Request types define the operations performed by Okta Access Requests, including:
Manage request types with the following request type APIs.
See Access Request Types for more information on Access Request Types and Identity Governance.
Note: Operations to create or delete applications or groups in Okta could take up to 24 hours before they can be referenced by the Access Requests API. To trigger these changes in Access Requests immediately, open Okta Access Requests as an administrator, go to Settings > Configuration and click Sync Now on the relevant Okta resource list.
Access Requests Administrator
okta.governance.accessRequests.manage
Creates a request type, which governs whether requests are allowed and who is associated with the request.
When creating a request type, you specify:
The writable attributes of a request type
required | object There are two | ||||||||
name required | string [ 1 .. 50 ] characters Writable unique key on Create. Not modifiable on update. | ||||||||
ownerId required | string <owner-id> = 24 characters The ID of the team that administers this request type. | ||||||||
required | object Which resource(s) are requestable | ||||||||
accessDuration | string or null <iso-duration> Default: null How long the requester retains access after their request is approved and fulfilled. Specified in ISO 8601 duration format. Known limitationOnly single time unit ISO 8601 duration formats (D, H, M) are supported, for units (days, hours, minutes). Supported
| ||||||||
description | string [ 1 .. 2000 ] characters Human readable description. | ||||||||
object Default: {"type":"EVERYONE","requesterFields":[]} The
| |||||||||
status | string Default: "DRAFT" Whether the request type starts with a status of DRAFT or ACTIVE. Starting as ACTIVE is preferable to avoid a publish operation when no manual inspection of the request type is necessary before publication. |
A successful request type create response
An invalid request to create a request type
When authentication fails
When authorization fails
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
The minimal set of properties to pass when creating a Request Type. Allows anyone to request access to the Admin Group. No questions are required, and there is only one approval required by the requesting user's manager.
{- "name": "salesforce-01",
- "description": "How users can request access to Admin Group",
- "ownerId": "61eb0f06c462d20007f051ac",
- "resourceSettings": {
- "type": "GROUPS",
- "targetResources": [
- {
- "resourceId": "00g1emaKYZTWRYYRRTSK"
}
]
}, - "approvalSettings": {
- "type": "SERIAL",
- "approvals": [
- {
- "approverType": "MANAGER"
}
]
}
}
The minimal set of properties to pass when creating a Request Type. Allows anyone to request access to the Admin Group. No questions are required, and there is only one approval required by the requesting user's manager.
{- "id": "08ab2db568c7c300079fefd0",
- "name": "low-privilege-group-01-request-type-02",
- "description": "How users can request access to low privilege Group 01",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "ownerId": "61eb0f06c462d20007f051ac",
- "resourceSettings": {
- "type": "GROUPS",
- "targetResources": [
- {
- "resourceId": "00g1emaKYZTWRYYRRTSK",
- "resourceName": "Low privilege Group 01"
}
]
}, - "requestSettings": {
- "type": "EVERYONE",
- "requesterFields": [ ]
}, - "approvalSettings": {
- "type": "SERIAL",
- "approvals": [
- {
- "approverType": "MANAGER",
- "description": "Approval from the requester's manager",
- "approverFields": [ ]
}
]
}, - "accessDuration": null,
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}
okta.governance.accessRequests.read
Lists all or a subset of request types in your organization.
Use the ?filter=
parameter to narrow results with the following request type properties: status
and lastUpdated
.
Pagination parameters are accepted, and standard link headers are in the response.
after | string <request-type-id> = 24 characters The after cursor provided by a prior request. |
filter | string <scim-filter> Apply various filters by using supported request types filtering properties. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?filter=status eq "ACTIVE" filter=status%20eq%20%22ACTIVE%22Query param: ?filter=lastUpdated gt "2022-05-24T14:15:22Z" filter=lastUpdated%20gt%20%222022-05-24T14%3A15%3A22Z%22Query param: ?filter=status eq "ACTIVE" AND lastUpdated gt "2022-05-24T14:15:22Z" filter=status%20eq%20%22ACTIVE%22%20AND%20lastUpdated%20gt%20%222022-05-24T14%3A15%3A22Z%22 |
limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records that will be returned in a given result. |
orderBy | string <order-by> Apply an ordering of request types by specifying a supported request type property name with Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?orderBy=created desc orderBy=created%20descQuery param: ?orderBy=lastUpdated desc orderBy=lastUpdated%20desc |
A successful request type list response
An invalid request to list request types
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
A list of request type with no filter
{- "data": [
- {
- "id": "08ab2db568c7c300079fefd",
- "name": "low-privilege-group-01-request-type-02",
- "description": "How users can request access to low privilege Group 01",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}, - {
- "id": "10ab2db568c7c300079fefd",
- "name": "salesforce-01-request-type-07",
- "description": "How anyone can request access to Salesforce 01",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}, - {
- "id": "07ab2db568c7c300079fefd0",
- "name": "low-privilege-group-01-request-type-01",
- "description": "How users can request access to low privilege Group 01",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}, - {
- "id": "01ab2db568c7c300079fefd0",
- "name": "salesforce-01-request-type-01",
- "description": "How users can get manager's approval to access Salesforce 01",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}, - {
- "id": "04ab2db568c7c300079fefd0",
- "name": "salesforce-01-request-type-04",
- "description": "How users can request access to Salesforce 01, approving manager must select justification",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}, - {
- "id": "03ab2db568c7c300079fefd0",
- "name": "salesforce-01-request-type-03",
- "description": "How users can request access to Salesforce 01 and provide text input",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}, - {
- "id": "05ab2db568c7c300079fefd0",
- "name": "salesforce-01-request-type-05",
- "description": "How users can request access to Salesforce 01, approving manager must approve and answer a question using a DATE-TIME field",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}, - {
- "id": "06ab2db568c7c300079fefd0",
- "name": "admin-group-01-request-type-01",
- "description": "How users can request access to Admin Group 01, with multiple approvals, where each approval demonstrates a different way to specify the approver.",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}, - {
- "id": "09ab2db568c7c300079fefd0",
- "name": "salesforce-01-request-type-06",
- "description": "How users can request access to Salesforce 01",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}, - {
- "id": "12ab2db568c7c300079fefd0",
- "name": "salesforce-01-request-type-09",
- "description": "How group members can request access to Salesforce 01",
- "created": "2022-05-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "lastUpdateSource": "API",
- "_links": {
- "createRequest": {
- "type": "text/html"
},
}
}
],
}
Access Requests Administrator
okta.governance.accessRequests.read
Retrieves the full representation of a specific request type.
More information is returned than the abbreviated representation in a List request types operation.
A successful request type get response
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
When getting a request type in published status
{- "id": "61eb2db568c7c300079fefd0",
- "name": "salesforce-01",
- "description": "How users can request access to Salesforce 01",
- "created": "2019-08-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "ACTIVE",
- "ownerId": "61eb0f06c462d20007f051ac",
- "resourceSettings": {
- "type": "GROUPS",
- "targetResources": [
- {
- "resourceId": "00g1emaKYZTWRYYRRTSK"
}
]
}, - "requestSettings": {
- "type": "EVERYONE",
- "requesterFields": [
- {
- "id": "05c87fe9-11f6-4d40-a033-b155b39dcdbe",
- "prompt": "What is the business justification?",
- "required": true,
- "type": "TEXT"
}
]
}, - "approvalSettings": {
- "type": "SERIAL",
- "approvals": [
- {
- "approverType": "MEMBER_OF",
- "description": "Approval from a member of the specified OKTA group",
- "approverMemberOf": [
- "00g1emaKYZTWRYYRRTSK"
], - "approverFields": [
- {
- "id": "ec9da40d-9c1b-41c6-8016-edfd010b02d2",
- "prompt": "What is the business justification?",
- "required": true,
- "type": "TEXT"
}
]
}
]
}, - "lastUpdateSource": "API",
- "accessDuration": null,
- "_links": {
- "createRequest": {
- "type": "text/html"
}, - "requests": {
- "type": "application/json"
},
}
}
Access Requests Administrator
okta.governance.accessRequests.manage
Deletes a request type from your organization.
A deleted request type:
Note: In-flight requests using the
DELETED
request type continue in their lifecycle operations using the state of the request type at the time the request was made.
A successful request type delete response
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "errorCode": "E0000004",
- "errorSummary": "Authentication failed.",
- "errorLink": "E0000004",
- "errorId": "oaeWCGz73hpRCG75VHP6-RRXw",
- "errorCauses": [ ]
}
Access Requests Administrator
okta.governance.accessRequests.manage
Publishes a request type to your organziation.
A published request type:
ACTIVE
A request type with a status of ACTIVE
can be unpublished or deleted at any time.
A successful request type publish response
When authentication fails
When authorization fails
When the requested resource was not found
An invalid request to publish a request type
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
When getting a request type in published status
{- "id": "61eb2db568c7c300079fefd0",
- "name": "salesforce-01",
- "description": "How users can request access to Salesforce 01",
- "created": "2019-08-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2022-05-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "ACTIVE",
- "ownerId": "61eb0f06c462d20007f051ac",
- "resourceSettings": {
- "type": "GROUPS",
- "targetResources": [
- {
- "resourceId": "00g1emaKYZTWRYYRRTSK"
}
]
}, - "requestSettings": {
- "type": "EVERYONE",
- "requesterFields": [
- {
- "id": "05c87fe9-11f6-4d40-a033-b155b39dcdbe",
- "prompt": "What is the business justification?",
- "required": true,
- "type": "TEXT"
}
]
}, - "approvalSettings": {
- "type": "SERIAL",
- "approvals": [
- {
- "approverType": "MEMBER_OF",
- "description": "Approval from a member of the specified OKTA group",
- "approverMemberOf": [
- "00g1emaKYZTWRYYRRTSK"
], - "approverFields": [
- {
- "id": "ec9da40d-9c1b-41c6-8016-edfd010b02d2",
- "prompt": "What is the business justification?",
- "required": true,
- "type": "TEXT"
}
]
}
]
}, - "lastUpdateSource": "API",
- "accessDuration": null,
- "_links": {
- "createRequest": {
- "type": "text/html"
}, - "requests": {
- "type": "application/json"
},
}
}
Access Requests Administrator
okta.governance.accessRequests.manage
Unpublishes a request type, which returns the status of the request type to DRAFT
.
An unpublished Request Type:
Note: In-flight requests continue in their lifecycle using the request type definition from the point in time the request was created.
A request type with a status of DRAFT
can be published or deleted at any time.
A successful request type unpublish response
When authentication fails
When authorization fails
When the requested resource was not found
An invalid request due to status conflict when unpublishing a request type
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
When getting a request type in draft status
{- "id": "61eb2db568c7c300079fefd0",
- "name": "salesforce-01",
- "description": "How users can request access to Salesforce 01",
- "created": "2019-08-24T14:15:22Z",
- "createdBy": "00ub0oNGTSWTBKOLGLNR",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "lastUpdatedBy": "00ub0oNGTSWTBKOLGLNR",
- "status": "DRAFT",
- "ownerId": "61eb0f06c462d20007f051ac",
- "resourceSettings": {
- "type": "GROUPS",
- "targetResources": [
- {
- "resourceId": "00g1emaKYZTWRYYRRTSK"
}
]
}, - "requestSettings": {
- "type": "EVERYONE",
- "requesterFields": [
- {
- "id": "05c87fe9-11f6-4d40-a033-b155b39dcdbe",
- "prompt": "What is the business justification?",
- "required": true,
- "type": "TEXT"
}
]
}, - "approvalSettings": {
- "type": "SERIAL",
- "approvals": [
- {
- "approverType": "MEMBER_OF",
- "description": "Approval from a member of the specified OKTA group",
- "approverMemberOf": [
- "00g1emaKYZTWRYYRRTSK"
], - "approverFields": [
- {
- "id": "ec9da40d-9c1b-41c6-8016-edfd010b02d2",
- "prompt": "What is the business justification?",
- "required": true,
- "type": "TEXT"
}
]
}
]
}, - "lastUpdateSource": "API",
- "accessDuration": null,
- "_links": {
- "requests": {
- "type": "application/json"
},
}
}
Access Requests Administrator
okta.governance.accessRequests.read
Lists all or a subset of teams in your organization.
Use the ?filter=
parameter to narrow results with the request type property name
. This query is useful for specifying the ownerId
of a request type.
Pagination parameters are accepted, and standard link headers are in the response.
after | string <owner-id> = 24 characters The after cursor provided by a prior request. |
filter | string <scim-filter> Apply various filters by using supported team filtering properties. Note: Query parameter percent encoding is required. See Percent-encoding Query param: ?filter=name eq "Salesforce admins" filter=name%20eq%20%22Salesforce%20admins%22 |
limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records that will be returned in a given result. |
A successful teams list response
An invalid request to list teams
When authentication fails
When authorization fails
When there is a server fault due to an unexpected error
A list of teams
{- "data": [
- {
- "id": "08ab2db568c7c300079fefd0",
- "name": "Salesforce admins",
- "created": "2022-05-24T14:15:22Z",
- "lastUpdated": "2022-05-24T14:15:22Z"
}, - {
- "id": "08ab2db568c7c300079fefd0",
- "name": "Netsuite admins",
- "created": "2022-05-24T14:15:22Z",
- "lastUpdated": "2022-05-24T14:15:22Z"
}
]
}