These APIs allow you to manage governance bundles for the Admin Console, and manage roles and resources associated with the bundles. For details on how governance bundles are supported from the Resource Management Access Platform (RAMP), see Entitlement Management.
Lists all Governance Bundles for the Admin Console in your org
OK
Forbidden
Too Many Requests
curl -i -X GET \ https://subdomain.okta.com/api/v1/iam/governance/bundles \ -H 'Authorization: YOUR_API_KEY_HERE'
{- "bundles": [
- {
- "id": "0bbfxqCAJWWGELFTYAAA",
- "name": "Group admin bundle",
- "description": "Group bundle for administrative access",
- "status": "ACTIVE",
- "orn": "orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA",
- "_links": {
}
}
], - "_links": {
}
}
Creates a Governance Bundle for the Admin Console in RAMP
Success
Bad Request
Forbidden
Too Many Requests
{- "name": "Group admin bundle",
- "description": "Group bundle for administrative access",
- "entitlements": {
- "role": "GROUP_MEMBERSHIP_ADMIN"
}
}
{- "id": "0bbfxqCAJWWGELFTYAAA",
- "name": "Group admin bundle",
- "description": "Group bundle for administrative access",
- "status": "ACTIVE",
- "orn": "orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA",
}
Retrieves a Governance Bundle from RAMP
OK
Bad Request
Forbidden
Too Many Requests
curl -i -X GET \ 'https://subdomain.okta.com/api/v1/iam/governance/bundles/{bundleId}' \ -H 'Authorization: YOUR_API_KEY_HERE'
{- "id": "0bbfxqCAJWWGELFTYAAA",
- "name": "Group admin bundle",
- "description": "Group bundle for administrative access",
- "status": "ACTIVE",
- "orn": "orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA",
}
Replaces a Governance Bundle in RAMP
Success
Bad Request
Forbidden
Too Many Requests
{- "name": "Group admin bundle",
- "description": "Group bundle for administrative access",
- "entitlements": {
- "role": "GROUP_MEMBERSHIP_ADMIN"
}
}
{- "id": "0bbfxqCAJWWGELFTYAAA",
- "name": "Group admin bundle",
- "description": "Group bundle for administrative access",
- "status": "ACTIVE",
- "orn": "orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA",
}
Deletes a Governance Bundle from RAMP
No Content
Forbidden
Too Many Requests
curl -i -X DELETE \ 'https://subdomain.okta.com/api/v1/iam/governance/bundles/{bundleId}' \ -H 'Authorization: YOUR_API_KEY_HERE'
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
Lists all Entitlements specific to a Governance Bundle
OK
Forbidden
Too Many Requests
curl -i -X GET \ 'https://subdomain.okta.com/api/v1/iam/governance/bundles/{bundleId}/entitlements' \ -H 'Authorization: YOUR_API_KEY_HERE'
{- "entitlements": [
- {
- "id": "espfxqCAJWWGELFTYASJ",
- "role": "GROUP_MEMBERSHIP_ADMIN",
- "name": "Group Membership Admin",
- "description": "Perform all admin activities for groups in the org",
}
], - "_links": {
- "bundle": {
}
}
}
Lists all Entitlement Values specific to a Bundle Entitlement
OK
Forbidden
Too Many Requests
curl -i -X GET \ 'https://subdomain.okta.com/api/v1/iam/governance/bundles/{bundleId}/entitlements/{entitlementId}/values' \ -H 'Authorization: YOUR_API_KEY_HERE'
{- "entitlementValues": [
- {
- "id": "entfxqCAJWWGELFTYAAA",
- "value": "orn:okta:00o5rb5mt2H3d1TJd0h7:groups:00guaxWZ0AOa5NFAj0g3",
- "name": "Restricted users group",
}
], - "_links": {
- "bundle": {
}, - "entitlements": {
}
}
}
Retrieves the opt-in status of the Admin Console from RAMP
OK
Forbidden
Too Many Requests
curl -i -X GET \ https://subdomain.okta.com/api/v1/iam/governance/optIn \ -H 'Authorization: YOUR_API_KEY_HERE'
{- "optInStatus": "OPTING_IN",
}
Opts in the Admin Console to RAMP
Success
Forbidden
Too Many Requests
curl -i -X POST \ https://subdomain.okta.com/api/v1/iam/governance/optIn \ -H 'Authorization: YOUR_API_KEY_HERE'
{- "optInStatus": "OPTING_IN",
}
Opts out the Admin Console from RAMP
Success
Forbidden
Too Many Requests
curl -i -X POST \ https://subdomain.okta.com/api/v1/iam/governance/optOut \ -H 'Authorization: YOUR_API_KEY_HERE'
{- "optInStatus": "OPTING_OUT",
}