Org Creator

Note: You need to have the Platform—Multi-org Deployment product to enable the Org Creator API feature. Contact your Okta account team for more information.

The Org Creator API provides an operation to create Okta orgs (child orgs) based on features from your current org (the parent org). See Org Creator.

Create an org
OAuth 2.0: okta.orgs.manage

Creates an org (child org) that has the same features as the current requesting org (parent org). A child org inherits any new features added to the parent org, but new features added to the child org aren't propagated back to the parent org.

Notes:

  • Some features associated with products, such as Atspoke, Workflows, and Okta Identity Governance, aren't propagated to the child org.
  • Wait at least 30 seconds after a 201-Created response before you make API requests to the new child org.
  • For rate limits, see Org creation rate limits.
Request
Request Body schema: application/json
required
object (OrgCreationAdmin)

Profile and credential information for the first super admin user of the child org. If you plan to configure and manage the org programmatically, create a system user with a dedicated email address and a strong password.

Note: If you don't provide credentials, the super admin user is prompted to set up their credentials when they sign in to the org for the first time.

required
object

Specifies the profile attributes for the first super admin user. The minimal set of required attributes are email, firstName, lastName, and login. See profile for additional profile attributes.

email
required
string <email> [ 5 .. 100 ] characters

The primary email address of the User. For validation, see RFC 5322 Section 3.2.3.

login
required
string <= 100 characters

The unique identifier for the User (username)

firstName
required
string or null [ 1 .. 50 ] characters

Given name of the User (givenName)

lastName
required
string or null [ 1 .. 50 ] characters

The family name of the User (familyName)

property name*
additional property
any
object

Specifies primary authentication and recovery credentials for a user. Credential types and requirements vary depending on the provider and security policy of the org.

object

Specifies a password for a user

Note: For information on defaults and configuring your password policies, see Configure the password authenticator in the help documentation.

object (RecoveryQuestionCredential)

Specifies a secret question and answer that's validated (case insensitive) when a user forgets their password or unlocks their account. The answer property is write-only.

edition
required
string

Edition for the org. SKU is the only supported value.

Value: "SKU"
name
required
string <utf-8> [ 1 .. 100 ]

Unique name of the org. This name appears in the HTML <title> tag of the new org sign-in page. Only less than 4-width UTF-8 encoded characters are allowed.

subdomain
required
string [ 1 .. 57 ]

Subdomain of the org. Must be unique and include no spaces.

website
string

Default website for the org

Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

429

Too Many Requests

500

Internal Server Error

post/api/v1/orgs
Request samples
application/json
{
  • "subdomain": "my-child-org-1",
  • "name": "My Child Org 1",
  • "edition": "SKU",
  • "admin": {
    • "profile": {
      },
    • "credentials": {
      }
    }
}
Response samples
application/json
{}