The Identity Provider Users API provides operations to manage Identity Provider Users.
okta.idps.read
Lists all the Users linked to an Identity Provider
q | string Searches the records for matching value |
after | string The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the |
limit | integer [ 1 .. 200 ] Default: 20 A limit on the number of objects to return |
expand | string Expand user data Example: expand=user |
Success
Forbidden
Not Found
Too Many Requests
[- {
- "id": "00u5cl9lo7nMjHjPr0h7",
- "externalId": "109912936038778",
- "created": "2015-11-03T19:10:11.000Z",
- "lastUpdated": "2015-11-03T19:11:49.000Z",
- "profile": {
- "firstName": "Carol",
- "middleName": "Lee",
- "lastName": "Johnson",
- "email": "carol_johnson@tfbnw.net",
- "displayName": "Carol Johnson",
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "DELETE"
]
}
},
}
}
]
okta.idps.read
Retrieves a linked IdP User by ID
Success
Forbidden
Not Found
Too Many Requests
{- "id": "00u5t60iloOHN9pBi0h7",
- "externalId": "externalId",
- "created": "2017-12-19T17:30:16.000Z",
- "lastUpdated": "2017-12-19T17:30:16.000Z",
- "profile": {
- "profileUrl": null,
- "firstName": null,
- "lastName": null,
- "honorificSuffix": null,
- "displayName": null,
- "honorificPrefix": null,
- "middleName": null,
- "email": null
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "DELETE"
]
}
},
}
}
okta.users.manage
Links an Okta User to an existing SAML or social Identity Provider.
The SAML Identity Provider must have honorPersistentNameId
set to true
to use this API.
The Name Identifier Format of the incoming assertion must be urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
.
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "externalId": "121749775026145"
}
{- "id": "00ub0oNGTSWTBKOLGLNR",
- "externalId": "121749775026145",
- "created": "2017-03-30T02:19:51.000Z",
- "lastUpdated": "2017-03-30T02:19:51.000Z",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "DELETE"
]
}
},
}
}
okta.idps.manage
Unlinks the Okta User and the IdP User. The next time the User federates into Okta through this IdP, they have to re-link their account according to the account link policy.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.idps.read
Lists the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.
Okta doesn't import all the User information from a social provider. If the app needs information that isn't imported, it can get the User token from this endpoint. Then the app can make an API call to the social provider with the token to request the additional information.
Success
Forbidden
Not Found
Too Many Requests
[- {
- "id": "<unique token identifier>",
- "token": "JBTWGV22G4ZGKV3N",
- "tokenType": "urn:ietf:params:oauth:token-type:access_token",
- "tokenAuthScheme": "Bearer",
- "expiresAt": "2014-08-06T16:56:31.000Z",
- "scopes": [
- "openid",
- "foo"
]
}, - {
- "id": "<unique token identifier>",
- "token": "JBTWGV22G4ZJBRXJ",
- "tokenType": "urn:ietf:params:oauth:token-type:id_token",
- "tokenAuthScheme": null
}
]
okta.users.read
Lists the IdPs associated with the User
Success
Forbidden
Not Found
Too Many Requests
[- {
- "id": "0oa62b57p7c8PaGpU0h7",
- "type": "FACEBOOK",
- "name": "Facebook",
- "status": "ACTIVE",
- "created": "2016-03-24T23:18:27.000Z",
- "lastUpdated": "2016-03-24T23:18:27.000Z",
- "protocol": {
- "type": "OAUTH2",
- "endpoints": {
}, - "scopes": [
- "public_profile",
- "email"
], - "credentials": {
- "client": {
- "client_id": "your-client-id",
- "client_secret": "your-client-secret"
}
}
}, - "policy": {
- "provisioning": {
- "action": "AUTO",
- "profileMaster": true,
- "groups": {
- "action": "NONE"
}, - "conditions": {
- "deprovisioned": {
- "action": "NONE"
}, - "suspended": {
- "action": "NONE"
}
}
}, - "accountLink": {
- "filter": null,
- "action": "AUTO"
}, - "subject": {
- "userNameTemplate": {
- "template": "idpuser.userPrincipalName"
}, - "filter": null,
- "matchType": "USERNAME"
}, - "mapAMRClaims": false,
- "maxClockSkew": 0
}, - "_links": {
- "authorize": {
- "templated": true,
- "hints": {
- "allow": [
- "GET"
]
}
}, - "clientRedirectUri": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}, - {
- "id": "0oa62bc8wppPw0UGr0h7",
- "type": "SAML2",
- "name": "Example SAML IdP",
- "status": "ACTIVE",
- "created": "2016-03-24T23:14:54.000Z",
- "lastUpdated": "2016-03-24T23:14:54.000Z",
- "protocol": {
- "type": "SAML2",
- "endpoints": {
- "sso": {
- "binding": "HTTP-POST",
}, - "acs": {
- "binding": "HTTP-POST",
- "type": "INSTANCE"
}
}, - "algorithms": {
- "request": {
- "signature": {
- "algorithm": "SHA-256",
- "scope": "REQUEST"
}
}, - "response": {
- "signature": {
- "algorithm": "SHA-256",
- "scope": "ANY"
}
}
}, - "settings": {
- "nameFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
}, - "credentials": {
- "trust": {
- "kid": "your-key-id"
}
}
}, - "policy": {
- "provisioning": {
- "action": "AUTO",
- "profileMaster": true,
- "groups": {
- "action": "NONE"
}, - "conditions": {
- "deprovisioned": {
- "action": "NONE"
}, - "suspended": {
- "action": "NONE"
}
}
}, - "accountLink": {
- "filter": null,
- "action": "AUTO"
}, - "subject": {
- "userNameTemplate": {
- "template": "saml.subjectNameId"
}, - "filter": "(\\S+@example\\.com)",
- "matchType": "USERNAME"
}, - "mapAMRClaims": false,
- "maxClockSkew": 0
}, - "_links": {
- "metadata": {
- "type": "application/xml",
- "hints": {
- "allow": [
- "GET"
]
}
}, - "acs": {
- "type": "application/xml",
- "hints": {
- "allow": [
- "POST"
]
}
}, - "users": {
- "hints": {
- "allow": [
- "GET"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}, - {
- "id": "0oa62bfdiumsUndnZ0h7",
- "type": "GOOGLE",
- "name": "Google",
- "status": "ACTIVE",
- "created": "2016-03-24T23:21:49.000Z",
- "lastUpdated": "2016-03-24T23:21:49.000Z",
- "protocol": {
- "type": "OIDC",
- "endpoints": {
}, - "scopes": [
- "profile",
- "email",
- "openid"
], - "credentials": {
- "client": {
- "client_id": "your-client-id",
- "client_secret": "your-client-secret"
}
}
}, - "policy": {
- "provisioning": {
- "action": "AUTO",
- "profileMaster": true,
- "groups": {
- "action": "NONE"
}, - "conditions": {
- "deprovisioned": {
- "action": "NONE"
}, - "suspended": {
- "action": "NONE"
}
}
}, - "accountLink": {
- "filter": null,
- "action": "AUTO"
}, - "subject": {
- "userNameTemplate": {
- "template": "idpuser.userPrincipalName"
}, - "filter": null,
- "matchType": "USERNAME"
}, - "mapAMRClaims": false,
- "maxClockSkew": 0
}, - "_links": {
- "authorize": {
- "templated": true,
- "hints": {
- "allow": [
- "GET"
]
}
}, - "clientRedirectUri": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}, - {
- "id": "0oa62bfdjnK55Z5x80h7",
- "type": "LINKEDIN",
- "name": "LinkedIn",
- "status": "ACTIVE",
- "created": "2016-03-24T23:23:59.000Z",
- "lastUpdated": "2016-03-24T23:23:59.000Z",
- "protocol": {
- "type": "OAUTH2",
- "endpoints": {
- "authorization": {
- "binding": "HTTP-REDIRECT"
},
}, - "scopes": [
- "r_basicprofile",
- "r_emailaddress"
], - "credentials": {
- "client": {
- "client_id": "your-client-id",
- "client_secret": "your-client-secret"
}
}
}, - "policy": {
- "provisioning": {
- "action": "AUTO",
- "profileMaster": true,
- "groups": {
- "action": "NONE"
}, - "conditions": {
- "deprovisioned": {
- "action": "NONE"
}, - "suspended": {
- "action": "NONE"
}
}
}, - "accountLink": {
- "filter": null,
- "action": "AUTO"
}, - "subject": {
- "userNameTemplate": {
- "template": "idpuser.userPrincipalName"
}, - "filter": null,
- "matchType": "USERNAME"
}, - "mapAMRClaims": false,
- "maxClockSkew": 0
}, - "_links": {
- "authorize": {
- "templated": true,
- "hints": {
- "allow": [
- "GET"
]
}
}, - "clientRedirectUri": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}, - {
- "id": "0oajmvdFawBih4gey0g3",
- "type": "MICROSOFT",
- "name": "Microsoft",
- "status": "ACTIVE",
- "created": "2016-03-29T16:47:36.000Z",
- "lastUpdated": "2016-03-29T16:47:36.000Z",
- "protocol": {
- "type": "OIDC",
- "endpoints": {
- "authorization": {
- "binding": "HTTP-REDIRECT"
}, - "token": {
- "binding": "HTTP-POST"
}
}, - "credentials": {
- "client": {
- "client_id": "your-client-id",
- "client_secret": "your-client-secret"
}
}
}, - "policy": {
- "provisioning": {
- "action": "AUTO",
- "profileMaster": true,
- "groups": {
- "action": "NONE"
}, - "conditions": {
- "deprovisioned": {
- "action": "NONE"
}, - "suspended": {
- "action": "NONE"
}
}
}, - "accountLink": {
- "filter": null,
- "action": "AUTO"
}, - "subject": {
- "userNameTemplate": {
- "template": "idpuser.userPrincipalName"
}, - "filter": null,
- "matchType": "USERNAME"
}, - "mapAMRClaims": false,
- "maxClockSkew": 0
}, - "_links": {
- "authorize": {
- "templated": true,
- "hints": {
- "allow": [
- "GET"
]
}
}, - "clientRedirectUri": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}, - {
- "id": "0oaulob4BFVa4zQvt0g3",
- "type": "OIDC",
- "name": "Example OpenID Connect IdP",
- "status": "ACTIVE",
- "created": "2019-02-07T20:07:47.000Z",
- "lastUpdated": "2019-02-07T20:07:47.000Z",
- "protocol": {
- "type": "OIDC",
- "endpoints": {
}, - "scopes": [
- "openid"
], - "credentials": {
- "client": {
- "client_id": "your-client-id",
- "client_secret": "your-client-secret"
}
}
}, - "policy": {
- "provisioning": {
- "action": "AUTO",
- "profileMaster": false,
- "groups": {
- "action": "NONE"
}, - "conditions": {
- "deprovisioned": {
- "action": "NONE"
}, - "suspended": {
- "action": "NONE"
}
}
}, - "accountLink": {
- "filter": null,
- "action": "AUTO"
}, - "subject": {
- "userNameTemplate": {
- "template": "idpuser.email"
}, - "filter": null,
- "matchType": "USERNAME",
- "matchAttribute": null
}, - "mapAMRClaims": false,
- "maxClockSkew": 0
}, - "_links": {
- "authorize": {
- "templated": true,
- "hints": {
- "allow": [
- "GET"
]
}
}, - "clientRedirectUri": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}, - {
- "id": "0oa6jxasyhwM2ZHJh0g4",
- "type": "X509",
- "name": "Smart Card IDP Name",
- "status": "ACTIVE",
- "created": "2020-01-07T00:19:27.000Z",
- "lastUpdated": "2020-01-07T00:19:27.000Z",
- "properties": {
- "additionalAmr": [
- "sc",
- "hwk",
- "pin",
- "mfa"
]
}, - "protocol": {
- "type": "MTLS",
- "credentials": {
- "trust": {
- "issuer": "CN=Test Smart Card, OU=Test OU, O=Test O, C=US",
- "audience": null,
- "kid": "45dec5ff-8cdc-48c0-85fe-a4869f1753dc",
- "revocation": "CRL",
- "revocationCacheLifetime": 2880
}
}
}, - "policy": {
- "provisioning": {
- "action": "DISABLED",
- "profileMaster": false,
- "groups": null
}, - "subject": {
- "userNameTemplate": {
- "template": "idpuser.subjectAltNameEmail"
}, - "filter": null,
- "matchType": "EMAIL",
- "matchAttribute": null
}, - "mapAMRClaims": false,
- "maxClockSkew": 0
}, - "_links": {
- "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}, - "users": {
- "hints": {
- "allow": [
- "GET"
]
}
}, - "keys": {
- "hints": {
- "allow": [
- "GET"
]
}
}
}
}
]