Identity Providers

The Identity Providers API provides operations to manage federations with external Identity Providers (IdP). For example, your app can support signing in with credentials from Apple, Facebook, Google, LinkedIn, Microsoft, an enterprise IdP using SAML 2.0, or an IdP using the OpenID Connect (OIDC) protocol.

List all Identity Providers
OAuth 2.0: okta.idps.read

Lists all identity provider integrations with pagination. A subset of IdPs can be returned that match a supported filter expression or query.

Request
query Parameters
q
string

Searches the name property of IdPs for matching value

after
string

Specifies the pagination cursor for the next page of IdPs

limit
integer <int32>
Default: 20

Specifies the number of IdP results in a page

type
string

Filters IdPs by type

Responses
200

Success

403

Forbidden

429

Too Many Requests

get/api/v1/idps
Request samples
Response samples
application/json
[
  • {
    • "created": "2019-08-24T14:15:22Z",
    • "id": "string",
    • "issuerMode": "CUSTOM_URL",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "name": "string",
    • "policy": {
      },
    • "properties": {
      },
    • "protocol": {
      },
    • "status": "ACTIVE",
    • "type": "AgentlessDSSO",
    • "_links": {
      }
    }
]

Create an Identity Provider
OAuth 2.0: okta.idps.manage

Creates a new identity provider integration

Request
Request Body schema: application/json
required
issuerMode
string (IssuerMode)
Enum: "CUSTOM_URL" "DYNAMIC" "ORG_URL"
name
string
object (IdentityProviderPolicy)
object (PolicyAccountLink)
action
string (PolicyAccountLinkAction)
Enum: "AUTO" "DISABLED"
object (PolicyAccountLinkFilter)
mapAMRClaims
boolean
Default: false
Enable mapping AMR from IdP to Okta to downstream apps
maxClockSkew
integer
object (Provisioning)
action
string (ProvisioningAction)
Enum: "AUTO" "CALLOUT" "DISABLED"
object (ProvisioningConditions)
object (ProvisioningGroups)
profileMaster
boolean
object (PolicySubject)
filter
string
format
Array of strings
matchAttribute
string
matchType
string (PolicySubjectMatchType)
Enum: "CUSTOM_ATTRIBUTE" "EMAIL" "USERNAME" "USERNAME_OR_EMAIL"
object (PolicyUserNameTemplate)
object or null (IdentityProviderProperties)
additionalAmr
Array of strings or null
object (Protocol)
object (ProtocolAlgorithms)
object (ProtocolAlgorithmType)
object (ProtocolAlgorithmType)
object (IdentityProviderCredentials)
object (IdentityProviderCredentialsClient)
object (IdentityProviderCredentialsSigning)
object (IdentityProviderCredentialsTrust)
object (ProtocolEndpoints)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
binding
string (ProtocolEndpointBinding)
Enum: "HTTP-POST" "HTTP-REDIRECT"
destination
string
type
string (ProtocolEndpointType)
Enum: "INSTANCE" "ORG"
url
string
object (ProtocolRelayState)
format
string (ProtocolRelayStateFormat)
Enum: "FROM_URL" "OPAQUE"
scopes
Array of strings
object (ProtocolSettings)
nameFormat
string
type
string (ProtocolType)
Enum: "MTLS" "OAUTH2" "OIDC" "SAML2"
status
string (LifecycleStatus)
Enum: "ACTIVE" "INACTIVE"
type
string (IdentityProviderType)
Enum: "AgentlessDSSO" "FACEBOOK" "GOOGLE" "IWA" "LINKEDIN" "MICROSOFT" "OIDC" "OKTA" "SAML2" "X509"
Responses
200

Success

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/idps
Request samples
application/json
{
  • "issuerMode": "CUSTOM_URL",
  • "name": "string",
  • "policy": {
    • "accountLink": {
      },
    • "mapAMRClaims": false,
    • "maxClockSkew": 0,
    • "provisioning": {
      },
    • "subject": {
      }
    },
  • "properties": {
    • "additionalAmr": [
      ]
    },
  • "protocol": {
    • "algorithms": {
      },
    • "credentials": {
      },
    • "endpoints": {
      },
    • "issuer": {
      },
    • "relayState": {
      },
    • "scopes": [
      ],
    • "settings": {
      },
    • "type": "MTLS"
    },
  • "status": "ACTIVE",
  • "type": "AgentlessDSSO"
}
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuerMode": "CUSTOM_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "policy": {
    • "accountLink": {
      },
    • "mapAMRClaims": false,
    • "maxClockSkew": 0,
    • "provisioning": {
      },
    • "subject": {
      }
    },
  • "properties": {
    • "additionalAmr": [
      ]
    },
  • "protocol": {
    • "algorithms": {
      },
    • "credentials": {
      },
    • "endpoints": {
      },
    • "issuer": {
      },
    • "relayState": {
      },
    • "scopes": [
      ],
    • "settings": {
      },
    • "type": "MTLS"
    },
  • "status": "ACTIVE",
  • "type": "AgentlessDSSO",
  • "_links": {
    • "self": {
      },
    • "acs": {
      },
    • "authorize": {
      },
    • "clientRedirectUri": {
      },
    • "metadata": {
      },
    • "users": {
      },
    • "deactivate": {
      },
    • "activate": {
      },
    • "keys": {
      }
    }
}

List all Credential Keys
OAuth 2.0: okta.idps.read

Lists all IdP key credentials

Request
query Parameters
after
string

Specifies the pagination cursor for the next page of keys

limit
integer <int32>
Default: 20

Specifies the number of key results in a page

Responses
200

Success

403

Forbidden

429

Too Many Requests

get/api/v1/idps/credentials/keys
Request samples
Response samples
application/json
[
  • {
    • "alg": "string",
    • "created": "2019-08-24T14:15:22Z",
    • "e": "string",
    • "expiresAt": "2019-08-24T14:15:22Z",
    • "key_ops": [
      ],
    • "kid": "string",
    • "kty": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "n": "string",
    • "status": "string",
    • "use": "string",
    • "x5c": [
      ],
    • "x5t": "string",
    • "x5t#S256": "string",
    • "x5u": "string",
    • "_links": {
      }
    }
]

Create an X.509 Certificate Public Key
OAuth 2.0: okta.idps.manage

Creates a new X.509 certificate credential to the IdP key store.

Request
Request Body schema: application/json
required
alg
string

The algorithm used with the Key. Valid value: RS256

key_ops
Array of strings

Identifies the operation(s) for which the key is intended to be used

n
string

RSA modulus value that is used by both the public and private keys and provides a link between them

status
string

An ACTIVE Key is used to sign tokens issued by the authorization server. Supported values: ACTIVE, NEXT, or EXPIRED
A NEXT Key is the next Key that the authorization server uses to sign tokens when Keys are rotated. The NEXT Key might not be listed if it hasn't been generated yet. An EXPIRED Key is the previous Key that the authorization server used to sign tokens. The EXPIRED Key might not be listed if no Key has expired or the expired Key was deleted.

Responses
200

Success

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/idps/credentials/keys
Request samples
application/json
{
  • "alg": "string",
  • "key_ops": [
    • "string"
    ],
  • "n": "string",
  • "status": "string"
}
Response samples
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    • "string"
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    • "string"
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string",
  • "_links": {
    • "self": {
      }
    }
}

Retrieve an Credential Key
OAuth 2.0: okta.idps.read

Retrieves a specific IdP Key Credential by kid

Request
path Parameters
idpKeyId
required
string

id of IdP Key

Example: KmMo85SSsU7TZzOShcGb
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/idps/credentials/keys/{idpKeyId}
Request samples
Response samples
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    • "string"
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    • "string"
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string",
  • "_links": {
    • "self": {
      }
    }
}

Delete a Signing Credential Key
OAuth 2.0: okta.idps.manage

Deletes a specific IdP Key Credential by kid if it is not currently being used by an Active or Inactive IdP

Request
path Parameters
idpKeyId
required
string

id of IdP Key

Example: KmMo85SSsU7TZzOShcGb
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/idps/credentials/keys/{idpKeyId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Retrieve an Identity Provider
OAuth 2.0: okta.idps.read

Retrieves an identity provider integration by idpId

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/idps/{idpId}
Request samples
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuerMode": "CUSTOM_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "policy": {
    • "accountLink": {
      },
    • "mapAMRClaims": false,
    • "maxClockSkew": 0,
    • "provisioning": {
      },
    • "subject": {
      }
    },
  • "properties": {
    • "additionalAmr": [
      ]
    },
  • "protocol": {
    • "algorithms": {
      },
    • "credentials": {
      },
    • "endpoints": {
      },
    • "issuer": {
      },
    • "relayState": {
      },
    • "scopes": [
      ],
    • "settings": {
      },
    • "type": "MTLS"
    },
  • "status": "ACTIVE",
  • "type": "AgentlessDSSO",
  • "_links": {
    • "self": {
      },
    • "acs": {
      },
    • "authorize": {
      },
    • "clientRedirectUri": {
      },
    • "metadata": {
      },
    • "users": {
      },
    • "deactivate": {
      },
    • "activate": {
      },
    • "keys": {
      }
    }
}

Replace an Identity Provider
OAuth 2.0: okta.idps.manage

Replaces an identity provider integration by idpId

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
Request Body schema: application/json
required
issuerMode
string (IssuerMode)
Enum: "CUSTOM_URL" "DYNAMIC" "ORG_URL"
name
string
object (IdentityProviderPolicy)
object (PolicyAccountLink)
action
string (PolicyAccountLinkAction)
Enum: "AUTO" "DISABLED"
object (PolicyAccountLinkFilter)
mapAMRClaims
boolean
Default: false
Enable mapping AMR from IdP to Okta to downstream apps
maxClockSkew
integer
object (Provisioning)
action
string (ProvisioningAction)
Enum: "AUTO" "CALLOUT" "DISABLED"
object (ProvisioningConditions)
object (ProvisioningGroups)
profileMaster
boolean
object (PolicySubject)
filter
string
format
Array of strings
matchAttribute
string
matchType
string (PolicySubjectMatchType)
Enum: "CUSTOM_ATTRIBUTE" "EMAIL" "USERNAME" "USERNAME_OR_EMAIL"
object (PolicyUserNameTemplate)
object or null (IdentityProviderProperties)
additionalAmr
Array of strings or null
object (Protocol)
object (ProtocolAlgorithms)
object (ProtocolAlgorithmType)
object (ProtocolAlgorithmType)
object (IdentityProviderCredentials)
object (IdentityProviderCredentialsClient)
object (IdentityProviderCredentialsSigning)
object (IdentityProviderCredentialsTrust)
object (ProtocolEndpoints)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
object (ProtocolEndpoint)
binding
string (ProtocolEndpointBinding)
Enum: "HTTP-POST" "HTTP-REDIRECT"
destination
string
type
string (ProtocolEndpointType)
Enum: "INSTANCE" "ORG"
url
string
object (ProtocolRelayState)
format
string (ProtocolRelayStateFormat)
Enum: "FROM_URL" "OPAQUE"
scopes
Array of strings
object (ProtocolSettings)
nameFormat
string
type
string (ProtocolType)
Enum: "MTLS" "OAUTH2" "OIDC" "SAML2"
status
string (LifecycleStatus)
Enum: "ACTIVE" "INACTIVE"
type
string (IdentityProviderType)
Enum: "AgentlessDSSO" "FACEBOOK" "GOOGLE" "IWA" "LINKEDIN" "MICROSOFT" "OIDC" "OKTA" "SAML2" "X509"
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/idps/{idpId}
Request samples
application/json
{
  • "issuerMode": "CUSTOM_URL",
  • "name": "string",
  • "policy": {
    • "accountLink": {
      },
    • "mapAMRClaims": false,
    • "maxClockSkew": 0,
    • "provisioning": {
      },
    • "subject": {
      }
    },
  • "properties": {
    • "additionalAmr": [
      ]
    },
  • "protocol": {
    • "algorithms": {
      },
    • "credentials": {
      },
    • "endpoints": {
      },
    • "issuer": {
      },
    • "relayState": {
      },
    • "scopes": [
      ],
    • "settings": {
      },
    • "type": "MTLS"
    },
  • "status": "ACTIVE",
  • "type": "AgentlessDSSO"
}
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuerMode": "CUSTOM_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "policy": {
    • "accountLink": {
      },
    • "mapAMRClaims": false,
    • "maxClockSkew": 0,
    • "provisioning": {
      },
    • "subject": {
      }
    },
  • "properties": {
    • "additionalAmr": [
      ]
    },
  • "protocol": {
    • "algorithms": {
      },
    • "credentials": {
      },
    • "endpoints": {
      },
    • "issuer": {
      },
    • "relayState": {
      },
    • "scopes": [
      ],
    • "settings": {
      },
    • "type": "MTLS"
    },
  • "status": "ACTIVE",
  • "type": "AgentlessDSSO",
  • "_links": {
    • "self": {
      },
    • "acs": {
      },
    • "authorize": {
      },
    • "clientRedirectUri": {
      },
    • "metadata": {
      },
    • "users": {
      },
    • "deactivate": {
      },
    • "activate": {
      },
    • "keys": {
      }
    }
}

Delete an Identity Provider
OAuth 2.0: okta.idps.manage

Deletes an identity provider integration by idpId

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/idps/{idpId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Certificate Signing Requests
OAuth 2.0: okta.idps.read

Lists all Certificate Signing Requests for an IdP

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/idps/{idpId}/credentials/csrs
Request samples
Response samples
application/json
[
  • {
    • "created": "2019-08-24T14:15:22Z",
    • "csr": "string",
    • "id": "string",
    • "kty": "string"
    }
]

Generate a Certificate Signing Request
OAuth 2.0: okta.idps.manage

Generates a new key pair and returns a Certificate Signing Request for it

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
Request Body schema: application/json
required
object (CsrMetadataSubject)
commonName
string
countryName
string
localityName
string
organizationalUnitName
string
organizationName
string
stateOrProvinceName
string
object (CsrMetadataSubjectAltNames)
dnsNames
Array of strings
Responses
201

Created

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/idps/{idpId}/credentials/csrs
Request samples
application/json
{
  • "subject": {
    • "commonName": "string",
    • "countryName": "string",
    • "localityName": "string",
    • "organizationalUnitName": "string",
    • "organizationName": "string",
    • "stateOrProvinceName": "string"
    },
  • "subjectAltNames": {
    • "dnsNames": [
      ]
    }
}
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "csr": "string",
  • "id": "string",
  • "kty": "string"
}

Retrieve a Certificate Signing Request
OAuth 2.0: okta.idps.read

Retrieves a specific Certificate Signing Request model by id

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
idpCsrId
required
string

id of the IdP CSR

Example: 1uEhyE65oV3H6KM9gYcN
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}
Request samples
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "csr": "string",
  • "id": "string",
  • "kty": "string"
}

Revoke a Certificate Signing Request
OAuth 2.0: okta.idps.manage

Revokes a certificate signing request and deletes the key pair from the IdP

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
idpCsrId
required
string

id of the IdP CSR

Example: 1uEhyE65oV3H6KM9gYcN
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Publish a Certificate Signing Request
OAuth 2.0: okta.idps.manage

Publishes a certificate signing request with a signed X.509 certificate and adds it into the signing key credentials for the IdP

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
idpCsrId
required
string

id of the IdP CSR

Example: 1uEhyE65oV3H6KM9gYcN
Request Body schema:
required
string <binary>
Responses
201

Created

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}/lifecycle/publish
Request samples
Response samples
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    • "string"
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    • "string"
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string",
  • "_links": {
    • "self": {
      }
    }
}

List all Signing Credential Keys
OAuth 2.0: okta.idps.read

Lists all signing key credentials for an IdP

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/idps/{idpId}/credentials/keys
Request samples
Response samples
application/json
[
  • {
    • "alg": "string",
    • "created": "2019-08-24T14:15:22Z",
    • "e": "string",
    • "expiresAt": "2019-08-24T14:15:22Z",
    • "key_ops": [
      ],
    • "kid": "string",
    • "kty": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "n": "string",
    • "status": "string",
    • "use": "string",
    • "x5c": [
      ],
    • "x5t": "string",
    • "x5t#S256": "string",
    • "x5u": "string",
    • "_links": {
      }
    }
]

Generate a new Signing Credential Key
OAuth 2.0: okta.idps.manage

Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
query Parameters
validityYears
required
integer <int32>

expiry of the IdP Key Credential

Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/idps/{idpId}/credentials/keys/generate
Request samples
Response samples
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    • "string"
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    • "string"
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string",
  • "_links": {
    • "self": {
      }
    }
}

Retrieve a Signing Credential Key
OAuth 2.0: okta.idps.read

Retrieves a specific IdP Key Credential by kid

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
idpKeyId
required
string

id of IdP Key

Example: KmMo85SSsU7TZzOShcGb
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/idps/{idpId}/credentials/keys/{idpKeyId}
Request samples
Response samples
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    • "string"
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    • "string"
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string",
  • "_links": {
    • "self": {
      }
    }
}

Clone a Signing Credential Key
OAuth 2.0: okta.idps.manage

Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
idpKeyId
required
string

id of IdP Key

Example: KmMo85SSsU7TZzOShcGb
query Parameters
targetIdpId
required
string
Responses
201

Created

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/idps/{idpId}/credentials/keys/{idpKeyId}/clone
Request samples
Response samples
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    • "string"
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    • "string"
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string",
  • "_links": {
    • "self": {
      }
    }
}

Activate an Identity Provider
OAuth 2.0: okta.idps.manage

Activates an inactive IdP

Request
path Parameters
idpId
required
string

id of IdP

Example: SVHoAOh0l8cPQkVX1LRl
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/idps/{idpId}/lifecycle/activate
Request samples
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuerMode": "CUSTOM_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "policy": {
    • "accountLink": {
      },
    • "mapAMRClaims": false,
    • "maxClockSkew": 0,
    • "provisioning": {
      },
    • "subject": {
      }
    },
  • "properties": {
    • "additionalAmr": [
      ]
    },
  • "protocol": {
    • "algorithms": {
      },
    • "credentials": {
      },
    • "endpoints": {
      },
    • "issuer": {
      },
    • "relayState": {
      },
    • "scopes": [
      ],
    • "settings": {
      },
    • "type": "MTLS"
    },
  • "status": "ACTIVE",
  • "type": "AgentlessDSSO",
  • "_links": {
    • "self": {
      },
    • "acs": {
      },
    • "authorize": {
      },
    • "clientRedirectUri": {
      },
    • "metadata": {
      },
    • "users": {