An entitlement is a permission that allows users to take specific actions within a resource, such as an application. Manage entitlements and values with the following APIs.
See Entitlement Management for more information.
Entitlement Administratorokta.governance.entitlements.manageCreates a new entitlement
The writable attributes of an entitlement
A successful entitlement creation operation
An invalid request to create or update an entitlement
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Request body for adding a entitlement
{- "name": "License Entitlement",
- "externalValue": "license_entitlement",
- "description": "Some license entitlement",
- "parent": {
- "externalId": "0oafxqCAJWWGELFTYASJ",
- "type": "APPLICATION"
}, - "multiValue": true,
- "dataType": "string",
- "values": [
- {
- "name": "value1",
- "description": "description for value1",
- "externalValue": "value_1"
}, - {
- "name": "value2",
- "description": "description for value2",
- "externalValue": "value_2"
}
]
}Response for successful entitlement creation
{- "id": "esp2lr1lavoGDYw5U8g6",
- "name": "License Entitlement",
- "externalValue": "license_entitlement",
- "description": "Some license entitlement",
- "parentResourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "parent": {
- "externalId": "0oafxqCAJWWGELFTYASJ",
- "type": "APPLICATION"
}, - "multiValue": true,
- "dataType": "string",
- "values": [
- {
- "id": "ent148fuJDGTsvYjP0g4",
- "name": "value1",
- "description": "description for value1",
- "externalValue": "value_1"
}, - {
- "id": "ent148gF8aZoRfFsh0g4",
- "name": "value2",
- "description": "description for value2",
- "externalValue": "value_2"
}
]
}Entitlement Administratorokta.governance.entitlements.readLists all entitlements specific to a resource
| after | string The after cursor provided by a prior request. |
| filter required | string <scim-filter> Apply various filters by using supported entitlements filtering properties. Resource filter is required before any other supported filtering. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?filter=parent.externalId eq "0oafxqCAJWWGELFTYASJ" AND parent.type eq "APPLICATION" filter=parent.externalId%20eq%20%220oafxqCAJWWGELFTYASJ%22%20AND%20parent.type%20eq%20%22APPLICATION%22Query param: ?filter=parentResourceOrn eq "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:oidc:0oafxqCAJWWGELFTYASJ" filter=parentResourceOrn%20eq%20%22orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:oidc:0oafxqCAJWWGELFTYASJ%22Query param: ?filter=parent.externalId eq "0oafxqCAJWWGELFTYASJ" AND parent.type eq "APPLICATION" AND name sw "License" filter=parent.externalId%20eq%20%220oafxqCAJWWGELFTYASJ%22%20AND%20parent.type%20eq%20%22APPLICATION%22%20AND%20name%20sw%20%22License%22Query param: ?filter=parent.externalId eq "0oafxqCAJWWGELFTYASJ" AND parent.type eq "APPLICATION" AND (id eq "espfxqCAJWWGELFTYASJ" OR id eq "espfxqCAJWWGELFTYASI") filter=parent.externalId%20eq%20%220oafxqCAJWWGELFTYASJ%22%20AND%20parent.type%20eq%20%22APPLICATION%22%20AND%20%28id%20eq%20%22espfxqCAJWWGELFTYASJ%22%20OR%20id%20eq%20%22espfxqCAJWWGELFTYASI%22%29Query param: ?filter=parent.externalId eq "0oafxqCAJWWGELFTYASJ" AND parent.type eq "APPLICATION" AND externalValue eq "License" filter=parent.externalId%20eq%20%220oafxqCAJWWGELFTYASJ%22%20AND%20parent.type%20eq%20%22APPLICATION%22%20AND%20externalValue%20eq%20%22License%22 |
| limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records that will be returned in a given result. |
| orderBy | Array of strings = 1 items Default: ["name asc"] A field by which results can be sorted. For now, sorting by a single field is supported. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?orderBy=name asc orderBy=name%20ascQuery param: ?orderBy=created desc orderBy=created%20desc |
A successful entitlements list response
An invalid request to list entitlement-bundles
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
A list of entitlements
{- "data": [
- {
- "id": "espfxqCAJWWGELFTYASJ",
- "name": "Role",
- "externalValue": "Role",
- "description": "This is a role entitlement",
- "multiValue": true,
- "required": false,
- "dataType": "string",
- "parentResourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "parent": {
- "externalId": "0oafxqCAJWWGELFTYASJ",
- "type": "APPLICATION",
- "name": "Salesforce"
}, - "metadata": {
- "total": 1
}, - "_links": {
- "values": {
}
}
}, - {
- "id": "espfxqCAJWWGEGUUFASJ",
- "name": "License",
- "externalValue": "License",
- "description": "This is a license entitlement",
- "multiValue": true,
- "required": false,
- "dataType": "string",
- "parentResourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "parent": {
- "externalId": "0oafxqCAJWWGELFTYASJ",
- "type": "APPLICATION",
- "name": "Salesforce"
}, - "metadata": {
- "total": 30
}, - "_links": {
- "values": {
}
}
}
], - "metadata": {
- "total": 2
}
}Application Administratorokta.governance.entitlements.manageDeletes entitlement
A successful entitlement delete response
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "errorCode": "E0000004",
- "errorSummary": "Authentication failed.",
- "errorLink": "E0000004",
- "errorId": "oaeWCGz73hpRCG75VHP6-RRXw",
- "errorCauses": [ ]
}Application Administratorokta.governance.entitlements.readRetrieves a single entitlement
A successful entitlements list response
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Entitlement data
{- "id": "espfxqCAJWWGELFTYASJ",
- "name": "Role",
- "externalValue": "Role",
- "description": "This is a role entitlement",
- "multiValue": true,
- "required": false,
- "dataType": "string",
- "parentResourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:oidc:0oafxqCAJWWGELFTYASJ",
- "parent": {
- "externalId": "0oafxqCAJWWGELFTYASJ",
- "type": "APPLICATION",
- "name": "Salesforce"
}, - "values": [
- {
- "id": "entfxqCAJWWGELFTYAAA",
- "name": "Admin access",
- "description": "ability to grant an access",
- "externalValue": "admin"
}
], - "_links": {
}, - "metadata": {
- "total": 1
}
}Application Administratorokta.governance.entitlements.manageReplaces an entitlement
The writable attributes of an entitlement
| dataType required | string The data type of the entitlement property |
| externalValue required | string [ 1 .. 255 ] characters The value of an entitlement property |
| id required | string = 20 characters The |
| multiValue required | boolean The property that determines if the entitlement property can hold multiple values |
| name required | string [ 1 .. 255 ] characters The display name for an entitlement property |
required | object Representation of a resource |
| parentResourceOrn required | string <okta-resource-orn> The Okta App instance See the supported-resources endpoint for reference |
object Links available in entitlements list response | |
| description | string [ 1 .. 1000 ] characters The description of an entitlement property |
object Metadata describing the entitlement | |
| required | boolean The property that determines if the entitlement property is a required attribute |
Array of objects [ 1 .. 1000 ] characters Collection of entitlement values |
A successful entitlement update operation
An invalid request to create or update an entitlement
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Request body for updating entitlement
{- "id": "esp2lr1lavoGDYw5U8g6",
- "name": "License Entitlement",
- "externalValue": "license_entitlement",
- "description": "Entitlement description",
- "parentResourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "parent": {
- "externalId": "0oafxqCAJWWGELFTYASJ",
- "type": "APPLICATION"
}, - "multiValue": true,
- "dataType": "string",
- "values": [
- {
- "id": "ent148gF8aZoRfFsh0g4",
- "name": "value1",
- "description": "description for value1",
- "externalValue": "value_1"
}, - {
- "name": "value2",
- "description": "new value for entitlement",
- "externalValue": "value_2"
}
]
}Response for successful entitlement update
{- "id": "esp2lr1lavoGDYw5U8g6",
- "name": "License Entitlement",
- "externalValue": "license_entitlement",
- "description": "Some license entitlement",
- "parentResourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:salesforce:0oafxqCAJWWGELFTYASJ",
- "parent": {
- "externalId": "0oafxqCAJWWGELFTYASJ",
- "type": "APPLICATION"
}, - "multiValue": true,
- "dataType": "string",
- "values": [
- {
- "id": "ent148gF8aZoRfFsh0g4",
- "name": "value1",
- "description": "description for value1",
- "externalValue": "value_1"
}, - {
- "id": "ent148fuJDGTsvYjP0g4",
- "name": "value2",
- "description": "description for value2",
- "externalValue": "value_2"
}
]
}Application Administratorokta.governance.entitlements.readLists all values for an entitlement
| after | string The after cursor provided by a prior request. |
| filter | string <scim-filter> Apply various filters by using supported entitlement values filtering properties. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?filter=name sw "License" filter=name%20sw%20%22License%22 |
| limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records that will be returned in a given result. |
| orderBy | Array of strings = 1 items Default: ["name asc"] A field by which results can be sorted. For now, sorting by a single field is supported. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?orderBy=name asc orderBy=name%20ascQuery param: ?orderBy=created desc orderBy=created%20desc |
A successful list of entitlement values response
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
A list of entitlement values
{- "data": [
- {
- "id": "entfxqCAJWWGELFTYAAA",
- "name": "Admin access",
- "description": "ability to grant an access",
- "externalValue": "admin"
}, - {
- "id": "entfxqCAJWWFTFUUYBBB",
- "name": "Corporate License",
- "description": "Corporate License",
- "externalValue": "corporate"
}
], - "_links": {
}, - "metadata": {
- "total": 2
}
}Application Administratorokta.governance.entitlements.readLists all entitlement values
| after | string The after cursor provided by a prior request. |
| filter required | string <scim-filter> Apply various filters by using supported entitlements filtering properties. Resource filter is required before any other supported filtering. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?filter=parent.externalId eq "0oafxqCAJWWGELFTYASJ" AND parent.type eq "APPLICATION" filter=parent.externalId%20eq%20%220oafxqCAJWWGELFTYASJ%22%20AND%20parent.type%20eq%20%22APPLICATION%22Query param: ?filter=parentResourceOrn eq "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:oidc:0oafxqCAJWWGELFTYASJ" filter=parentResourceOrn%20eq%20%22orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:oidc:0oafxqCAJWWGELFTYASJ%22Query param: ?filter=parent.externalId eq "0oafxqCAJWWGELFTYASJ" AND parent.type eq "APPLICATION" AND name sw "License" filter=parent.externalId%20eq%20%220oafxqCAJWWGELFTYASJ%22%20AND%20parent.type%20eq%20%22APPLICATION%22%20AND%20name%20sw%20%22License%22Query param: ?filter=parent.externalId eq "0oafxqCAJWWGELFTYASJ" AND parent.type eq "APPLICATION" AND (entitlementId eq "espfxqCAJWWGELFTYASJ" OR entitlementId eq "espfxqCAJWWGELFTYASI") filter=parent.externalId%20eq%20%220oafxqCAJWWGELFTYASJ%22%20AND%20parent.type%20eq%20%22APPLICATION%22%20AND%20%28entitlementId%20eq%20%22espfxqCAJWWGELFTYASJ%22%20OR%20entitlementId%20eq%20%22espfxqCAJWWGELFTYASI%22%29Query param: ?filter=parent.externalId eq "0oafxqCAJWWGELFTYASJ" AND parent.type eq "APPLICATION" AND externalValue eq "corporate" filter=parent.externalId%20eq%20%220oafxqCAJWWGELFTYASJ%22%20AND%20parent.type%20eq%20%22APPLICATION%22%20AND%20externalValue%20eq%20%22corporate%22 |
| limit | integer [ 1 .. 200 ] Default: 200 The maximum number of records that will be returned in a given result. |
| orderBy | Array of strings = 1 items Default: ["id asc"] A field by which results can be sorted. For now, sorting by a single field is supported. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?orderBy=name asc orderBy=name%20ascQuery param: ?orderBy=id desc orderBy=id%20desc |
A successful list of entitlement values response
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
A list of entitlement values
{- "data": [
- {
- "id": "entfxqCAJWWGELFTYAAA",
- "name": "Admin access",
- "description": "ability to grant an access",
- "externalValue": "admin"
}, - {
- "id": "entfxqCAJWWFTFUUYBBB",
- "name": "Corporate License",
- "description": "Corporate License",
- "externalValue": "corporate"
}
], - "_links": {
}, - "metadata": {
- "total": 2
}
}