Identity Provider Users

The Identity Provider Users API provides operations to manage Identity Provider Users.

List all Users for IdP
OAuth 2.0: okta.idps.read

Lists all the Users linked to an Identity Provider

Request
path Parameters
idpId
required
string

id of IdP

Example: 0oa62bfdjnK55Z5x80h7
query Parameters
q
string

Searches the records for matching value

after
string

The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination.

limit
integer [ 1 .. 200 ]
Default: 20

A limit on the number of objects to return

expand
string

Expand user data

Example: expand=user
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/idps/{idpId}/users
Request samples
Response samples
application/json
[]

Retrieve a User for IdP
OAuth 2.0: okta.idps.read

Retrieves a linked IdP User by ID

Request
path Parameters
idpId
required
string

id of IdP

Example: 0oa62bfdjnK55Z5x80h7
userId
required
string

ID of an existing Okta user

Example: 00ub0oNGTSWTBKOLGLNR
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/idps/{idpId}/users/{userId}
Request samples
Response samples
application/json
{}

Link a User to IdP
OAuth 2.0: okta.users.manage

Links an Okta User to an existing SAML or social Identity Provider.

The SAML Identity Provider must have honorPersistentNameId set to true to use this API. The Name Identifier Format of the incoming assertion must be urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.

Request
path Parameters
idpId
required
string

id of IdP

Example: 0oa62bfdjnK55Z5x80h7
userId
required
string

ID of an existing Okta user

Example: 00ub0oNGTSWTBKOLGLNR
Request Body schema: application/json
required
externalId
string

Unique IdP-specific identifier for a User

Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/idps/{idpId}/users/{userId}
Request samples
application/json
{
  • "externalId": "121749775026145"
}
Response samples
application/json
{}

Unlink a User from IdP
OAuth 2.0: okta.idps.manage

Unlinks the Okta User and the IdP User. The next time the User federates into Okta through this IdP, they have to re-link their account according to the account link policy.

Request
path Parameters
idpId
required
string

id of IdP

Example: 0oa62bfdjnK55Z5x80h7
userId
required
string

ID of an existing Okta user

Example: 00ub0oNGTSWTBKOLGLNR
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/idps/{idpId}/users/{userId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Tokens from OIDC IdP
OAuth 2.0: okta.idps.read

Lists the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.

Okta doesn't import all the User information from a social provider. If the app needs information that isn't imported, it can get the User token from this endpoint. Then the app can make an API call to the social provider with the token to request the additional information.

Request
path Parameters
idpId
required
string

id of IdP

Example: 0oa62bfdjnK55Z5x80h7
userId
required
string

ID of an existing Okta user

Example: 00ub0oNGTSWTBKOLGLNR
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/idps/{idpId}/users/{userId}/credentials/tokens
Request samples
Response samples
application/json
[
  • {
    • "id": "<unique token identifier>",
    • "token": "JBTWGV22G4ZGKV3N",
    • "tokenType": "urn:ietf:params:oauth:token-type:access_token",
    • "tokenAuthScheme": "Bearer",
    • "expiresAt": "2014-08-06T16:56:31.000Z",
    • "scopes": [
      ]
    },
  • {
    • "id": "<unique token identifier>",
    • "token": "JBTWGV22G4ZJBRXJ",
    • "tokenType": "urn:ietf:params:oauth:token-type:id_token",
    • "tokenAuthScheme": null
    }
]

List all Identity Providers for User
OAuth 2.0: okta.users.read

Lists the IdPs associated with the User

Request
path Parameters
userId
required
string

ID of an existing Okta user

Example: 00ub0oNGTSWTBKOLGLNR
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/users/{userId}/idps
Request samples
Response samples
application/json
[]