Operations (sample payloads)
Main operations
Activate enrollment factor
Activates a specific enrollment factor with a passcode. Sample Input
\{
"user_id": "00u1a2b3c4d5e6f7g8",
"factor_id": "sms1a2b3c4d5e6f7g8h9",
"pass_code": "123456"
\}
Sample Output
{
"id": "sms1a2b3c4d5e6f7g8h9",
"factorType": "sms",
"provider": "OKTA",
"vendorName": "OKTA",
"status": "ACTIVE",
"created": "2023-05-15T14:30:00.000Z",
"lastUpdated": "2023-05-15T14:32:00.000Z",
"profile": {
"phoneNumber": "+1-555-123-4567"
},
"_links": {
"resend": [
{
"name": "sms",
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/factors/sms1a2b3c4d5e6f7g8h9/resend",
"hints": {
"allow": [
"POST"
]
}
}
],
"activate": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/factors/sms1a2b3c4d5e6f7g8h9/lifecycle/activate",
"hints": {
"allow": [
"POST"
]
}
},
"self": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/factors/sms1a2b3c4d5e6f7g8h9",
"hints": \{
"allow": [
"GET",
"DELETE"
]
\}
},
"user": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8",
"hints": {
"allow": [
"GET"
]
}
}
}
}
Activate user
Activates a user. This operation can only be performed on users with a STAGED status. Activation of a user is an asynchronous operation. Sample Input Sample Output
Add user to group
Adds a user to a group with OKTA_GROUP type. Sample Input Sample Output
{
"link": "https://your-domain.okta.com/api/v1/groups/00g1emaKYZTWRYYRLBPL/users/00u1emqFWWRYYRLBPL",
"results": [
{
"id": "00u1emqFWWRYYRLBPL",
"status": "ACTIVE",
"created": "2023-05-15T14:30:22.000Z",
"activated": "2023-05-15T14:30:22.000Z",
"statusChanged": "2023-05-15T14:30:22.000Z",
"lastLogin": "2023-05-16T09:45:13.000Z",
"lastUpdated": "2023-05-16T10:15:30.000Z",
"passwordChanged": "2023-05-15T14:30:22.000Z",
"type": {
"id": "oty1emrKYZTWRYYRLBPL"
},
"profile": \{
"firstName": "John",
"lastName": "Doe",
"mobilePhone": "+1-555-1234567",
"secondEmail": "john.doe.backup@example.com",
"login": "john.doe@example.com",
"email": "john.doe@example.com"
\},
"credentials": {
"password": {},
"emails": [
\{
"value": "john.doe@example.com",
"status": "VERIFIED",
"type": "PRIMARY"
\}
],
"provider": \{
"type": "OKTA",
"name": "OKTA"
\}
},
"_links": {
"self": {
"href": "https://your-domain.okta.com/api/v1/users/00u1emqFWWRYYRLBPL"
}
}
}
],
"next": "https://your-domain.okta.com/api/v1/groups/00g1emaKYZTWRYYRLBPL/users?after=00u1emqFWWRYYRLBPL"
}
Create group
Creates a new group with OKTA_GROUP type in your organisation. Sample Input Sample Output
Create user
Creates a new user in your Okta organisation with or without credentials. Sample Input
{
"activate": true,
"force_password_change": true,
"profile": \{
"login": "john.doe@example.com",
"email": "john.doe@example.com",
"first_name": "John",
"last_name": "Doe",
"middle_name": "Michael",
"user_title": "Mr.",
"display_name": "John M. Doe",
"nick_name": "Johnny",
"primary_phone": "+1-555-123-4567",
"mobile_phone": "+1-555-987-6543",
"street_address": "123 Main St",
"city": "Anytown",
"state": "CA",
"zip_code": "12345",
"country_code": "US",
"preferred_language": "en-US",
"timezone": "America/Los_Angeles",
"user_type": "Employee",
"employee_number": "E12345",
"division": "Sales",
"manager": "Jane Smith"
\},
"profile_custom_fields": [
\{
"key": "department",
"value": "Marketing"
\},
\{
"key": "start_date",
"value": "2023-06-01"
\}
],
"credentials": {
"password": {
"value": "SecureP@ssw0rd!"
},
"recovery_question": \{
"question": "What was the name of your first pet?",
"answer": "Fluffy"
\}
},
"group_ids": [
"00g1ab2c3d4EXAMPLE"
]
}
Sample Output
Deactivate user
Deactivates a user. This operation can only be performed on users that do not have a DEPROVISIONED status. Deactivation of a user is an asynchronous operation. Sample Input Sample Output
Delete user
Deletes a user permanently. This operation can only be performed on users that have a DEPROVISIONED status. Using this operation on a user that hasn’t been deactivated causes that user to be deactivated. A second delete operation is required to delete the user. Sample Input Sample Output
Enroll Okta call factor
Enrolls a user with the Okta call factor and a call profile. A voice call with an OTP is made to the device during enrollment and must be activated. Sample Input Sample Output
Enroll Okta email factor
Enrolls a user with an email factor. An email with an OTP is sent to the primary or secondary (depending on which one is enrolled) email address of the user during enrollment. Sample Input Sample Output
Enroll Okta security question factor
Enrolls a user with the question factor and question profile. Sample Input
\{
"user_id": "00u1a2b3c4d5e6f7g8",
"question": "What is the name of your first pet?",
"answer": "Fluffy"
\}
Sample Output
Enroll Okta SMS factor
Enrolls a user with the Okta SMS factor and an SMS profile. A text message with an OTP is sent to the device during enrollment and must be activated by following the activate link relation to complete the enrollment process. Sample Input
\{
"user_id": "00u1a2b3c4d5e6f7g",
"phone_number": "+15551234567",
"update_number": true
\}
Sample Output
{
"id": "sms1a2b3c4d5e6f7g8h",
"factorType": "sms",
"provider": "OKTA",
"vendorName": "OKTA",
"status": "PENDING_ACTIVATION",
"created": "2023-05-15T14:30:00.000Z",
"lastUpdated": "2023-05-15T14:30:00.000Z",
"profile": {
"phoneNumber": "+15551234567"
},
"_links": {
"resend": [
{
"name": "sms",
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g/factors/sms1a2b3c4d5e6f7g8h/resend",
"hints": {
"allow": [
"POST"
]
}
}
],
"activate": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g/factors/sms1a2b3c4d5e6f7g8h/lifecycle/activate",
"hints": {
"allow": [
"POST"
]
}
},
"self": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g/factors/sms1a2b3c4d5e6f7g8h",
"hints": \{
"allow": [
"GET",
"DELETE"
]
\}
},
"user": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g",
"hints": {
"allow": [
"GET"
]
}
}
}
}
Enroll Okta verify TOTP factor
Enrolls a user with an Okta token:software:totp factor. The factor must be activated after enrollment by following the activate link to complete the enrollment process. Sample Input Sample Output
{
"id": "ftk1a2b3c4d5e6f7g8",
"factorType": "token:software:totp",
"provider": "GOOGLE",
"vendorName": "GOOGLE",
"status": "PENDING_ACTIVATION",
"created": "2023-05-15T14:30:00.000Z",
"lastUpdated": "2023-05-15T14:30:00.000Z",
"profile": {
"credentialId": "john.doe@example.com"
},
"_links": {
"activate": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/factors/ftk1a2b3c4d5e6f7g8/lifecycle/activate",
"hints": {
"allow": [
"POST"
]
}
},
"self": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/factors/ftk1a2b3c4d5e6f7g8",
"hints": \{
"allow": [
"GET",
"DELETE"
]
\}
},
"user": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8",
"hints": {
"allow": [
"GET"
]
}
}
},
"_embedded": {
"activation": {
"timeStep": 30,
"sharedSecret": "JBSWY3DPEHPK3PXP",
"encoding": "base32",
"keyLength": 6,
"factorResult": "WAITING",
"_links": {
"qrcode": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/factors/ftk1a2b3c4d5e6f7g8/qr/00Qw1x2y3z4A5B6C7",
"type": "image/png"
\}
}
}
}
}
Get factor
Retrieves a factor for the specified user. Sample Input
\{
"user_id": "00u1a2b3c4d5e6f7g",
"factor_id": "mbl1a2b3c4d5e6f7g"
\}
Sample Output
{
"id": "mbl1a2b3c4d5e6f7g",
"factorType": "sms",
"provider": "OKTA",
"vendorName": "OKTA",
"status": "ACTIVE",
"created": "2023-05-15T14:30:00.000Z",
"lastUpdated": "2023-05-15T14:30:00.000Z",
"profile": \{
"phoneNumber": "+1-555-123-4567",
"phoneExtension": null
\},
"_links": {
"resend": [
{
"name": "sms",
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g/factors/mbl1a2b3c4d5e6f7g/resend",
"hints": {
"allow": [
"POST"
]
}
}
],
"activate": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g/factors/mbl1a2b3c4d5e6f7g/lifecycle/activate",
"hints": {
"allow": [
"POST"
]
}
},
"self": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g/factors/mbl1a2b3c4d5e6f7g",
"hints": \{
"allow": [
"GET",
"DELETE"
]
\}
},
"user": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g",
"hints": {
"allow": [
"GET"
]
}
}
}
}
Get group
Retrieves a specific group from your organisation. Sample Input Sample Output
Get user
Retrieves a user by id, login, or login shortname (if the shortname is unambiguous). Sample Input Sample Output
Get user profile custom field
Retrieves a single user profile custom fields. Sample Input Sample Output
{
"key": {
"title": "Employee ID",
"type": "string",
"mutability": "READ_WRITE",
"scope": "NONE",
"minLength": 1,
"maxLength": 10,
"permissions": [
\{
"principal": "SELF",
"action": "READ_ONLY"
\},
\{
"principal": "ADMIN",
"action": "READ_WRITE"
\}
],
"master": {
"type": "PROFILE_MASTER"
}
}
}
Get user schema
Retrieves the schema for a type of user schema. Sample Input
{
"type_id": "default"
}
Sample Output
{
"id": "https://example.okta.com/meta/schemas/user/default",
"$schema": "http://json-schema.org/draft-04/schema#",
"name": "user",
"title": "User",
"description": "Okta user profile schema",
"lastUpdated": "2023-06-15T10:30:00.000Z",
"created": "2023-01-01T00:00:00.000Z",
"definitions": {
"custom": {
"id": "#custom",
"type": "object",
"properties": {
"variable1": {
"title": "Custom Variable 1",
"type": "string",
"mutability": "READ_WRITE",
"scope": "NONE",
"minLength": 1,
"maxLength": 100,
"permissions": [
\{
"principal": "SELF",
"action": "READ_WRITE"
\}
],
"master": {
"type": "PROFILE_MASTER"
}
},
"variable2": {
"title": "Custom Variable 2",
"type": "string",
"mutability": "READ_WRITE",
"scope": "NONE",
"minLength": 1,
"maxLength": 50,
"permissions": [
\{
"principal": "SELF",
"action": "READ_ONLY"
\}
],
"master": {
"type": "OKTA"
}
}
},
"required": []
},
"base": {
"id": "#base",
"type": "object",
"properties": {
"login": {
"title": "Username",
"type": "string",
"required": true,
"mutability": "READ_WRITE",
"scope": "NONE",
"minLength": 5,
"maxLength": 100,
"pattern": "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]\{2,\}$",
"permissions": [
\{
"principal": "SELF",
"action": "READ_ONLY"
\}
],
"master": {
"type": "OKTA"
}
},
"email": {
"title": "Primary email",
"type": "string",
"required": true,
"format": "email",
"mutability": "READ_WRITE",
"scope": "NONE",
"permissions": [
\{
"principal": "SELF",
"action": "READ_WRITE"
\}
],
"master": {
"type": "PROFILE_MASTER"
}
},
"firstName": {
"title": "First name",
"type": "string",
"required": true,
"mutability": "READ_WRITE",
"scope": "NONE",
"minLength": 1,
"maxLength": 50,
"permissions": [
\{
"principal": "SELF",
"action": "READ_WRITE"
\}
],
"master": {
"type": "PROFILE_MASTER"
}
},
"lastName": {
"title": "Last name",
"type": "string",
"required": true,
"mutability": "READ_WRITE",
"scope": "NONE",
"minLength": 1,
"maxLength": 50,
"permissions": [
\{
"principal": "SELF",
"action": "READ_WRITE"
\}
],
"master": {
"type": "PROFILE_MASTER"
}
}
},
"required": [
"login",
"email",
"firstName",
"lastName"
]
}
},
"type": "object",
"properties": {
"profile": {
"allOf": [
{
"$ref": "#base"
},
{
"$ref": "#custom"
}
]
}
},
"_links": {
"self": \{
"rel": "self",
"href": "https://example.okta.com/api/v1/meta/schemas/user/default",
"method": "GET"
\},
"type": \{
"rel": "described_by",
"href": "https://example.okta.com/api/v1/meta/types/user",
"method": "GET"
\}
}
}
Get user schema property
Retrieves the schema property for the default type of user schema. Sample Input
\{
"type_id": "default",
"property_title": "firstName"
\}
Sample Output
{
"title": "First name",
"type": "string",
"required": true,
"mutability": "READ_WRITE",
"scope": "NONE",
"minLength": 1,
"maxLength": 50,
"pattern": "^[a-zA-Z]+$",
"permissions": [
\{
"principal": "SELF",
"action": "READ_WRITE"
\},
\{
"principal": "ADMIN",
"action": "READ_WRITE"
\}
],
"master": {
"type": "PROFILE_MASTER"
}
}
Get user type
Retrieves a user type by its ID. Sample Input Sample Output
{
"id": "oty1a2b3c4d5e6f7g8h9",
"displayName": "Employee",
"name": "employee",
"description": "Standard employee user type",
"createdBy": "00u1qw2e3r4t5y6u7i8",
"lastUpdatedBy": "00u9o8i7u6y5t4r3e2",
"created": "2023-06-15T14:30:45.000Z",
"lastUpdated": "2023-06-16T09:15:22.000Z",
"default": false,
"_links": {
"schema": \{
"rel": "schema",
"href": "https://your-domain.okta.com/api/v1/meta/types/user/oty1a2b3c4d5e6f7g8h9/schema",
"method": "GET"
\},
"self": \{
"rel": "self",
"href": "https://your-domain.okta.com/api/v1/meta/types/user/oty1a2b3c4d5e6f7g8h9",
"method": "GET"
\}
}
}
List enrolled factors
Lists all the enrolled factors for the specified user. Sample Input Sample Output
{
"results": [
{
"id": "mbl1a2b3c4d5e6f7g",
"factorType": "sms",
"provider": "OKTA",
"vendorName": "OKTA",
"status": "ACTIVE",
"created": "2023-05-15T10:30:00.000Z",
"lastUpdated": "2023-05-15T10:35:00.000Z",
"profile": {
"phoneNumber": "+1-555-123-4567"
},
"_links": {
"resend": [
{
"name": "sms",
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g/factors/mbl1a2b3c4d5e6f7g/resend",
"hints": {
"allow": [
"POST"
]
}
}
],
"activate": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g/factors/mbl1a2b3c4d5e6f7g/lifecycle/activate",
"hints": {
"allow": [
"POST"
]
}
},
"self": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g/factors/mbl1a2b3c4d5e6f7g",
"hints": \{
"allow": [
"GET",
"DELETE"
]
\}
},
"user": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g",
"hints": {
"allow": [
"GET"
]
}
}
}
}
]
}
List factors to enroll
Lists all the supported factors that can be enrolled for the specified user. Sample Input Sample Output
List group members
Lists users that are a member of a group. Sample Input
\{
"group_id": "00g1emaKYZTWRYYXLBCR",
"limit": 100
\}
Sample Output
List groups
Lists groups in your organisation. Sample Input Sample Output
List security questions
Lists all available security questions for a user’s question factor. Sample Input Sample Output
{
"results": [
\{
"question": "favorite_pet",
"questionText": "What is the name of your favorite pet?"
\},
\{
"question": "first_car",
"questionText": "What was the make and model of your first car?"
\},
\{
"question": "birthplace",
"questionText": "In what city were you born?"
\},
\{
"question": "mother_maiden_name",
"questionText": "What is your mother's maiden name?"
\},
\{
"question": "childhood_friend",
"questionText": "What is the name of your childhood best friend?"
\}
]
}
List system logs
Lists your Okta system logs. Sample Input
\{
"since": "2023-06-01T00:00:00Z",
"until": "2023-06-30T23:59:59Z",
"filter": "eventType eq \"user.session.start\"",
"q": "San Francisco",
"sort_order": "DESCENDING",
"limit": 50
\}
Sample Output
{
"link": "https://your-domain.okta.com/api/v1/logs",
"results": [
{
"actor": \{
"id": "00u1qw2xYSWRNBOLIVKH",
"type": "User",
"alternateId": "john.doe@example.com",
"displayName": "John Doe"
\},
"client": \{
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36",
"zone": "OFF_NETWORK",
"device": "Computer",
"id": "ohw1qw2xYSWRNBOLIVKH",
"ipAddress": "203.0.113.42",
"geographicalContext": "San Francisco, California, United States"
\},
"authenticationContext": \{
"authenticationProvider": "OKTA_AUTHENTICATION_PROVIDER",
"credentialProvider": "OKTA_CREDENTIAL_PROVIDER",
"credentialType": "OTP",
"issuer": null,
"interface": "web",
"authenticationStep": 0
\},
"displayMessage": "User login to Okta",
"eventType": "user.session.start",
"outcome": {
"result": "SUCCESS"
},
"published": "2023-06-30T22:35:57.636Z",
"securityContext": \{
"asNumber": "AS7018",
"asOrg": "AT&T Services, Inc.",
"isp": "AT&T Services",
"domain": "att.com",
"isProxy": false
\},
"severity": "INFO",
"legacyEventType": "core.user_auth.login_success",
"transaction": {
"type": "WEB",
"id": "XxF2H3d4e5f6g7h8I9j0",
"detail": {}
},
"uuid": "1f2e3d4c-5b6a-7c8d-9e0f-1a2b3c4d5e6f",
"version": "0"
}
],
"next": "https://your-domain.okta.com/api/v1/logs?after=1593561600000_1f2e3d4c-5b6a-7c8d-9e0f-1a2b3c4d5e6f"
}
List user profile custom fields
Lists your user profile custom fields. Sample Input Sample Output
List users
Lists users in your organisation. Sample Input
\{
"filter": "status eq \"ACTIVE\"",
"q": "John",
"search": "profile.firstName sw \"J\"",
"sort_by": "lastName",
"sort_order": "asc",
"limit": 100
\}
Sample Output
{
"link": "https://your-domain.okta.com/api/v1/users",
"results": [
{
"id": "00u1a2b3c4d5e6f7g8",
"status": "ACTIVE",
"created": "2023-05-01T10:00:00.000Z",
"activated": "2023-05-01T10:15:00.000Z",
"statusChanged": "2023-05-01T10:15:00.000Z",
"lastLogin": "2023-05-15T14:30:00.000Z",
"lastUpdated": "2023-05-15T14:30:00.000Z",
"passwordChanged": "2023-05-01T10:15:00.000Z",
"type": {
"id": "oty1h2i3j4k5l6m7n8"
},
"profile": \{
"firstName": "John",
"lastName": "Doe",
"mobilePhone": "+1-555-123-4567",
"secondEmail": "john.doe.backup@example.com",
"login": "john.doe@example.com",
"email": "john.doe@example.com"
\},
"credentials": {
"password": {},
"emails": [
\{
"value": "john.doe@example.com",
"status": "VERIFIED",
"type": "PRIMARY"
\}
],
"recovery_question": {
"question": "What was the name of your first pet?"
},
"provider": \{
"type": "OKTA",
"name": "OKTA"
\}
},
"_links": {
"self": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8"
}
}
}
],
"next": "https://your-domain.okta.com/api/v1/users?after=00u1a2b3c4d5e6f7g8"
}
Raw HTTP request (advanced)
Perform a raw HTTP request with some pre-configuration and processing by the connector, such as authentication. Sample Input Sample Output
Reactivate user
Reactivates a user. This operation can only be performed on users with a PROVISIONED status. Sample Input Sample Output
{
"success": true,
"user_id": "00u1a2b3c4d5e6f7g8",
"user_found": true,
"reactivated": true,
"message": {}
}
Remove user from group
Removes a user from a group with OKTA_GROUP type. Sample Input
\{
"group_id": "00g1emaKYZTWRYYRLBPL",
"user_id": "00u1e6ck2xJHwXnFP5d7"
\}
Sample Output
{
"link": "https://your-domain.okta.com/api/v1/groups/00g1emaKYZTWRYYRLBPL/users/00u1e6ck2xJHwXnFP5d7",
"results": [
{
"id": "00u1e6ck2xJHwXnFP5d7",
"status": "ACTIVE",
"created": "2023-05-15T14:30:22.000Z",
"activated": "2023-05-15T14:30:22.000Z",
"statusChanged": "2023-05-15T14:30:22.000Z",
"lastLogin": "2023-05-20T09:15:30.000Z",
"lastUpdated": "2023-05-20T10:45:12.000Z",
"passwordChanged": "2023-05-15T14:30:22.000Z",
"type": {
"id": "oty1emf9x8RFPCHZK5d7"
},
"profile": \{
"firstName": "John",
"lastName": "Doe",
"mobilePhone": "+1-555-1234567",
"secondEmail": "john.doe.backup@example.com",
"login": "john.doe@example.com",
"email": "john.doe@example.com"
\},
"credentials": {
"password": {},
"emails": [
\{
"value": "john.doe@example.com",
"status": "VERIFIED",
"type": "PRIMARY"
\}
],
"provider": \{
"type": "OKTA",
"name": "OKTA"
\}
},
"_links": {
"self": {
"href": "https://your-domain.okta.com/api/v1/users/00u1e6ck2xJHwXnFP5d7"
}
}
}
],
"next": "https://your-domain.okta.com/api/v1/users?after=00u1e6ck2xJHwXnFP5d7"
}
Resends SMS as part of enrollment.
Use the resend link to send another OTP if user doesn’t receive the original activation SMS OTP. Sample Input
\{
"user_id": "00u1a2b3c4d5e6f7g",
"factor_id": "sms1a2b3c4d5e6f7g8h",
"phone_number": "+14155551234",
"update_number": true
\}
Sample Output
Reset factor
Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor. Sample Input Sample Output
Set user password (Admin)
Sets passwords without validating existing user credentials. This is an administrative operation. Sample Input Sample Output
{
"id": "00u1a2b3c4d5e6f7g8",
"status": "ACTIVE",
"created": "2023-05-15T10:30:45.000Z",
"activated": "2023-05-15T10:30:45.000Z",
"statusChanged": "2023-05-15T10:30:45.000Z",
"lastLogin": "2023-05-15T14:22:30.000Z",
"lastUpdated": "2023-05-15T15:45:00.000Z",
"passwordChanged": "2023-05-15T15:45:00.000Z",
"type": {
"id": "oty1a2b3c4d5e6f7g8"
},
"profile": \{
"firstName": "John",
"lastName": "Doe",
"mobilePhone": "+1-555-123-4567",
"secondEmail": "john.alternate@example.com",
"login": "john.doe@example.com",
"email": "john.doe@example.com"
\},
"credentials": {
"password": {},
"emails": [
\{
"value": "john.doe@example.com",
"status": "VERIFIED",
"type": "PRIMARY"
\}
],
"recovery_question": {
"question": "What was the name of your first pet?"
},
"provider": \{
"type": "OKTA",
"name": "OKTA"
\}
},
"_links": {
"suspend": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/lifecycle/suspend",
"method": "POST"
\},
"schema": {
"href": "https://your-domain.okta.com/api/v1/meta/schemas/user/osc1a2b3c4d5e6f7g8"
},
"resetPassword": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/lifecycle/reset_password",
"method": "POST"
\},
"forgotPassword": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/credentials/forgot_password",
"method": "POST"
\},
"expirePassword": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/lifecycle/expire_password",
"method": "POST"
\},
"changeRecoveryQuestion": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/credentials/change_recovery_question",
"method": "POST"
\},
"self": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8"
},
"type": {
"href": "https://your-domain.okta.com/api/v1/meta/types/user/oty1a2b3c4d5e6f7g8"
},
"changePassword": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/credentials/change_password",
"method": "POST"
\},
"deactivate": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/lifecycle/deactivate",
"method": "POST"
\}
}
}
Suspend user
Suspends a user. This operation can only be performed on users with an ACTIVE status. Sample Input
{
"user_id": "john.doe@example.com"
}
Sample Output
{
"success": true,
"user_id": "00u1a2b3c4d5e6f7g8",
"user_found": true,
"suspended": true,
"message": {}
}
Unlock user
Unlocks a user with a LOCKED_OUT status and returns them to ACTIVE status. Users will be able to login with their current password. Sample Input Sample Output
{
"success": true,
"user_id": "00u1a2b3c4d5e6f7g8",
"user_found": true,
"unlocked": true,
"message": {}
}
Unsuspend user
Unsuspends a user and returns them to the ACTIVE state. This operation can only be performed on users that have a SUSPENDED status. Sample Input Sample Output
Update group
Updates the profile for a group with OKTA_GROUP type from your organisation. Sample Input Sample Output
Update user
Updates a user‘s profile or credentials. Sample Input Sample Output
{
"id": "00u1a2b3c4d5e6f7g8",
"status": "ACTIVE",
"created": "2023-01-15T10:00:00.000Z",
"activated": "2023-01-15T10:05:00.000Z",
"statusChanged": "2023-06-01T14:30:00.000Z",
"lastLogin": "2023-06-01T09:00:00.000Z",
"lastUpdated": "2023-06-01T14:30:00.000Z",
"passwordChanged": "2023-06-01T14:30:00.000Z",
"type": {
"id": "oty1a2b3c4d5e6f7g8"
},
"profile": \{
"firstName": "John",
"lastName": "Doe",
"mobilePhone": "+1-555-123-4567",
"secondEmail": null,
"login": "john.doe@example.com",
"email": "john.doe@example.com"
\},
"credentials": {
"password": {},
"emails": [
\{
"value": "john.doe@example.com",
"status": "VERIFIED",
"type": "PRIMARY"
\}
],
"recovery_question": {
"question": "What was the name of your first pet?"
},
"provider": \{
"type": "OKTA",
"name": "OKTA"
\}
},
"_links": {
"suspend": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/lifecycle/suspend",
"method": "POST"
\},
"schema": {
"href": "https://your-domain.okta.com/api/v1/meta/schemas/user/osc1a2b3c4d5e6f7g8"
},
"resetPassword": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/lifecycle/reset_password",
"method": "POST"
\},
"forgotPassword": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/credentials/forgot_password",
"method": "POST"
\},
"expirePassword": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/lifecycle/expire_password",
"method": "POST"
\},
"changeRecoveryQuestion": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/credentials/change_recovery_question",
"method": "POST"
\},
"self": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8"
},
"type": {
"href": "https://your-domain.okta.com/api/v1/meta/types/user/oty1a2b3c4d5e6f7g8"
},
"changePassword": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/credentials/change_password",
"method": "POST"
\},
"deactivate": \{
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3c4d5e6f7g8/lifecycle/deactivate",
"method": "POST"
\}
}
}
DDL operations
Get user schema (DDL)
Sample Input
{}
Sample Output
List enrolled factors (DDL)
Note that DDL operations can only be called directly by Connectors API, or when using CustomJS in the Embedded solution editor for e.g. DDL-dependent data mapping
Sample Input Sample Output
{
"factors": [
{
"id": "ufs2bysphxKODSZKWVCT",
"factorType": "push",
"provider": "OKTA",
"status": "ACTIVE",
"created": "2023-04-15T10:20:30.000Z",
"lastUpdated": "2023-04-15T10:20:30.000Z",
"profile": \{
"credentialId": "jane.doe@example.com",
"deviceType": "SmartPhone_Android",
"name": "Jane's Android Phone"
\}
},
{
"id": "emf2bysphxKODSZKWVCU",
"factorType": "email",
"provider": "OKTA",
"status": "ACTIVE",
"created": "2023-04-10T14:30:45.000Z",
"lastUpdated": "2023-04-10T14:30:45.000Z",
"profile": {
"email": "jane.doe@example.com"
}
},
{
"id": "sms2bysphxKODSZKWVCV",
"factorType": "sms",
"provider": "OKTA",
"status": "ACTIVE",
"created": "2023-04-05T09:15:20.000Z",
"lastUpdated": "2023-04-05T09:15:20.000Z",
"profile": {
"phoneNumber": "+1-555-123-4567"
}
}
]
}
List factors to enroll (DDL)
Note that DDL operations can only be called directly by Connectors API, or when using CustomJS in the Embedded solution editor for e.g. DDL-dependent data mapping
Sample Input Sample Output
[
{
"factorType": "push",
"provider": "OKTA",
"vendorName": "OKTA",
"enrollment": "OPTIONAL",
"_links": {
"enroll": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3cDEFGHIJKL/factors",
"hints": {
"allow": [
"POST"
]
}
}
}
},
{
"factorType": "sms",
"provider": "OKTA",
"vendorName": "OKTA",
"enrollment": "OPTIONAL",
"_links": {
"enroll": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3cDEFGHIJKL/factors",
"hints": {
"allow": [
"POST"
]
}
}
}
},
{
"factorType": "call",
"provider": "OKTA",
"vendorName": "OKTA",
"enrollment": "OPTIONAL",
"_links": {
"enroll": {
"href": "https://your-domain.okta.com/api/v1/users/00u1a2b3cDEFGHIJKL/factors",
"hints": {
"allow": [
"POST"
]
}
}
}
}
]
List groups (DDL)
Note that DDL operations can only be called directly by Connectors API, or when using CustomJS in the Embedded solution editor for e.g. DDL-dependent data mapping
Sample Input
{}
Sample Output
List security questions (DDL)
Sample Input
{}
Sample Output
List totp providers to enroll (DDL)
Sample Input Sample Output
{
"providers": [
\{
"type": "OKTA_VERIFY",
"name": "Okta Verify",
"factorProvider": "OKTA"
\},
\{
"type": "GOOGLE_OTP",
"name": "Google Authenticator",
"factorProvider": "GOOGLE"
\},
\{
"type": "CUSTOM_TOTP",
"name": "Custom TOTP",
"factorProvider": "CUSTOM"
\}
]
}
List user profile custom fields (DDL)
Sample Input Sample Output
[
{
"name": "employeeId",
"title": "Employee ID",
"type": "string",
"description": "Unique identifier for the employee",
"required": true,
"minLength": 5,
"maxLength": 10,
"permissions": \{
"SELF": "READ_ONLY",
"ADMIN": "READ_WRITE"
\}
},
{
"name": "department",
"title": "Department",
"type": "string",
"description": "Employee's department",
"required": false,
"enum": [
"Sales",
"Marketing",
"Engineering",
"HR",
"Finance"
],
"permissions": \{
"SELF": "READ_ONLY",
"ADMIN": "READ_WRITE"
\}
},
{
"name": "startDate",
"title": "Start Date",
"type": "string",
"description": "Employee's start date",
"required": true,
"format": "date",
"permissions": \{
"SELF": "READ_ONLY",
"ADMIN": "READ_WRITE"
\}
},
{
"name": "isRemote",
"title": "Remote Employee",
"type": "boolean",
"description": "Indicates if the employee works remotely",
"required": false,
"permissions": \{
"SELF": "READ_ONLY",
"ADMIN": "READ_WRITE"
\}
}
]
List user types (DDL)
Sample Input
{}
Sample Output
List users (DDL)
Sample Input Sample Output
[
{
"id": "00u1a2b3c4d5e6f7g8",
"status": "ACTIVE",
"created": "2023-05-15T10:30:45.000Z",
"activated": "2023-05-15T10:35:22.000Z",
"statusChanged": "2023-05-15T10:35:22.000Z",
"lastLogin": "2023-05-20T14:22:33.000Z",
"lastUpdated": "2023-05-20T14:22:33.000Z",
"passwordChanged": "2023-05-15T10:35:22.000Z",
"profile": \{
"firstName": "John",
"lastName": "Doe",
"email": "john.doe@example.com",
"login": "john.doe@example.com",
"mobilePhone": "+1-555-1234567"
\},
"credentials": {
"provider": \{
"type": "OKTA",
"name": "OKTA"
\}
}
},
{
"id": "00u2h3i4j5k6l7m8n9",
"status": "ACTIVE",
"created": "2023-05-16T09:15:30.000Z",
"activated": "2023-05-16T09:20:11.000Z",
"statusChanged": "2023-05-16T09:20:11.000Z",
"lastLogin": "2023-05-19T16:45:12.000Z",
"lastUpdated": "2023-05-19T16:45:12.000Z",
"passwordChanged": "2023-05-16T09:20:11.000Z",
"profile": \{
"firstName": "Jane",
"lastName": "Smith",
"email": "jane.smith@example.com",
"login": "jane.smith@example.com",
"mobilePhone": "+1-555-9876543"
\},
"credentials": {
"provider": \{
"type": "OKTA",
"name": "OKTA"
\}
}
}
]