The Okta Devices API provides a centralized integration platform to fetch and manage device information. Okta administrators can use these APIs to manage workforce identity Device object information.
The Devices API supports the following Device Operations:
The Devices API supports the following Authorization Schemes:
Note: For devices to enroll in Okta and show up in the Devices API, the following actions are required:
- Admins - Enable Okta FastPass. See Enable FastPass
- End users with existing mobile Okta Verify enrollments - After you upgrade your org to Okta Identity Engine, direct end users with existing Okta Verify enrollments to use FastPass.
Note: End users with a new enrollment in Okta Verify on an Okta Identity Engine org have a device record created in the device inventory by default. See Device Registration, Login Using Okta Verify.
okta.devices.readLists all devices with pagination support.
You can return a subset of Devices that match a supported search criteria using the search query parameter.
Searches for devices based on the properties specified in the search parameter conforming SCIM filter specifications (case-insensitive). This data is eventually consistent. The API returns different results depending on specified queries in the request. Empty list is returned if no objects match search request.
Note: Listing devices with
searchshould not be used as a part of any critical flows—such as authentication or updates—to prevent potential data loss.searchresults may not reflect the latest information, as this endpoint uses a search index which may not be up-to-date with recent updates to the object.
Don't use search results directly for record updates, as the data might be stale and therefore overwrite newer data, resulting in data loss.
Use anidlookup for records that you update to ensure your results contain the latest data. This operation requires URL encoding. For example,search=profile.displayName eq "Bob"is encoded assearch=profile.displayName%20eq%20%22Bob%22.
| after | string The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Example: after=200u3des4afA47rYJu1d7 | ||||||
| limit | integer [ 1 .. 200 ] Default: 200 A limit on the number of objects to return (recommend Example: limit=20 | ||||||
| search | string A SCIM filter expression that filters the results. Searches include all Device search=status eq "ACTIVE" search=lastUpdated gt "yyyy-MM-dd'T'HH:mm:ss.SSSZ" search=id eq "guo4a5u7JHHhjXrMK0g4" search=profile.displayName eq "Bob" search=profile.platform eq "WINDOWS" search=profile.sid sw "S-1" | ||||||
| expand | string Includes associated user details and management status for the device in the
expand=user expand=userSummary |
OK
Forbidden
Too Many Requests
[- {
- "id": "guo4a5u7YAHhjXrMK0g4",
- "status": "CREATED",
- "created": "2019-10-02T18:03:07.000Z",
- "lastUpdated": "2019-10-02T18:03:07.000Z",
- "profile": {
- "displayName": "Example Device name 1",
- "platform": "WINDOWS",
- "serialNumber": "XXDDRFCFRGF3M8MD6D",
- "sid": "S-1-11-111",
- "registered": true,
- "secureHardwarePresent": false,
- "diskEncryptionType": "ALL_INTERNAL_VOLUMES"
}, - "resourceType": "UDDevice",
- "resourceDisplayName": {
- "value": "Example Device name 1",
- "sensitive": false
}, - "resourceAlternateId": null,
- "resourceId": "guo4a5u7YAHhjXrMK0g4",
- "_links": {
- "activate": {
- "hints": {
- "allow": [
- "POST"
]
}
}, - "self": {
- "hints": {
- "allow": [
- "GET",
- "PATCH",
- "PUT"
]
}
}, - "users": {
- "hints": {
- "allow": [
- "GET"
]
}
}
}, - "_embedded": {
- "users": [ ]
}
}, - {
- "id": "guo4a5u7YAHhjXrMK0g5",
- "status": "ACTIVE",
- "created": "2023-06-21T23:24:02.000Z",
- "lastUpdated": "2023-06-21T23:24:02.000Z",
- "profile": {
- "displayName": "Example Device name 2",
- "platform": "ANDROID",
- "manufacturer": "Google",
- "model": "Pixel 6",
- "osVersion": "13:2023-05-05",
- "registered": true,
- "secureHardwarePresent": true,
- "diskEncryptionType": "USER"
}, - "resourceType": "UDDevice",
- "resourceDisplayName": {
- "value": "Example Device name 2",
- "sensitive": false
}, - "resourceAlternateId": null,
- "resourceId": "guo4a5u7YAHhjXrMK0g5",
- "_links": {
- "activate": {
- "hints": {
- "allow": [
- "POST"
]
}
}, - "self": {
- "hints": {
- "allow": [
- "GET",
- "PATCH",
- "PUT"
]
}
}, - "users": {
- "hints": {
- "allow": [
- "GET"
]
}
}
}, - "_embedded": {
- "users": [
- {
- "managementStatus": "MANAGED",
- "created": "2021-10-01T16:52:41.000Z",
- "screenLockType": "BIOMETRIC",
- "user": {
- "id": "00u17vh0q8ov8IU881d7",
- "realmId": "00u17vh0q8ov8IU8T0g5",
- "profile": {
- "firstName": "fname",
- "lastName": "lname",
- "login": "email@email.com",
- "email": "email@email.com"
},
}
}
]
}
}
]okta.devices.readRetrieves a device by deviceId
OK
Forbidden
Not Found
Too Many Requests
{- "id": "guo8jx5vVoxfvJeLb0w4",
- "status": "ACTIVE",
- "created": "2020-11-03T21:47:01.000Z",
- "lastUpdated": "2020-11-03T23:46:27.000Z",
- "profile": {
- "displayName": "DESKTOP-EHAD3IE",
- "platform": "WINDOWS",
- "manufacturer": "International Corp",
- "model": "VMware7,1",
- "osVersion": "10.0.18362",
- "serialNumber": "56 4d 4f 95 74 c5 d3 e7-fc 3a 57 9c c2 f8 5d ce",
- "udid": "954F4D56-C574-E7D3-FC3A-579CC2F85DCE",
- "sid": "S-1-5-21-3992267483-1860856704-2413701314-500",
- "registered": true,
- "secureHardwarePresent": false,
- "diskEncryptionType": "NONE"
}, - "resourceId": "guo8jx5vVoxfvJeLb0w4",
- "resourceDisplayName": {
- "value": "DESKTOP-EHAD3IE",
- "sensitive": false
}, - "resourceType": "UDDevice",
- "resourceAlternateId": null,
- "_links": {
- "suspend": {
- "hints": {
- "allow": [
- "POST"
]
}
}, - "self": {
- "hints": {
- "allow": [
- "GET",
- "PATCH",
- "PUT"
]
}
}, - "users": {
- "hints": {
- "allow": [
- "GET"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}okta.devices.manageDeletes (permanently) a device by deviceId if it has a status of DEACTIVATED. You can transition the device to DEACTIVATED status using the Deactivate a Device endpoint.
This request is destructive and deletes all of the profile data related to the device. Once deleted, device data can't be recovered. However, reenrollment creates a new device record.
Note: Attempts to delete a device that isn't in a
DEACTIVATEDstate raise an error.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}okta.devices.manageActivates a Device by setting its status to ACTIVE by deviceId.
Activated devices are used to create and delete Device user links.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}okta.devices.manageDeactivates a Device by setting its status to DEACTIVATED by deviceId.
Deactivation causes a Device to lose all device user links.
Set the Device status to DEACTIVATED before deleting it.
Note: When deactivating a Device, keep in mind the following:
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}okta.devices.manageSuspends a Device by setting its status to SUSPENDED. Use suspended devices to create and delete device user links. You can only unsuspend or deactivate suspended devices.
Note: SUSPENDED status is meant to be temporary, so it isn't destructive.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}okta.devices.manageUnsuspends a Device by returning its status to ACTIVE.
Note: Only devices with a SUSPENDED status can be unsuspended.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}okta.devices.readLists all Users for a Device by deviceId
Success
Forbidden
Not Found
Too Many Requests
[- {
- "created": "2021-08-20T17:13:35.000Z",
- "managementStatus": "NOT_MANAGED",
- "screenLockType": "BIOMETRIC",
- "user": {
- "id": "00u17vh0q8ov8IU881d7",
- "status": "ACTIVE",
- "created": "2021-08-20T16:08:25.000Z",
- "activated": null,
- "statusChanged": "2021-08-20T16:39:41.000Z",
- "lastLogin": "2023-04-18T17:54:12.000Z",
- "lastUpdated": "2021-12-20T18:27:30.000Z",
- "passwordChanged": "2021-12-20T18:27:30.000Z",
- "type": {
- "id": "oty17vh0n2EHVnbYF1d7"
}, - "profile": {
- "firstName": "Bunk",
- "lastName": "Moreland",
- "mobilePhone": null,
- "secondEmail": null,
- "login": "bunk.moreland@example.com",
- "email": "bunk.moreland@example.com"
}, - "credentials": {
- "password": null,
- "provider": {
- "type": "OKTA",
- "name": "OKTA"
}
}, - "_links": {
- "suspend": {
- "method": "POST"
}, - "resetPassword": {
- "method": "POST"
}, - "forgotPassword": {
- "method": "POST"
}, - "expirePassword": {
- "method": "POST"
}, - "changeRecoveryQuestion": {
- "method": "POST"
}, - "resetFactors": {
- "method": "POST"
}, - "changePassword": {
- "method": "POST"
}, - "deactivate": {
- "method": "POST"
}
}
}
}
]