Request Settings

Request settings are useful for managing your org's access requests.

Request settings can be read and updated at the org and resource level.

The information provided by request settings may be used to determine if another operation, such as creating a request condition, is valid for a particular organization and resource.

See Access requests - Get started for information on setting up access requests for your organization.

Retrieve the resource request settings
OAuth 2.0 scope:
  • okta.accessRequests.condition.read
Admin roles:
  • ACCESS_REQUESTS_ADMIN

Retrieves the request settings for a resource

Resource request settings are useful for determining what kind of request conditions can be created or updated for a resource.

For example:

  • validAccessScopeSettings indicates what accessScopeSettings may be passed in a Create request condition or Update request condition operation.
  • validRequesterSettings indicates what requesterSettings may be passed in a Create request condition or Update request condition operation.
  • validAccessDurationSettings indicates the maximum duration the user will have access to the resources.
  • validRiskSettings indicates what riskSettings may be passed. Currently, it can be at the resource request settings.
  • validRequestOnBehalfOfSettings indicates the available request on behalf of settings for the resource.
  • requestOnBehalfOfSettings if they exist, they indicate the settings specified for request on behalf of.
  • riskSettings if they exist, they indicate the risk settings specified for the resource.

See response examples for various possible request setting scenarios.

Request
path Parameters
resourceId
required
string

The ID of the resource in Okta instance ID format or ORN format

Responses
200

A successful request settings get response

401

When authentication fails

403

When authorization fails

404

When the requested resource wasn't found

429

When the rate limit has been exceeded

500

When there is a server fault due to an unexpected error

get/governance/api/v2/resources/{resourceId}/request-settings
Request samples 
Response samples 
application/json
When resource:


    

  • Has entitlement management enabled
    • 

  • Has at least one entitlement value
    • 

  • Has at least one entitlement bundle
    • 



{
  • "validAccessScopeSettings": [
    • {
      • "type": "RESOURCE_DEFAULT"
      },
    • {
      • "type": "ENTITLEMENT_BUNDLES"
      }
    ],
  • "validRequesterSettings": [
    • {
      • "type": "EVERYONE"
      },
    • {
      • "type": "GROUPS"
      }
    ],
  • "validAccessDurationSettings": {
    • "required": true,
    • "maximumDays": 90,
    • "maximumHours": 72,
    • "maximumWeeks": 12,
    • "supportedTypes": [
      • {
        }
      ]
    },
  • "validRiskSettings": {
    • "supportedTypes": [ ]
    },
  • "validRequestOnBehalfOfSettings": [
    • {
      • "type": "EVERYONE"
      },
    • {
      • "type": "DIRECT_REPORT"
      }
    ]
}
Update the resource request settings
OAuth 2.0 scope: 
  • okta.accessRequests.condition.manage
Admin roles: 
  • ACCESS_REQUESTS_ADMIN
Updates the resource request settings


Request 
path Parameters
resourceId
required
string
The ID of the resource in Okta instance ID format or ORN format


 
Request Body schema: application/json
required
object or null
Specifies if and for whom a requester may request the resource for.


 
object
Risk settings that are valid for an access request when a risk has been detected for the resource and requesting user


 
Responses 
200
A successful request settings patch response


400
When request settings fails as bad request


401
When authentication fails


403
When authorization fails


404
When the requested resource wasn't found


429
When the rate limit has been exceeded


500
When there is a server fault due to an unexpected error


patch/governance/api/v2/resources/{resourceId}/request-settings
Request samples 
application/json
Request on behalf of settings where any requester can request


{
  • "requestOnBehalfOfSettings": {
    • "allowed": true
    }
}
Response samples 
application/json
When resource:


    

  • Has entitlement management enabled
    • 

  • Has at least one entitlement value
    • 

  • Has at least one entitlement bundle
    • 



{
  • "validAccessScopeSettings": [
    • {
      • "type": "RESOURCE_DEFAULT"
      },
    • {
      • "type": "ENTITLEMENT_BUNDLES"
      }
    ],
  • "validRequesterSettings": [
    • {
      • "type": "EVERYONE"
      },
    • {
      • "type": "GROUPS"
      }
    ],
  • "validAccessDurationSettings": {
    • "required": true,
    • "maximumDays": 90,
    • "maximumHours": 72,
    • "maximumWeeks": 12,
    • "supportedTypes": [
      • {
        }
      ]
    },
  • "validRiskSettings": {
    • "supportedTypes": [ ]
    },
  • "validRequestOnBehalfOfSettings": [
    • {
      • "type": "EVERYONE"
      },
    • {
      • "type": "DIRECT_REPORT"
      }
    ]
}
Retrieve the org request settings
OAuth 2.0 scope: 
  • okta.accessRequests.condition.read
Admin roles: 
  • ACCESS_REQUESTS_ADMIN
Retrieves the request settings for the org.


Org request settings indicate:


    

  • If the Access Requests app has been provisioned
    • 

  • If a customer has triggered Access Requests app provisioning in their org
    • 

  • The request experiences that are supported
    • 

  • If the provisioning for the Access Requests app was triggered a while ago
    • 



Responses 
200
A successful org request settings get response


401
When authentication fails


403
When authorization fails


404
When the requested resource wasn't found


429
When the rate limit has been exceeded


500
When there is a server fault due to an unexpected error


get/governance/api/v2/request-settings
Request samples 
Response samples 
application/json
{
  • "subprocessorsAcknowledged": false,
  • "provisioningStatus": "NOT_PROVISIONED",
  • "requestExperiences": [ ],
  • "longTimePastProvisioned": false
}
Update the org request settings
OAuth 2.0 scope: 
  • okta.accessRequests.condition.manage
Admin roles: 
  • ACCESS_REQUESTS_ADMIN
Updates the request settings for the org


Request 
Request Body schema: application/json
required
subprocessorsAcknowledged
boolean
Indicates that Access Requests provisioning was triggered by the customer (such as in Govern Okta admin roles)


 
Responses 
200
A successful org request settings patch response


401
When authentication fails


403
When authorization fails


404
When the requested resource wasn't found


429
When the rate limit has been exceeded


500
When there is a server fault due to an unexpected error


patch/governance/api/v2/request-settings
Request samples 
application/json
Request Settings for the org for patch example


{
  • "subprocessorsAcknowledged": true
}
Response samples 
application/json
Request Settings for the org for patch example


{
  • "subprocessorsAcknowledged": true
}