Policies

The Okta Policy API enables an Administrator to perform Policy and Policy Rule operations. The Policy framework is used by Okta to control Rules and settings that govern, among other things, user session lifetime, whether multi-factor authentication is required when logging in, what MFA factors may be employed, password complexity requirements, what types of self-service operations are permitted under various circumstances, and what identity provider to route users to.

Policy settings for a particular Policy type, such as Sign On Policy, consist of one or more Policy objects, each of which contains one or more Policy Rules. Policies and Rules contain conditions that determine whether they are applicable to a particular user at a particular time.

List all Policies
OAuth 2.0: okta.policies.read

Lists all policies with the specified type

Request
query Parameters
type
required
string

Specifies the type of policy to return. The following policy types are available only with the Okta Identity Engine - ACCESS_POLICY, PROFILE_ENROLLMENT, CONTINUOUS_ACCESS, and ENTITY_RISK. The CONTINUOUS_ACCESS and ENTITY_RISK are in Early Access (EA). Contact your Okta account team to enable these features.

Enum: "OKTA_SIGN_ON" "PASSWORD" "MFA_ENROLL" "IDP_DISCOVERY" "ACCESS_POLICY" "PROFILE_ENROLLMENT" "CONTINUOUS_ACCESS (EA)" "ENTITY_RISK (EA)"
status
string

Refines the query by the status of the policy - ACTIVE or INACTIVE

expand
string
Default: ""
sortBy
string

Refines the query by sorting on the policy name in ascending order

limit
string

Defines the number of policies returned, see Pagination

after
string

End page cursor for pagination, see Pagination

Responses
200

Success

403

Forbidden

429

Too Many Requests

get/api/v1/policies
Request samples
Response samples
application/json
[
  • {
    • "created": "2019-08-24T14:15:22Z",
    • "description": "string",
    • "id": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "name": "string",
    • "priority": 0,
    • "status": "ACTIVE",
    • "system": true,
    • "type": "ACCESS_POLICY",
    • "_embedded": {
      },
    • "_links": {
      }
    }
]

Create a Policy
OAuth 2.0: okta.policies.manage

Creates a policy

Request
query Parameters
activate
boolean
Default: true

This query parameter is only valid for Classic Engine orgs.

Request Body schema: application/json
required
description
string

Policy description

name
string

Policy name

priority
integer

Specifies the order in which this Policy is evaluated in relation to the other policies

status
string (LifecycleStatus)
Enum: "ACTIVE" "INACTIVE"
system
boolean

Specifies whether Okta created the Policy

type
string (PolicyType)

All Okta orgs contain only one IdP Discovery Policy with an immutable default Rule routing to your org's sign-in page. Creating or replacing a policy with IDP_DISCOVERY type isn't supported. The following policy types are available with the Okta Identity Engine: ACCESS_POLICY, PROFILE_ENROLLMENT, CONTINUOUS_ACCESS, and ENTITY_RISK. The CONTINUOUS_ACCESS, and ENTITY_RISK policy types are in Early Access (EA). Contact your Okta account team to enable these features.

object (PolicyLinks)
object (PolicyRuleConditions)
object (AppAndInstancePolicyRuleCondition)
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)
object (AppInstancePolicyRuleCondition)
exclude
Array of strings
include
Array of strings
object (PolicyRuleAuthContextCondition)
authType
string (PolicyRuleAuthContextType)
Enum: "ANY" "RADIUS"
object (PasswordPolicyAuthenticationProviderCondition)
include
Array of strings
provider
string (PasswordPolicyAuthenticationProviderType)
Enum: "ACTIVE_DIRECTORY" "ANY" "LDAP" "OKTA"
object (BeforeScheduledActionPolicyRuleCondition)
object (Duration)
object (ScheduledUserLifecycleAction)
object (ClientPolicyCondition)

Specifies which clients are included in the Policy

include
Array of strings

Which clients are included in the Policy

object (ContextPolicyRuleCondition)
migrated
boolean
object (DevicePolicyRuleConditionPlatform)
rooted
boolean
trustLevel
string (DevicePolicyTrustLevel)
Enum: "ANY" "TRUSTED"
expression
string
object (DevicePolicyRuleCondition)
migrated
boolean
object (DevicePolicyRuleConditionPlatform)
rooted
boolean
trustLevel
string (DevicePolicyTrustLevel)
Enum: "ANY" "TRUSTED"
object (GrantTypePolicyRuleCondition)

Array of grant types that this condition includes. Determines the mechanism that Okta uses to authorize the creation of the tokens.

include
Array of strings

Array of grant types that this condition includes.

object (GroupPolicyRuleCondition)

Specifies a set of Groups whose Users are to be included or excluded

exclude
Array of strings

Groups to be excluded

include
Array of strings

Groups to be included

object (IdentityProviderPolicyRuleCondition)
idpIds
Array of strings
provider
string (IdentityProviderPolicyProvider)
Enum: "ANY" "OKTA" "SPECIFIC_IDP"
object (MDMEnrollmentPolicyRuleCondition)
blockNonSafeAndroid
boolean
enrollment
string (MDMEnrollmentPolicyEnrollment)
Enum: "ANY_OR_NONE" "OMM"
object (PolicyNetworkCondition)
connection
string (PolicyNetworkConnection)

Network selection mode

Enum: "ANYWHERE" "ZONE"
exclude
Array of strings
include
Array of strings
object (PolicyPeopleCondition)

Identifies Users and Groups that are used together

object (GroupCondition)

Specifies a set of Groups whose Users are to be included or excluded

object (UserCondition)

Specifies a set of Users to be included or excluded

object (PlatformPolicyRuleCondition)
Array of objects (PlatformConditionEvaluatorPlatform)
Array of objects (PlatformConditionEvaluatorPlatform)
object (RiskPolicyRuleCondition)
behaviors
Array of strings unique
object (RiskScorePolicyRuleCondition)
level
string
object (OAuth2ScopesMediationPolicyRuleCondition)

Array of scopes that the condition includes

include
Array of strings
object (UserIdentifierPolicyRuleCondition)
attribute
string
Array of objects (UserIdentifierConditionEvaluatorPattern)
type
string (UserIdentifierType)
Enum: "ATTRIBUTE" "IDENTIFIER"
object (UserPolicyRuleCondition)

Specifies a set of Users to be included or excluded

exclude
Array of strings

Users to be excluded

object (InactivityPolicyRuleCondition)
include
Array of strings

Users to be included

object (LifecycleExpirationPolicyRuleCondition)
object (PasswordExpirationPolicyRuleCondition)
object (UserLifecycleAttributePolicyRuleCondition)
object (UserStatusPolicyRuleCondition)
value
string (PolicyUserStatus)
Enum: "ACTIVATING" "ACTIVE" "DELETED" "DELETING" "EXPIRED_PASSWORD" "INACTIVE" "PENDING" "SUSPENDED"
Responses
200

Success

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/policies
Request samples
application/json
{
  • "description": "string",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_links": { },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "activate": {
      },
    • "deactivate": {
      },
    • "mappings": {
      },
    • "rules": {
      },
    • "self": {
      }
    },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}

Create a Policy Simulation
OAuth 2.0: okta.policies.read

Creates a policy or policy rule simulation. The access simulation evaluates policy and policy rules based on the existing policy rule configuration. The evaluation result simulates what the real-world authentication flow is and what policy rules have been applied or matched to the authentication flow.

Request
query Parameters
expand
string

Use expand=EVALUATED to include a list of evaluated but not matched policies and policy rules. Use expand=RULE to include details about why a rule condition was (not) matched.

Example: expand=expand=EVALUATED&expand=RULE
Request Body schema: application/json
required
Array
appInstance
required
string

The application instance ID for a simulate operation

object (PolicyContext)
object
required
object

An array of Group IDs for the simulate operation. Only user IDs or Group IDs are allowed, not both.

ip
string

The network rule condition, zone, or IP address

object

The risk rule condition level

required
object

The user ID for the simulate operation. Only user IDs or Group IDs are allowed, not both.

object

The zone ID under the network rule condition.

policyTypes
Array of strings (PolicyTypeSimulation)

Supported policy types for a simulate operation. The default value, null, returns all types.

Items Enum: "ACCESS_POLICY" "MFA_ENROLL" "OKTA_SIGN_ON" "PROFILE_ENROLLMENT"
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/policies/simulate
Request samples
application/json

Simulate policy request body

{
  • "policyType": [
    • "OKTA_SIGN_ON",
    • "MFA_ENROLL"
    ],
  • "appInstance": "0oa4eroj3nYCIJIW70g7",
  • "policyContext": {
    • "groups": {
      }
    },
  • "risk": {
    • "level": "LOW"
    },
  • "zones": {
    • "ids": [
      ]
    },
  • "device": {
    • "platform": "IOS",
    • "registered": true,
    • "managed": true
    }
}
Response samples
application/json

Simulate policy response body

{
  • "evaluation": [
    • {
      },
    • {
      },
    • {
      },
    • {
      }
    ]
}

Retrieve a Policy
OAuth 2.0: okta.policies.read

Retrieves a policy

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
query Parameters
expand
string
Default: ""
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/policies/{policyId}
Request samples
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "activate": {
      },
    • "deactivate": {
      },
    • "mappings": {
      },
    • "rules": {
      },
    • "self": {
      }
    },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}

Replace a Policy
OAuth 2.0: okta.policies.manage

Replaces the properties of a Policy identified by policyId

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Request Body schema: application/json
required
description
string

Policy description

name
string

Policy name

priority
integer

Specifies the order in which this Policy is evaluated in relation to the other policies

status
string (LifecycleStatus)
Enum: "ACTIVE" "INACTIVE"
system
boolean

Specifies whether Okta created the Policy

type
string (PolicyType)

All Okta orgs contain only one IdP Discovery Policy with an immutable default Rule routing to your org's sign-in page. Creating or replacing a policy with IDP_DISCOVERY type isn't supported. The following policy types are available with the Okta Identity Engine: ACCESS_POLICY, PROFILE_ENROLLMENT, CONTINUOUS_ACCESS, and ENTITY_RISK. The CONTINUOUS_ACCESS, and ENTITY_RISK policy types are in Early Access (EA). Contact your Okta account team to enable these features.

object (PolicyLinks)
object (PolicyRuleConditions)
object (AppAndInstancePolicyRuleCondition)
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)
object (AppInstancePolicyRuleCondition)
exclude
Array of strings
include
Array of strings
object (PolicyRuleAuthContextCondition)
authType
string (PolicyRuleAuthContextType)
Enum: "ANY" "RADIUS"
object (PasswordPolicyAuthenticationProviderCondition)
include
Array of strings
provider
string (PasswordPolicyAuthenticationProviderType)
Enum: "ACTIVE_DIRECTORY" "ANY" "LDAP" "OKTA"
object (BeforeScheduledActionPolicyRuleCondition)
object (Duration)
object (ScheduledUserLifecycleAction)
object (ClientPolicyCondition)

Specifies which clients are included in the Policy

include
Array of strings

Which clients are included in the Policy

object (ContextPolicyRuleCondition)
migrated
boolean
object (DevicePolicyRuleConditionPlatform)
rooted
boolean
trustLevel
string (DevicePolicyTrustLevel)
Enum: "ANY" "TRUSTED"
expression
string
object (DevicePolicyRuleCondition)
migrated
boolean
object (DevicePolicyRuleConditionPlatform)
rooted
boolean
trustLevel
string (DevicePolicyTrustLevel)
Enum: "ANY" "TRUSTED"
object (GrantTypePolicyRuleCondition)

Array of grant types that this condition includes. Determines the mechanism that Okta uses to authorize the creation of the tokens.

include
Array of strings

Array of grant types that this condition includes.

object (GroupPolicyRuleCondition)

Specifies a set of Groups whose Users are to be included or excluded

exclude
Array of strings

Groups to be excluded

include
Array of strings

Groups to be included

object (IdentityProviderPolicyRuleCondition)
idpIds
Array of strings
provider
string (IdentityProviderPolicyProvider)
Enum: "ANY" "OKTA" "SPECIFIC_IDP"
object (MDMEnrollmentPolicyRuleCondition)
blockNonSafeAndroid
boolean
enrollment
string (MDMEnrollmentPolicyEnrollment)
Enum: "ANY_OR_NONE" "OMM"
object (PolicyNetworkCondition)
connection
string (PolicyNetworkConnection)

Network selection mode

Enum: "ANYWHERE" "ZONE"
exclude
Array of strings
include
Array of strings
object (PolicyPeopleCondition)

Identifies Users and Groups that are used together

object (GroupCondition)

Specifies a set of Groups whose Users are to be included or excluded

object (UserCondition)

Specifies a set of Users to be included or excluded

object (PlatformPolicyRuleCondition)
Array of objects (PlatformConditionEvaluatorPlatform)
Array of objects (PlatformConditionEvaluatorPlatform)
object (RiskPolicyRuleCondition)
behaviors
Array of strings unique
object (RiskScorePolicyRuleCondition)
level
string
object (OAuth2ScopesMediationPolicyRuleCondition)

Array of scopes that the condition includes

include
Array of strings
object (UserIdentifierPolicyRuleCondition)
attribute
string
Array of objects (UserIdentifierConditionEvaluatorPattern)
type
string (UserIdentifierType)
Enum: "ATTRIBUTE" "IDENTIFIER"
object (UserPolicyRuleCondition)

Specifies a set of Users to be included or excluded

exclude
Array of strings

Users to be excluded

object (InactivityPolicyRuleCondition)
include
Array of strings

Users to be included

object (LifecycleExpirationPolicyRuleCondition)
object (PasswordExpirationPolicyRuleCondition)
object (UserLifecycleAttributePolicyRuleCondition)
object (UserStatusPolicyRuleCondition)
value
string (PolicyUserStatus)
Enum: "ACTIVATING" "ACTIVE" "DELETED" "DELETING" "EXPIRED_PASSWORD" "INACTIVE" "PENDING" "SUSPENDED"
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/policies/{policyId}
Request samples
application/json
{
  • "description": "string",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_links": { },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "activate": {
      },
    • "deactivate": {
      },
    • "mappings": {
      },
    • "rules": {
      },
    • "self": {
      }
    },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}

Delete a Policy
OAuth 2.0: okta.policies.manage

Deletes a policy

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/policies/{policyId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all Applications mapped to a Policy
OAuth 2.0: okta.policies.read
Deprecated

Lists all applications mapped to a policy identified by policyId

Note: Use List all resources mapped to a Policy to list all applications mapped to a policy.

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/policies/{policyId}/app
Request samples
Response samples
application/json
[
  • {
    • "accessibility": {
      },
    • "created": "2019-08-24T14:15:22Z",
    • "features": [
      ],
    • "id": "string",
    • "label": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "licensing": {
      },
    • "profile": { },
    • "signOnMode": "AUTO_LOGIN",
    • "status": "ACTIVE",
    • "visibility": {
      },
    • "_embedded": {
      },
    • "_links": {
      }
    }
]

Clone an existing Policy
OAuth 2.0: okta.policies.manage

Clones an existing policy

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/policies/{policyId}/clone
Request samples
Response samples
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "activate": {
      },
    • "deactivate": {
      },
    • "mappings": {
      },
    • "rules": {
      },
    • "self": {
      }
    },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}

Activate a Policy
OAuth 2.0: okta.policies.manage

Activates a policy

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/policies/{policyId}/lifecycle/activate
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

Deactivate a Policy
OAuth 2.0: okta.policies.manage

Deactivates a policy

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/policies/{policyId}/lifecycle/deactivate
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}

List all resources mapped to a Policy
OAuth 2.0: okta.policies.read

Lists all resources mapped to a Policy identified by policyId

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/policies/{policyId}/mappings
Request samples
Response samples
application/json
[
  • {
    • "id": "string",
    • "_links": {
      }
    }
]

Map a resource to a Policy
OAuth 2.0: okta.policies.manage

Maps a resource to a Policy identified by policyId

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
Request Body schema: application/json
required
resourceId
string
resourceType
string (PolicyMappingResourceType)
Value: "APP"
Responses
200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/policies/{policyId}/mappings
Request samples
application/json
{
  • "resourceId": "string",
  • "resourceType": "APP"
}
Response samples
application/json
{
  • "id": "string",
  • "_links": {
    • "self": {
      },
    • "application": {
      }
    }
}

Retrieve a policy resource Mapping
OAuth 2.0: okta.policies.read

Retrieves a resource Mapping for a Policy identified by policyId and mappingId

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
mappingId
required
string

id of the policy resource Mapping

Example: maplr2rLjZ6NsGn1P0g3
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/policies/{policyId}/mappings/{mappingId}
Request samples
Response samples
application/json
{
  • "id": "string",
  • "_links": {
    • "self": {
      },
    • "application": {
      }
    }
}

Delete a policy resource Mapping
OAuth 2.0: okta.policies.manage

Deletes the resource Mapping for a Policy identified by policyId and mappingId

Request
path Parameters
policyId
required
string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3
mappingId
required
string

id of the policy resource Mapping

Example: maplr2rLjZ6NsGn1P0g3
Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/policies/{policyId}/mappings/{mappingId}
Request samples
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}