IAM Governance Bundles

These APIs allow you to manage governance bundles for the Admin Console, and manage roles and resources associated with the bundles. For details on how governance bundles are supported from the Resource Management Access Platform (RAMP), see Entitlement Management.

List all governance bundles for the Admin Console
OAuth 2.0:
okta.roles.read

Lists all Governance Bundles for the Admin Console in your org

Request

query Parameters

after	string The cursor used for pagination. It represents the last privileged resource ID returned in the previous fetch operation. Example: after=oprbuthToCeLWOBwh0g4
limit	integer <int32> <= 1000 Default: 200 Specifies the batch size of the results to be returned

Responses

200

OK

403

Forbidden

429

Too Many Requests

get/api/v1/iam/governance/bundles

Request samples

curl -i -X GET \
  https://subdomain.okta.com/api/v1/iam/governance/bundles \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

200
403
429

application/json

{"bundles": [{"id": "0bbfxqCAJWWGELFTYAAA",
"name": "Group admin bundle",
"description": "Group bundle for administrative access",
"status": "ACTIVE",
"orn": "orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA",
"_links": {"entitlements": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements"
}
}
],
"_links": {"self": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles?limit=2&after=10"
},
"next": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles?after=bundleId12"
}
}
}

Create a governance bundle for the Admin Console in RAMP
OAuth 2.0:
okta.roles.manage

Creates a Governance Bundle for the Admin Console in RAMP

Request

Request Body schema: application/json
required

description

string

Array of objects (IAMBundleEntitlement)

Array

resourceSets	Array of strings
role	string
targets	Array of strings

name

string

Responses

200

Success

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/iam/governance/bundles

Request samples

application/json

{"name": "Group admin bundle",
"description": "Group bundle for administrative access",
"entitlements": {"role": "GROUP_MEMBERSHIP_ADMIN"
}
}

Response samples

200
400
403
429

application/json

{"id": "0bbfxqCAJWWGELFTYAAA",
"name": "Group admin bundle",
"description": "Group bundle for administrative access",
"status": "ACTIVE",
"orn": "orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA",
"_links": {"self": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA",
"entitlements": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements"
}
}

Retrieve a governance bundle from RAMP
OAuth 2.0:
okta.roles.read

Retrieves a Governance Bundle from RAMP

Request

path Parameters

bundleId

required

string

The id of a bundle

Example: enbllojq9J9J105DL1d6

Responses

200

OK

400

Bad Request

403

Forbidden

429

Too Many Requests

get/api/v1/iam/governance/bundles/{bundleId}

Request samples

curl -i -X GET \
  'https://subdomain.okta.com/api/v1/iam/governance/bundles/{bundleId}' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

200
400
403
429

application/json

{"id": "0bbfxqCAJWWGELFTYAAA",
"name": "Group admin bundle",
"description": "Group bundle for administrative access",
"status": "ACTIVE",
"orn": "orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA",
"_links": {"self": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA",
"entitlements": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements"
}
}

Replace a governance bundle in RAMP
OAuth 2.0:
okta.roles.manage

Replaces a Governance Bundle in RAMP

Request

path Parameters

bundleId

required

string

The id of a bundle

Example: enbllojq9J9J105DL1d6

Request Body schema: application/json
required

description

string

Array of objects (IAMBundleEntitlement)

Array

resourceSets	Array of strings
role	string
targets	Array of strings

name

string

Responses

200

Success

400

Bad Request

403

Forbidden

429

Too Many Requests

put/api/v1/iam/governance/bundles/{bundleId}

Request samples

application/json

{"name": "Group admin bundle",
"description": "Group bundle for administrative access",
"entitlements": {"role": "GROUP_MEMBERSHIP_ADMIN"
}
}

Response samples

200
400
403
429

application/json

{"id": "0bbfxqCAJWWGELFTYAAA",
"name": "Group admin bundle",
"description": "Group bundle for administrative access",
"status": "ACTIVE",
"orn": "orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA",
"_links": {"self": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA",
"entitlements": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements"
}
}

Delete a governance bundle from RAMP
OAuth 2.0:
okta.roles.manage

Deletes a Governance Bundle from RAMP

Request

path Parameters

bundleId

required

string

The id of a bundle

Example: enbllojq9J9J105DL1d6

Responses

204

No Content

403

Forbidden

429

Too Many Requests

delete/api/v1/iam/governance/bundles/{bundleId}

Request samples

curl -i -X DELETE \
  'https://subdomain.okta.com/api/v1/iam/governance/bundles/{bundleId}' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

403
429

application/json

{"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "sampleNUSD_8fdkFd8fs8SDBK",
"errorCauses": [ ]
}

List all entitlements for a governance bundle
OAuth 2.0:
okta.roles.read

Lists all Entitlements specific to a Governance Bundle

Request

path Parameters

bundleId

required

string

The id of a bundle

Example: enbllojq9J9J105DL1d6

query Parameters

after	string The cursor used for pagination. It represents the last privileged resource ID returned in the previous fetch operation. Example: after=oprbuthToCeLWOBwh0g4
limit	integer <int32> <= 1000 Default: 200 Specifies the batch size of the results to be returned

Responses

200

OK

403

Forbidden

429

Too Many Requests

get/api/v1/iam/governance/bundles/{bundleId}/entitlements

Request samples

curl -i -X GET \
  'https://subdomain.okta.com/api/v1/iam/governance/bundles/{bundleId}/entitlements' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

200
403
429

application/json

{"entitlements": [{"id": "espfxqCAJWWGELFTYASJ",
"role": "GROUP_MEMBERSHIP_ADMIN",
"name": "Group Membership Admin",
"description": "Perform all admin activities for groups in the org",
"_links": {"values": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements/espfxqCAJWWGELFTYASJ/values"
}
}
],
"_links": {"self": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles?limit=2&after=10"
},
"next": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles?after=bundleId12"
},
"bundle": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA"
}
}
}

List all entitlement values for a bundle entitlement
OAuth 2.0:
okta.roles.read

Lists all Entitlement Values specific to a Bundle Entitlement

Request

path Parameters

bundleId required	string The `id` of a bundle Example: enbllojq9J9J105DL1d6
entitlementId required	string The `id` of a bundle entitlement Example: ent4rg7fltWSgrlDT8g6

query Parameters

after	string The cursor used for pagination. It represents the last privileged resource ID returned in the previous fetch operation. Example: after=oprbuthToCeLWOBwh0g4
limit	integer <int32> <= 1000 Default: 200 Specifies the batch size of the results to be returned

Responses

200

OK

403

Forbidden

429

Too Many Requests

get/api/v1/iam/governance/bundles/{bundleId}/entitlements/{entitlementId}/values

Request samples

curl -i -X GET \
  'https://subdomain.okta.com/api/v1/iam/governance/bundles/{bundleId}/entitlements/{entitlementId}/values' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

200
403
429

application/json

{"entitlementValues": [{"id": "entfxqCAJWWGELFTYAAA",
"value": "orn:okta:00o5rb5mt2H3d1TJd0h7:groups:00guaxWZ0AOa5NFAj0g3",
"name": "Restricted users group",
"_links": {"group": "http://your-subdomain.okta.com/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
}
}
],
"_links": {"self": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles?limit=2&after=10"
},
"bundle": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA"
},
"entitlements": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements"
}
}
}

Retrieve the opt-in status from RAMP
OAuth 2.0:
okta.roles.read

Retrieves the opt-in status of the Admin Console from RAMP

Responses

200

OK

403

Forbidden

429

Too Many Requests

get/api/v1/iam/governance/optIn

Request samples

curl -i -X GET \
  https://subdomain.okta.com/api/v1/iam/governance/optIn \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

200
403
429

application/json

{"optInStatus": "OPTING_IN",
"_links": {"optInStatus": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/optIn"
}
}
}

Opt in the Admin Console to RAMP
OAuth 2.0:
okta.roles.manage

Opts in the Admin Console to RAMP

Responses

200

Success

403

Forbidden

429

Too Many Requests

post/api/v1/iam/governance/optIn

Request samples

curl -i -X POST \
  https://subdomain.okta.com/api/v1/iam/governance/optIn \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

200
403
429

application/json

{"optInStatus": "OPTING_IN",
"_links": {"optInStatus": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/optIn"
}
}
}

Opt out the Admin Console from RAMP
OAuth 2.0:
okta.roles.manage

Opts out the Admin Console from RAMP

Responses

200

Success

403

Forbidden

429

Too Many Requests

post/api/v1/iam/governance/optOut

Request samples

curl -i -X POST \
  https://subdomain.okta.com/api/v1/iam/governance/optOut \
  -H 'Authorization: YOUR_API_KEY_HERE'

Response samples

200
403
429

application/json

{"optInStatus": "OPTING_OUT",
"_links": {"optInStatus": {"href": "http://your-subdomain.okta.com/api/v1/iam/governance/optIn"
}
}
}

IAM Governance Bundles

List all governance bundles for the Admin ConsoleOAuth 2.0: okta.roles.read

query Parameters

Create a governance bundle for the Admin Console in RAMPOAuth 2.0: okta.roles.manage

Request Body schema: application/jsonrequired

Retrieve a governance bundle from RAMPOAuth 2.0: okta.roles.read

path Parameters

Replace a governance bundle in RAMPOAuth 2.0: okta.roles.manage

path Parameters

Request Body schema: application/jsonrequired

Delete a governance bundle from RAMPOAuth 2.0: okta.roles.manage

path Parameters

List all entitlements for a governance bundleOAuth 2.0: okta.roles.read

path Parameters

query Parameters

List all entitlement values for a bundle entitlementOAuth 2.0: okta.roles.read

path Parameters

query Parameters

Retrieve the opt-in status from RAMPOAuth 2.0: okta.roles.read

Opt in the Admin Console to RAMPOAuth 2.0: okta.roles.manage

Opt out the Admin Console from RAMPOAuth 2.0: okta.roles.manage

List all governance bundles for the Admin Console
OAuth 2.0:
okta.roles.read

Create a governance bundle for the Admin Console in RAMP
OAuth 2.0:
okta.roles.manage

Request Body schema: application/json
required

Retrieve a governance bundle from RAMP
OAuth 2.0:
okta.roles.read

Replace a governance bundle in RAMP
OAuth 2.0:
okta.roles.manage

Request Body schema: application/json
required

Delete a governance bundle from RAMP
OAuth 2.0:
okta.roles.manage

List all entitlements for a governance bundle
OAuth 2.0:
okta.roles.read

List all entitlement values for a bundle entitlement
OAuth 2.0:
okta.roles.read

Retrieve the opt-in status from RAMP
OAuth 2.0:
okta.roles.read

Opt in the Admin Console to RAMP
OAuth 2.0:
okta.roles.manage

Opt out the Admin Console from RAMP
OAuth 2.0:
okta.roles.manage