardware_present": true
},
"authenticationContext": {
"authenticationProvider": null,
"credentialProvider": null,
"credentialType": null,
"issuer": null,
"interface": null,
"authenticationStep": 0,
"rootSessionId": "idxBager62CSveUkTxvgRtonA",
"externalSessionId": "idxBager62CSveUkTxvgRtonA"
},
"displayMessage": "User login to Okta",
"eventType": "user.session.start",
"outcome": {
"result": "SUCCESS",
"reason": null
},
"published": "2024-08-13T15:58:20.353Z",
"securityContext": {
"asNumber": 394089,
"asOrg": "ASN 0000",
"isp": "google",
"domain": null,
"isProxy": false
},
"severity": "INFO",
"debugContext": {
"debugData": {
"requestId": "ab609228fe84ce59cdcbfa690bcce016",
"requestUri": "/idp/idx/authenticators/poll",
"url": "/idp/idx/authenticators/poll"
}
},
"legacyEventType": "core.user_auth.login_success",
"transaction": {
"type": "WEB",
"id": "ab609228fe84ce59cdcbfa690bgce016",
"detail": null
},
"uuid": "dc9fd3c0-598c-11ef-8478-2b7584bf8d5a",
"version": 0,
"request": {
"ipChain": [
{
"ip": "10.0.0.1",
"geographicalContext": {
"city": "New York",
"state": "New York",
"country": "United States",
"postalCode": 10013,
"geolocation": {
"lat": 40.3157,
"lon": -74.01
}
},
"version": "V4",
"source": null
}
]
},
"target": [
{
"id": "pfdfdhyjf0HMbkP2e1d7",
"type": "AuthenticatorEnrollment",
"alternateId": "unknown",
"displayName": "Okta Verify",
"detailEntry": null
},
{
"id": "0oatxlef9sQvvqInq5d6",
"type": "AppInstance",
"alternateId": "Okta Admin Console",
"displayName": "Okta Admin Console",
"detailEntry": null
}
]
}
]
}
Get User
Retrieve a user by ID or login. | key: getUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00u118oQYT4TBGuay0g4",
"status": "ACTIVE",
"created": "2022-04-04T15:56:05.000Z",
"activated": null,
"statusChanged": null,
"lastLogin": "2022-05-04T19:50:52.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"passwordChanged": "2022-04-04T16:00:22.000Z",
"type": {
"id": "oty1162QAr8hJjTaq0g4"
},
"profile": {
"firstName": "Alice",
"lastName": "Smith",
"mobilePhone": null,
"secondEmail": null,
"login": "alice.smith@example.com",
"email": "alice.smith@example.com"
},
"realmId": "guo1afiNtSnZYILxO0g4",
"credentials": {
"password": {},
"provider": {}
},
"_links": {
"self": {}
}
}
}
List Applications
List applications with optional search and filtering. | key: listApplications
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | ||
| Expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators click here. | lastUpdated gt "2013-06-01T00:00:00.000Z" |
| Include Non-Deleted | When true, both deleted and non-deleted applications are returned. | false |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta |
| Use Optimization | When true, the response will be optimized for faster retrieval. This may exclude some properties from the response. | false |
{
"data": [
{
"id": "0oa1gjh63g214q0Hq0g4",
"orn": "orn:okta:idp:00o1n8sbwArJ7OQRw406:apps:testorgone_customsaml20app_1:0oa1gjh63g214q0Hq0g4",
"name": "testorgone_customsaml20app_1",
"label": "Custom Saml 2.0 App",
"status": "ACTIVE",
"lastUpdated": "2016-08-09T20:12:19.000Z",
"created": "2016-08-09T20:12:19.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null,
"loginRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"testorgone_customsaml20app_1_link": true
}
},
"features": [],
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "templateName",
"type": "BUILT_IN"
},
"signing": {}
},
"settings": {
"app": {},
"notifications": {
"vpn": {
"network": {
"connection": "DISABLED"
},
"message": null,
"helpUrl": null
}
},
"signOn": {
"defaultRelayState": "",
"ssoAcsUrl": "https://{yourOktaDomain}",
"idpIssuer": "https://www.okta.com/org.externalKey",
"audience": "https://example.com/tenant/123",
"recipient": "https://recipient.okta.com",
"destination": "https://destination.okta.com",
"subjectNameIdTemplate": "user.userName",
"subjectNameIdFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"responseSigned": true,
"assertionSigned": true,
"signatureAlgorithm": "RSA_SHA256",
"digestAlgorithm": "SHA256",
"honorForceAuthn": true,
"authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"slo": {
"enabled": true,
"spIssuer": "https://testorgone.okta.com",
"logoutUrl": "https://testorgone.okta.com/logout"
},
"participateSlo": {
"enabled": true,
"logoutRequestUrl": "https://testorgone.okta.com/logout/participate",
"sessionIndexRequired": true,
"bindingType": "REDIRECT"
},
"spCertificate": {
"x5c": [
"MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV\r\n"
]
},
"assertionEncryption": {
"enabled": false,
"requestCompressed": false,
"allowMultipleAcsEndpoints": false,
"acsEndpoints": [],
"attributeStatements": [],
"_links": {
"logo": [
{
"name": "medium",
"href": "https://testorgone.okta.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png",
"type": "image/png"
}
],
"appLinks": [
{
"name": "testorgone_customsaml20app_1_link",
"href": "https://testorgone.okta.com/home/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/aln1gofChJaerOVfY0g4",
"type": "text/html"
}
],
"help": {
"href": "https://testorgone-admin.okta.com/app/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/setup/help/SAML_2_0/instructions",
"type": "text/html"
},
"users": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/users"
},
"deactivate": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/lifecycle/deactivate"
},
"groups": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/groups"
},
"metadata": {
"href": "https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/sso/saml/metadata",
"type": "application/xml"
}
},
"_embedded": {
"user": {
"id": "00ucw2RPGIUNTDQOYPOF",
"externalId": null,
"created": "2014-03-21T23:31:35.000Z",
"lastUpdated": "2014-03-21T23:31:35.000Z",
"scope": "USER",
"status": "ACTIVE",
"statusChanged": "2014-03-21T23:31:35.000Z",
"passwordChanged": null,
"syncState": "DISABLED",
"lastSync": null,
"credentials": {
"userName": "user@example.com"
},
"_links": {
"app": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabizCHPNYALCHDUIOD"
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
}
}
},
"id": "0oabkvBLDEKCNXBGYUAS",
"name": "template_swa",
"label": "Sample Plugin App",
"status": "ACTIVE",
"lastUpdated": "2013-09-11T17:58:54.000Z",
"created": "2013-09-11T17:46:08.000Z",
"accessibility": {
"selfService": false,
"errorRedirectUrl": null
},
"visibility": {
"autoSubmitToolbar": false,
"hide": {
"iOS": false,
"web": false
},
"appLinks": {
"login": true
}
},
"features": [],
"signOnMode": "BROWSER_PLUGIN",
"credentials": {
"scheme": "EDIT_USERNAME_AND_PASSWORD",
"userNameTemplate": {
"template": "source.login",
"type": "BUILT_IN"
}
},
"settings": {
"app": {
"buttonField": "btn-login",
"passwordField": "txtbox-password",
"usernameField": "txtbox-username",
"url": "https://example.com/login.html"
}
},
"_links": {
"logo": [
{
"href": "https://example.okta.com/img/logos/logo_1.png",
"name": "medium",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/users"
},
"groups": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/groups"
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/lifecycle/deactivate"
}
},
"_embedded": {
"user": {
"id": "00ucw2RPGIUNTDQOYPOF",
"externalId": null,
"created": "2014-06-10T15:16:01.000Z",
"lastUpdated": "2014-06-10T15:17:38.000Z",
"scope": "USER",
"status": "ACTIVE",
"statusChanged": "2014-06-10T15:16:01.000Z",
"passwordChanged": "2014-06-10T15:17:38.000Z",
"syncState": "DISABLED",
"lastSync": null,
"credentials": {
"userName": "user@example.com",
"password": {}
},
"_links": {
"app": {
"href": "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
}
}
}
}
}
}
}
}
}
]
}
List Event Hooks
List all event hooks. | key: listEventHooks
| Input | Notes | Example |
|---|---|---|
| Connection |
{
"data": [
{
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
},
{
"id": "who8vt36qfNpCGz9H1e6",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook with Filter",
"description": "An event hook using an Okta Expression Language filter",
"created": "2023-07-07T13:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T13:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"group.user_membership.add"
],
"filter": {
"type": "EXPRESSION_LANGUAGE",
"eventFilterMap": [
{
"event": "group.user_membership.add",
"condition": {
"version": null,
"expression": "event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName eq 'Sales'].size()>0"
}
}
]
}
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userAdded",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
]
}
List Group Members
Retrieves all users who are members of the specified group. | key: listGroupMembers
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | ||
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
{
"data": [
{
"id": "00u118oQYT4TBTemp0g4",
"status": "ACTIVE",
"created": "2022-04-04T15:56:05.000Z",
"activated": null,
"statusChanged": null,
"lastLogin": "2022-05-04T19:50:52.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"passwordChanged": "2022-04-04T16:00:22.000Z",
"type": {
"id": "oty1162QAr8hJjTaq0g4"
},
"profile": {
"firstName": "Alice",
"lastName": "Smith",
"mobilePhone": null,
"secondEmail": null,
"login": "alice.smith@example.com",
"email": "alice.smith@example.com"
},
"credentials": {
"password": {},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
},
"_links": {
"self": {
"href": "http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4"
}
}
}
]
}
List Groups
List groups with optional search and filtering. | key: listGroups
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | ||
| Extra Parameters | List of additional parameters to include in the request. This can be used to include parameters that are not explicitly supported by this component. See Okta's API documentation for a list of supported parameters. | {"after": "abc123"} |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators click here. | lastUpdated gt "2013-06-01T00:00:00.000Z" |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta |
| Search | A search string to filter results. See Okta's documentation for supported search fields and operators click here. | profile.firstName eq "John" |
| Sort By | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName |
| Sort Order | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. |
{
"data": [
{
"id": "00g1emaKYZTWRYYRRTSK",
"created": "2015-02-06T10:11:28.000Z",
"lastUpdated": "2015-10-05T19:16:43.000Z",
"lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
"objectClass": [
"okta:user_group"
],
"type": "OKTA_GROUP",
"profile": {
"name": "West Coast users",
"description": "All users West of The Rockies"
},
"_links": {
"logo": [
{
"name": "medium",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-medium.png",
"type": "image/png"
},
{
"name": "large",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-large.png",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
},
"apps": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"
}
}
}
]
}
List Policies
List policies with optional search and filtering. | key: listPolicies
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | ||
| Expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta |
| Resource ID | Reference to the associated authorization server. | 00g1abcd2EFGH3IJK4l5 |
| Sort By | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName |
| Status | Specifies the status of the policies to return. | |
| Type | Specifies the type of policy to return. The following policy types are available only with the Okta Identity Engine. |
{
"data": [
{
"type": "ACCESS_POLICY",
"id": "policyId",
"status": "ACTIVE",
"name": "Policy name",
"description": "Policy description",
"priority": 1,
"system": true,
"conditions": null,
"created": "2024-04-25T17:35:02.000Z",
"lastUpdated": "2024-04-25T17:35:02.000Z",
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/policies/{policyId}",
"hints": {
"allow": [
"GET",
"PUT"
]
}
},
"rules": {
"href": "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules",
"hints": {
"allow": [
"GET",
"POST"
]
}
}
}
}
]
}
List Realms
Lists all realms in your org. | key: listRealms
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | ||
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| Search | A search string to filter results. See Okta's documentation for supported search fields and operators click here. | profile.firstName eq "John" |
| Sort By | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName |
| Sort Order | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. |
{
"data": [
{
"id": "guox9jQ16k9V8IFEL0g3",
"created": "2022-04-04T15:56:05.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"isDefault": false,
"profile": {
"name": "Car Co",
"realmType": "PARTNER",
"domains": [
"atko.com",
"user.com"
]
},
"_links": {
"self": {
"rel": "self",
"href": "http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3",
"method": "GET"
}
}
}
]
}
List User Applications
List applications for a specific user. | key: listUserApplications
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": [
{
"id": "00ub0oNGTSWTBKOLGLNR",
"label": "Google Apps Mail",
"linkUrl": "https://{yourOktaDomain}/home/google/0oa3omz2i9XRNSRIHBZO/50",
"logoUrl": "https://{yourOktaDomain}/img/logos/google-mail.png",
"appName": "google",
"appInstanceId": "0oa3omz2i9XRNSRIHBZO",
"appAssignmentId": "0ua3omz7weMMMQJERBKY",
"credentialsSetup": false,
"hidden": false,
"sortOrder": 0
},
{
"id": "00ub0oNGTSWTBKOLGLNR",
"label": "Google Apps Calendar",
"linkUrl": "https://{yourOktaDomain}/home/google/0oa3omz2i9XRNSRIHBZO/54",
"logoUrl": "https://{yourOktaDomain}/img/logos/google-calendar.png",
"appName": "google",
"appInstanceId": "0oa3omz2i9XRNSRIHBZO",
"appAssignmentId": "0ua3omz7weMMMQJERBKY",
"credentialsSetup": false,
"hidden": false,
"sortOrder": 1
},
{
"id": "00ub0oNGTSWTBKOLGLNR",
"label": "Box",
"linkUrl": "https://{yourOktaDomain}/home/boxnet/0oa3ompioiQCSTOYXVBK/72",
"logoUrl": "https://{yourOktaDomain}/img/logos/box.png",
"appName": "boxnet",
"appInstanceId": "0oa3ompioiQCSTOYXVBK",
"appAssignmentId": "0ua3omx46lYEZLPPRWBO",
"credentialsSetup": false,
"hidden": false,
"sortOrder": 3
},
{
"id": "00ub0oNGTSWTBKOLGLNR",
"label": "Salesforce.com",
"linkUrl": "https://{yourOktaDomain}/home/salesforce/0oa12ecnxtBQMKOXJSMF/46",
"logoUrl": "https://{yourOktaDomain}/img/logos/salesforce_logo.png",
"appName": "salesforce",
"appInstanceId": "0oa12ecnxtBQMKOXJSMF",
"appAssignmentId": "0ua173qgj5VAVOBQMCVB",
"credentialsSetup": true,
"hidden": false,
"sortOrder": 2
}
]
}
List User Factors
Lists all enrolled factors for the specified user that are included in the highest priority authenticator enrollment policy that applies to the user. | key: listUserFactors
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": [
{
"id": "ufs2bysphxKODSZKWVCT",
"factorType": "question",
"provider": "OKTA",
"vendorName": "OKTA",
"status": "ACTIVE",
"created": "2014-04-15T18:10:06.000Z",
"lastUpdated": "2014-04-15T18:10:06.000Z",
"profile": {
"question": "favorite_art_piece",
"questionText": "What is your favorite piece of art?"
},
"_links": {
"questions": {
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/questions",
"hints": {
"allow": [
"GET"
]
}
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ufs2bysphxKODSZKWVCT",
"hints": {
"allow": [
"GET",
"DELETE"
]
}
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL",
"hints": {
"allow": [
"GET"
]
}
}
}
},
{
"id": "ostf2gsyictRQDSGTDZE",
"factorType": "token:software:totp",
"provider": "OKTA",
"status": "PENDING_ACTIVATION",
"created": "2014-06-27T20:27:33.000Z",
"lastUpdated": "2014-06-27T20:27:33.000Z",
"profile": {
"credentialId": "dade.murphy@example.com"
},
"_links": {
"next": {
"name": "activate",
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf2gsyictRQDSGTDZE/lifecycle/activate",
"hints": {
"allow": [
"POST"
]
}
},
"self": {
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf2gsyictRQDSGTDZE",
"hints": {
"allow": [
"GET"
]
}
},
"user": {
"href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL",
"hints": {
"allow": [
"GET"
]
}
}
},
"_embedded": {
"activation": {
"timeStep": 30,
"sharedSecret": "HE64TMLL2IUZW2ZLB",
"encoding": "base32",
"keyLength": 16
}
}
}
]
}
List User Groups
List groups for a specific user. | key: listUserGroups
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": [
{
"id": "0gabcd1234",
"profile": {
"name": "Cloud app users",
"description": "Users can access cloud apps"
}
},
{
"id": "0gefgh5678",
"profile": {
"name": "Internal app users",
"description": "Users can access internal apps"
}
}
]
}
List User Types
Lists all user types in your org. | key: listUserTypes
| Input | Notes | Example |
|---|---|---|
| Connection |
{
"data": [
{
"id": "otyfnly5cQjJT9PnR0g4",
"displayName": "New user type",
"name": "newUserType",
"description": "A new custom user type",
"createdBy": "sprz9fj1ycBcsgopy1d6",
"lastUpdatedBy": "sprz9fj1ycBcsgopy1d6",
"created": "2021-07-05T20:40:38.000Z",
"lastUpdated": "2021-07-05T20:40:38.000Z",
"default": false,
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
},
"schema": {
"href": "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
}
}
},
{
"id": "otyz9fj2jMiRBC1ZT1d6",
"displayName": "User",
"name": "user",
"description": "Okta user profile template with default permission settings",
"createdBy": "sprz9fj1ycBcsgopy1d6",
"lastUpdatedBy": "sprz9fj1ycBcsgopy1d6",
"created": "2021-07-05T20:40:38.000Z",
"lastUpdated": "2021-07-05T20:40:38.000Z",
"default": true,
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
},
"schema": {
"href": "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
}
}
}
]
}
List Users
List users with optional search and filtering. | key: listUsers
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | ||
| Extra Parameters | List of additional parameters to include in the request. This can be used to include parameters that are not explicitly supported by this component. See Okta's API documentation for a list of supported parameters. | {"after": "abc123"} |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators click here. | lastUpdated gt "2013-06-01T00:00:00.000Z" |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta |
| Search | A search string to filter results. See Okta's documentation for supported search fields and operators click here. | profile.firstName eq "John" |
| Sort By | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName |
| Sort Order | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. |
{
"data": [
{
"id": "00u118oQYT4TBGuay0g4",
"status": "ACTIVE",
"created": "2022-04-04T15:56:05.000Z",
"activated": null,
"statusChanged": null,
"lastLogin": "2022-05-04T19:50:52.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"passwordChanged": "2022-04-04T16:00:22.000Z",
"type": {
"id": "oty1162QAr8hJjTaq0g4"
},
"profile": {
"firstName": "Alice",
"lastName": "Smith",
"mobilePhone": null,
"secondEmail": null,
"login": "alice.smith@example.com",
"email": "alice.smith@example.com"
},
"realmId": "guo1afiNtSnZYILxO0g4",
"credentials": {
"password": {},
"provider": {}
},
"_links": {
"self": {}
}
}
]
}
Raw Request
Send raw HTTP request to Okta. | key: rawRequest
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Data | The HTTP body payload to send to the URL. | {"exampleKey": "Example Data"} |
| File Data | File Data to be sent as a multipart form upload. | [{key: "example.txt", value: "My File Contents"}] |
| File Data File Names | File names to apply to the file data inputs. Keys must match the file data keys above. | |
| Form Data | The Form Data to be sent as a multipart form upload. | [{"key": "Example Key", "value": new Buffer("Hello World")}] |
| Header | A list of headers to send with the request. | User-Agent: curl/7.64.1 |
| Max Retry Count | The maximum number of retries to attempt. Specify 0 for no retries. | 0 |
| Method | The HTTP method to use. | |
| Query Parameter | A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2. | |
| Response Type | The type of data you expect in the response. You can request json, text, or binary data. | json |
| Retry On All Errors | If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors. | false |
| Retry Delay (ms) | The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled. | 0 |
| Timeout | The maximum time that a client will await a response to its request | 2000 |
| URL | Input the path only (/users), The base URL is already included (https://{yourOktaDomain}.com/api/v1). For example, to connect to https://{yourOktaDomain}.com/api/v1/users, only /users is entered in this field. | /users |
| Use Exponential Backoff | Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored. | false |
Reactivate User
Reactivate a user by ID or login. | key: reactivateUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Send Email | When true, sends a deactivation email to the admin. | false |
{
"data": {
"activationToken": "XE6wE17zmphl3KqAPFxO",
"activationUrl": "https://{yourOktaDomain}/welcome/XE6wE17zmphl3KqAPFxO"
}
}
Remove Application User Assignment
Removes an application assignment from a user, revoking access to the application. | key: removeApplicationUserAssignment
| Input | Notes | Example |
|---|---|---|
| Application ID | The unique identifier for the application. | 0oab1234XYZ5678 |
| Connection | ||
| Send Email | When true, sends a deactivation email to the admin. | false |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00u1dnq5S0CfjlkpABCD",
"status": "DELETED"
}
}
Remove User from Group
Remove a user from a group. | key: removeUserFromGroup
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
| User ID | The unique identifier for the user to be removed from the group. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"success": true,
"message": "User 123 removed from group 123"
}
}
Reset User Password
Reset a user's password by ID or login. | key: resetUserPassword
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Revoke Sessions | When true, revokes all of the user's active sessions. | false |
| Send Email | When true, sends a deactivation email to the admin. | true |
{
"data": {
"summary": "Reset password without sending email",
"resetPasswordUrl": "https://{yourOktaDomain}/reset_password/XE6wE17zmphl3KqAPFxO"
}
}
Set User Password
Set a user's password by ID or login. | key: setUserPassword
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| New Hash Password | The new password hash for the user. | |
| New Password | The new password for the user. | P@ssw0rd! |
| Old Hash Password | The old password hash for the user. | |
| Old Password | The old password for the user. | P@ssw0rd! |
| Revoke Sessions | When true, revokes all of the user's active sessions. | false |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"password": {},
"recovery_question": {
"question": "Who's a major player in the cowboy scene?"
},
"provider": {
"type": "OKTA",
"name": "OKTA"
}
}
}
Suspend User
Suspend a user by ID or login. | key: suspendUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "userId",
"status": "SUSPENDED"
}
}
Unenroll User Factor
Unenrolls a specific factor for the specified user. | key: unenrollUserFactor
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Factor ID | ID of an existing user factor. | opf1abcd2EFGHijkL3m4 |
| Remove Recovery Enrollment | When true, removes the phone number as both a recovery method and a factor. This parameter is only used for the sms and call factors. | false |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "opf1abcd2EFGHijkL3m4",
"status": "UNENROLLED"
}
}
Unlock User
Unlock a user by ID or login. | key: unlockUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Send Email | When true, sends a deactivation email to the admin. | false |
{
"data": {
"id": "userId",
"status": "ACTIVE"
}
}
Unsuspend User
Unsuspend a user by ID or login. | key: unsuspendUser
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
{
"data": {
"id": "userId",
"status": "ACTIVE"
}
}
Update Application User Assignment
Updates the app-specific profile and credentials for a user's application assignment. | key: updateApplicationUserAssignment
| Input | Notes | Example |
|---|---|---|
| Application ID | The unique identifier for the application. | 0oab1234XYZ5678 |
| Connection | ||
| Password | The user's password. | P@ssw0rd! |
| Profile | The app-specific profile for the user. Either the profile or password/username must be provided. | |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Username | The username of the user to whom the application will be assigned. | johndoe |
{
"data": {
"credentials": {
"userName": "rae.cloud@example.com",
"password": {
"value": "updatedP@55word"
}
}
}
}
Update Group
Updates profile information for an existing group. | key: updateGroup
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Group Description | A brief description of the group. | This group contains all members of the engineering team. |
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
| Group Name | The name of the group. | Engineering Team |
{
"data": {
"id": "00g1emaKYZTWRYYRRTSK",
"created": "2015-02-06T10:11:28.000Z",
"lastUpdated": "2015-10-05T19:16:43.000Z",
"lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
"objectClass": [
"okta:user_group"
],
"type": "OKTA_GROUP",
"profile": {
"name": "West Coast users",
"description": "All users West of The Rockies"
},
"_links": {
"logo": [
{
"name": "medium",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-medium.png",
"type": "image/png"
},
{
"name": "large",
"href": "https://{yourOktaDomain}/img/logos/groups/okta-large.png",
"type": "image/png"
}
],
"users": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
},
"apps": {
"href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"
}
}
}
}
Update User
Update a user by ID or login. | key: updateUser
| Input | Notes | Example |
|---|---|---|
| Answer | The user's recovery answer. | Blue |
| Connection | ||
| Department | The user's department. | Engineering |
The user's email address. | john.doe@example.com | |
| Employee Number | The user's employee number. | 12345 |
| First Name | The user's first name. | John |
| Hash Password | The user's password hash. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Last Name | The user's last name. | Doe |
| Locale | The user's default location for purposes of localizing items such as currency, date time format, numerical representations, and so on. A locale value is a concatenation of the ISO 639-1 two-letter language code, an underscore, and the ISO 3166-1 two-letter country code. | en_US |
| Login | The unique identifier for the user (username). | johndoe |
| Mobile Phone | The user's mobile phone number. | 15551234567 |
| Password | The user's password. If not provided, an activation email will be sent to the user. | P@ssw0rd! |
| Profile Extra Attributes | List of additional profile attributes to include in the request. This can be used to include attributes that are not explicitly supported by this component. See Okta's API documentation for a list of supported attributes. | |
| Question | The user's recovery question. | What is your favorite color? |
| Realm ID | The ID of the realm to which the user belongs. | 00g1abcd2EFGHijkL3m4 |
{
"data": {
"id": "00u118oQYT4TBGuay0g4",
"status": "ACTIVE",
"created": "2022-04-04T15:56:05.000Z",
"activated": null,
"statusChanged": null,
"lastLogin": "2022-05-04T19:50:52.000Z",
"lastUpdated": "2022-05-05T18:15:44.000Z",
"passwordChanged": "2022-04-04T16:00:22.000Z",
"type": {
"id": "oty1162QAr8hJjTaq0g4"
},
"profile": {
"firstName": "Alice",
"lastName": "Smith",
"mobilePhone": null,
"secondEmail": null,
"login": "alice.smith@example.com",
"email": "alice.smith@example.com"
},
"realmId": "guo1afiNtSnZYILxO0g4",
"credentials": {
"password": {},
"provider": {}
},
"_links": {
"self": {}
}
}
}
Verify Event Hook
Verify a specific event hook. | key: verifyEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | ||
| Event Hook ID | The ID of the event hook. | who8zne7Y5lQr9Yi80g4 |
{
"data": {
"id": "who8tsqyrhCdmetzx135",
"status": "ACTIVE",
"verificationStatus": "VERIFIED",
"name": "Event Hook Test",
"description": null,
"created": "2023-07-07T17:41:56.000Z",
"createdBy": "00u7xut94qEWYx5ss1e5",
"lastUpdated": "2023-07-07T17:43:03.000Z",
"events": {
"type": "EVENT_TYPE",
"items": [
"user.lifecycle.deactivate",
"user.lifecycle.activate"
],
"filter": null
},
"channel": {
"type": "HTTP",
"version": "1.0.0",
"config": {
"uri": "https://example_external_service/userDeactivate",
"headers": [],
"method": "POST",
"authScheme": {
"type": "HEADER",
"key": "authorization"
}
}
},
"_links": {
"self": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135"
},
"verify": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify",
"hints": {
"allow": [
"POST"
]
}
},
"deactivate": {
"href": "https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate",
"hints": {
"allow": [
"POST"
]
}
}
}
}
}
Changelog
2025-10-28
Added OAuth 2.0 Client Credentials connection type for enhanced authentication options
2025-10-15
Enhanced event hook options with improved user-friendly labels and added new event types including user impersonation, unsuspend, and admin app access events
2025-10-01
Initial release of Okta component with comprehensive integration capabilities