Application Features

The Application Features API supports operations to configure app provisioning feature settings.

You must have app provisioning enabled to configure provisioning features. See Update the default Provisioning Connection.

The following available provisioning features are supported by the indicated apps:

Feature
 Description
Apps supported
USER_PROVISIONING Similar to the app Provisioning > To App setting in the Admin Console, user profiles are pushed from Okta to the third-party app. You can configure rules for creating users, deactivating users, and syncing passwords.
  • Google Workspace (google)
  • Microsoft Office 365 (office365)
  • Okta Org2Org (okta_org2org)
  • Slack (slack)
  • Zoom (zoomus)
  • Zscaler 2.0 (zscalerbyz)
INBOUND_PROVISIONING Similar to the app Provisioning > To Okta provisioning setting in the Admin Console, user profiles are imported from the third-party app into Okta. You can schedule user import and configure rules for user creation and matching.
  • Google Workspace (google)
  • Microsoft Office 365 (office365)
  • Okta Org2Org (okta_org2org)
  • Slack (slack)
  • Zoom (zoomus)

Note: The Okta Org2Org (okta_org2org) app isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.

List all Features
OAuth 2.0: okta.apps.read

Lists all features for an app

Note: This request returns an error if provisioning isn't enabled for the app. To set up provisioning, see Update the default Provisioning Connection.

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/apps/{appId}/features
Request samples 
Response samples 
application/json
[
  • {
    • "name": "USER_PROVISIONING",
    • "status": "ENABLED",
    • "description": "User provisioning settings from Okta to a downstream application",
    • "capabilities": {
      },
    • "_links": {}
    }
]
Retrieve a Feature
OAuth 2.0: okta.apps.read
Retrieves a Feature object for an app


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
featureName
required
string (ApplicationFeatureType) 
Name of the Feature


 Enum: "USER_PROVISIONING" "INBOUND_PROVISIONING"  
 Example:  USER_PROVISIONING
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/apps/{appId}/features/{featureName}
Request samples 
Response samples 
application/json
{
  • "name": "USER_PROVISIONING",
  • "status": "ENABLED",
  • "description": "User provisioning settings from Okta to a downstream application",
  • "capabilities": {
    • "create": {
      },
    • "update": {
      }
    },
  • "_links": {}
}
Update a Feature
OAuth 2.0: okta.apps.manage
Updates a Feature object for an app




Note: This endpoint supports partial updates.




Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
featureName
required
string (ApplicationFeatureType) 
Name of the Feature


 Enum: "USER_PROVISIONING" "INBOUND_PROVISIONING"  
 Example:  USER_PROVISIONING
Request Body schema: application/json
required
One of:
Defines the configurations for the USER_PROVISIONING feature


object (CapabilitiesCreateObject) 
Determines whether Okta assigns a new app account to each user managed by Okta.


Okta doesn't create a new account if it detects that the username specified in Okta already exists in the app.
The user's Okta username is assigned by default.


 
object (LifecycleCreateSettingObject) 
Determines whether to update a user in the app when a user in Okta is updated


 
status
string
 Default:  "DISABLED"
Setting status


 Enum: "DISABLED" "ENABLED"  
object (CapabilitiesUpdateObject) 
Determines whether updates to a user's profile are pushed to the app


 
object (LifecycleDeactivateSettingObject) 
Determines whether deprovisioning occurs when the app is unassigned


 
status
string
 Default:  "DISABLED"
Setting status


 Enum: "DISABLED" "ENABLED"  
object (PasswordSettingObject) 
Determines whether Okta creates and pushes a password in the app for each assigned user


 
change
string (ChangeEnum) 
 Default:  "KEEP_EXISTING"
Determines whether a change in a user's password also updates the user's password in the app


 Enum: "CHANGE" "KEEP_EXISTING"  
seed
string (SeedEnum) 
 Default:  "RANDOM"
Determines whether the generated password is the user's Okta password or a randomly generated password


 Enum: "OKTA" "RANDOM"  
status
string
 Default:  "DISABLED"
Setting status


 Enum: "DISABLED" "ENABLED"  
object (ProfileSettingObject) 
This setting determines whether a user in the app gets updated when they're updated in Okta.


If enabled, Okta updates a user's attributes in the app when the app is assigned.
Future changes made to the Okta user's profile automatically overwrite the corresponding attribute value in the app.


 
status
string
 Default:  "DISABLED"
Setting status


 Enum: "DISABLED" "ENABLED"  
Responses 
200
Success


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


put/api/v1/apps/{appId}/features/{featureName}
Request samples 
application/json
{
  • "create": {
    • "lifecycleCreate": {
      }
    },
  • "update": {
    • "lifecycleDeactivate": {
      },
    • "profile": {
      },
    • "password": {
      }
    }
}
Response samples 
application/json
{
  • "name": "USER_PROVISIONING",
  • "status": "ENABLED",
  • "description": "User provisioning settings from Okta to a downstream application",
  • "capabilities": {
    • "create": {
      },
    • "update": {
      }
    },
  • "_links": {}
}