Policies

The Okta Policy API enables an Administrator to perform Policy and Policy Rule operations. The Policy framework is used by Okta to control Rules and settings that govern, among other things, user session lifetime, whether multi-factor authentication is required when logging in, what MFA factors may be employed, password complexity requirements, what types of self-service operations are permitted under various circumstances, and what identity provider to route users to.

Policy settings for a particular Policy type, such as Sign On Policy, consist of one or more Policy objects, each of which contains one or more Policy Rules. Policies and Rules contain conditions that determine whether they are applicable to a particular user at a particular time.

List all Policies
OAuth 2.0: `okta.policies.read`

Lists all policies with the specified type

Request

query Parameters

type required	string
status	string
expand	string Default: ""

Responses

200

Success

403

Forbidden

429

Too Many Requests

get/api/v1/policies

Request samples

Response samples

application/json

[{"created": "2019-08-24T14:15:22Z",
"description": "string",
"id": "string",
"lastUpdated": "2019-08-24T14:15:22Z",
"name": "string",
"priority": 0,
"status": "ACTIVE",
"system": true,
"type": "ACCESS_POLICY",
"_embedded": {"property1": { },
"property2": { }
},
"_links": {"self": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
}
}
}
]

Create a Policy
OAuth 2.0: `okta.policies.manage`

Creates a policy

Request

query Parameters

activate

boolean

Default: true

Request Body schema: application/json

description

string

name

string

priority

integer

status

string (LifecycleStatus)

Enum: "ACTIVE" "INACTIVE"

system

boolean

type

string (PolicyType)

object (PolicyRuleConditions)

object (AppAndInstancePolicyRuleCondition)

	Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)
	Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)

object (AppInstancePolicyRuleCondition)

exclude	Array of strings
include	Array of strings

object (PolicyRuleAuthContextCondition)

authType

string (PolicyRuleAuthContextType)

Enum: "ANY" "RADIUS"

object (PasswordPolicyAuthenticationProviderCondition)

include	Array of strings
provider	string (PasswordPolicyAuthenticationProviderType) Enum: "ACTIVE_DIRECTORY" "ANY" "LDAP" "OKTA"

object (BeforeScheduledActionPolicyRuleCondition)

	object (Duration)
	object (ScheduledUserLifecycleAction)

object (ClientPolicyCondition)

include

Array of strings

object (ContextPolicyRuleCondition)

migrated	boolean
	object (DevicePolicyRuleConditionPlatform)
rooted	boolean
trustLevel	string (DevicePolicyTrustLevel) Enum: "ANY" "TRUSTED"
expression	string

object (DevicePolicyRuleCondition)

migrated	boolean
	object (DevicePolicyRuleConditionPlatform)
rooted	boolean
trustLevel	string (DevicePolicyTrustLevel) Enum: "ANY" "TRUSTED"

object (GrantTypePolicyRuleCondition)

include

Array of strings

object (GroupPolicyRuleCondition)

exclude	Array of strings
include	Array of strings

object (IdentityProviderPolicyRuleCondition)

idpIds	Array of strings
provider	string (IdentityProviderPolicyProvider) Enum: "ANY" "OKTA" "SPECIFIC_IDP"

object (MDMEnrollmentPolicyRuleCondition)

blockNonSafeAndroid	boolean
enrollment	string (MDMEnrollmentPolicyEnrollment) Enum: "ANY_OR_NONE" "OMM"

object (PolicyNetworkCondition)

connection	string (PolicyNetworkConnection) Enum: "ANYWHERE" "ZONE"
exclude	Array of strings
include	Array of strings

object (PolicyPeopleCondition)

	object (GroupCondition)
	object (UserCondition)

object (PlatformPolicyRuleCondition)

	Array of objects (PlatformConditionEvaluatorPlatform)
	Array of objects (PlatformConditionEvaluatorPlatform)

object (RiskPolicyRuleCondition)

behaviors

Array of strings unique

object (RiskScorePolicyRuleCondition)

level

string

object (OAuth2ScopesMediationPolicyRuleCondition)

include

Array of strings

object (UserIdentifierPolicyRuleCondition)

attribute	string
	Array of objects (UserIdentifierConditionEvaluatorPattern)
type	string (UserIdentifierType) Enum: "ATTRIBUTE" "IDENTIFIER"

object (UserPolicyRuleCondition)

exclude	Array of strings
	object (InactivityPolicyRuleCondition)
include	Array of strings
	object (LifecycleExpirationPolicyRuleCondition)
	object (PasswordExpirationPolicyRuleCondition)
	object (UserLifecycleAttributePolicyRuleCondition)

object (UserStatusPolicyRuleCondition)

value

string (PolicyUserStatus)

Enum: "ACTIVATING" "ACTIVE" "DELETED" "DELETING" "EXPIRED_PASSWORD" "INACTIVE" "PENDING" "SUSPENDED"

Responses

200

Success

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/policies

Request samples

application/json

{"description": "string",
"name": "string",
"priority": 0,
"status": "ACTIVE",
"system": true,
"type": "ACCESS_POLICY",
"conditions": {"app": {"exclude": [{"name": "string",
"type": "APP"
}
],
"include": [{"name": "string",
"type": "APP"
}
]
},
"apps": {"exclude": ["string"
],
"include": ["string"
]
},
"authContext": {"authType": "ANY"
},
"authProvider": {"include": ["string"
],
"provider": "ACTIVE_DIRECTORY"
},
"beforeScheduledAction": {"duration": {"number": 0,
"unit": "string"
},
"lifecycleAction": {"status": "ACTIVATING"
}
},
"clients": {"include": ["string"
]
},
"context": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY",
"expression": "string"
},
"device": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY"
},
"grantTypes": {"include": ["string"
]
},
"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"identityProvider": {"idpIds": ["string"
],
"provider": "ANY"
},
"mdmEnrollment": {"blockNonSafeAndroid": true,
"enrollment": "ANY_OR_NONE"
},
"network": {"connection": "ANYWHERE",
"exclude": ["string"
],
"include": ["string"
]
},
"people": {"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"users": {"exclude": ["string"
],
"include": ["string"
]
}
},
"platform": {"exclude": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
],
"include": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
]
},
"risk": {"behaviors": ["string"
]
},
"riskScore": {"level": "string"
},
"scopes": {"include": ["string"
]
},
"userIdentifier": {"attribute": "string",
"patterns": [{"matchType": "CONTAINS",
"value": "string"
}
],
"type": "ATTRIBUTE"
},
"users": {"exclude": ["string"
],
"inactivity": {"number": 0,
"unit": "string"
},
"include": ["string"
],
"lifecycleExpiration": {"lifecycleStatus": "string",
"number": 0,
"unit": "string"
},
"passwordExpiration": {"number": 0,
"unit": "string"
},
"userLifecycleAttribute": {"attributeName": "string",
"matchingValue": "string"
}
},
"userStatus": {"value": "ACTIVATING"
}
}
}

Response samples

application/json

{"created": "2019-08-24T14:15:22Z",
"description": "string",
"id": "string",
"lastUpdated": "2019-08-24T14:15:22Z",
"name": "string",
"priority": 0,
"status": "ACTIVE",
"system": true,
"type": "ACCESS_POLICY",
"_embedded": {"property1": { },
"property2": { }
},
"_links": {"self": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
}
},
"conditions": {"app": {"exclude": [{"id": "string",
"name": "string",
"type": "APP"
}
],
"include": [{"id": "string",
"name": "string",
"type": "APP"
}
]
},
"apps": {"exclude": ["string"
],
"include": ["string"
]
},
"authContext": {"authType": "ANY"
},
"authProvider": {"include": ["string"
],
"provider": "ACTIVE_DIRECTORY"
},
"beforeScheduledAction": {"duration": {"number": 0,
"unit": "string"
},
"lifecycleAction": {"status": "ACTIVATING"
}
},
"clients": {"include": ["string"
]
},
"context": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY",
"expression": "string"
},
"device": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY"
},
"grantTypes": {"include": ["string"
]
},
"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"identityProvider": {"idpIds": ["string"
],
"provider": "ANY"
},
"mdmEnrollment": {"blockNonSafeAndroid": true,
"enrollment": "ANY_OR_NONE"
},
"network": {"connection": "ANYWHERE",
"exclude": ["string"
],
"include": ["string"
]
},
"people": {"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"users": {"exclude": ["string"
],
"include": ["string"
]
}
},
"platform": {"exclude": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
],
"include": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
]
},
"risk": {"behaviors": ["string"
]
},
"riskScore": {"level": "string"
},
"scopes": {"include": ["string"
]
},
"userIdentifier": {"attribute": "string",
"patterns": [{"matchType": "CONTAINS",
"value": "string"
}
],
"type": "ATTRIBUTE"
},
"users": {"exclude": ["string"
],
"inactivity": {"number": 0,
"unit": "string"
},
"include": ["string"
],
"lifecycleExpiration": {"lifecycleStatus": "string",
"number": 0,
"unit": "string"
},
"passwordExpiration": {"number": 0,
"unit": "string"
},
"userLifecycleAttribute": {"attributeName": "string",
"matchingValue": "string"
}
},
"userStatus": {"value": "ACTIVATING"
}
}
}

Retrieve a Policy
OAuth 2.0: `okta.policies.read`

Retrieves a policy

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

query Parameters

expand

string

Default: ""

Responses

200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/policies/{policyId}

Request samples

Response samples

application/json

{"created": "2019-08-24T14:15:22Z",
"description": "string",
"id": "string",
"lastUpdated": "2019-08-24T14:15:22Z",
"name": "string",
"priority": 0,
"status": "ACTIVE",
"system": true,
"type": "ACCESS_POLICY",
"_embedded": {"property1": { },
"property2": { }
},
"_links": {"self": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
}
},
"conditions": {"app": {"exclude": [{"id": "string",
"name": "string",
"type": "APP"
}
],
"include": [{"id": "string",
"name": "string",
"type": "APP"
}
]
},
"apps": {"exclude": ["string"
],
"include": ["string"
]
},
"authContext": {"authType": "ANY"
},
"authProvider": {"include": ["string"
],
"provider": "ACTIVE_DIRECTORY"
},
"beforeScheduledAction": {"duration": {"number": 0,
"unit": "string"
},
"lifecycleAction": {"status": "ACTIVATING"
}
},
"clients": {"include": ["string"
]
},
"context": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY",
"expression": "string"
},
"device": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY"
},
"grantTypes": {"include": ["string"
]
},
"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"identityProvider": {"idpIds": ["string"
],
"provider": "ANY"
},
"mdmEnrollment": {"blockNonSafeAndroid": true,
"enrollment": "ANY_OR_NONE"
},
"network": {"connection": "ANYWHERE",
"exclude": ["string"
],
"include": ["string"
]
},
"people": {"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"users": {"exclude": ["string"
],
"include": ["string"
]
}
},
"platform": {"exclude": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
],
"include": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
]
},
"risk": {"behaviors": ["string"
]
},
"riskScore": {"level": "string"
},
"scopes": {"include": ["string"
]
},
"userIdentifier": {"attribute": "string",
"patterns": [{"matchType": "CONTAINS",
"value": "string"
}
],
"type": "ATTRIBUTE"
},
"users": {"exclude": ["string"
],
"inactivity": {"number": 0,
"unit": "string"
},
"include": ["string"
],
"lifecycleExpiration": {"lifecycleStatus": "string",
"number": 0,
"unit": "string"
},
"passwordExpiration": {"number": 0,
"unit": "string"
},
"userLifecycleAttribute": {"attributeName": "string",
"matchingValue": "string"
}
},
"userStatus": {"value": "ACTIVATING"
}
}
}

Replace a Policy
OAuth 2.0: `okta.policies.manage`

Replaces the properties of a Policy identified by policyId

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

Request Body schema: application/json

description

string

name

string

priority

integer

status

string (LifecycleStatus)

Enum: "ACTIVE" "INACTIVE"

system

boolean

type

string (PolicyType)

object (PolicyRuleConditions)

object (AppAndInstancePolicyRuleCondition)

	Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)
	Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)

object (AppInstancePolicyRuleCondition)

exclude	Array of strings
include	Array of strings

object (PolicyRuleAuthContextCondition)

authType

string (PolicyRuleAuthContextType)

Enum: "ANY" "RADIUS"

object (PasswordPolicyAuthenticationProviderCondition)

include	Array of strings
provider	string (PasswordPolicyAuthenticationProviderType) Enum: "ACTIVE_DIRECTORY" "ANY" "LDAP" "OKTA"

object (BeforeScheduledActionPolicyRuleCondition)

	object (Duration)
	object (ScheduledUserLifecycleAction)

object (ClientPolicyCondition)

include

Array of strings

object (ContextPolicyRuleCondition)

migrated	boolean
	object (DevicePolicyRuleConditionPlatform)
rooted	boolean
trustLevel	string (DevicePolicyTrustLevel) Enum: "ANY" "TRUSTED"
expression	string

object (DevicePolicyRuleCondition)

migrated	boolean
	object (DevicePolicyRuleConditionPlatform)
rooted	boolean
trustLevel	string (DevicePolicyTrustLevel) Enum: "ANY" "TRUSTED"

object (GrantTypePolicyRuleCondition)

include

Array of strings

object (GroupPolicyRuleCondition)

exclude	Array of strings
include	Array of strings

object (IdentityProviderPolicyRuleCondition)

idpIds	Array of strings
provider	string (IdentityProviderPolicyProvider) Enum: "ANY" "OKTA" "SPECIFIC_IDP"

object (MDMEnrollmentPolicyRuleCondition)

blockNonSafeAndroid	boolean
enrollment	string (MDMEnrollmentPolicyEnrollment) Enum: "ANY_OR_NONE" "OMM"

object (PolicyNetworkCondition)

connection	string (PolicyNetworkConnection) Enum: "ANYWHERE" "ZONE"
exclude	Array of strings
include	Array of strings

object (PolicyPeopleCondition)

	object (GroupCondition)
	object (UserCondition)

object (PlatformPolicyRuleCondition)

	Array of objects (PlatformConditionEvaluatorPlatform)
	Array of objects (PlatformConditionEvaluatorPlatform)

object (RiskPolicyRuleCondition)

behaviors

Array of strings unique

object (RiskScorePolicyRuleCondition)

level

string

object (OAuth2ScopesMediationPolicyRuleCondition)

include

Array of strings

object (UserIdentifierPolicyRuleCondition)

attribute	string
	Array of objects (UserIdentifierConditionEvaluatorPattern)
type	string (UserIdentifierType) Enum: "ATTRIBUTE" "IDENTIFIER"

object (UserPolicyRuleCondition)

exclude	Array of strings
	object (InactivityPolicyRuleCondition)
include	Array of strings
	object (LifecycleExpirationPolicyRuleCondition)
	object (PasswordExpirationPolicyRuleCondition)
	object (UserLifecycleAttributePolicyRuleCondition)

object (UserStatusPolicyRuleCondition)

value

string (PolicyUserStatus)

Enum: "ACTIVATING" "ACTIVE" "DELETED" "DELETING" "EXPIRED_PASSWORD" "INACTIVE" "PENDING" "SUSPENDED"

Responses

200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

put/api/v1/policies/{policyId}

Request samples

application/json

{"description": "string",
"name": "string",
"priority": 0,
"status": "ACTIVE",
"system": true,
"type": "ACCESS_POLICY",
"conditions": {"app": {"exclude": [{"name": "string",
"type": "APP"
}
],
"include": [{"name": "string",
"type": "APP"
}
]
},
"apps": {"exclude": ["string"
],
"include": ["string"
]
},
"authContext": {"authType": "ANY"
},
"authProvider": {"include": ["string"
],
"provider": "ACTIVE_DIRECTORY"
},
"beforeScheduledAction": {"duration": {"number": 0,
"unit": "string"
},
"lifecycleAction": {"status": "ACTIVATING"
}
},
"clients": {"include": ["string"
]
},
"context": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY",
"expression": "string"
},
"device": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY"
},
"grantTypes": {"include": ["string"
]
},
"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"identityProvider": {"idpIds": ["string"
],
"provider": "ANY"
},
"mdmEnrollment": {"blockNonSafeAndroid": true,
"enrollment": "ANY_OR_NONE"
},
"network": {"connection": "ANYWHERE",
"exclude": ["string"
],
"include": ["string"
]
},
"people": {"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"users": {"exclude": ["string"
],
"include": ["string"
]
}
},
"platform": {"exclude": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
],
"include": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
]
},
"risk": {"behaviors": ["string"
]
},
"riskScore": {"level": "string"
},
"scopes": {"include": ["string"
]
},
"userIdentifier": {"attribute": "string",
"patterns": [{"matchType": "CONTAINS",
"value": "string"
}
],
"type": "ATTRIBUTE"
},
"users": {"exclude": ["string"
],
"inactivity": {"number": 0,
"unit": "string"
},
"include": ["string"
],
"lifecycleExpiration": {"lifecycleStatus": "string",
"number": 0,
"unit": "string"
},
"passwordExpiration": {"number": 0,
"unit": "string"
},
"userLifecycleAttribute": {"attributeName": "string",
"matchingValue": "string"
}
},
"userStatus": {"value": "ACTIVATING"
}
}
}

Response samples

application/json

{"created": "2019-08-24T14:15:22Z",
"description": "string",
"id": "string",
"lastUpdated": "2019-08-24T14:15:22Z",
"name": "string",
"priority": 0,
"status": "ACTIVE",
"system": true,
"type": "ACCESS_POLICY",
"_embedded": {"property1": { },
"property2": { }
},
"_links": {"self": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
}
},
"conditions": {"app": {"exclude": [{"id": "string",
"name": "string",
"type": "APP"
}
],
"include": [{"id": "string",
"name": "string",
"type": "APP"
}
]
},
"apps": {"exclude": ["string"
],
"include": ["string"
]
},
"authContext": {"authType": "ANY"
},
"authProvider": {"include": ["string"
],
"provider": "ACTIVE_DIRECTORY"
},
"beforeScheduledAction": {"duration": {"number": 0,
"unit": "string"
},
"lifecycleAction": {"status": "ACTIVATING"
}
},
"clients": {"include": ["string"
]
},
"context": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY",
"expression": "string"
},
"device": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY"
},
"grantTypes": {"include": ["string"
]
},
"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"identityProvider": {"idpIds": ["string"
],
"provider": "ANY"
},
"mdmEnrollment": {"blockNonSafeAndroid": true,
"enrollment": "ANY_OR_NONE"
},
"network": {"connection": "ANYWHERE",
"exclude": ["string"
],
"include": ["string"
]
},
"people": {"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"users": {"exclude": ["string"
],
"include": ["string"
]
}
},
"platform": {"exclude": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
],
"include": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
]
},
"risk": {"behaviors": ["string"
]
},
"riskScore": {"level": "string"
},
"scopes": {"include": ["string"
]
},
"userIdentifier": {"attribute": "string",
"patterns": [{"matchType": "CONTAINS",
"value": "string"
}
],
"type": "ATTRIBUTE"
},
"users": {"exclude": ["string"
],
"inactivity": {"number": 0,
"unit": "string"
},
"include": ["string"
],
"lifecycleExpiration": {"lifecycleStatus": "string",
"number": 0,
"unit": "string"
},
"passwordExpiration": {"number": 0,
"unit": "string"
},
"userLifecycleAttribute": {"attributeName": "string",
"matchingValue": "string"
}
},
"userStatus": {"value": "ACTIVATING"
}
}
}

Delete a Policy
OAuth 2.0: `okta.policies.manage`

Deletes a policy

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

Responses

204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/policies/{policyId}

Request samples

Response samples

application/json

{"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "sampleNUSD_8fdkFd8fs8SDBK",
"errorCauses": [ ]
}

List all Applications mapped to a Policy
OAuth 2.0: `okta.policies.read`
Deprecated

Lists all applications mapped to a policy identified by policyId

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

Responses

200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/policies/{policyId}/app

Request samples

Response samples

application/json

[{"accessibility": {"errorRedirectUrl": "string",
"loginRedirectUrl": "string",
"selfService": true
},
"created": "2019-08-24T14:15:22Z",
"features": ["string"
],
"id": "string",
"label": "string",
"lastUpdated": "2019-08-24T14:15:22Z",
"licensing": {"seatCount": 0
},
"profile": {"property1": { },
"property2": { }
},
"signOnMode": "AUTO_LOGIN",
"status": "ACTIVE",
"visibility": {"appLinks": {"property1": true,
"property2": true
},
"autoLaunch": true,
"autoSubmitToolbar": true,
"hide": {"iOS": true,
"web": true
}
},
"_embedded": {"property1": { },
"property2": { }
},
"_links": {"accessPolicy": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
},
"activate": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
},
"deactivate": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
},
"groups": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
},
"logo": [{"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
}
],
"metadata": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
},
"self": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
},
"users": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
}
}
}
]

Clone an existing Policy
Identity Engine
OAuth 2.0: `okta.policies.manage`

Clones an existing policy

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

Responses

200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/policies/{policyId}/clone

Request samples

Response samples

application/json

{"created": "2019-08-24T14:15:22Z",
"description": "string",
"id": "string",
"lastUpdated": "2019-08-24T14:15:22Z",
"name": "string",
"priority": 0,
"status": "ACTIVE",
"system": true,
"type": "ACCESS_POLICY",
"_embedded": {"property1": { },
"property2": { }
},
"_links": {"self": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
}
},
"conditions": {"app": {"exclude": [{"id": "string",
"name": "string",
"type": "APP"
}
],
"include": [{"id": "string",
"name": "string",
"type": "APP"
}
]
},
"apps": {"exclude": ["string"
],
"include": ["string"
]
},
"authContext": {"authType": "ANY"
},
"authProvider": {"include": ["string"
],
"provider": "ACTIVE_DIRECTORY"
},
"beforeScheduledAction": {"duration": {"number": 0,
"unit": "string"
},
"lifecycleAction": {"status": "ACTIVATING"
}
},
"clients": {"include": ["string"
]
},
"context": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY",
"expression": "string"
},
"device": {"migrated": true,
"platform": {"supportedMDMFrameworks": ["AFW"
],
"types": ["ANDROID"
]
},
"rooted": true,
"trustLevel": "ANY"
},
"grantTypes": {"include": ["string"
]
},
"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"identityProvider": {"idpIds": ["string"
],
"provider": "ANY"
},
"mdmEnrollment": {"blockNonSafeAndroid": true,
"enrollment": "ANY_OR_NONE"
},
"network": {"connection": "ANYWHERE",
"exclude": ["string"
],
"include": ["string"
]
},
"people": {"groups": {"exclude": ["string"
],
"include": ["string"
]
},
"users": {"exclude": ["string"
],
"include": ["string"
]
}
},
"platform": {"exclude": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
],
"include": [{"os": {"expression": "string",
"type": "ANDROID",
"version": {"matchType": "EXPRESSION",
"value": "string"
}
},
"type": "ANY"
}
]
},
"risk": {"behaviors": ["string"
]
},
"riskScore": {"level": "string"
},
"scopes": {"include": ["string"
]
},
"userIdentifier": {"attribute": "string",
"patterns": [{"matchType": "CONTAINS",
"value": "string"
}
],
"type": "ATTRIBUTE"
},
"users": {"exclude": ["string"
],
"inactivity": {"number": 0,
"unit": "string"
},
"include": ["string"
],
"lifecycleExpiration": {"lifecycleStatus": "string",
"number": 0,
"unit": "string"
},
"passwordExpiration": {"number": 0,
"unit": "string"
},
"userLifecycleAttribute": {"attributeName": "string",
"matchingValue": "string"
}
},
"userStatus": {"value": "ACTIVATING"
}
}
}

Activate a Policy
OAuth 2.0: `okta.policies.manage`

Activates a policy

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

Responses

204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/policies/{policyId}/lifecycle/activate

Request samples

Response samples

application/json

{"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "sampleNUSD_8fdkFd8fs8SDBK",
"errorCauses": [ ]
}

Deactivate a Policy
OAuth 2.0: `okta.policies.manage`

Deactivates a policy

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

Responses

204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/policies/{policyId}/lifecycle/deactivate

Request samples

Response samples

application/json

{"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "sampleNUSD_8fdkFd8fs8SDBK",
"errorCauses": [ ]
}

List all resources mapped to a Policy
OAuth 2.0: `okta.policies.read`

Lists all resources mapped to a Policy identified by policyId

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

Responses

200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/policies/{policyId}/mappings

Request samples

Response samples

application/json

[{"id": "string",
"_links": {"self": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
},
"application": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
}
}
}
]

Map a resource to a Policy
OAuth 2.0: `okta.policies.manage`

Maps a resource to a Policy identified by policyId

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

Request Body schema: application/json

resourceId	string
resourceType	string (PolicyMappingResourceType) Value: "APP"

Responses

200

Success

400

Bad Request

403

Forbidden

404

Not Found

429

Too Many Requests

post/api/v1/policies/{policyId}/mappings

Request samples

application/json

{"resourceId": "string",
"resourceType": "APP"
}

Response samples

application/json

{"id": "string",
"_links": {"self": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
},
"application": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
}
}
}

Retrieve a policy resource Mapping
OAuth 2.0: `okta.policies.read`

Retrieves a resource Mapping for a Policy identified by policyId and mappingId

Request

path Parameters

policyId required	string `id` of the Policy Example: 00plrilJ7jZ66Gn0X0g3
mappingId required	string `id` of the policy resource Mapping Example: maplr2rLjZ6NsGn1P0g3

Responses

200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/policies/{policyId}/mappings/{mappingId}

Request samples

Response samples

application/json

{"id": "string",
"_links": {"self": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
},
"application": {"hints": {"allow": ["DELETE"
]
},
"href": "string",
"name": "string",
"type": "string"
}
}
}

Delete a policy resource Mapping
OAuth 2.0: `okta.policies.manage`

Deletes the resource Mapping for a Policy identified by policyId and mappingId

Request

path Parameters

policyId required	string `id` of the Policy Example: 00plrilJ7jZ66Gn0X0g3
mappingId required	string `id` of the policy resource Mapping Example: maplr2rLjZ6NsGn1P0g3

Responses

204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/policies/{policyId}/mappings/{mappingId}

Request samples

Response samples

application/json

{"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "sampleNUSD_8fdkFd8fs8SDBK",
"errorCauses": [ ]
}

List all Policy Rules
OAuth 2.0: `okta.policies.read`

Lists all policy rules

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

Responses

200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/policies/{policyId}/rules

Request samples

Response samples

application/json

[{"created": "2019-08-24T14:15:22Z",
"id": "string",
"lastUpdated": "2019-08-24T14:15:22Z",
"name": "string",
"priority": 0,
"status": "ACTIVE",
"system": false,
"type": "ACCESS_POLICY"
}
]

Create a Policy Rule
OAuth 2.0: `okta.policies.manage`

Creates a policy rule

Request

path Parameters

policyId

required

string

id of the Policy

Example: 00plrilJ7jZ66Gn0X0g3

Request Body schema: application/json

string

name

string

priority

integer

status

string (LifecycleStatus)

Enum: "ACTIVE" "INACTIVE"

system

boolean

Default: false

type

string (PolicyRuleType)

object (AccessPolicyRuleActions)

object (PolicyRuleActionsEnroll)

self	string (PolicyRuleActionsEnrollSelf) Enum: "CHALLENGE" "LOGIN" "NEVER"

object (IdpPolicyRuleAction)

Array of objects (IdpPolicyRuleActionProvider)

object (PasswordPolicyRuleAction)

access

string (PolicyAccess)

Enum: "ALLOW" "DENY"

object (PasswordPolicyRuleAction)

access

string (PolicyAccess)

Enum: "ALLOW" "DENY"

object (PasswordPolicyRuleAction)

access

string (PolicyAccess)

Enum: "ALLOW" "DENY"

object (OktaSignOnPolicyRuleSignonActions)

access	string (PolicyAccess) Enum: "ALLOW" "DENY"
factorLifetime	integer
factorPromptMode	string (OktaSignOnPolicyFactorPromptMode) Enum: "ALWAYS" "DEVICE" "SESSION"
rememberDeviceByDefault	boolean Default: false
requireFactor	boolean Default: false
	object (OktaSignOnPolicyRuleSignonSessionActions)

object (AccessPolicyRuleApplicationSignOn)

access	string
	object (VerificationMethod)

object (AccessPolicyRuleConditions)

object (AppAndInstancePolicyRuleCondition)

	Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)
	Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance)

object (AppInstancePolicyRuleCondition)

exclude	Array of strings
include	Array of strings

object (PolicyRuleAuthContextCondition)

authType

string (PolicyRuleAuthContextType)

Enum: "ANY" "RADIUS"

object (PasswordPolicyAuthenticationProviderCondition)

include	Array of strings
provider	string (PasswordPolicyAuthenticationProviderType) Enum: "ACTIVE_DIRECTORY" "ANY" "LDAP" "OKTA"

object (BeforeScheduledActionPolicyRuleCondition)

	object (Duration)
	object (ScheduledUserLifecycleAction)

object (ClientPolicyCondition)

include

Array of strings

object (ContextPolicyRuleCondition)

migrated	boolean
	object (DevicePolicyRuleConditionPlatform)
rooted	boolean
trustLevel	string (DevicePolicyTrustLevel) Enum: "ANY" "TRUSTED"
expression	string

object (DeviceAccessPolicyRuleCondition)

migrated	boolean
	object
rooted	boolean
trustLevel	string Enum: "ANY" "TRUSTED"
managed	boolean
registered	boolean

object (GrantTypePolicyRuleCondition)

include

Array of strings

object (GroupPolicyRuleCondition)

exclude	Array of strings
include	Array of strings

Policies

List all PoliciesOAuth 2.0: okta.policies.read

query Parameters

Create a PolicyOAuth 2.0: okta.policies.manage

query Parameters

Request Body schema: application/json

Retrieve a PolicyOAuth 2.0: okta.policies.read

path Parameters

query Parameters

Replace a PolicyOAuth 2.0: okta.policies.manage

path Parameters

Request Body schema: application/json

Delete a PolicyOAuth 2.0: okta.policies.manage

path Parameters

List all Applications mapped to a PolicyOAuth 2.0: okta.policies.readDeprecated

path Parameters

Clone an existing PolicyIdentity EngineOAuth 2.0: okta.policies.manage

path Parameters

Activate a PolicyOAuth 2.0: okta.policies.manage

path Parameters

Deactivate a PolicyOAuth 2.0: okta.policies.manage

path Parameters

List all resources mapped to a PolicyOAuth 2.0: okta.policies.read

path Parameters

Map a resource to a PolicyOAuth 2.0: okta.policies.manage

path Parameters

Request Body schema: application/json

Retrieve a policy resource MappingOAuth 2.0: okta.policies.read

path Parameters

Delete a policy resource MappingOAuth 2.0: okta.policies.manage

path Parameters

List all Policy RulesOAuth 2.0: okta.policies.read

path Parameters

Create a Policy RuleOAuth 2.0: okta.policies.manage

path Parameters

Request Body schema: application/json

List all Policies
OAuth 2.0: `okta.policies.read`

Create a Policy
OAuth 2.0: `okta.policies.manage`

Retrieve a Policy
OAuth 2.0: `okta.policies.read`

Replace a Policy
OAuth 2.0: `okta.policies.manage`

Delete a Policy
OAuth 2.0: `okta.policies.manage`

List all Applications mapped to a Policy
OAuth 2.0: `okta.policies.read`
Deprecated

Clone an existing Policy
Identity Engine
OAuth 2.0: `okta.policies.manage`

Activate a Policy
OAuth 2.0: `okta.policies.manage`

Deactivate a Policy
OAuth 2.0: `okta.policies.manage`

List all resources mapped to a Policy
OAuth 2.0: `okta.policies.read`

Map a resource to a Policy
OAuth 2.0: `okta.policies.manage`

Retrieve a policy resource Mapping
OAuth 2.0: `okta.policies.read`

Delete a policy resource Mapping
OAuth 2.0: `okta.policies.manage`

List all Policy Rules
OAuth 2.0: `okta.policies.read`

Create a Policy Rule
OAuth 2.0: `okta.policies.manage`