Collections allow an admin to assign multiple resources at one time to a user
See Resource collections for more information.
Creates an empty resource collection
Response to a successful resource collection creation operation
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Request body for creating a new resource collection
{- "name": "Core Engineering Access",
- "description": "Birthright access for all FTE engineers"
}
Full response details for a resource collection
{- "id": "cole8sBBMFDxPgcHx0g3",
- "name": "Core Engineering Access",
- "description": "Birthright access for all FTE engineers",
- "created": "2024-07-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2024-07-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "resources": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources"
}
}
}
Lists all resource collections
after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 |
filter | string <scim-filter> <= 255 characters A filter expression that filters data based on
filter=name%20sw%20%22Sales%22 Search for resource collections with "coljqM9a9xerZfRpp0g2" or "coljrNAph4LiA2C1m0g2" IDs filter=id%20eq%20%22coljqM9a9xerZfRpp0g2%22%20or%20id%20eq%20%22coljrNAph4LiA2C1m0g2%22 |
include | Array of strings The Query param: ?include=counts include=counts |
limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
A successful resource collection list response
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
List of collections
{- "data": [
- {
- "id": "cole8sBBMFDxPgcHx0g3",
- "name": "Core Engineering Access",
- "description": "Birthright access for all FTE engineers",
- "created": "2024-07-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2024-07-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "resources": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources"
}
}
}, - {
- "id": "rc5472336736435",
- "name": "Core Sales Access",
- "description": "Birthright access for all sales staff",
- "created": "2024-07-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2024-07-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "resources": {
- "href": "example.com/governance/api/v1/collections/rc5472336736435/resources"
}
}
}, - {
- "id": "rc34657643674534",
- "name": "Super User Access",
- "description": "Elevated access in all environments",
- "created": "2024-07-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2024-07-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "resources": {
- "href": "example.com/governance/api/v1/collections/rc34657643674534/resources"
}
}
}
], - "_links": {
- "next": {
- "href": "example.com/governance/api/v1/collections?limit=3&after=rc34657643674534"
}, - "self": {
- "href": "example.com/governance/api/v1/collections?limit=3"
}
}, - "metadata": {
- "total": 3
}
}
Retrieves a resource collection
Response to a successful resource collection creation operation
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Full response details for a resource collection
{- "id": "cole8sBBMFDxPgcHx0g3",
- "name": "Core Engineering Access",
- "description": "Birthright access for all FTE engineers",
- "created": "2024-07-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2024-07-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "resources": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources"
}
}
}
Replaces a resource collection
The writeable attributes of a resource collection
Response to a successful resource collection creation operation
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
The request body to replace a resource collection
{- "name": "Core Engineering Access",
- "description": "Birthright access for all FTE engineers"
}
Full response details for a resource collection
{- "id": "cole8sBBMFDxPgcHx0g3",
- "name": "Core Engineering Access",
- "description": "Birthright access for all FTE engineers",
- "created": "2024-07-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2024-07-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "_links": {
- "resources": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources"
}
}
}
Deletes a resource collection specified by an id
A successful collection response
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "errorCode": "string",
- "errorId": "string",
- "errorSummary": "string",
- "errorLink": "string",
- "errorCauses": [
- {
- "errorSummary": "string",
- "reason": "string",
- "location": "string",
- "locationType": "string",
- "domain": "string"
}
]
}
Lists all the resources in a given collection
after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 | ||||||
include | Array of strings The
Example: include=entitlements | ||||||
limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
A successful collection resources list response
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
List of resources in a collection
{- "data": [
- {
- "resourceOrn": "orn:okta:idp:00ofsdghasfhas54wewe:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "resourceId": "res789067asg6asdf7g",
- "resourceProfile": {
- "id": "0oafxqCAJWWGELFTYASJ",
- "name": "salesforce",
- "label": "Salesforce",
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}
]
}, - "_links": {
- "entitlements": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources/res789067asg6asdf7g"
}
}
}, - {
- "resourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:google:0oafxqDFHASFGZGSERDHA",
- "resourceId": "res1234gjfdsfdasha",
- "resourceProfile": {
- "id": "0oafxqDFHASFGZGSERDHA",
- "name": "google",
- "label": "Google",
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}
]
}, - "_links": {
- "entitlements": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources/res1234gjfdsfdasha"
}
}
}, - {
- "resourceOrn": "orn:okta:idp:0034t89uq4u0q54u80q2:apps:netsuite:0oasdSDlGAVXCBZSDFG",
- "resourceId": "res6573rtyfuhdyste",
- "resourceProfile": {
- "id": "0oasdSDlGAVXCBZSDFG",
- "name": "netsuite",
- "label": "NetSuite",
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}
]
}, - "_links": {
- "entitlements": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources/res6573rtyfuhdyste"
}
}
}
], - "_links": {
- "next": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources?limit=3&after=res6573rtyfuhdyste"
}, - "self": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources?limit=3"
}
}, - "metadata": {
- "count": 3
}
}
Adds the resources to a collection
resourceOrn required | string <okta-resource-orn> The ORN identifier for a specific app. Other resource types aren't supported. See the supported-resources endpoint for reference. |
Array of objects Collection of entitlements and associated value identifiers |
A successful add resources to collection list response
The response to an invalid request to add resources to a collection
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
[- {
- "resourceOrn": "orn:okta:idp:00ofsdghasfhas54wewe:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "entitlements": [
- {
- "id": "espo3v6xlwdtEX2il1d6",
- "values": [
- {
- "id": "ento3v6xmkviXCltm1d6"
}
]
}, - {
- "id": "esp4rg7fkom0c3AsX8g6",
- "values": [
- {
- "id": "ent4rg7fltWSgrlDT8g6"
}
]
}
]
}, - {
- "resourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:google:0oafxqDFHASFGZGSERDHA"
}, - {
- "resourceOrn": "orn:okta:idp:0034t89uq4u0q54u80q2:apps:netsuite:0oasdSD~GAVXCBZSDFG",
- "entitlements": [
- {
- "id": "espo3v6xlwdtEX2il1d6",
- "values": [
- {
- "id": "ento3v6xmkviXCltm1d6"
}, - {
- "id": "ento3v6xk6nOq7lm51d6"
}
]
}, - {
- "id": "esp4rg7fkom0c3AsX8g6",
- "values": [
- {
- "id": "ent4rg7fltWSgrlDT8g6"
}
]
}
]
}
]
List of resources in a collection
{- "data": [
- {
- "resourceOrn": "orn:okta:idp:00ofsdghasfhas54wewe:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "resourceId": "res789067asg6asdf7g",
- "resourceProfile": {
- "id": "0oafxqCAJWWGELFTYASJ",
- "name": "salesforce",
- "label": "Salesforce",
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}
]
}, - "_links": {
- "entitlements": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources/res789067asg6asdf7g"
}
}
}, - {
- "resourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:google:0oafxqDFHASFGZGSERDHA",
- "resourceId": "res1234gjfdsfdasha",
- "resourceProfile": {
- "id": "0oafxqDFHASFGZGSERDHA",
- "name": "google",
- "label": "Google",
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}
]
}, - "_links": {
- "entitlements": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources/res1234gjfdsfdasha"
}
}
}, - {
- "resourceOrn": "orn:okta:idp:0034t89uq4u0q54u80q2:apps:netsuite:0oasdSDlGAVXCBZSDFG",
- "resourceId": "res6573rtyfuhdyste",
- "resourceProfile": {
- "id": "0oasdSDlGAVXCBZSDFG",
- "name": "netsuite",
- "label": "NetSuite",
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}
]
}, - "_links": {
- "entitlements": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources/res6573rtyfuhdyste"
}
}
}
], - "_links": {
- "next": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources?limit=3&after=res6573rtyfuhdyste"
}, - "self": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources?limit=3"
}
}, - "metadata": {
- "count": 3
}
}
Deletes a specified resource from a collection
A successful collection response
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "errorCode": "string",
- "errorId": "string",
- "errorSummary": "string",
- "errorLink": "string",
- "errorCauses": [
- {
- "errorSummary": "string",
- "reason": "string",
- "location": "string",
- "locationType": "string",
- "domain": "string"
}
]
}
Retrieves a collection resource with entitlements
Response to a successful get resource collection operation
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "data": {
- "resourceOrn": "orn:okta:idp:00ofsdghasfhas54wewe:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "resourceId": "res789067asg6asdf7g",
- "entitlementValueCount": 2,
- "entitlements": [
- {
- "id": "espo3v6xlwdtEX2il1d6",
- "name": "License",
- "externalValue": "License",
- "description": "This is a license entitlement",
- "multiValue": true,
- "required": false,
- "dataType": "string",
- "values": [
- {
- "id": "ento3v6xmkviXCltm1d6",
- "name": "A label",
- "externalValue": "A",
- "description": "A label description"
}
]
}, - {
- "id": "esp4rg7fkom0c3AsX8g6",
- "name": "Role",
- "externalValue": "Role",
- "description": "This is a role entitlement",
- "multiValue": false,
- "required": false,
- "dataType": "string",
- "values": [
- {
- "id": "ent4rg7fltWSgrlDT8g6",
- "name": "C label",
- "externalValue": "C",
- "description": "C label description"
}
]
}
], - "_links": {
- "entitlements": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources/res789067asg6asdf7g/entitlements"
}
}
}
}
Replaces a specified resource in a collection
Response to a successful collection resource update operation
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "entitlements": [
- {
- "id": "espo3v6xlwdtEX2il1d6",
- "values": [
- {
- "id": "ento3v6xmkviXCltm1d6"
}
]
}, - {
- "id": "esp4rg7fkom0c3AsX8g6",
- "values": [
- {
- "id": "ent4rg7fltWSgrlDT8g6"
}
]
}
]
}
{- "data": {
- "resourceOrn": "orn:okta:idp:00ofsdghasfhas54wewe:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "resourceId": "res789067asg6asdf7g",
- "entitlementValueCount": 2,
- "entitlements": [
- {
- "id": "espo3v6xlwdtEX2il1d6",
- "name": "License",
- "externalValue": "License",
- "description": "This is a license entitlement",
- "multiValue": true,
- "required": false,
- "dataType": "string",
- "values": [
- {
- "id": "ento3v6xmkviXCltm1d6",
- "name": "A label",
- "externalValue": "A",
- "description": "A label description"
}
]
}, - {
- "id": "esp4rg7fkom0c3AsX8g6",
- "name": "Role",
- "externalValue": "Role",
- "description": "This is a role entitlement",
- "multiValue": false,
- "required": false,
- "dataType": "string",
- "values": [
- {
- "id": "ent4rg7fltWSgrlDT8g6",
- "name": "C label",
- "externalValue": "C",
- "description": "C label description"
}
]
}
], - "_links": {
- "entitlements": {
- "href": "example.com/governance/api/v1/collections/cole8sBBMFDxPgcHx0g3/resources/res789067asg6asdf7g/entitlements"
}
}
}
}
Retrieves unassigned users for a collection based on the provided filter
filter | string <scim-filter> A filter expression that filters users based on
filter=firstName%20sw%20%22John%22 filter=firstName%20sw%20%22John%22%20OR%lastName%20sw%20%22John%22%20OR%20email%20sw%20%22John%22 |
A list of users that can be assigned to a collection
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
List of unassigned users from a collection
{- "data": [
- {
- "id": "00u28w6vzKKultXP98g5",
- "email": "jessie.smith@example.com",
- "login": "jessie.smith@example.com",
- "firstName": "Jessie",
- "lastName": "Smith",
- "status": "ACTIVE"
}
], - "_links": {
}
}
Lists all assignments for a collection
Assignments for a collection are sorted by last assigned principals first.
after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 |
filter | string <scim-filter> A filter expression that filters principals based on Note: Query parameter percent encoding is required. See Percent-encoding. Filter for "00ub0oNGTSWTBKOLGLNR" external ID and "OKTA_USER" principal type filter=principal.externalId%20eq%20%2200ub0oNGTSWTBKOLGLNR%22%20AND%20principal.type%20eq%20%22OKTA_USER%22filter=principalProfile.name%20sw%20%22John%22 |
limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
A successful list of assigned principals response
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
List of assigned principals to collection
{- "data": [
- {
- "id": "ass28w6vzKKultXP98g5",
- "actor": "ACCESS_REQUEST",
- "expirationTime": "2024-04-30T23:59:59Z",
- "timeZone": "America/Toronto",
- "assignmentType": "INDIVIDUAL",
- "collectionId": "col28w6vzKKultXP98g5",
- "principal": {
- "externalId": "00u174cGuGxVFp4EY0g4",
- "type": "OKTA_USER"
}, - "principalProfile": {
- "id": "00u28w6vzKKultXP98g5",
- "email": "jessie.smith@example.com",
- "login": "jessie.smith@example.com",
- "firstName": "Jessie",
- "lastName": "Smith",
- "status": "ACTIVE"
}
}, - {
- "id": "ass28w6vzKKultXP98g6",
- "actor": "ACCESS_REQUEST",
- "assignmentType": "INDIVIDUAL",
- "collectionId": "col28w6vzKKultXP98g5",
- "principal": {
- "externalId": "00u174cGuGxVFp4EY0g5",
- "type": "OKTA_USER"
}, - "principalProfile": {
- "id": "00u28w6vzKKultXP98g5",
- "email": "jessie.smith@example.com",
- "login": "jessie.smith@example.com",
- "firstName": "Jessie",
- "lastName": "Smith",
- "status": "ACTIVE"
}
}
], - "_links": {
}
}
Assigns a collection to principals
The assignment can be for a limited time or indefinite. This operation is idempotent. If the assignment already exists, it will be updated with the new values.
Attributes of collection assignment
actor | string Default: "API" The actor sending the grant request |
collectionId | string <collection-id> = 20 characters The resource collection |
expirationTime | string <date-time> The date on which the principal's access expires. This property is specified in ISO 8601 duration format. |
object Representation of a principal | |
timeZone | string [ 1 .. 64 ] characters The time zone, in IANA format, for the end date of the user access. |
A list of assigned principals
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Assign principals to the collection. The assignment can be for a limited time or indefinite.
[- {
- "actor": "ACCESS_REQUEST",
- "principal": {
- "externalId": "00u174cGuGxVFp4EY0g4",
- "type": "OKTA_USER"
}, - "expirationTime": "2024-04-30T23:59:59Z",
- "timeZone": "America/Toronto"
}, - {
- "actor": "ACCESS_REQUEST",
- "principal": {
- "externalId": "00u174cGuGxVFp4EY0g5",
- "type": "OKTA_USER"
}
}
]
List of assigned users to a collection
[- {
- "id": "ass28w6vzKKultXP98g5",
- "actor": "ACCESS_REQUEST",
- "principal": {
- "externalId": "00u174cGuGxVFp4EY0g4",
- "type": "OKTA_USER"
}, - "expirationTime": "2024-04-30T23:59:59Z",
- "timeZone": "America/Toronto",
- "assignmentType": "INDIVIDUAL"
}, - {
- "id": "ass28w6vzKKultXP98g6",
- "actor": "ACCESS_REQUEST",
- "principal": {
- "externalId": "00u174cGuGxVFp4EY0g5",
- "type": "OKTA_USER"
}, - "assignmentType": "INDIVIDUAL"
}
]
Updates a principal assignment
The writable attributes of a collection assignment
A successful collection response
A request failed validation
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Request body for adding an expiration time and time zone
[- {
- "op": "ADD",
- "path": "/expirationTime",
- "value": "2024-04-30T23:59:59Z"
}, - {
- "op": "ADD",
- "path": "/timeZone",
- "value": "America/Toronto"
}
]
{- "errorCode": "string",
- "errorId": "string",
- "errorSummary": "string",
- "errorLink": "string",
- "errorCauses": [
- {
- "errorSummary": "string",
- "reason": "string",
- "location": "string",
- "locationType": "string",
- "domain": "string"
}
]
}
Deletes principal assignment
A successful collection response
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "errorCode": "E0000004",
- "errorSummary": "Authentication failed.",
- "errorLink": "E0000004",
- "errorId": "oaeWCGz73hpRCG75VHP6-RRXw",
- "errorCauses": [ ]
}
Lists assignments for all collections
Assignments for all collections are sorted by last assigned principals first.
after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 |
filter | string <scim-filter> A filter expression that filters principals based on Note: Query parameter percent encoding is required. See Percent-encoding. Filter for "00ub0oNGTSWTBKOLGLNR" external ID and "OKTA_USER" principal type filter=principal.externalId%20eq%20%2200ub0oNGTSWTBKOLGLNR%22%20AND%20principal.type%20eq%20%22OKTA_USER%22filter=principalProfile.name%20sw%20%22John%22 |
limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
A successful list of assigned principals response
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
List of assigned principals to collection
{- "data": [
- {
- "id": "ass28w6vzKKultXP98g5",
- "actor": "ACCESS_REQUEST",
- "expirationTime": "2024-04-30T23:59:59Z",
- "timeZone": "America/Toronto",
- "assignmentType": "INDIVIDUAL",
- "collectionId": "col28w6vzKKultXP98g5",
- "principal": {
- "externalId": "00u174cGuGxVFp4EY0g4",
- "type": "OKTA_USER"
}, - "principalProfile": {
- "id": "00u28w6vzKKultXP98g5",
- "email": "jessie.smith@example.com",
- "login": "jessie.smith@example.com",
- "firstName": "Jessie",
- "lastName": "Smith",
- "status": "ACTIVE"
}
}, - {
- "id": "ass28w6vzKKultXP98g6",
- "actor": "ACCESS_REQUEST",
- "assignmentType": "INDIVIDUAL",
- "collectionId": "col28w6vzKKultXP98g5",
- "principal": {
- "externalId": "00u174cGuGxVFp4EY0g5",
- "type": "OKTA_USER"
}, - "principalProfile": {
- "id": "00u28w6vzKKultXP98g5",
- "email": "jessie.smith@example.com",
- "login": "jessie.smith@example.com",
- "firstName": "Jessie",
- "lastName": "Smith",
- "status": "ACTIVE"
}
}
], - "_links": {
}
}