Orgs

Endpoints to manage and configure an Aerial account's orgs

Requests to delete an org
Early Access
OAuth 2.0:
  • okta.accounts.manage

Requests to delete an org You can only delete an org with a status of INACTIVE.

Note: This endpoint only deletes orgs in the Aerial Sandbox environment or if you are in the Okta Partner Program. Contact your account manager for more information.

SecurityOAuth2
Request
path Parameters
accountId
required
string

The id of the Aerial account

orgId
required
string

The id of the Okta Org

Responses
200

Success

400

Bad Request

401

Unauthorized

403

Forbidden

429

Rate limit exceeded

500

Internal Server Error

post/{accountId}/api/v1/orgs/{orgId}/deletionRequest
Request samples 
Response samples 
application/json
{ }
Change the status of an org
Early Access
OAuth 2.0: 
  • okta.accounts.manage
Change the status of an org


SecurityOAuth2 
Request 
path Parameters
accountId
required
string
The id of the Aerial account


 
orgId
required
string
The id of the Okta Org


 
Request Body schema: application/json
required
The target status for the org


status
required
string (org-status-enum) 
 Enum: "ACTIVE" "INACTIVE"  
Responses 
200
Success


400
Bad Request


401
Unauthorized


403
Forbidden


429
Rate limit exceeded


500
Internal Server Error


put/{accountId}/api/v1/orgs/{orgId}/status
Request samples 
application/json
{
  • "status": "INACTIVE"
}
Response samples 
application/json
{
  • "accountId": "0227mkkf8ulgt48bkidcd8ekqft",
  • "name": "My Org 1",
  • "cell": "ok1",
  • "domain": "my-org-1.okta.com",
  • "status": "INACTIVE",
  • "aerialOrg": false,
  • "createdDate": "2023-12-08T20:15:18.000Z",
  • "id": "00o16fjDHCgFqob8n0g4"
}
List all managed orgs
Early Access
OAuth 2.0: 
  • okta.accounts.read
Lists all orgs that are managed by the Aerial account


SecurityOAuth2 
Request 
path Parameters
accountId
required
string
The id of the Aerial account


 
query Parameters
after
string
The cursor that points to the end of the page of data that has been returned. This value is generated by the server and is returned in the next URI in the Link response header of the previous request. See Pagination.


 
before
string
The cursor that points to the start of the page of data that has been returned. This value is generated by the server and is returned in the prev URI in the Link response header of the previous request. See Pagination.


 
limit
integer  [ 1 .. 100 ] 
 Default:  25
The maximum number of records to return in a page


 
filter
string
A SCIM 2.0 filter expression that filters the results. Filter attributes include subdomain, aerialOrg and status. Only the following example expressions are supported.


  Examples: 
filter=subdomain eq "customer-subdomain"
filter=aerialOrg eq true
filter=status eq "ACTIVE" AND subdomain sw "customer"
Responses 
200
Success


400
Bad Request


401
Unauthorized


403
Forbidden


404
Resource Not Found


429
Rate limit exceeded


500
Internal Server Error


get/{accountId}/api/v1/orgs
Request samples 
Response samples 
application/json
[
  • {
    • "accountId": "0227mkkf8ulgt48bkidcd8ekqft",
    • "name": "My Org 1",
    • "cell": "ok1",
    • "domain": "my-org-1.okta.com",
    • "status": "ACTIVE",
    • "aerialOrg": true,
    • "createdDate": "2023-12-08T20:15:18.000Z",
    • "id": "00o16fjDHCgFqob8n0g4"
    },
  • {
    • "accountId": "0227mkkf8ulgt48bkidcd8ekqft",
    • "name": "My Org 2",
    • "cell": "ok1",
    • "domain": "my-org-2.okta.com",
    • "status": "INACTIVE",
    • "aerialOrg": false,
    • "createdDate": "2023-12-08T22:09:07.000Z",
    • "id": "00o16xupGJbokZXPO0g4"
    },
  • {
    • "accountId": "0227mkkf8ulgt48bkidcd8ekqft",
    • "name": "My Org 3",
    • "cell": "ok1",
    • "domain": "my-org-3.okta.com",
    • "status": "ACTIVE",
    • "aerialOrg": false,
    • "createdDate": "2023-12-08T23:13:08.000Z",
    • "id": "00o1cqcx8XNArUxjH0g4"
    }
]
Add an org to your account
Early Access
OAuth 2.0: 
  • okta.accounts.manage
Adds an org to be managed by the Aerial account. The super admin of the org must first grant Okta Aerial the ability to manage the org.


SecurityOAuth2 
Request 
path Parameters
accountId
required
string
The id of the Aerial account


 
Request Body schema: application/json
required
Information about the Org that is added to the Account


orgId
string
The ID of the Okta Org. Required if the domain isn't provided.


 
domain
string
The Domain of the Okta Org. Required if the orgId isn't provided.


 
cell
string
The cell of the Okta Org. Optional. Provide for a faster response time.


 
Responses 
200
Success


400
Bad Request


401
Unauthorized


403
Forbidden


429
Rate limit exceeded


500
Internal Server Error


post/{accountId}/api/v1/orgs
Request samples 
application/json
{
  • "orgId": "00oy0itaI2Yi7XGGE0g3",
  • "cell": "ok1"
}
Response samples 
application/json
{
  • "accountId": "0227mkkf8ulgt48bkidcd8ekqft",
  • "name": "My Org 1",
  • "cell": "ok1",
  • "domain": "my-org-1.okta.com",
  • "status": "ACTIVE",
  • "aerialOrg": false,
  • "createdDate": "2023-12-08T20:15:18.000Z",
  • "id": "00o16fjDHCgFqob8n0g4"
}
List all associated orgs
Early Access
OAuth 2.0: 
  • okta.accounts.read
Lists all associated orgs in a report format. The report is updated asynchronously. Associated orgs are are all orgs linked to (or associated with) your Okta contract.
Newly created orgs may not immediately show up in the report. The management status of the orgs added into the account is updated in real-time.


SecurityOAuth2 
Request 
path Parameters
accountId
required
string
The id of the Aerial account


 
query Parameters
after
string
The cursor that points to the end of the page of data that has been returned. This value is generated by the server and is returned in the next URI in the Link response header of the previous request. See Pagination.


 
before
string
The cursor that points to the start of the page of data that has been returned. This value is generated by the server and is returned in the prev URI in the Link response header of the previous request. See Pagination.


 
limit
integer  [ 1 .. 100 ] 
 Default:  25
The maximum number of records to return in a page


 
filter
string
A SCIM 2.0 filter expression that filters the results. The attributes you can filter on include subdomain, accountId and status. Only the following example expressions are supported.


  Examples: 
filter=subdomain eq "customer-subdomain"
filter=accountId eq "0227mkkf8ulgt48bkidcd8ekqft"
filter=accountId eq null
filter=status eq "ACTIVE" AND subdomain sw "customer"
filter=not (accountId pr)
Responses 
200
Success


400
Bad Request


401
Unauthorized


403
Forbidden


404
Resource Not Found


429
Rate limit exceeded


500
Internal Server Error


get/{accountId}/api/v1/reports/associatedOrgs
Request samples 
Response samples 
application/json
[
  • {
    • "accountId": "0227mkkf8ulgt48bkidcd8ekqft",
    • "name": "My Org 1",
    • "cell": "okta.com:1",
    • "domain": "my-org-1.okta.com",
    • "status": "ACTIVE",
    • "id": "00o16fjDHCgFqob8n0g4"
    },
  • {
    • "name": "My Org 2",
    • "cell": "oktapreview.com:3",
    • "domain": "my-org-2.oktapreview.com",
    • "status": "INACTIVE",
    • "id": "00o16xupGJbokZXPO0g4"
    },
  • {
    • "accountId": "0227mkkf8ulgt48bkidcd8ekqft",
    • "name": "My Org 3",
    • "cell": "okta.com:16",
    • "domain": "my-org-3.okta.com",
    • "status": "ACTIVE",
    • "id": "00o1cqcx8XNArUxjH0g4"
    }
]
Retrieve an org
Early Access
OAuth 2.0: 
  • okta.accounts.read
Retrieves an org that's in an Aerial account by orgId


SecurityOAuth2 
Request 
path Parameters
accountId
required
string
The id of the Aerial account


 
orgId
required
string
The id of the Okta Org


 
Responses 
200
Success


401
Unauthorized


403
Forbidden


404
Resource Not Found


429
Rate limit exceeded


500
Internal Server Error


get/{accountId}/api/v1/orgs/{orgId}
Request samples 
Response samples 
application/json
{
  • "accountId": "0227mkkf8ulgt48bkidcd8ekqft",
  • "name": "My Org 1",
  • "cell": "ok1",
  • "domain": "my-org-1.okta.com",
  • "status": "ACTIVE",
  • "aerialOrg": false,
  • "createdDate": "2023-12-08T20:15:18.000Z",
  • "id": "00o16fjDHCgFqob8n0g4"
}
List all enabled products for an org
Early Access
OAuth 2.0: 
  • okta.accounts.read
Lists all enabled products by orgId


SecurityOAuth2 
Request 
path Parameters
accountId
required
string
The id of the Aerial account


 
orgId
required
string
The id of the Okta Org


 
Responses 
200
Success


401
Unauthorized


403
Forbidden


404
Resource Not Found


429
Rate limit exceeded


500
Internal Server Error


get/{accountId}/api/v1/orgs/{orgId}/products
Request samples 
Response samples 
application/json
[
  • {
    • "id": "P000052",
    • "name": "IT Products - SSO"
    },
  • {
    • "id": "P000131",
    • "name": "IT Products - MFA"
    }
]
Update enabled products for an org
Early Access
OAuth 2.0: 
  • okta.accounts.manage
Update the enabled products of an org. Any products not found in this list are disabled for the org.


SecurityOAuth2 
Request 
path Parameters
accountId
required
string
The id of the Aerial account


 
orgId
required
string
The id of the Okta Org


 
Request Body schema: application/json
required
 Array 
id
required
string  <= 30 characters 
The ID of the product


 
name
string  <= 255 characters 
The name of the Product


 
Responses 
200
Success


400
Bad Request


401
Unauthorized


403
Forbidden


429
Rate limit exceeded


500
Internal Server Error


put/{accountId}/api/v1/orgs/{orgId}/products
Request samples 
application/json
[
  • {
    • "id": "P000052"
    }
]
Response samples 
application/json
[
  • {
    • "id": "P000052",
    • "name": "IT Products - SSO"
    },
  • {
    • "id": "P000131",
    • "name": "IT Products - MFA"
    }
]