Org Support Settings

The Org Support Settings API provides operations to manage the support settings for your Okta org.

Retrieve Okta Aerial consent for your org
Early Access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN

Retrieves the Okta Aerial consent grant details for your Org. Returns a 404 Not Found error if no consent has been granted.

Responses
200

Success

400

Can't complete request due to errors

403

Forbidden

404

Consent hasn't been given and there are no grants to any Aerial Accounts

429

Too Many Requests

get/api/v1/org/privacy/aerial
Request samples
Response samples
application/json

Example response of consent details

{
  • "accountId": "0200bs0617vvhv2v675mch1cukp",
  • "grantDate": "2023-04-06T21:32:33.000Z",
  • "grantedBy": "00uabcdefg1234567890"
}

Grant Okta Aerial access to your org
Early Access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN

Grants an Okta Aerial account access to your Org. If the org is a child org, consent is taken from the parent org. Grant calls directly to the child are not allowed.

Request
Request Body schema: application/json
accountId
required
string

The unique ID of the Aerial account

Responses
200

Success

400

Can't complete request due to errors

403

Forbidden

429

Too Many Requests

post/api/v1/org/privacy/aerial/grant
Request samples
application/json

Request body to grant an Okta Aerial account access to your Org

{
  • "accountId": "0200bs0617vvhv2v675mch1cukp"
}
Response samples
application/json

Example response of consent details

{
  • "accountId": "0200bs0617vvhv2v675mch1cukp",
  • "grantDate": "2023-04-06T21:32:33.000Z",
  • "grantedBy": "00uabcdefg1234567890"
}

Revoke Okta Aerial access to your org
Early Access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN

Revokes access of an Okta Aerial account to your Org. The revoke operation will fail if the org has already been added to an Aerial account.

Request
Request Body schema: application/json
accountId
required
string

The unique ID of the Aerial account

Responses
200

Success

400

Can't complete request due to errors

403

Forbidden

429

Too Many Requests

post/api/v1/org/privacy/aerial/revoke
Request samples
application/json

Request body for revoking an Okta Aerial account

{
  • "accountId": "0200bs0617vvhv2v675mch1cukp"
}
Response samples
application/json
{
  • "_links": {
    • "grant": {
      }
    }
}

Retrieve the Okta Support settings
OAuth 2.0: okta.orgs.read
Admin roles: SUPER_ADMIN

Retrieves Okta Support Settings for your org

Responses
200

Success

403

Forbidden

429

Too Many Requests

get/api/v1/org/privacy/oktaSupport
Request samples
Response samples
application/json
{}

List all Okta Support cases
OAuth 2.0: okta.orgs.read

Lists all Okta Support cases that the requesting principal has permission to view

Responses
200

Success

403

Forbidden

429

Too Many Requests

get/api/v1/org/privacy/oktaSupport/cases
Request samples
Response samples
application/json
[
  • {
    • "impersonation": {
      },
    • "selfAssigned": {
      },
    • "subject": "Reset admin password",
    • "caseNumber": "1000001"
    },
  • {
    • "impersonation": {
      },
    • "selfAssigned": {
      },
    • "subject": "Review IP restriction configuration",
    • "caseNumber": "1000002"
    }
]

Update an Okta Support case
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN
Permissions: okta.support.cases.manage

Updates access to the org for an Okta Support case:

  • You can enable, disable, or extend access to your org for an Okta Support case.

  • You can approve Okta Support access to your org for self-assigned cases. A self-assigned case is created and assigned by the same Okta Support user.

Request
path Parameters
caseNumber
required
string

Okta Support case number

Example: 00000144
Request Body schema: application/json
object

Allows the Okta Support team to sign in to your org as an admin and troubleshoot issues

status
string (OktaSupportAccessStatus)

Status of Okta Support access

Enum: Description
NOT_REQUESTED

Okta Support access not requested

REQUESTED

Okta Support access requested

DISABLED

Okta Support access disabled

ENABLED

Okta Support access enabled

expiration
string or null <date-time>

Expiration date of Okta Support access

object

Customer allows Okta Support access to self-assigned cases. Support cases are self-assigned when an Okta Support team member creates and assigns the case to themselves.

status
string (SelfAssignedStatus)

Okta Support access approval status for self-assigned cases

Enum: Description
NOT_REQUIRED

Approval isn't required because the case wasn't self-created and self-assigned by an Okta Support user

REQUESTED

Customer approval for self-assigned case requested

APPROVED

Okta Support access is approved by the customer for the self-assigned case

Responses
200

Success

403

Forbidden

429

Too Many Requests

patch/api/v1/org/privacy/oktaSupport/cases/{caseNumber}
Request samples
application/json
{
  • "impersonation": {
    • "status": "ENABLED"
    }
}
Response samples
application/json
{
  • "impersonation": {
    • "status": "ENABLED",
    • "expiration": "2024-01-24T11:13:14.000Z"
    },
  • "caseNumber": "1011001"
}

Extend Okta Support access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN

Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.

Note: After the Give access to Okta Support feature is enabled in your org, use the Update an Okta Support case resource to approve, revoke, and extend Okta Support access for each support case. This resource will be deprecated on January 15, 2025.

Responses
403

Forbidden

429

Too Many Requests

post/api/v1/org/privacy/oktaSupport/extend
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Grant Okta Support access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN

Grants Okta Support temporary access to your org as an administrator for eight hours

Note: After the Give access to Okta Support feature is enabled in your org, use the Update an Okta Support case resource to approve, revoke, and extend Okta Support access for each support case. This resource will be deprecated on January 15, 2025.

Responses
403

Forbidden

429

Too Many Requests

post/api/v1/org/privacy/oktaSupport/grant
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Revoke Okta Support access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN

Revokes Okta Support access to your org

Note: After the Give access to Okta Support feature is enabled in your org, use the Update an Okta Support case resource to approve, revoke, and extend Okta Support access for each support case. This resource will be deprecated on January 15, 2025.

Responses
403

Forbidden

429

Too Many Requests

post/api/v1/org/privacy/oktaSupport/revoke
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}