Application Features

The Application Features API supports operations to configure app provisioning feature settings.

You must have app provisioning enabled to configure provisioning features. See Update the default Provisioning Connection.

The following available provisioning features are supported by the indicated apps:

Feature
Description
Apps supported
USER_PROVISIONING Similar to the app Provisioning > To App setting in the Admin Console, user profiles are pushed from Okta to the third-party app. You can configure rules for creating users, deactivating users, and syncing passwords.
  • Google Workspace (google)
  • Microsoft Office 365 (office365)
  • Okta Org2Org (okta_org2org)
  • Slack (slack)
  • Zoom (zoomus)
  • Zscaler 2.0 (zscalerbyz)
INBOUND_PROVISIONING Similar to the app Provisioning > To Okta provisioning setting in the Admin Console, user profiles are imported from the third-party app into Okta. You can schedule user import and configure rules for user creation and matching.
  • Google Workspace (google)
  • Microsoft Office 365 (office365)
  • Okta Org2Org (okta_org2org)
  • Slack (slack)
  • Zoom (zoomus)

Note: The Okta Org2Org (okta_org2org) app isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.

List all features
OAuth 2.0: okta.apps.read

Lists all features for an app

Note: This request returns an error if provisioning isn't enabled for the app. To set up provisioning, see Update the default Provisioning Connection.

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/apps/{appId}/features
Request samples
Response samples
application/json
[
  • {
    • "name": "USER_PROVISIONING",
    • "status": "ENABLED",
    • "description": "User provisioning settings from Okta to a downstream application",
    • "capabilities": {
      },
    • "_links": {}
    }
]

Retrieve a feature
OAuth 2.0: okta.apps.read

Retrieves a Feature object for an app

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
featureName
required
string (ApplicationFeatureType)

Name of the Feature

Enum: "USER_PROVISIONING" "INBOUND_PROVISIONING"
Example: USER_PROVISIONING
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/apps/{appId}/features/{featureName}
Request samples
Response samples
application/json
{
  • "name": "USER_PROVISIONING",
  • "status": "ENABLED",
  • "description": "User provisioning settings from Okta to a downstream application",
  • "capabilities": {
    • "create": {
      },
    • "update": {
      }
    },
  • "_links": {}
}

Update a feature
OAuth 2.0: okta.apps.manage

Updates a Feature object for an app

Note: This endpoint supports partial updates.

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
featureName
required
string (ApplicationFeatureType)

Name of the Feature

Enum: "USER_PROVISIONING" "INBOUND_PROVISIONING"
Example: USER_PROVISIONING
Request Body schema: application/json
required
One of:

Defines the configurations for the USER_PROVISIONING feature

object (CapabilitiesCreateObject)

Determines whether Okta assigns a new app account to each user managed by Okta.

Okta doesn't create a new account if it detects that the username specified in Okta already exists in the app. The user's Okta username is assigned by default.

object (LifecycleCreateSettingObject)

Determines whether to update a user in the app when a user in Okta is updated

status
string
Default: "DISABLED"

Setting status

Enum: "DISABLED" "ENABLED"
object (CapabilitiesUpdateObject)

Determines whether updates to a user's profile are pushed to the app

object (LifecycleDeactivateSettingObject)

Determines whether deprovisioning occurs when the app is unassigned

status
string
Default: "DISABLED"

Setting status

Enum: "DISABLED" "ENABLED"
object (PasswordSettingObject)

Determines whether Okta creates and pushes a password in the app for each assigned user

change
string (ChangeEnum)
Default: "KEEP_EXISTING"

Determines whether a change in a user's password also updates the user's password in the app

Enum: "CHANGE" "KEEP_EXISTING"
seed
string (SeedEnum)
Default: "RANDOM"

Determines whether the generated password is the user's Okta password or a randomly generated password

Enum: "OKTA" "RANDOM"
status
string
Default: "DISABLED"

Setting status

Enum: "DISABLED" "ENABLED"
object (ProfileSettingObject)

This setting determines whether a user in the app gets updated when they're updated in Okta.

If enabled, Okta updates a user's attributes in the app when the app is assigned. Future changes made to the Okta user's profile automatically overwrite the corresponding attribute value in the app.

status
string
Default: "DISABLED"

Setting status

Enum: "DISABLED" "ENABLED"
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/apps/{appId}/features/{featureName}
Request samples
application/json
{
  • "create": {
    • "lifecycleCreate": {
      }
    },
  • "update": {
    • "lifecycleDeactivate": {
      },
    • "profile": {
      },
    • "password": {
      }
    }
}
Response samples
application/json
{
  • "name": "USER_PROVISIONING",
  • "status": "ENABLED",
  • "description": "User provisioning settings from Okta to a downstream application",
  • "capabilities": {
    • "create": {
      },
    • "update": {
      }
    },
  • "_links": {}
}