Principal Access - V2

Revoke a principal's access
Beta
OAuth 2.0 scopes:
  • okta.governance.entitlements.manage
Admin roles:
  • APP_ADMIN

Revokes a principal's access to resources (entitlement values, entitlement bundles, or apps).

Returns 200 OK HTTP code after access is revoked with _links to updated resources.

Request
Request Body schema: application/json
required

The revocation request parameters

principalOrn
required
string <okta-user-orn>

The Okta user, in ORN format.

revokeOrns
required
Array of strings [ 1 .. 5 ] items

List of resource ORNs to revoke access:

  • Entitlement value and entitlement bundle resources can be combined in a single request (with a maximum of five resources in a request).
  • App resources must be revoked separately (a request can only contain one app ORN).
actor
string
Default: "API"

The actor sending the grant request

Enum: "ACCESS_REQUEST" "ADMIN" "API" "NONE"
Responses
200

Response for a successful revocation

400

Bad request - invalid revocation parameters

401

When authentication fails

403

When authorization fails

429

When the rate limit has been exceeded

500

When there is a server fault due to an unexpected error

post/governance/api/v2/revoke-principal-access
Request samples
application/json
{
  • "principalOrn": "orn:okta:directory:00o11edPwGqbUrsDm0g4:users:00ub0oNGTSWTBKOLGLNR",
  • "actor": "ADMIN",
  • "revokeOrns": [
    • "orn:okta:idp:00o11rndFqmZ5rNfs0g4:apps:oidc_client:0oa251e7jQHXVgg5r0g4"
    ]
}
Response samples
application/json
{
  • "data": [
    • {
      • "_links": {
        }
      },
    • {
      • "_links": {
        }
      }
    ]
}