Changelog

Contains a log of all API changes.

Breaking changes may only occur during the BETA lifecycle of an API, and will be minimized as much as possible.

2024.11.1

FIX - Update to Retrieve My Request API

  • Updated the requesterFieldValues object for the 'Retrieve My Request API' . This object now contains the list of field values that were populated while submitting an Access Request.

2024.11.0

FEATURE - new Access Requests APIs

FEATURE - Enhanced Group Remediation

FEATURE - Update to Campaigns API

  • Updated the principalScopeSettings object for the Campaigns API . This object now includes the predefinedInactiveUsersScope property that identifies the duration that users have not used single sign-on (SSO) to access their account within a specific time frame.

2024.10.0

FIX - Remove ENTITLEMENT_VALUES from access-scope settings for Access Request condition APIs

2024.09.0

FEATURE - OAuth2 scopes for Access Request conditions and requests APIs, first BETA release

  • OAuth2 scopes for Access Requests condition and request APIs:
    • okta.accessRequests.condition.manage
    • okta.accessRequests.condition.read
    • okta.accessRequests.request.manage
    • okta.accessRequests.request.read

2024.08.0

FEATURE - New Access request condition APIs, first BETA release

2024.06.2

FEATURE - Added support to include only active users in the campaign

2024.06.0

FIX - Update Admin Role Campaign Defaults

2024.04.0

FEATURE - Added following Beta APIs for ENTITLEMENT MANAGEMENT feature

DEPRECATE - List all entitlements will no longer return values

FEATURE - Ability to create campaigns on Okta Admin Console for reviewing admin roles

FIX - OAuth2 scope documentation

  • Fixed the documentation of required scopes for Request Types, Requests, and Teams operations to correct values.
    • Incorrect old documentation listed : okta.governance.accessRequest.manage , okta.governance.accessRequest.read
    • New correct documentation: okta.governance.accessRequests.manage , okta.governance.accessRequests.read

BETA - Breaking changes

FIX - Resource name and description is no longer populated in responses for ENTITLEMENT MANAGEMENT feature APIs (Entitlements, Entitlement Bundles, Grants, and Principal Entitlements)

2023.09.0

FEATURE - Added following Beta APIs for ENTITLEMENT MANAGEMENT feature

FEATURE - Added support for certifying entitlement-enabled resources to 'Campaigns' and 'Reviews' Apis

'Create', 'List', 'Retrieve', 'Delete', 'Launch' and 'End' campaigns containing entitlement enabled resources.

'List', 'Reassign' and 'Retrieve' items reviewing app entitlements.

2023.08.0

FIX - startReview in 'Create a Campaign' is required

Fixed 'Create a campaign' operation to show /reviewerSettings/reviewerLevels/startReview as required field.

2023.07.0

DEPRECATE - /governance/api/v1/campaigns/{campaignId}/delete endpoint

Deprecated this endpoint in favour of 'Delete Campaign' to be consistent with other DELETE endpoints.

Existing /delete endpoint will continue to work until it is removed in future release.

2023.06.0

FEATURE - Ability to create recurring campaigns

Updated 'Create a campaign' operation to support defining a recurring schedule by allowing new types described in /scheduleSettings/type. During creation of a campaign, you can provide the additional details described at /scheduleSettings/recurrence to setup the recurrence. These settings will also be reflected in 'List all campaigns' and 'Retrieve a campaign'

FEATURE - Ability to create campaigns with a group or group owner as reviewer

Updated 'Create a campaign' operation to support setting a Group or Group Owner as reviewer, as is currently supported in the UI by allowing new types described in /reviewerSettings/type. During creation of a campaign, when defining the reviewer, new settings are available and described at /reviewerSettings/reviewerGroupId. These settings will also be reflected in 'List all campaigns', 'Retrieve a campaign', 'List all reviews' and 'Retrieve a review'

FEATURE - Ability to create multi-level campaigns

Updated 'Create a campaign' to support Multi-level campaigns, as is currently supported in the UI, but allowing new types described in /reviewerSettings/type. During creation of a campaign, you can provide multi-level reviewer details described at /reviewerSettings/reviewerLevels. These settings will also be reflected in 'List all campaigns', 'Retrieve a campaign', 'List all reviews', 'Retrieve a review' and 'Reassign the reviews'

FEATURE - Ability to create user campaigns

Updated 'Create a campaign' operation to allow creation of User Campaigns, currently available as self-service EA in the UI, by allowing new types described in /principalScopeSettings/type. During creation of a campaign, you can choose to create Resource Campaigns (the existing type) or User Campaigns, with settings described at /principalScopeSettings. These settings will also be reflected in 'Retrieve a campaign'

FEATURE - Ability to create a message on a request

Added 'Create a message for a request' operation to allow creation of a message for an existing request.

2023.03.1

BETA - Breaking changes

FIX - reviewerSettings.type in 'Create a campaign' and 'Retrieve a campaign' operations

Fixed 'Create a campaign' and 'Retrieve a campaign' operations to properly accept and return the /reviewerSettings/type enum value REVIEWER_EXPRESSION instead of REVIEWER-EXPRESSION.

2023.03.0

Features

FEATURE - Resource owner approval type

Added the RESOURCE_OWNER value to the approvalType parameter for Create a request type.

This update enables the creation of request types that require approvals from the owner of the resource specified in targetResources.

Currently, Okta only supports a group resource, that is, when resourceSettings.type is GROUPS.

This change has no impact on any previously created request types.

2023.02.0

Fixes

FIX - An HTTP 500 Internal Server Error was returned for some operations

  • Fixed the case when a Retrieve a request type would 500 if the accessDuration was controlled by a DATE-TIME field in a CUSTOM request type.
  • Fixed the case when a Retrieve a request would 500 if an ADD_USER_TO_GROUP or ASSIGN_APP_TO_USER action failed to run, and then was manually closed by a team member.

2023.01.0

BETA - Breaking changes

FEATURE - Request type approval settings

Added new option NONE for approvalSettings.type for Create a request type.

This enables the creation of request types that don't have any required approvals.

approvalSettings is now a required property. Attempting to create a request type without specifying approvalSettings will result in a 400 Bad Request response.

Allowing for this use case requires modification of the default value for approvalSettings.

Integrations relying on the default specification of one approval by the requester's manager must now explicity specify approvalSettings.type of SERIAL and include a manager approval object when creating the request type.

Check below for an example of a request body that used to return a 200 response code, that will now return a 400 response code.

Example

Copy
Copied
{
    "name": "salesforce-01",
    "description": "How users can request access to Admin Group",
    "ownerId": "61eb0f06c462d20007f051ac",
    "resourceSettings": {
        "type": "GROUPS",
        "targetResources": [
            {
                "resourceId": "00g1emaKYZTWRYYRRTSK"
            }
        ]
    }
}

This change has no impact on any previously created request types.

info

approvalSettings with no required approvers

{"type":"NONE"}

approvalSettings with requester manager approver required

{"type":"SERIAL","approvals":[{"approverType":"MANAGER"}]}

FIX - createdBy in 'Retrieve a request' and 'List all requests' operations

Fixed 'Retrieve a request' and 'List all requests' operations to properly return the createdBy id of the authenticated user, which can be distinct from requesterUserIds

FIX - requesterFieldValues and approvals/0/fieldValues in 'Retrieve a request' operation

Fixed the data type of /requesterFieldValues/0/value in 'Retrieve a request' response body for fields of type DATE-TIME to match API reference.

info

Old date time value

1665148010117

New date time value per API reference

2022-10-07T13:06:50.117Z

Features

  • Added requesterFieldValues to Create a request operation request body. This enables creation of requests using a request type with required fields.
  • Added approvalSettings.approvals.description to Create a request operation request body. This enables creation of a request types with description for required approvals.
  • 'Retrieve a request' now returns a request with type ACCESS_REQUEST , and includes the approvals and actions objects. Prior to this change if a request was created using a request type with CUSTOM modifications in the administrative UI, the request had type CUSTOM which omitted the approvals and actions objects.

Note: While there are aspects of requests based on CUSTOM request types which may not be represented in API responses, the actions and approvals information included in the API response are now reliable.

Fixes

Documentation updates