Okta Component
Manage users, groups, applications, and authentication policies in Okta.
Component key: okta-management-api · · Changelog ↓Description
Okta is an identity and access management platform that helps organizations manage user authentication, authorization, and security policies. This component allows managing users, groups, applications, and authentication policies through the Okta Management API.
API Documentation
This component was built using the Okta API Documentation
Connections
API Token
key: oktaApiTokenConnectionTo authenticate with Okta APIs using an API token, generate a token from the Okta Admin Console. API tokens provide programmatic access to Okta resources and are tied to a specific admin account's permissions.
For more information about API tokens, refer to the Okta documentation.
Prerequisites
- An Okta tenant with administrative access
- An admin account with appropriate permissions for the operations to be performed
Setup Steps
To generate an API token:
- Log into the Okta Admin Console (e.g.,
https://dev-12345.okta.com/admin) - Navigate to Security > API > Tokens
- Click Create Token
- Enter a descriptive name for the token (e.g., "Integration API Token")
- Click Create Token
- Copy the token value immediately — it will only be displayed once
API tokens should be stored securely and never shared or committed to version control. The token cannot be retrieved again after closing the dialog. If lost, a new token must be created.
Configure the Connection
- Enter the Okta Domain (e.g.,
dev-12345.okta.comororg-name.okta.com) - Enter the API Token that was generated
The Okta Domain should be entered without the https:// protocol. For example, use dev-12345.okta.com instead of https://dev-12345.okta.com. The domain format depends on the Okta cloud environment. Refer to the Okta API documentation for the correct domain format.
API tokens inherit the permissions of the admin account that created them. Ensure the admin account has the necessary permissions for the operations the integration will perform. For more granular control and service-to-service authentication, consider using OAuth 2.0 Client Credentials instead.
| Input | Notes | Example |
|---|---|---|
| API Token | API Token generated in your Okta Admin Console. Learn more. | |
| Okta Domain | The base URL for the Okta API. Depending on your cloud environment, you can choose the correct one here. | your-org.okta.com |
OAuth 2.0 Client Credentials
key: oktaClientCredentialsOrgTo access Okta's own APIs (Users, Groups, Applications, etc.) to manage an Okta tenant, OAuth 2.0 Client Credentials with private_key_jwt authentication is required. This is the recommended authentication method for server-to-server integrations managing Okta resources programmatically.
For more information about OAuth for Okta service apps, refer to the Okta documentation.
Prerequisites
- An Okta tenant with administrative access
- Administrative permissions to create OAuth 2.0 service applications
Setup Steps
- Log into the Okta Admin Console (e.g.,
https://dev-12345.okta.com/admin) - Navigate to Applications > Applications > Create App Integration
- Select API Services as the application type and click Next
- Configure the application:
- App integration name: Enter a descriptive name (e.g., "Okta Management Integration")
- Click Save
- After creating the application, navigate to the General tab and copy the Client ID
- Generate a public/private key pair for JWT signing:
- Use OpenSSL or another tool to generate an RSA key pair:
openssl genrsa -out private.pem 2048openssl rsa -in private.pem -pubout -out public.pem
- Use OpenSSL or another tool to generate an RSA key pair:
- Register the public key with the Okta service app:
- In the application settings, scroll to the Public Keys section under Client Credentials
- Click Add Key
- Paste the contents of the public key (
public.pem) and click Save
- Grant required OAuth 2.0 scopes to the application:
- Navigate to the Okta API Scopes tab
- Click Grant for each required scope (e.g.,
okta.users.read,okta.groups.read,okta.apps.read) - Refer to Okta's scope documentation for available scopes
- Assign admin roles to the service app (if needed for specific operations):
- Navigate to Security > Administrators
- Click Add Administrator
- Search for the service app by name
- Assign appropriate admin roles based on required permissions
Configure the Connection
- Enter the Okta Domain (e.g.,
dev-12345.okta.comororg-name.okta.com) - Enter the Client ID from the service application
- Paste the Private Key in PEM format (the entire contents of
private.pem, including the-----BEGIN PRIVATE KEY-----and-----END PRIVATE KEY-----lines) - Enter the Scopes as a space-separated list (e.g.,
okta.users.read okta.groups.read okta.apps.read)
The Okta Domain should be entered without the https:// protocol. For example, use dev-12345.okta.com instead of https://dev-12345.okta.com. The domain format depends on the Okta cloud environment. Refer to the Okta API documentation for the correct domain format.
The OAuth 2.0 scopes granted to the service app determine which Okta APIs can be accessed. Additionally, some operations require the service app to be assigned specific admin roles. Review the Okta scopes documentation and admin role documentation to determine appropriate scopes and roles for the integration requirements.
| Input | Notes | Example |
|---|---|---|
| Client ID | Client Id of your Okta service application. The application must have the appropriate OAuth 2.0 scopes granted and admin roles assigned. Learn more | 0oa1234567abcdefg890 |
| Okta Domain | The base URL for the Okta API. Depending on your cloud environment, you can choose the correct one here. | your-org.okta.com |
| Private Key (PEM format) | The private key in PEM format used to sign the JWT assertion. Generate a key pair and register the public key with your Okta service app. Learn more | |
| Scopes | Space-separated list of Okta API permission scopes. Common scopes include okta.users.read, okta.users.manage, okta.groups.read, okta.groups.manage, okta.apps.read, etc. Learn more |
OAuth 2.0
key: oktaOAuth2AuthorizationCodeTo connect to Okta using OAuth 2.0 Authorization Code flow, create an OpenID Connect (OIDC) web application in the Okta Admin Console. This authentication method allows end users to authorize the integration to access Okta APIs on their behalf.
For more information about OAuth 2.0 Authorization Code, refer to the Okta documentation.
Prerequisites
- An Okta tenant with administrative access
- Administrative permissions to create OAuth applications
Setup Steps
- Log into the Okta Admin Console (e.g.,
https://dev-12345.okta.com/admin) - Navigate to Applications > Applications > Create App Integration
- Select OIDC - OpenID Connect as the sign-in method
- Select Web Application as the application type and click Next
- Configure the application settings:
- App integration name: Enter a descriptive name (e.g., "Okta Integration")
- Grant type: Ensure Authorization Code is selected
- Sign-in redirect URIs: Add the OAuth callback URL:
https://oauth2.prismatic.io/callback - Controlled access: Configure based on requirements (e.g., allow all users or specific groups)
- Click Save to create the application
- Navigate to the Okta API Scopes tab
- Grant the required API scopes by clicking Grant for each needed scope
- Refer to Okta's scope documentation for available scopes
- Navigate back to the General tab
- Copy the Client ID and Client secret values
The client secret may be hidden by default. Click Show to reveal and copy it. Store the secret securely as it provides access to the OAuth application.
Configure the Connection
- Enter the Okta Domain (e.g.,
dev-12345.okta.comororg-name.okta.com) - Enter the Client ID from the OAuth application
- Enter the Client Secret from the OAuth application
- Optionally, specify Scopes if custom scopes are required (note that API scopes are typically set on the OAuth application itself)
The Okta Domain should be entered without the https:// protocol. For example, use dev-12345.okta.com instead of https://dev-12345.okta.com. The domain format depends on the Okta cloud environment. Refer to the Okta API documentation for the correct domain format.
For OAuth 2.0 Authorization Code applications, API scopes are typically configured directly in the Okta OAuth application under the Okta API Scopes tab. The scopes determine which Okta APIs can be accessed by the integration. Ensure appropriate scopes are granted based on the integration requirements.
| Input | Notes | Example |
|---|---|---|
| Authorize URL | The OAuth 2.0 Authorization URL for Okta's API. | https://{{#oktaDomainUrl}}/oauth2/v1/authorize |
| Client ID | Client Id of your Okta's application. Learn more | 11111111-2222-3333-4444-555555555555 |
| Client secret value | Client Secret generated in your Okta's application. Learn more. | 11111111-2222-3333-4444-555555555555 |
| Okta Domain | The base URL for the Okta API. Depending on your cloud environment, you can choose the correct one here. | your-org.okta.com |
| Scopes | Okta API permission scopes are set on the OAuth application. | |
| Token URL | The OAuth 2.0 Token URL for Okta's API. | https://{{#oktaDomainUrl}}/oauth2/v1/token |
Triggers
Event Hook
Receive event hooks from Okta when a specified event occurs. | key: eventHook
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Event Hook Filters | The optional filter defined on a specific event type. | |
| Event Hook Items | The list of event types to subscribe to. | |
| Dynamic Event Hook Items | The list of event types to subscribe to in code format. | |
| Event Hook URL Headers | Optional headers to include in the webhook request. | { "X-Custom-Header": "value" } |
Configure an Okta Event Hook to send real time notifications to a flow's webhook URL when specific events occur in the Okta organization (user created, user deactivated, application assigned, etc.).
How it Works
This trigger responds to Okta event hook requests with the verification response that Okta expects during the initial setup and processes incoming event notifications.
Event Types
Okta supports numerous event types including:
- User lifecycle events (user.lifecycle.create, user.lifecycle.activate, user.lifecycle.deactivate)
- Authentication events (user.authentication.auth_via_mfa, user.authentication.auth_via_password)
- Application events (application.user_membership.add, application.user_membership.remove)
- Group membership events (group.user_membership.add, group.user_membership.remove)
New System Logs
Fetches system logs created on a recurring schedule. | key: newSystemLogsPollingTrigger
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators click here. | lastUpdated gt "2013-06-01T00:00:00.000Z" |
New Users
Fetches users created on a recurring schedule. | key: newUsersPollingTrigger
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. |
Updated Users
Fetches users updated on a recurring schedule. | key: updatedUsersPollingTrigger
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. |
Data Sources
Select Application
A picklist of Applications in your Okta Org. | key: selectApplication | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. |
Example Payload for Select Application⤓
Select Event Hook
A picklist of Event Hooks in your Okta Org. | key: selectEventHook | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. |
Example Payload for Select Event Hook⤓
Select Group
A picklist of groups in your Okta Org. | key: selectGroup | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. |
Example Payload for Select Group⤓
Select Realm
A picklist of Realms in your Okta Org. | key: selectRealm | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. |
Example Payload for Select Realm⤓
Select User
A picklist of users in your Okta Org. | key: selectUser | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. |
Example Payload for Select User⤓
Select User Factor
A picklist of a user's factors in your Okta Org. | key: selectUserFactor | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for Select User Factor⤓
Select User Type
A picklist of User Types in your Okta Org. | key: selectUserType | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. |
Example Payload for Select User Type⤓
Actions
Activate Event Hook
Activate a specific event hook. | key: activateEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Event Hook ID | The ID of the event hook. | who8zne7Y5lQr9Yi80g4 |
Example Payload for Activate Event Hook⤓
Activate User
Activate a user by ID or login. | key: activateUser
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Send Email | When true, sends a deactivation email to the admin. | false |
Example Payload for Activate User⤓
Add User to Group
Add a user to a group. | key: addUserToGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for Add User to Group⤓
Assign Application to User
Assigns an application to a user with app-specific profile and credentials. | key: assignApplicationToUser
| Input | Notes | Example |
|---|---|---|
| Application ID | The unique identifier for the application. | 0oab1234XYZ5678 |
| Connection | The Okta connection to use. | |
| Password | The user's password. | P@ssw0rd! |
| Profile | The app-specific profile for the user. | |
| Scope | Specifies the scope of the application. | |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Username | The username of the user to whom the application will be assigned. | johndoe |
Example Payload for Assign Application to User⤓
Clear User Sessions
Clears all active sessions for a user, forcing re-authentication on next access. | key: clearUserSessions
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Forget Devices | Clears the user's remembered factors for all devices. | false |
| OAuth Tokens | Revokes issued OpenID Connect and OAuth refresh and access tokens. | false |
| User ID | ID of an existing Okta user. | 00ub0oNGTSWTBKOLGLNR |
Example Payload for Clear User Sessions⤓
Create Event Hook
Create a new event hook. | key: createEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Do Not Activate on Create | When true, the event hook will not be activated and a verification request will not be sent. | false |
| Event Hook Description | The description of the event hook. | This is my event hook. |
| Event Hook Filters | The optional filter defined on a specific event type. | |
| Event Hook Items | The list of event types to subscribe to. | |
| Dynamic Event Hook Items | The list of event types to subscribe to in code format. | |
| Event Hook Name | The name of the event hook. | My Event Hook |
| Event Hook URL | The URL of the event hook. | https://example.com/webhook |
| Event Hook URL Headers | Optional headers to include in the webhook request. | { "X-Custom-Header": "value" } |
Example Payload for Create Event Hook⤓
Create Group
Create a group in Okta. | key: createGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Group Description | A brief description of the group. | This group contains all members of the engineering team. |
| Group Name | The name of the group. | Engineering Team |
Example Payload for Create Group⤓
Create User
Create a new user. | key: createUser
| Input | Notes | Example |
|---|---|---|
| Activate | When true, executes an activation lifecycle operation when creating the user. | true |
| Answer | The user's recovery answer. | Blue |
| Connection | The Okta connection to use. | |
| Department | The user's department. | Engineering |
The user's email address. | john.doe@example.com | |
| Employee Number | The user's employee number. | 12345 |
| First Name | The user's first name. | John |
| Group IDs | List of group IDs to assign the user to. | |
| Hash Password | The user's password hash. | |
| Last Name | The user's last name. | Doe |
| Locale | The user's default location for purposes of localizing items such as currency, date time format, numerical representations, and so on. A locale value is a concatenation of the ISO 639-1 two-letter language code, an underscore, and the ISO 3166-1 two-letter country code. | en_US |
| Login | The unique identifier for the user (username). | johndoe |
| Mobile Phone | The user's mobile phone number. | 15551234567 |
| Next Login | With activate=true, if nextLogin=changePassword, a user is created, activated, and the password is set to EXPIRED. The user must change it the next time they sign in. | changePassword |
| Password | The user's password. If not provided, an activation email will be sent to the user. | P@ssw0rd! |
| Profile Extra Attributes | List of additional profile attributes to include in the request. This can be used to include attributes that are not explicitly supported by this component. See Okta's API documentation for a list of supported attributes. | |
| Provider | Indicates whether to create a user with a specified authentication provider. | false |
| Provider Name | The name of the provider for the user. | OKTA |
| Provider Type | The type of the provider for the user. | |
| Question | The user's recovery question. | What is your favorite color? |
| Realm ID | The ID of the realm to which the user belongs. | 00g1abcd2EFGHijkL3m4 |
| Type | The type of the user. | Employee |
Example Payload for Create User⤓
Deactivate Event Hook
Deactivate a specific event hook. | key: deactivateEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Event Hook ID | The ID of the event hook. | who8zne7Y5lQr9Yi80g4 |
Example Payload for Deactivate Event Hook⤓
Deactivate User
Deactivate a user by ID or login. | key: deactivateUser
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Send Email | When true, sends a deactivation email to the admin. | false |
Example Payload for Deactivate User⤓
Delete All Event Hooks
Delete an event hook by ID. | key: deleteAllEventHooks
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Event Hook URL | If provided, only event hooks with this URL will be deleted. If not provided, all event hooks will be deleted. | https://example.com/webhook |
Example Payload for Delete All Event Hooks⤓
Delete Event Hook
Delete an event hook by ID. | key: deleteEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Event Hook ID | The ID of the event hook. | who8zne7Y5lQr9Yi80g4 |
Example Payload for Delete Event Hook⤓
Delete Group
Delete a group by ID. | key: deleteGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
Example Payload for Delete Group⤓
Delete User
Delete a user by ID or login. | key: deleteUser
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Send Email | When true, sends a deactivation email to the admin. | false |
Example Payload for Delete User⤓
Get Application
Retrieve an application by ID. | key: getApplication
| Input | Notes | Example |
|---|---|---|
| Application ID | The unique identifier for the application. | 0oab1234XYZ5678 |
| Connection | The Okta connection to use. | |
| Expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
Example Payload for Get Application⤓
Get Application User Assignment
Retrieves a specific user assignment for a specific app. | key: getApplicationUserAssignment
| Input | Notes | Example |
|---|---|---|
| Application ID | The unique identifier for the application. | 0oab1234XYZ5678 |
| Connection | The Okta connection to use. | |
| Expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for Get Application User Assignment⤓
Get Event Hook
Get an event hook by ID. | key: getEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Event Hook ID | The ID of the event hook. | who8zne7Y5lQr9Yi80g4 |
Example Payload for Get Event Hook⤓
Get Group
Retrieve a group by ID. | key: getGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
Example Payload for Get Group⤓
Get System Logs
Retrieves system log events for security monitoring and compliance auditing. Max 10000 records can be fetched at once. | key: getSystemLogs
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | The Okta connection to use. | |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators click here. | lastUpdated gt "2013-06-01T00:00:00.000Z" |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta |
| Since | Filters the lower time bound of the log events published property for bounded queries or persistence time for polling queries. | 7 days prior to until |
| Sort Order | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. | |
| Until | Filters the upper time bound of the log events published property for bounded queries or persistence time for polling queries. | current time |
Example Payload for Get System Logs⤓
Get User
Retrieve a user by ID or login. | key: getUser
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for Get User⤓
List Applications
List applications with optional search and filtering. | key: listApplications
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | The Okta connection to use. | |
| Expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators click here. | lastUpdated gt "2013-06-01T00:00:00.000Z" |
| Include Non-Deleted | When true, both deleted and non-deleted applications are returned. | false |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta |
| Use Optimization | When true, the response will be optimized for faster retrieval. This may exclude some properties from the response. | false |
Example Payload for List Applications⤓
List Event Hooks
List all event hooks. | key: listEventHooks
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. |
Example Payload for List Event Hooks⤓
List Group Members
Retrieves all users who are members of the specified group. | key: listGroupMembers
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | The Okta connection to use. | |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
Example Payload for List Group Members⤓
List Groups
List groups with optional search and filtering. | key: listGroups
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | The Okta connection to use. | |
| Extra Parameters | List of additional parameters to include in the request. This can be used to include parameters that are not explicitly supported by this component. See Okta's API documentation for a list of supported parameters. | {"after": "abc123"} |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators click here. | lastUpdated gt "2013-06-01T00:00:00.000Z" |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta |
| Search | A search string to filter results. See Okta's documentation for supported search fields and operators click here. | profile.firstName eq "John" |
| Sort By | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName |
| Sort Order | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. |
Example Payload for List Groups⤓
List Policies
List policies with optional search and filtering. | key: listPolicies
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | The Okta connection to use. | |
| Expand | Indicates whether to expand the credentials for the user. By default, credentials are not returned in the response. | blocks |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta |
| Resource ID | Reference to the associated authorization server. | 00g1abcd2EFGH3IJK4l5 |
| Sort By | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName |
| Status | Specifies the status of the policies to return. | |
| Type | Specifies the type of policy to return. The following policy types are available only with the Okta Identity Engine. |
Example Payload for List Policies⤓
List Realms
Lists all realms in your org. | key: listRealms
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | The Okta connection to use. | |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| Search | A search string to filter results. See Okta's documentation for supported search fields and operators click here. | profile.firstName eq "John" |
| Sort By | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName |
| Sort Order | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. |
Example Payload for List Realms⤓
List User Applications
List applications for a specific user. | key: listUserApplications
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for List User Applications⤓
List User Factors
Lists all enrolled factors for the specified user that are included in the highest priority authenticator enrollment policy that applies to the user. | key: listUserFactors
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for List User Factors⤓
List User Groups
List groups for a specific user. | key: listUserGroups
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for List User Groups⤓
List User Types
Lists all user types in your org. | key: listUserTypes
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. |
Example Payload for List User Types⤓
List Users
List users with optional search and filtering. | key: listUsers
| Input | Notes | Example |
|---|---|---|
| After | The cursor for the next page of results. This value is obtained from the | abc123 |
| Connection | The Okta connection to use. | |
| Extra Parameters | List of additional parameters to include in the request. This can be used to include parameters that are not explicitly supported by this component. See Okta's API documentation for a list of supported parameters. | {"after": "abc123"} |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Filter | A filter string to narrow down results. See Okta's documentation for supported filter fields and operators click here. | lastUpdated gt "2013-06-01T00:00:00.000Z" |
| Limit | Specifies the number of results returned. Defaults to 200. | 100 |
| q | Searches for apps with name or label properties that starts with the q value using the startsWith operation. | Okta |
| Search | A search string to filter results. See Okta's documentation for supported search fields and operators click here. | profile.firstName eq "John" |
| Sort By | Specifies field to sort by (for search queries only). This can be any single property, for example sortBy=profile.lastName. Users with the same value for the sortBy property will be ordered by id. | profile.lastName |
| Sort Order | Specifies the sort order: asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. sortOrder is ignored if sortBy isn't present. |
Example Payload for List Users⤓
Raw Request
Send raw HTTP request to Okta. | key: rawRequest
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Data | The HTTP body payload to send to the URL. | {"exampleKey": "Example Data"} |
| File Data | File Data to be sent as a multipart form upload. | [{key: "example.txt", value: "My File Contents"}] |
| File Data File Names | File names to apply to the file data inputs. Keys must match the file data keys above. | |
| Form Data | The Form Data to be sent as a multipart form upload. | [{"key": "Example Key", "value": new Buffer("Hello World")}] |
| Header | A list of headers to send with the request. | User-Agent: curl/7.64.1 |
| Max Retry Count | The maximum number of retries to attempt. Specify 0 for no retries. | 0 |
| Method | The HTTP method to use. | |
| Query Parameter | A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2. | |
| Response Type | The type of data you expect in the response. You can request json, text, or binary data. | json |
| Retry On All Errors | If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors. | false |
| Retry Delay (ms) | The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled. | 0 |
| Timeout | The maximum time that a client will await a response to its request | 2000 |
| URL | Input the path only (/users), The base URL is already included (https://{yourOktaDomain}.com/api/v1). For example, to connect to https://{yourOktaDomain}.com/api/v1/users, only /users is entered in this field. | /users |
| Use Exponential Backoff | Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored. | false |
Reactivate User
Reactivate a user by ID or login. | key: reactivateUser
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Send Email | When true, sends a deactivation email to the admin. | false |
Example Payload for Reactivate User⤓
Remove Application User Assignment
Removes an application assignment from a user, revoking access to the application. | key: removeApplicationUserAssignment
| Input | Notes | Example |
|---|---|---|
| Application ID | The unique identifier for the application. | 0oab1234XYZ5678 |
| Connection | The Okta connection to use. | |
| Send Email | When true, sends a deactivation email to the admin. | false |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for Remove Application User Assignment⤓
Remove User from Group
Remove a user from a group. | key: removeUserFromGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
| User ID | The unique identifier for the user to be removed from the group. | 00u1abcd2EFGHijkL3m4 |
Example Payload for Remove User from Group⤓
Reset User Password
Reset a user's password by ID or login. | key: resetUserPassword
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Revoke Sessions | When true, revokes all of the user's active sessions. | false |
| Send Email | When true, sends a deactivation email to the admin. | true |
Example Payload for Reset User Password⤓
Set User Password
Set a user's password by ID or login. | key: setUserPassword
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| New Hash Password | The new password hash for the user. | |
| New Password | The new password for the user. | P@ssw0rd! |
| Old Hash Password | The old password hash for the user. | |
| Old Password | The old password for the user. | P@ssw0rd! |
| Revoke Sessions | When true, revokes all of the user's active sessions. | false |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for Set User Password⤓
Suspend User
Suspend a user by ID or login. | key: suspendUser
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for Suspend User⤓
Unenroll User Factor
Unenrolls a specific factor for the specified user. | key: unenrollUserFactor
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Factor ID | ID of an existing user factor. | opf1abcd2EFGHijkL3m4 |
| Remove Recovery Enrollment | When true, removes the phone number as both a recovery method and a factor. This parameter is only used for the sms and call factors. | false |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for Unenroll User Factor⤓
Unlock User
Unlock a user by ID or login. | key: unlockUser
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Send Email | When true, sends a deactivation email to the admin. | false |
Example Payload for Unlock User⤓
Unsuspend User
Unsuspend a user by ID or login. | key: unsuspendUser
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
Example Payload for Unsuspend User⤓
Update Application User Assignment
Updates the app-specific profile and credentials for a user's application assignment. | key: updateApplicationUserAssignment
| Input | Notes | Example |
|---|---|---|
| Application ID | The unique identifier for the application. | 0oab1234XYZ5678 |
| Connection | The Okta connection to use. | |
| Password | The user's password. | P@ssw0rd! |
| Profile | The app-specific profile for the user. Either the profile or password/username must be provided. | |
| User ID | ID of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Username | The username of the user to whom the application will be assigned. | johndoe |
Example Payload for Update Application User Assignment⤓
Update Group
Updates profile information for an existing group. | key: updateGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Group Description | A brief description of the group. | This group contains all members of the engineering team. |
| Group ID | The unique identifier for the group. | 00g1abcd2EFGHijkL3m4 |
| Group Name | The name of the group. | Engineering Team |
Example Payload for Update Group⤓
Update User
Update a user by ID or login. | key: updateUser
| Input | Notes | Example |
|---|---|---|
| Answer | The user's recovery answer. | Blue |
| Connection | The Okta connection to use. | |
| Department | The user's department. | Engineering |
The user's email address. | john.doe@example.com | |
| Employee Number | The user's employee number. | 12345 |
| First Name | The user's first name. | John |
| Hash Password | The user's password hash. | |
| ID | An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user. | 00u1abcd2EFGHijkL3m4 |
| Last Name | The user's last name. | Doe |
| Locale | The user's default location for purposes of localizing items such as currency, date time format, numerical representations, and so on. A locale value is a concatenation of the ISO 639-1 two-letter language code, an underscore, and the ISO 3166-1 two-letter country code. | en_US |
| Login | The unique identifier for the user (username). | johndoe |
| Mobile Phone | The user's mobile phone number. | 15551234567 |
| Password | The user's password. If not provided, an activation email will be sent to the user. | P@ssw0rd! |
| Profile Extra Attributes | List of additional profile attributes to include in the request. This can be used to include attributes that are not explicitly supported by this component. See Okta's API documentation for a list of supported attributes. | |
| Question | The user's recovery question. | What is your favorite color? |
| Realm ID | The ID of the realm to which the user belongs. | 00g1abcd2EFGHijkL3m4 |
Example Payload for Update User⤓
Verify Event Hook
Verify a specific event hook. | key: verifyEventHook
| Input | Notes | Example |
|---|---|---|
| Connection | The Okta connection to use. | |
| Event Hook ID | The ID of the event hook. | who8zne7Y5lQr9Yi80g4 |
Example Payload for Verify Event Hook⤓
Changelog
2026-04-30
Updated spectral version
2025-10-28
Added OAuth 2.0 Client Credentials connection type for enhanced authentication options
2025-10-15
Enhanced event hook options with improved user-friendly labels and added new event types including user impersonation, unsuspend, and admin app access events
2025-10-01
Initial release of Okta component with comprehensive integration capabilities