Authorization Servers

Authorization Servers generate OAuth 2.0 and OpenID Connect tokens, including access tokens and ID tokens. The Okta Management API gives you the ability to configure and manage Authorization Servers and the security policies that are attached to them.

List all Authorization Servers
API Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all authorization servers

Request
query Parameters
q
string
limit
integer <int32>
Default: 200
after
string
Responses
200

Success

403

Forbidden

429

Too Many Requests

get/api/v1/authorizationServers
Request samples
Response samples
application/json
[
  • {
    • "audiences": [
      ],
    • "created": "2019-08-24T14:15:22Z",
    • "credentials": {
      },
    • "description": "string",
    • "id": "string",
    • "issuer": "string",
    • "issuerMode": "CUSTOM_URL",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "name": "string",
    • "status": "ACTIVE",
    • "_links": {
      }
    }
]

Create an Authorization Server
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Creates an authorization server

Request
Request Body schema: application/json
audiences
Array of strings
object (AuthorizationServerCredentials)
object (AuthorizationServerCredentialsSigningConfig)
kid
string
rotationMode
string (AuthorizationServerCredentialsRotationMode)
Enum: "AUTO" "MANUAL"
use
string (AuthorizationServerCredentialsUse)
Value: "sig"
description
string
issuer
string
issuerMode
string (IssuerMode)
Enum: "CUSTOM_URL" "DYNAMIC" "ORG_URL"
name
string
status
string (LifecycleStatus)
Enum: "ACTIVE" "INACTIVE"
Responses
201

Created

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/authorizationServers
Request samples
application/json
{
  • "audiences": [
    • "string"
    ],
  • "credentials": {
    • "signing": {
      }
    },
  • "description": "string",
  • "issuer": "string",
  • "issuerMode": "CUSTOM_URL",
  • "name": "string",
  • "status": "ACTIVE"
}
Response samples
application/json
{
  • "audiences": [
    • "string"
    ],
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    • "signing": {
      }
    },
  • "description": "string",
  • "id": "string",
  • "issuer": "string",
  • "issuerMode": "CUSTOM_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "_links": {
    • "self": {
      }
    }
}

Retrieve an Authorization Server
API Access Management
OAuth 2.0: okta.authorizationServers.read

Retrieves an authorization server

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}
Request samples
Response samples
application/json
{
  • "audiences": [
    • "string"
    ],
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    • "signing": {
      }
    },
  • "description": "string",
  • "id": "string",
  • "issuer": "string",
  • "issuerMode": "CUSTOM_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "_links": {
    • "self": {
      }
    }
}

Replace an Authorization Server
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Replaces an authorization server

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Request Body schema: application/json
audiences
Array of strings
object (AuthorizationServerCredentials)
object (AuthorizationServerCredentialsSigningConfig)
kid
string
rotationMode
string (AuthorizationServerCredentialsRotationMode)
Enum: "AUTO" "MANUAL"
use
string (AuthorizationServerCredentialsUse)
Value: "sig"
description
string
issuer
string
issuerMode
string (IssuerMode)
Enum: "CUSTOM_URL" "DYNAMIC" "ORG_URL"
name
string
status
string (LifecycleStatus)
Enum: "ACTIVE" "INACTIVE"
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/authorizationServers/{authServerId}
Request samples
application/json
{
  • "audiences": [
    • "string"
    ],
  • "credentials": {
    • "signing": {
      }
    },
  • "description": "string",
  • "issuer": "string",
  • "issuerMode": "CUSTOM_URL",
  • "name": "string",
  • "status": "ACTIVE"
}
Response samples
application/json
{
  • "audiences": [
    • "string"
    ],
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    • "signing": {
      }
    },
  • "description": "string",
  • "id": "string",
  • "issuer": "string",
  • "issuerMode": "CUSTOM_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "_links": {
    • "self": {
      }
    }
}

Delete an Authorization Server
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Deletes an authorization server

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/authorizationServers/{authServerId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Associated Authorization Servers
Early AccessAPI Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all associated authorization servers by trusted type for the given authServerId

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
query Parameters
trusted
boolean

Searches trusted authorization servers when true, or searches untrusted authorization servers when false

q
string

Searches the name or audience of the associated authorization servers

limit
integer <int32>
Default: 200

Specifies the number of results for a page

after
string

Specifies the pagination cursor for the next page of the associated authorization servers

Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/associatedServers
Request samples
Response samples
application/json
[
  • {
    • "audiences": [
      ],
    • "created": "2019-08-24T14:15:22Z",
    • "credentials": {
      },
    • "description": "string",
    • "id": "string",
    • "issuer": "string",
    • "issuerMode": "CUSTOM_URL",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "name": "string",
    • "status": "ACTIVE",
    • "_links": {
      }
    }
]

Create the Associated Authorization Servers
Early AccessAPI Access Management
OAuth 2.0: okta.authorizationServers.manage

Creates the trusted relationships between the given authorization server and other authorization servers

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Request Body schema: application/json
trusted
Array of strings

A list of the authorization server IDs

Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/authorizationServers/{authServerId}/associatedServers
Request samples
application/json
{
  • "trusted": [
    • "string"
    ]
}
Response samples
application/json
[
  • {
    • "audiences": [
      ],
    • "created": "2019-08-24T14:15:22Z",
    • "credentials": {
      },
    • "description": "string",
    • "id": "string",
    • "issuer": "string",
    • "issuerMode": "CUSTOM_URL",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "name": "string",
    • "status": "ACTIVE",
    • "_links": {
      }
    }
]

Delete an Associated Authorization Server
Early AccessAPI Access Management
OAuth 2.0: okta.authorizationServers.manage

Deletes an associated authorization server

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
associatedServerId
required
string

id of the associated Authorization Server

Example: aus6xt9jKPmCyn6kg0g4
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/authorizationServers/{authServerId}/associatedServers/{associatedServerId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Custom Token Claims
API Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all custom token claims

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/claims
Request samples
Response samples
application/json
[
  • {
    • "alwaysIncludeInToken": true,
    • "claimType": "IDENTITY",
    • "conditions": {
      },
    • "group_filter_type": "CONTAINS",
    • "id": "string",
    • "name": "string",
    • "status": "ACTIVE",
    • "system": true,
    • "value": "string",
    • "valueType": "EXPRESSION",
    • "_links": {
      }
    }
]

Create a Custom Token Claim
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Creates a custom token claim

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Request Body schema: application/json
alwaysIncludeInToken
boolean
claimType
string (OAuth2ClaimType)
Enum: "IDENTITY" "RESOURCE"
object (OAuth2ClaimConditions)
scopes
Array of strings
group_filter_type
string (OAuth2ClaimGroupFilterType)
Enum: "CONTAINS" "EQUALS" "REGEX" "STARTS_WITH"
name
string
status
string (LifecycleStatus)
Enum: "ACTIVE" "INACTIVE"
system
boolean
value
string
valueType
string (OAuth2ClaimValueType)
Enum: "EXPRESSION" "GROUPS" "SYSTEM"
Responses
201

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/authorizationServers/{authServerId}/claims
Request samples
application/json
{
  • "alwaysIncludeInToken": true,
  • "claimType": "IDENTITY",
  • "conditions": {
    • "scopes": [
      ]
    },
  • "group_filter_type": "CONTAINS",
  • "name": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "value": "string",
  • "valueType": "EXPRESSION"
}
Response samples
application/json
{
  • "alwaysIncludeInToken": true,
  • "claimType": "IDENTITY",
  • "conditions": {
    • "scopes": [
      ]
    },
  • "group_filter_type": "CONTAINS",
  • "id": "string",
  • "name": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "value": "string",
  • "valueType": "EXPRESSION",
  • "_links": {
    • "self": {
      }
    }
}

Retrieve a Custom Token Claim
API Access Management
OAuth 2.0: okta.authorizationServers.read

Retrieves a custom token claim

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
claimId
required
string

id of Claim

Example: hNJ3Uk76xLagWkGx5W3N
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/claims/{claimId}
Request samples
Response samples
application/json
{
  • "alwaysIncludeInToken": true,
  • "claimType": "IDENTITY",
  • "conditions": {
    • "scopes": [
      ]
    },
  • "group_filter_type": "CONTAINS",
  • "id": "string",
  • "name": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "value": "string",
  • "valueType": "EXPRESSION",
  • "_links": {
    • "self": {
      }
    }
}

Replace a Custom Token Claim
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Replaces a custom token claim

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
claimId
required
string

id of Claim

Example: hNJ3Uk76xLagWkGx5W3N
Request Body schema: application/json
alwaysIncludeInToken
boolean
claimType
string (OAuth2ClaimType)
Enum: "IDENTITY" "RESOURCE"
object (OAuth2ClaimConditions)
scopes
Array of strings
group_filter_type
string (OAuth2ClaimGroupFilterType)
Enum: "CONTAINS" "EQUALS" "REGEX" "STARTS_WITH"
name
string
status
string (LifecycleStatus)
Enum: "ACTIVE" "INACTIVE"
system
boolean
value
string
valueType
string (OAuth2ClaimValueType)
Enum: "EXPRESSION" "GROUPS" "SYSTEM"
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/authorizationServers/{authServerId}/claims/{claimId}
Request samples
application/json
{
  • "alwaysIncludeInToken": true,
  • "claimType": "IDENTITY",
  • "conditions": {
    • "scopes": [
      ]
    },
  • "group_filter_type": "CONTAINS",
  • "name": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "value": "string",
  • "valueType": "EXPRESSION"
}
Response samples
application/json
{
  • "alwaysIncludeInToken": true,
  • "claimType": "IDENTITY",
  • "conditions": {
    • "scopes": [
      ]
    },
  • "group_filter_type": "CONTAINS",
  • "id": "string",
  • "name": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "value": "string",
  • "valueType": "EXPRESSION",
  • "_links": {
    • "self": {
      }
    }
}

Delete a Custom Token Claim
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Deletes a custom token claim

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
claimId
required
string

id of Claim

Example: hNJ3Uk76xLagWkGx5W3N
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/authorizationServers/{authServerId}/claims/{claimId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Clients
API Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all clients

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/clients
Request samples
Response samples
application/json
[
  • {
    • "client_id": "string",
    • "client_name": "string",
    • "client_uri": "string",
    • "logo_uri": "string",
    • "_links": {
      }
    }
]

List all Refresh Tokens for a Client
API Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all refresh tokens for a client

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
clientId
required
string

client_id of the app

Example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
query Parameters
expand
string
after
string
limit
integer <int32>
Default: -1
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens
Request samples
Response samples
application/json
[
  • {
    • "clientId": "string",
    • "created": "2019-08-24T14:15:22Z",
    • "createdBy": {
      },
    • "expiresAt": "2019-08-24T14:15:22Z",
    • "id": "string",
    • "issuer": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "scopes": [
      ],
    • "status": "ACTIVE",
    • "userId": "string",
    • "_embedded": {
      },
    • "_links": {
      }
    }
]

Revoke all Refresh Tokens for a Client
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Revokes all refresh tokens for a client

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
clientId
required
string

client_id of the app

Example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Retrieve a Refresh Token for a Client
API Access Management
OAuth 2.0: okta.authorizationServers.read

Retrieves a refresh token for a client

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
clientId
required
string

client_id of the app

Example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
tokenId
required
string

id of Token

Example: sHHSth53yJAyNSTQKDJZ
query Parameters
expand
string
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}
Request samples
Response samples
application/json
{
  • "clientId": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": {
    • "id": "string",
    • "type": "string"
    },
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuer": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "scopes": [
    • "string"
    ],
  • "status": "ACTIVE",
  • "userId": "string",
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "self": {
      }
    }
}

Revoke a Refresh Token for a Client
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Revokes a refresh token for a client

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
clientId
required
string

client_id of the app

Example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
tokenId
required
string

id of Token

Example: sHHSth53yJAyNSTQKDJZ
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Credential Keys
API Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all credential keys

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/credentials/keys
Request samples
Response samples
application/json
[
  • {
    • "alg": "string",
    • "created": "2019-08-24T14:15:22Z",
    • "e": "string",
    • "expiresAt": "2019-08-24T14:15:22Z",
    • "key_ops": [
      ],
    • "kid": "string",
    • "kty": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "n": "string",
    • "status": "string",
    • "use": "string",
    • "x5c": [
      ],
    • "x5t": "string",
    • "x5t#S256": "string",
    • "x5u": "string",
    • "_links": {
      }
    }
]

Rotate all Credential Keys
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Rotates all credential keys

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Request Body schema: application/json
use
string (JwkUseType)
Value: "sig"
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate
Request samples
application/json
{
  • "use": "sig"
}
Response samples
application/json
[
  • {
    • "alg": "string",
    • "created": "2019-08-24T14:15:22Z",
    • "e": "string",
    • "expiresAt": "2019-08-24T14:15:22Z",
    • "key_ops": [
      ],
    • "kid": "string",
    • "kty": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "n": "string",
    • "status": "string",
    • "use": "string",
    • "x5c": [
      ],
    • "x5t": "string",
    • "x5t#S256": "string",
    • "x5u": "string",
    • "_links": {
      }
    }
]

Activate an Authorization Server
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Activates an authorization server

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/authorizationServers/{authServerId}/lifecycle/activate
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Deactivate an Authorization Server
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Deactivates an authorization server

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/authorizationServers/{authServerId}/lifecycle/deactivate
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Policies
API Access Management
OAuth 2.0: okta.authorizationServers.read

Lists all policies

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/policies
Request samples
Response samples
application/json
[
  • {
    • "created": "2019-08-24T14:15:22Z",
    • "description": "string",
    • "id": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "name": "string",
    • "priority": 0,
    • "status": "ACTIVE",
    • "system": true,
    • "type": "ACCESS_POLICY",
    • "_embedded": {
      },
    • "_links": {
      },
    • "conditions": {
      }
    }
]

Create a Policy
API Access Management
OAuth 2.0: okta.authorizationServers.manage

Creates a policy

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
Request Body schema: application/json
description
string
name
string
priority
integer
status
string (LifecycleStatus)
Enum: "ACTIVE" "INACTIVE"
system
boolean
type
string (PolicyType)
object (PolicyRuleConditions)
object (AppAndInstancePolicyRuleCondition)
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)
object (AppInstancePolicyRuleCondition)
exclude
Array of strings
include
Array of strings
object (PolicyRuleAuthContextCondition)
authType
string (PolicyRuleAuthContextType)
Enum: "ANY" "RADIUS"
object (PasswordPolicyAuthenticationProviderCondition)
include
Array of strings
provider
string (PasswordPolicyAuthenticationProviderType)
Enum: "ACTIVE_DIRECTORY" "ANY" "LDAP" "OKTA"
object (BeforeScheduledActionPolicyRuleCondition)
object (Duration)
object (ScheduledUserLifecycleAction)
object (ClientPolicyCondition)
include
Array of strings
object (ContextPolicyRuleCondition)
migrated
boolean
object (DevicePolicyRuleConditionPlatform)
rooted
boolean
trustLevel
string (DevicePolicyTrustLevel)
Enum: "ANY" "TRUSTED"
expression
string
object (DevicePolicyRuleCondition)
migrated
boolean
object (DevicePolicyRuleConditionPlatform)
rooted
boolean
trustLevel
string (DevicePolicyTrustLevel)
Enum: "ANY" "TRUSTED"
object (GrantTypePolicyRuleCondition)
include
Array of strings
object (GroupPolicyRuleCondition)
exclude
Array of strings
include
Array of strings
object (IdentityProviderPolicyRuleCondition)
idpIds
Array of strings
provider
string (IdentityProviderPolicyProvider)
Enum: "ANY" "OKTA" "SPECIFIC_IDP"
object (MDMEnrollmentPolicyRuleCondition)
blockNonSafeAndroid
boolean
enrollment
string (MDMEnrollmentPolicyEnrollment)
Enum: "ANY_OR_NONE" "OMM"
object (PolicyNetworkCondition)
connection
string (PolicyNetworkConnection)
Enum: "ANYWHERE" "ZONE"
exclude
Array of strings
include
Array of strings
object (PolicyPeopleCondition)
object (GroupCondition)
object (UserCondition)
object (PlatformPolicyRuleCondition)
Array of objects (PlatformConditionEvaluatorPlatform)
Array of objects (PlatformConditionEvaluatorPlatform)
object (RiskPolicyRuleCondition)
behaviors
Array of strings unique
object (RiskScorePolicyRuleCondition)
level
string
object (OAuth2ScopesMediationPolicyRuleCondition)
include
Array of strings
object (UserIdentifierPolicyRuleCondition)
attribute
string
Array of objects (UserIdentifierConditionEvaluatorPattern)
type
string (UserIdentifierType)
Enum: "ATTRIBUTE" "IDENTIFIER"
object (UserPolicyRuleCondition)
exclude
Array of strings
object (InactivityPolicyRuleCondition)
include
Array of strings
object (LifecycleExpirationPolicyRuleCondition)
object (PasswordExpirationPolicyRuleCondition)
object (UserLifecycleAttributePolicyRuleCondition)
object (UserStatusPolicyRuleCondition)
value
string (PolicyUserStatus)
Enum: "ACTIVATING" "ACTIVE" "DELETED" "DELETING" "EXPIRED_PASSWORD" "INACTIVE" "PENDING" "SUSPENDED"
Responses
201

Created

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/authorizationServers/{authServerId}/policies
Request samples
application/json
{
  • "description": "string",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "self": {
      }
    },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}

Retrieve a Policy
API Access Management
OAuth 2.0: okta.authorizationServers.read

Retrieves a policy

Request
path Parameters
authServerId
required
string

id of the Authorization Server

Example: GeGRTEr7f3yu2n7grw22
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/authorizationServers/{authServerId}/policies/{policyId}
Request samples