Users have relationships to each other, like manager and subordinate or customer and sales representative. You can create users with relationships by using the Linked Objects API to represent the relationship.
primary
attribute and an associated
attribute.primary
and one associated
user.For each relationship:
primary
link (a user has a single manager), but can have many associated
links (a user can have many subordinates).primary
in one relationship and the associated
in another.primary
and associated
in the same relationship.Okta Expression Language function for Linked Objects provides access to the details about a linked user.
Note: The Linked Objects feature isn't available for OpenID Connect claims.
Okta allows you to create up to 200 Linked Object definitions. These definitions are one-to-many, for example:
Most organizations have more than one manager or sales representative. You can create the Linked Object definition once, and then assign the primary
relationship to as many users as you have people in that relationship.
You can assign the associated
relationship for a single primary
user to as many users as needed. The associated
user can be related to only one primary
per Linked Object definition. But a user can be assigned to more than one Linked Object definition.
For example, assume that you've created one Linked Object definition for manager (primary
) and for subordinates (associated
):
Thus, you can create chains of relationships (Jane > Bob > Joe > Frank) or terminal relationships (Jane is both primary
and associated
user).
Then, if you create another Linked Object relationship for scrum team membership, you could assign relationships to the same four users:
Bob can be the primary
for a Manager:Subordinate, an associated
user for that same Linked Object definition, and also the primary
for the Scrumlead:Contributor Linked Object definition.
To represent a relationship, create a Linked Object definition that specifies a primary
(parent) relationship and an associated
(child) relationship, and then add a link in which the appropriate user is assigned to each side of that link type.
If you created multiple User Types, they all share the same Linked Object definitions. For example, if you have separate User Types for employees and contractors, a link could designate an employee as the manager for a contractor, with the contractor being a subordinate of that employee.
okta.linkedObjects.read
Lists all linked object definitions
Success
Forbidden
Too Many Requests
[- {
- "associated": {
- "description": "string",
- "name": "string",
- "title": "string",
- "type": "USER"
}, - "primary": {
- "description": "string",
- "name": "string",
- "title": "string",
- "type": "USER"
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
]
okta.linkedObjects.manage
Creates a linked object definition
Created
Bad Request
Forbidden
Too Many Requests
{- "associated": {
- "description": "string",
- "name": "string",
- "title": "string",
- "type": "USER"
}, - "primary": {
- "description": "string",
- "name": "string",
- "title": "string",
- "type": "USER"
}
}
{- "associated": {
- "description": "string",
- "name": "string",
- "title": "string",
- "type": "USER"
}, - "primary": {
- "description": "string",
- "name": "string",
- "title": "string",
- "type": "USER"
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.linkedObjects.read
Retrieves a linked object definition
Success
Forbidden
Not Found
Too Many Requests
{- "associated": {
- "description": "string",
- "name": "string",
- "title": "string",
- "type": "USER"
}, - "primary": {
- "description": "string",
- "name": "string",
- "title": "string",
- "type": "USER"
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.linkedObjects.manage
Deletes a linked object definition
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}