Org Support Settings

The Org Support Settings API provides operations to manage the support settings for your Okta org.

Retrieve Okta Aerial consent for your Org
Early Access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN

Retrieves the Okta Aerial consent grant details for your Org. Returns a 404 Not Found error if no consent has been granted.

Responses
200

Success

400

Can't complete request due to errors

403

Forbidden

404

Consent hasn't been given and there are no grants to any Aerial Accounts

429

Too Many Requests

get/api/v1/org/privacy/aerial
Request samples 
Response samples 
application/json
Example response of consent details


{
  • "accountId": "0200bs0617vvhv2v675mch1cukp",
  • "grantDate": "2023-04-06T21:32:33.000Z",
  • "grantedBy": "00uabcdefg1234567890"
}
Grant Okta Aerial access to your Org
Early Access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN
Grants an Okta Aerial account access to your Org. If the org is a child org, consent is taken from the parent org.  Grant calls directly to the child are not allowed.


Request 
Request Body schema: application/json
accountId
required
string
The unique ID of the Aerial account


 
Responses 
200
Success


400
Can't complete request due to errors


403
Forbidden


429
Too Many Requests


post/api/v1/org/privacy/aerial/grant
Request samples 
application/json
Request body to grant an Okta Aerial account access to your Org


{
  • "accountId": "0200bs0617vvhv2v675mch1cukp"
}
Response samples 
application/json
Example response of consent details


{
  • "accountId": "0200bs0617vvhv2v675mch1cukp",
  • "grantDate": "2023-04-06T21:32:33.000Z",
  • "grantedBy": "00uabcdefg1234567890"
}
Revoke Okta Aerial access to your Org
Early Access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN
Revokes access of an Okta Aerial account to your Org. The revoke operation will fail if the org has already been added to an Aerial account.


Request 
Request Body schema: application/json
accountId
required
string
The unique ID of the Aerial account


 
Responses 
200
Success


400
Can't complete request due to errors


403
Forbidden


429
Too Many Requests


post/api/v1/org/privacy/aerial/revoke
Request samples 
application/json
Request body for revoking an Okta Aerial account


{
  • "accountId": "0200bs0617vvhv2v675mch1cukp"
}
Response samples 
application/json
{
  • "_links": {
    • "grant": {
      }
    }
}
Retrieve the Okta Support Settings
OAuth 2.0: okta.orgs.read
Admin roles: SUPER_ADMIN
Retrieves Okta Support Settings for your org


Responses 
200
Success


403
Forbidden


429
Too Many Requests


get/api/v1/org/privacy/oktaSupport
Request samples 
Response samples 
application/json
{}
List all Okta Support cases
OAuth 2.0: okta.orgs.read
Lists all Okta Support cases that the requesting principal has permission to view


Responses 
200
Success


403
Forbidden


429
Too Many Requests


get/api/v1/org/privacy/oktaSupport/cases
Request samples 
Response samples 
application/json
[
  • {
    • "impersonation": {
      },
    • "selfAssigned": {
      },
    • "subject": "Reset admin password",
    • "caseNumber": "1000001"
    },
  • {
    • "impersonation": {
      },
    • "selfAssigned": {
      },
    • "subject": "Review IP restriction configuration",
    • "caseNumber": "1000002"
    }
]
Update an Okta Support case
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN
Permissions: okta.support.cases.manage
Updates access to the org for an Okta Support case:


    

  • You can enable, disable, or extend access to your org for an Okta Support case.
    

    • 

  • You can approve Okta Support access to your org for self-assigned cases. A self-assigned case is created and assigned by the same Okta Support user.
    

    • 



Request 
path Parameters
caseNumber
required
string
Okta Support case number


 
 Example:  00000144
Request Body schema: application/json
object
Allows the Okta Support team to sign in to your org as an admin and troubleshoot issues


 
status
string (OktaSupportAccessStatus) 
Status of Okta Support access


 Enum: Description
NOT_REQUESTED
Okta Support access not requested


REQUESTED
Okta Support access requested


DISABLED
Okta Support access disabled


ENABLED
Okta Support access enabled


 
expiration
string or null <date-time> 
Expiration date of Okta Support access


 
object
Customer allows Okta Support access to self-assigned cases. Support cases are self-assigned when an Okta Support team member creates and assigns the case to themselves.


 
status
string (SelfAssignedStatus) 
Okta Support access approval status for self-assigned cases


 Enum: Description
NOT_REQUIRED
Approval isn't required because the case wasn't self-created and self-assigned by an Okta Support user


REQUESTED
Customer approval for self-assigned case requested


APPROVED
Okta Support access is approved by the customer for the self-assigned case


 
Responses 
200
Success


403
Forbidden


429
Too Many Requests


patch/api/v1/org/privacy/oktaSupport/cases/{caseNumber}
Request samples 
application/json
{
  • "impersonation": {
    • "status": "ENABLED"
    }
}
Response samples 
application/json
{
  • "impersonation": {
    • "status": "ENABLED",
    • "expiration": "2024-01-24T11:13:14.000Z"
    },
  • "caseNumber": "1011001"
}
Extend Okta Support Access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN
Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.




Note: After the Give access to Okta Support feature is enabled in your org, use the Update an Okta Support case resource to approve, revoke, and extend Okta Support access for each support case. This resource will be deprecated on January 15, 2025.




Responses 
403
Forbidden


429
Too Many Requests


post/api/v1/org/privacy/oktaSupport/extend
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
Grant Okta Support Access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN
Grants Okta Support temporary access to your org as an administrator for eight hours




Note: After the Give access to Okta Support feature is enabled in your org, use the Update an Okta Support case resource to approve, revoke, and extend Okta Support access for each support case. This resource will be deprecated on January 15, 2025.




Responses 
403
Forbidden


429
Too Many Requests


post/api/v1/org/privacy/oktaSupport/grant
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
Revoke Okta Support Access
OAuth 2.0: okta.orgs.manage
Admin roles: SUPER_ADMIN
Revokes Okta Support access to your org




Note: After the Give access to Okta Support feature is enabled in your org, use the Update an Okta Support case resource to approve, revoke, and extend Okta Support access for each support case. This resource will be deprecated on January 15, 2025.




Responses 
403
Forbidden


429
Too Many Requests


post/api/v1/org/privacy/oktaSupport/revoke
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}