Application Connections

The Application Connections API provides operations for configuring connections to an app.

Okta supports token-based and OAuth 2.0-based provisioning connections for supported apps. The following available provisioning connections are supported by the indicated apps:

Connection
 Description
Apps supported
Token The provisioning API connection is based on bearer token authentication.
  • Okta Org2Org (okta_org2org)
  • Zscaler 2.0 (zscalerbyz)
OAuth 2.0 The provisioning API connection is based on OAuth 2.0 authentication.
  • Google Workspace (google)
  • Microsoft Office 365 (office365)
  • Okta Org2Org (okta_org2org)
  • Slack (slack)
  • Zoom (zoomus)

Note: The Okta Org2Org (okta_org2org) app isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.

Retrieve the default provisioning connection
OAuth 2.0:
  • okta.apps.read

Retrieves the default provisioning connection for an app

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/apps/{appId}/connections/default
Request samples 
Response samples 
application/json
{}
Update the default provisioning connection
OAuth 2.0: 
  • okta.apps.manage
Updates the default provisioning connection for an app


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
query Parameters
activate
boolean
Activates the provisioning connection


 
Request Body schema: application/json
required
One of:
Token-based provisioning connection request


required
object (ProvisioningConnectionTokenRequestProfile) 
 
authScheme
required
string (ProvisioningConnectionTokenAuthScheme) 
A token is used to authenticate with the app. This property is only returned for the TOKEN authentication scheme.


 Value: "TOKEN"  
token
string
Token used to authenticate with the app


 
baseUrl
string
Only used for the Zscaler 2.0 (zscalerbyz) app. The base URL for the Zscaler 2.0 target app, which also contains the Zscaler ID.


 
Responses 
200
OK


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/apps/{appId}/connections/default
Request samples 
application/json
{}
Response samples 
application/json
{}
Retrieve a JSON Web Key Set (JWKS) for the default provisioning connection
Early AccessCORS
OAuth 2.0: 
  • okta.apps.read
Retrieves a JWKS for the default provisioning connection.  This can be used by the OAuth 2.0 app's jwk_uri property in the target org.


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Responses 
200
OK


401
Unauthorized


404
Not Found


429
Too Many Requests


get/api/v1/apps/{appId}/connections/default/jwks
Request samples 
Response samples 
application/json
{
  • "jwks": {
    • "keys": [
      ]
    }
}
Activate the default provisioning connection
OAuth 2.0: 
  • okta.apps.manage
Activates the default provisioning connection for an app


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/apps/{appId}/connections/default/lifecycle/activate
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
Deactivate the default provisioning connection
OAuth 2.0: 
  • okta.apps.manage
Deactivates the default provisioning connection for an app


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/apps/{appId}/connections/default/lifecycle/deactivate
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
Verify the provisioning connection
OAuth 2.0: 
  • okta.apps.manage
Verifies the OAuth 2.0-based connection as part of the OAuth 2.0 consent flow. The validation of the consent flow is the last step of the provisioning setup for an OAuth 2.0-based connection.
Currently, this operation only supports office365,google, zoomus, and slack apps.


Request 
path Parameters
appName
required
string (OAuthProvisioningEnabledApp) 
Application name for the provisioning connection


 Enum: "google" "office365" "slack" "zoomus"  
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
query Parameters
code
string
Unique string associated with each authentication request


 
state
string
A temporary code string that the client exchanges for an access token


 
Responses 
204
No content


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/apps/{appName}/{appId}/oauth2/callback
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}