Principal Entitlements

Principal Entitlements represent the effective entitlements for a user and resource after evaluating all grants.

See Entitlement Management for more information.

Retrieve the principal entitlements for a resource
Beta
Admin permissions required: `Application Administrator`
OAuth 2.0: `okta.governance.entitlements.read`

Retrieves the principal entitlements for a specific resource

Request

query Parameters

filter

required

string <scim-filter>

Apply various filters by using supported prinicipal entitlements filtering properties.

Note: Query parameter percent encoding is required. See Percent-encoding

Examples:

Filter by user and application

Query param: ?filter=parent.externalId eq "0oafxqCAJWWGELFTYASJ" AND parent.type eq "APPLICATION" AND targetPrincipal.externalId eq "00ub0oNGTSWTBKOLGLNR" AND targetPrincipal.type eq "OKTA_USER"

filter=parent.externalId%20eq%20%220oafxqCAJWWGELFTYASJ%22%20AND%20parent.type%20eq%20%22APPLICATION%22%20AND%20targetPrincipal.externalId%20eq%20%2200ub0oNGTSWTBKOLGLNR%22%20AND%20targetPrincipal.type%20eq%20%22OKTA_USER%22

Filter by user and application ORNs

Query param: ?filter=parentResourceOrn eq "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:oidc:0oafxqCAJWWGELFTYASJ" AND targetPrincipalOrn eq "orn:okta:directory:00o11edPwGqbUrsDm0g4:users:00ub0oNGTSWTBKOLGLNR"

filter=parentResourceOrn%20eq%20%22orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:oidc:0oafxqCAJWWGELFTYASJ%22%20AND%20targetPrincipalOrn%20eq%20%22orn:okta:directory:00o11edPwGqbUrsDm0g4:users:00ub0oNGTSWTBKOLGLNR%22

Responses

200

List of all principal entitlements for a specific resource.

400

An invalid list request

401

When authentication fails

403

When authorization fails

404

When the requested resource was not found

429

When the rate limit has been exceeded

500

When there is a server fault due to an unexpected error

get/governance/api/v1/principal-entitlements

Request samples

Response samples

application/json

When a user has been granted some License and Role entitlement's to Salesforce

{"data": [{"id": "0obfxqCAJWWGELFTYASJ",
"name": "License",
"externalValue": "License",
"description": "This is a license entitlement",
"multiValue": true,
"required": false,
"dataType": "string",
"targetPrincipalOrn": "orn:okta:directory:00o11edPwGqbUrsDm0g4:users:00ub0oNGTSWTBKOLGLNR",
"targetPrincipal": {"externalId": "00ub0oNGTSWTBKOLGLNR",
"type": "OKTA_USER"
},
"parentResourceOrn": "orn:okta:idp:00o11edPwGqbUrsDm0g4:apps:salesforce:0oafxqCAJWWGELFTYASJ",
"parent": {"externalId": "0oafxqCAJWWGELFTYASJ",
"type": "APPLICATION"
},
"values": [{"id": "0vefxqCAJWWGELFTYAAA",
"name": "A label",
"externalValue": "A",
"description": "A label description"
},
{"id": "0vefxqCAJWWGELFTYBBB",
"externalValue": "B",
"name": "B label",
"description": "B label description"
}
]
},
{"id": "0obfxqCAJWWGELFTYASJ",
"name": "Role",
"externalValue": "Role",
"description": "This is a role entitlement",
"multiValue": false,
"required": false,
"dataType": "string",
"targetPrincipal": {"externalId": "00ub0oNGTSWTBKOLGLNR",
"type": "OKTA_USER"
},
"parent": {"externalId": "0oafxqCAJWWGELFTYASJ",
"type": "APPLICATION"
},
"values": [{"id": "0vefxqCAJWWGELFTYCCC",
"name": "C label",
"externalValue": "C",
"description": "C label description"
}
]
}
]
}

Social
CONTACT & LEGAL
MORE INFO
okta.com
Products, case studies, resources
Help Center
Knowledgebase, roadmaps, and more
Trust
System status, security, compliance

Principal Entitlements

Retrieve the principal entitlements for a resourceBetaAdmin permissions required: Application AdministratorOAuth 2.0: okta.governance.entitlements.read

query Parameters

Retrieve the principal entitlements for a resource
Beta
Admin permissions required: `Application Administrator`
OAuth 2.0: `okta.governance.entitlements.read`