Application Features

The Application Features API supports operations to configure app feature settings.

You must have app provisioning enabled to configure provisioning features. See Update the default Provisioning Connection.

The following available provisioning features are supported by the indicated apps:

Feature
 Apps supported Description
USER_PROVISIONING Google Workspace (google)
Microsoft Office 365 (office365)
Okta Org2Org (okta_org2org)
Slack (slack)
Zoom (zoomus)
Zscaler 2.0 (zscalerbyz)		 Similar to the app Provisioning > To App setting in the Admin Console, user profiles are pushed from Okta to the third-party app. You can configure rules for creating users, deactivating users, and syncing passwords.
INBOUND_PROVISIONING Google Workspace (google)
Microsoft Office 365 (office365)
Okta Org2Org (okta_org2org)
Slack (slack)
Zoom (zoomus)		 Similar to the app Provisioning > To Okta provisioning setting in the Admin Console, user profiles are imported from the third-party app into Okta. You can schedule user import and configure rules for user creation and matching.

Note: The Okta Org2Org (okta_org2org) app isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.

List all Features
OAuth 2.0: okta.apps.read

Lists all features for an application

Note: This request returns an error if provisioning isn't enabled for the application. To set up provisioning, see Update the default Provisioning Connection.

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/apps/{appId}/features
Request samples 
Response samples 
application/json
[
  • {
    • "name": "USER_PROVISIONING",
    • "status": "ENABLED",
    • "description": "User provisioning settings from Okta to a downstream application",
    • "capabilities": {
      },
    • "_links": {}
    }
]
Retrieve a Feature
OAuth 2.0: okta.apps.read
Retrieves a Feature object for an application


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
featureName
required
string (ApplicationFeatureType) 
Name of the Feature


 Enum: Description
USER_PROVISIONING
Represents the To App provisioning feature setting in the Admin Console


INBOUND_PROVISIONING
Represents the To Okta provisioning feature setting in the Admin Console


 
 Example:  USER_PROVISIONING
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/apps/{appId}/features/{featureName}
Request samples 
Response samples 
application/json
{
  • "name": "USER_PROVISIONING",
  • "status": "ENABLED",
  • "description": "User provisioning settings from Okta to a downstream application",
  • "capabilities": {
    • "create": {
      },
    • "update": {
      }
    },
  • "_links": {}
}
Update a Feature
OAuth 2.0: okta.apps.manage
Updates a Feature object for an application




Note: This endpoint supports partial updates.




Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
featureName
required
string (ApplicationFeatureType) 
Name of the Feature


 Enum: Description
USER_PROVISIONING
Represents the To App provisioning feature setting in the Admin Console


INBOUND_PROVISIONING
Represents the To Okta provisioning feature setting in the Admin Console


 
 Example:  USER_PROVISIONING
Request Body schema: application/json
required
One of:
Defines the configurations for the USER_PROVISIONING feature


object (CapabilitiesCreateObject) 
Determines whether Okta assigns a new application account to each user managed by Okta.


Okta doesn't create a new account if it detects that the username specified in Okta already exists in the application.
The user's Okta username is assigned by default.


 
object (LifecycleCreateSettingObject) 
Determines whether to update a user in the application when a user in Okta is updated


 
status
string
 Default:  "DISABLED"
Setting status


 Enum: "DISABLED" "ENABLED"  
object (CapabilitiesUpdateObject) 
Determines whether updates to a user's profile are pushed to the application


 
object (LifecycleDeactivateSettingObject) 
Determines whether deprovisioning occurs when the app is unassigned


 
status
string
 Default:  "DISABLED"
Setting status


 Enum: "DISABLED" "ENABLED"  
object (PasswordSettingObject) 
Determines whether Okta creates and pushes a password in the application for each assigned user


 
change
string (ChangeEnum) 
 Default:  "KEEP_EXISTING"
Determines whether a change in a user's password also updates the user's password in the application


 Enum: "CHANGE" "KEEP_EXISTING"  
seed
string (SeedEnum) 
 Default:  "RANDOM"
Determines whether the generated password is the user's Okta password or a randomly generated password


 Enum: "OKTA" "RANDOM"  
status
string
 Default:  "DISABLED"
Setting status


 Enum: "DISABLED" "ENABLED"  
object (ProfileSettingObject) 
This setting determines whether a user in the application gets updated when they're updated in Okta.


If enabled, Okta updates a user's attributes in the application when the application is assigned.
Future changes made to the Okta user's profile automatically overwrite the corresponding attribute value in the application.


 
status
string
 Default:  "DISABLED"
Setting status


 Enum: "DISABLED" "ENABLED"  
Responses 
200
Success


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


put/api/v1/apps/{appId}/features/{featureName}
Request samples 
application/json
{
  • "create": {
    • "lifecycleCreate": {
      }
    },
  • "update": {
    • "lifecycleDeactivate": {
      },
    • "profile": {
      },
    • "password": {
      }
    }
}
Response samples 
application/json
{
  • "name": "USER_PROVISIONING",
  • "status": "ENABLED",
  • "description": "User provisioning settings from Okta to a downstream application",
  • "capabilities": {
    • "create": {
      },
    • "update": {
      }
    },
  • "_links": {}
}