Application Connections

The Application Connections API provides operations for configuring connections to an app.

Okta supports token-based and OAuth 2.0-based provisioning connections for supported apps. The following available provisioning connections are supported by the indicated apps:

Connection
Description
Apps supported
Token The provisioning API connection is based on bearer token authentication.
  • Okta Org2Org (okta_org2org)
  • Zscaler 2.0 (zscalerbyz)
OAuth 2.0 The provisioning API connection is based on OAuth 2.0 authentication.
  • Google Workspace (google)
  • Microsoft Office 365 (office365)
  • Okta Org2Org (okta_org2org)
  • Slack (slack)
  • Zoom (zoomus)

Note: The Okta Org2Org (okta_org2org) app isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.

Retrieve the default Provisioning Connection
OAuth 2.0: okta.apps.read

Retrieves the default Provisioning Connection for an app

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/apps/{appId}/connections/default
Request samples
Response samples
application/json
{}

Update the default provisioning connection
OAuth 2.0: okta.apps.manage

Updates the default Provisioning Connection for an app

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
query Parameters
activate
boolean

Activates the Provisioning Connection

Request Body schema: application/json
required
One of:

Token-based Provisioning Connection request

required
object (ProvisioningConnectionTokenRequestProfile)
authScheme
required
string (ProvisioningConnectionTokenAuthScheme)

A token is used to authenticate with the app. This property is only returned for the TOKEN authentication scheme.

Value: "TOKEN"
token
string

Token used to authenticate with the app

baseUrl
string

Only used for the Zscaler 2.0 (zscalerbyz) app. The base URL for the Zscaler 2.0 target app, which also contains the Zscaler ID.

Responses
200

OK

201

Created

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/apps/{appId}/connections/default
Request samples
application/json
{}
Response samples
application/json
{
  • "authScheme": "TOKEN",
  • "baseUrl": "string",
  • "profile": {
    • "authScheme": "OAUTH2"
    },
  • "status": "DISABLED",
  • "_links": {
    • "self": {
      },
    • "activate": {
      },
    • "deactivate": {
      },
    • "authorize": {
      }
    }
}

Activate the default provisioning connection
OAuth 2.0: okta.apps.manage

Activates the default Provisioning Connection for an app

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/apps/{appId}/connections/default/lifecycle/activate
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Deactivate the default provisioning connection
OAuth 2.0: okta.apps.manage

Deactivates the default Provisioning Connection for an app

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/apps/{appId}/connections/default/lifecycle/deactivate
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Verify the provisioning connection
OAuth 2.0: okta.apps.manage

Verifies the OAuth 2.0-based connection as part of the OAuth 2.0 consent flow. The validation of the consent flow is the last step of the provisioning setup for an OAuth 2.0-based connection. Currently, this operation only supports office365,google, zoomus, and slack apps.

Request
path Parameters
appName
required
string (OAuthProvisioningEnabledApp)

Application name for the provisioning connection

Enum: "google" "office365" "slack" "zoomus"
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
query Parameters
code
string

Unique string associated with each authentication request

state
string

A temporary code string that the client exchanges for an access token

Responses
204

No content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/apps/{appName}/{appId}/oauth2/callback
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}