The Okta Policy API enables an Administrator to perform Policy and Policy Rule operations. The Policy framework is used by Okta to control Rules and settings that govern, among other things, user session lifetime, whether multi-factor authentication is required when logging in, what MFA factors may be employed, password complexity requirements, what types of self-service operations are permitted under various circumstances, and what identity provider to route users to.
Policy settings for a particular Policy type, such as Sign On Policy, consist of one or more Policy objects, each of which contains one or more Policy Rules. Policies and Rules contain conditions that determine whether they are applicable to a particular user at a particular time.
okta.policies.read
Lists all policies with the specified type
type required | string Specifies the type of policy to return. The following policy types are available only with the Okta Identity Engine - |
status | string Refines the query by the |
q | string Refines the query by policy name prefix (startWith method) passed in as |
expand | string Default: "" |
sortBy | string Refines the query by sorting on the policy |
limit | string Defines the number of policies returned, see Pagination |
resourceId | string Reference to the associated authorization server |
after | string End page cursor for pagination, see Pagination |
Success
Forbidden
Too Many Requests
{- "type": "PASSWORD",
- "id": "policyId",
- "status": "ACTIVE",
- "name": "Policy name",
- "description": "Policy description",
- "priority": 1,
- "system": true,
- "created": "createdDate",
- "lastUpdated": "lastUpdated",
- "conditions": {
- "people": {
- "groups": {
- "include": [
- "groupId"
]
}
}, - "authProvider": {
- "provider": "provider"
}
}, - "settings": {
- "password": {
- "complexity": {
- "minLength": 8,
- "minLowerCase": 1,
- "minUpperCase": 1,
- "minNumber": null,
- "minSymbol": 0,
- "excludeUsername": true,
- "dictionary": {
- "common": {
- "exclude": false
}
}, - "excludeAttributes": [ ]
}, - "age": {
- "maxAgeDays": 0,
- "expireWarnDays": 0,
- "minAgeMinutes": 0,
- "historyCount": 4
}, - "lockout": {
- "maxAttempts": 0,
- "autoUnlockMinutes": 0,
- "userLockoutNotificationChannels": [ ],
- "showLockoutFailures": false
}
}, - "recovery": {
- "factors": {
- "recovery_question": {
- "status": "ACTIVE",
- "properties": {
- "complexity": {
- "complexity": 4
}
}
}, - "okta_email": {
- "status": "ACTIVE",
- "properties": {
- "recoveryToken": {
- "tokenLifetimeMinutes": 10080
}
}
}, - "okta_sms": {
- "status": "INACTIVE"
}, - "okta_call": {
- "status": "INACTIVE"
}
}
}, - "delegation": {
- "options": {
- "skipUnlock": false
}
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT"
]
}
}, - "rules": {
- "hints": {
- "allow": [
- "POST",
- "GET"
]
}
}
}
}
okta.policies.manage
Creates a policy. There are many types of policies that you can create. See Policies for an overview of the types of policies available and then links to more indepth information.
Success
Bad Request
Forbidden
Too Many Requests
{- "description": null,
- "name": "string",
- "priority": "Last / Lowest Priority, for example `1`",
- "status": "ACTIVE",
- "system": false,
- "type": "ACCESS_POLICY",
- "conditions": null,
- "_embedded": {
- "resourceType": "string",
- "property1": { },
- "property2": { }
}
}
{- "type": "PASSWORD",
- "id": "policyId",
- "status": "ACTIVE",
- "name": "Policy name",
- "description": "Policy description",
- "priority": 1,
- "system": true,
- "created": "createdDate",
- "lastUpdated": "lastUpdated",
- "conditions": {
- "people": {
- "groups": {
- "include": [
- "groupId"
]
}
}, - "authProvider": {
- "provider": "provider"
}
}, - "settings": {
- "password": {
- "complexity": {
- "minLength": 8,
- "minLowerCase": 1,
- "minUpperCase": 1,
- "minNumber": null,
- "minSymbol": 0,
- "excludeUsername": true,
- "dictionary": {
- "common": {
- "exclude": false
}
}, - "excludeAttributes": [ ]
}, - "age": {
- "maxAgeDays": 0,
- "expireWarnDays": 0,
- "minAgeMinutes": 0,
- "historyCount": 4
}, - "lockout": {
- "maxAttempts": 0,
- "autoUnlockMinutes": 0,
- "userLockoutNotificationChannels": [ ],
- "showLockoutFailures": false
}
}, - "recovery": {
- "factors": {
- "recovery_question": {
- "status": "ACTIVE",
- "properties": {
- "complexity": {
- "complexity": 4
}
}
}, - "okta_email": {
- "status": "ACTIVE",
- "properties": {
- "recoveryToken": {
- "tokenLifetimeMinutes": 10080
}
}
}, - "okta_sms": {
- "status": "INACTIVE"
}, - "okta_call": {
- "status": "INACTIVE"
}
}
}, - "delegation": {
- "options": {
- "skipUnlock": false
}
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT"
]
}
}, - "rules": {
- "hints": {
- "allow": [
- "POST",
- "GET"
]
}
}
}
}
okta.policies.read
Creates a policy or policy rule simulation. The access simulation evaluates policy and policy rules based on the existing policy rule configuration. The evaluation result simulates what the real-world authentication flow is and what policy rules have been applied or matched to the authentication flow.
Success
Forbidden
Not Found
Too Many Requests
Simulate policy request body
{- "policyType": [
- "OKTA_SIGN_ON",
- "MFA_ENROLL"
], - "appInstance": "0oa4eroj3nYCIJIW70g7",
- "policyContext": {
- "groups": {
- "ids": [
- "00g4eralvekR5RLuS0g7",
- "00g4eralvekR5RLuS0g8"
]
}, - "risk": {
- "level": "LOW"
}, - "zones": {
- "ids": [
- "nzo4eralxcRnbIHYJ0g7"
]
}, - "device": {
- "platform": "IOS",
- "registered": true,
- "managed": true
}
}
}
Simulate policy response body
{- "evaluation": [
- {
- "status": null,
- "policyType": "OKTA_SIGN_ON",
- "result": {
- "policies": [
- {
- "id": "00p4eromwukk6qUku0g7",
- "name": "test policy",
- "status": "MATCH",
- "conditions": [ ],
- "rules": [
- {
- "id": "0pr4erof85nGcyC7Y0g7",
- "name": "test rule",
- "status": "MATCH",
- "conditions": [
- {
- "type": "people.groups.include",
- "status": "MATCH"
}
]
}
]
}
]
}, - "undefined": {
- "policies": [ ]
}, - "evaluated": {
- "policies": [ ]
}
}, - {
- "status": null,
- "policyType": "MFA_ENROLL",
- "result": {
- "policies": [
- {
- "id": "00p4eram2kw1aLcrx0g7",
- "name": "Default Policy",
- "status": "MATCH",
- "conditions": [ ],
- "rules": [
- {
- "id": "0pr4eram2lMQT5FZF0g7",
- "name": null,
- "status": "MATCH",
- "conditions": [ ]
}
]
}
]
}, - "undefined": {
- "policies": [ ]
}, - "evaluated": {
- "policies": [ ]
}
}, - {
- "status": null,
- "policyType": "ACCESS_POLICY",
- "result": {
- "policies": [
- {
- "id": "rst4eram06ZKZewEe0g7",
- "name": "Any two factors",
- "status": "MATCH",
- "conditions": [ ],
- "rules": [
- {
- "id": "rul4eram07VsWgybo0g7",
- "name": "Catch-all rule",
- "status": "MATCH",
- "conditions": [ ]
}
]
}
]
}, - "undefined": {
- "policies": [ ]
}, - "evaluated": {
- "policies": [ ]
}
}, - {
- "status": null,
- "policyType": "PROFILE_ENROLLMENT",
- "result": {
- "policies": [
- {
- "id": "rst4eram08ZSjPTOl0g7",
- "name": "Default Policy",
- "status": "MATCH",
- "conditions": [ ],
- "rules": [
- {
- "id": "rul4eram094PrQ2BX0g7",
- "name": "Catch-all rule",
- "status": "MATCH",
- "conditions": [ ]
}
]
}
]
}, - "undefined": {
- "policies": [ ]
}, - "evaluated": {
- "policies": [ ]
}
}
]
}
okta.policies.read
Retrieves a policy
Success
Forbidden
Not Found
Too Many Requests
{- "type": "PASSWORD",
- "id": "policyId",
- "status": "ACTIVE",
- "name": "Policy name",
- "description": "Policy description",
- "priority": 1,
- "system": true,
- "created": "createdDate",
- "lastUpdated": "lastUpdated",
- "conditions": {
- "people": {
- "groups": {
- "include": [
- "groupId"
]
}
}, - "authProvider": {
- "provider": "provider"
}
}, - "settings": {
- "password": {
- "complexity": {
- "minLength": 8,
- "minLowerCase": 1,
- "minUpperCase": 1,
- "minNumber": null,
- "minSymbol": 0,
- "excludeUsername": true,
- "dictionary": {
- "common": {
- "exclude": false
}
}, - "excludeAttributes": [ ]
}, - "age": {
- "maxAgeDays": 0,
- "expireWarnDays": 0,
- "minAgeMinutes": 0,
- "historyCount": 4
}, - "lockout": {
- "maxAttempts": 0,
- "autoUnlockMinutes": 0,
- "userLockoutNotificationChannels": [ ],
- "showLockoutFailures": false
}
}, - "recovery": {
- "factors": {
- "recovery_question": {
- "status": "ACTIVE",
- "properties": {
- "complexity": {
- "complexity": 4
}
}
}, - "okta_email": {
- "status": "ACTIVE",
- "properties": {
- "recoveryToken": {
- "tokenLifetimeMinutes": 10080
}
}
}, - "okta_sms": {
- "status": "INACTIVE"
}, - "okta_call": {
- "status": "INACTIVE"
}
}
}, - "delegation": {
- "options": {
- "skipUnlock": false
}
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT"
]
}
}, - "rules": {
- "hints": {
- "allow": [
- "POST",
- "GET"
]
}
}
}
}
okta.policies.manage
Replaces the properties of a Policy identified by policyId
name required | string Name of the Policy |
type required | string (PolicyType) All Okta orgs contain only one IdP Discovery Policy with an immutable default Rule routing to your org's sign-in page.
Creating or replacing a policy with the |
description | string Default: null Description of the Policy |
priority | integer Default: "Last / Lowest Priority, for example `1`" Specifies the order in which this Policy is evaluated in relation to the other policies |
status | string (LifecycleStatus) Enum: "ACTIVE" "INACTIVE" |
system | boolean Default: false Specifies whether Okta created the Policy |
conditions | string or null Default: null Policy conditions aren't supported. Conditions are applied at the rule level for this policy type. |
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "description": null,
- "name": "string",
- "priority": "Last / Lowest Priority, for example `1`",
- "status": "ACTIVE",
- "system": false,
- "type": "ACCESS_POLICY",
- "conditions": null,
- "_embedded": {
- "resourceType": "string",
- "property1": { },
- "property2": { }
}
}
{- "type": "PASSWORD",
- "id": "policyId",
- "status": "ACTIVE",
- "name": "Policy name",
- "description": "Policy description",
- "priority": 1,
- "system": true,
- "created": "createdDate",
- "lastUpdated": "lastUpdated",
- "conditions": {
- "people": {
- "groups": {
- "include": [
- "groupId"
]
}
}, - "authProvider": {
- "provider": "provider"
}
}, - "settings": {
- "password": {
- "complexity": {
- "minLength": 8,
- "minLowerCase": 1,
- "minUpperCase": 1,
- "minNumber": null,
- "minSymbol": 0,
- "excludeUsername": true,
- "dictionary": {
- "common": {
- "exclude": false
}
}, - "excludeAttributes": [ ]
}, - "age": {
- "maxAgeDays": 0,
- "expireWarnDays": 0,
- "minAgeMinutes": 0,
- "historyCount": 4
}, - "lockout": {
- "maxAttempts": 0,
- "autoUnlockMinutes": 0,
- "userLockoutNotificationChannels": [ ],
- "showLockoutFailures": false
}
}, - "recovery": {
- "factors": {
- "recovery_question": {
- "status": "ACTIVE",
- "properties": {
- "complexity": {
- "complexity": 4
}
}
}, - "okta_email": {
- "status": "ACTIVE",
- "properties": {
- "recoveryToken": {
- "tokenLifetimeMinutes": 10080
}
}
}, - "okta_sms": {
- "status": "INACTIVE"
}, - "okta_call": {
- "status": "INACTIVE"
}
}
}, - "delegation": {
- "options": {
- "skipUnlock": false
}
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT"
]
}
}, - "rules": {
- "hints": {
- "allow": [
- "POST",
- "GET"
]
}
}
}
}
okta.policies.manage
Deletes a policy
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.policies.read
Lists all applications mapped to a policy identified by policyId
Note: Use List all resources mapped to a Policy to list all applications mapped to a policy.
Success
Forbidden
Not Found
Too Many Requests
[- {
- "accessibility": {
- "errorRedirectUrl": "string",
- "loginRedirectUrl": "string",
- "selfService": true
}, - "created": "2019-08-24T14:15:22Z",
- "features": [
- "GROUP_PUSH"
], - "id": "string",
- "label": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "licensing": {
- "seatCount": 0
}, - "orn": "string",
- "profile": { },
- "signOnMode": "AUTO_LOGIN",
- "status": "ACTIVE",
- "visibility": {
- "appLinks": {
- "property1": true,
- "property2": true
}, - "autoLaunch": true,
- "autoSubmitToolbar": true,
- "hide": {
- "iOS": false,
- "web": true
}
}, - "_embedded": {
- "user": {
- "property1": { },
- "property2": { }
}
}, - "_links": {
- "accessPolicy": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "activate": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "appLinks": [
- {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}
], - "deactivate": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "groups": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "help": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "logo": [
- {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}
], - "metadata": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "users": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}
}
}
]
okta.policies.manage
Clones an existing policy
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "type": "PASSWORD",
- "id": "policyId",
- "status": "ACTIVE",
- "name": "Policy name",
- "description": "Policy description",
- "priority": 1,
- "system": true,
- "created": "createdDate",
- "lastUpdated": "lastUpdated",
- "conditions": {
- "people": {
- "groups": {
- "include": [
- "groupId"
]
}
}, - "authProvider": {
- "provider": "provider"
}
}, - "settings": {
- "password": {
- "complexity": {
- "minLength": 8,
- "minLowerCase": 1,
- "minUpperCase": 1,
- "minNumber": null,
- "minSymbol": 0,
- "excludeUsername": true,
- "dictionary": {
- "common": {
- "exclude": false
}
}, - "excludeAttributes": [ ]
}, - "age": {
- "maxAgeDays": 0,
- "expireWarnDays": 0,
- "minAgeMinutes": 0,
- "historyCount": 4
}, - "lockout": {
- "maxAttempts": 0,
- "autoUnlockMinutes": 0,
- "userLockoutNotificationChannels": [ ],
- "showLockoutFailures": false
}
}, - "recovery": {
- "factors": {
- "recovery_question": {
- "status": "ACTIVE",
- "properties": {
- "complexity": {
- "complexity": 4
}
}
}, - "okta_email": {
- "status": "ACTIVE",
- "properties": {
- "recoveryToken": {
- "tokenLifetimeMinutes": 10080
}
}
}, - "okta_sms": {
- "status": "INACTIVE"
}, - "okta_call": {
- "status": "INACTIVE"
}
}
}, - "delegation": {
- "options": {
- "skipUnlock": false
}
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT"
]
}
}, - "rules": {
- "hints": {
- "allow": [
- "POST",
- "GET"
]
}
}
}
}
okta.policies.manage
Activates a policy
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.policies.manage
Deactivates a policy
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.policies.read
Lists all resources mapped to a Policy identified by policyId
Success
Forbidden
Not Found
Too Many Requests
[- {
- "id": "policyId",
- "_links": {
- "application": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "policy": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}
}
}
]
okta.policies.manage
Maps a resource to a Policy identified by policyId
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "resourceId": "string",
- "resourceType": "APP"
}
{- "id": "policyId",
- "_links": {
- "application": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "policy": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}
}
}
okta.policies.read
Retrieves a resource Mapping for a Policy identified by policyId
and mappingId
Success
Forbidden
Not Found
Too Many Requests
{- "id": "policyId",
- "_links": {
- "application": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "policy": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}
}
}
okta.policies.manage
Deletes the resource Mapping for a Policy identified by policyId
and mappingId
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.policies.read
Lists all policy rules
limit | string Defines the number of policy rules returned. See Pagination. |
Success
Forbidden
Not Found
Too Many Requests
List all policy rules response (Sign-on policy)
[- {
- "id": "0prh1sd28q5sXGW08697",
- "status": "ACTIVE",
- "name": "Test Sign-on policy",
- "priority": 0,
- "created": "2024-04-25T17:35:02.000Z",
- "lastUpdated": "2024-04-25T17:35:02.000Z",
- "system": false,
- "conditions": {
- "people": {
- "users": {
- "exclude": [ ]
}
}, - "network": {
- "connection": "ANYWHERE"
}, - "risk": {
- "behaviors": [ ]
}, - "riskScore": {
- "level": "ANY"
}, - "identityProvider": {
- "provider": "ANY"
}
}, - "actions": {
- "signon": {
- "requireFactor": false,
- "factorPromptMode": "ALWAYS",
- "factorLifetime": 15,
- "access": "ALLOW",
- "primaryFactor": "PASSWORD_IDP_ANY_FACTOR",
- "session": {
- "maxSessionIdleMinutes": 720,
- "maxSessionLifetimeMinutes": 0,
- "usePersistentCookie": false
}
}
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}, - "type": "SIGN_ON"
}
]
okta.policies.manage
Creates a policy rule
Note: You can't create additional rules for the
PROFILE_ENROLLMENT
orPOST_AUTH_SESSION
policies.
limit | string Defines the number of policy rules returned. See Pagination. |
activate | boolean Default: true Set this parameter to |
id | string Identifier for the rule | ||||||||||||||||||||||||||||||||||||||||||
name | string Name of the rule | ||||||||||||||||||||||||||||||||||||||||||
priority | integer Priority of the rule | ||||||||||||||||||||||||||||||||||||||||||
status | string (LifecycleStatus) Enum: "ACTIVE" "INACTIVE" | ||||||||||||||||||||||||||||||||||||||||||
system | boolean Default: false Specifies whether Okta created the Policy Rule ( | ||||||||||||||||||||||||||||||||||||||||||
type | string (PolicyRuleType) Rule type | ||||||||||||||||||||||||||||||||||||||||||
object (AccessPolicyRuleActions) | |||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||
object (AccessPolicyRuleConditions) | |||||||||||||||||||||||||||||||||||||||||||
|
Success
Bad Request
Forbidden
Not Found
Too Many Requests
This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are the initial authenticators, and the secondary authentication is a security question.
{- "name": "SSPR Rule",
- "priority": 1,
- "status": "ACTIVE",
- "conditions": {
- "people": {
- "users": {
- "exclude": [ ]
}
}, - "network": {
- "connection": "ANYWHERE"
}
}, - "actions": {
- "passwordChange": {
- "access": "ALLOW"
}, - "selfServicePasswordReset": {
- "access": "ALLOW",
- "requirement": {
- "primary": {
- "methods": [
- "push",
- "sms"
]
}, - "stepUp": {
- "required": true,
- "methods": [
- "security_question"
]
}
}
}, - "selfServiceUnlock": {
- "access": "ALLOW"
}
}, - "system": false,
- "type": "PASSWORD"
}
{- "id": "ruleId",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}, - "name": "SSPR Rule",
- "priority": 1,
- "status": "ACTIVE",
- "conditions": {
- "people": {
- "users": {
- "exclude": [ ]
}
}, - "network": {
- "connection": "ANYWHERE"
}
}, - "actions": {
- "passwordChange": {
- "access": "ALLOW"
}, - "selfServicePasswordReset": {
- "access": "ALLOW",
- "requirement": {
- "primary": {
- "methods": [
- "push",
- "sms"
]
}, - "stepUp": {
- "required": true,
- "methods": [
- "security_question"
]
}
}
}, - "selfServiceUnlock": {
- "access": "ALLOW"
}
}, - "system": false,
- "type": "PASSWORD"
}
okta.policies.read
Retrieves a policy rule
Success
Forbidden
Not Found
Too Many Requests
This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are initial authenticators, and the secondary authentication is a security question.
{- "id": "ruleId",
- "name": "SSPR Rule",
- "priority": 1,
- "status": "ACTIVE",
- "conditions": {
- "people": {
- "users": {
- "exclude": [ ]
}
}, - "network": {
- "connection": "ANYWHERE"
}
}, - "actions": {
- "passwordChange": {
- "access": "ALLOW"
}, - "selfServicePasswordReset": {
- "access": "ALLOW",
- "requirement": {
- "primary": {
- "methods": [
- "push",
- "sms"
]
}, - "stepUp": {
- "required": true,
- "methods": [
- "security_question"
]
}
}
}, - "selfServiceUnlock": {
- "access": "ALLOW"
}
}, - "system": false,
- "type": "PASSWORD"
}
okta.policies.manage
Replaces the properties for a Policy Rule identified by policyId
and ruleId
id | string Identifier for the rule | ||||||||||||||||||||||||||||||||||||||||||
name | string Name of the rule | ||||||||||||||||||||||||||||||||||||||||||
priority | integer Priority of the rule | ||||||||||||||||||||||||||||||||||||||||||
status | string (LifecycleStatus) Enum: "ACTIVE" "INACTIVE" | ||||||||||||||||||||||||||||||||||||||||||
system | boolean Default: false Specifies whether Okta created the Policy Rule ( | ||||||||||||||||||||||||||||||||||||||||||
type | string (PolicyRuleType) Rule type | ||||||||||||||||||||||||||||||||||||||||||
object (AccessPolicyRuleActions) | |||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||
object (AccessPolicyRuleConditions) | |||||||||||||||||||||||||||||||||||||||||||
|
Success
Bad Request
Forbidden
Not Found
Too Many Requests
This password policy permits self-service password change, reset, and unlock. Phone SMS and Okta Verify push are initial authenticators, and the secondary authentication is a security question.
{- "id": "ruleId",
- "name": "SSPR Rule",
- "priority": 1,
- "status": "ACTIVE",
- "conditions": {
- "people": {
- "users": {
- "exclude": [ ]
}
}, - "network": {
- "connection": "ANYWHERE"
}
}, - "actions": {
- "passwordChange": {
- "access": "ALLOW"
}, - "selfServicePasswordReset": {
- "access": "ALLOW",
- "requirement": {
- "primary": {
- "methods": [
- "push",
- "sms"
]
}, - "stepUp": {
- "required": true,
- "methods": [
- "security_question"
]
}
}
}, - "selfServiceUnlock": {
- "access": "ALLOW"
}
}, - "system": false,
- "type": "PASSWORD"
}
{- "id": "ruleId",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}, - "name": "SSPR Rule",
- "priority": 1,
- "status": "ACTIVE",
- "conditions": {
- "people": {
- "users": {
- "exclude": [ ]
}
}, - "network": {
- "connection": "ANYWHERE"
}
}, - "actions": {
- "passwordChange": {
- "access": "ALLOW"
}, - "selfServicePasswordReset": {
- "access": "ALLOW",
- "requirement": {
- "primary": {
- "methods": [
- "push",
- "sms"
]
}, - "stepUp": {
- "required": true,
- "methods": [
- "security_question"
]
}
}
}, - "selfServiceUnlock": {
- "access": "ALLOW"
}
}, - "system": false,
- "type": "PASSWORD"
}
okta.policies.manage
Deletes a Policy Rule identified by policyId
and ruleId
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.policies.manage
Activates a Policy Rule identified by policyId
and ruleId
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.policies.manage
Deactivates a Policy Rule identified by policyId
and ruleId
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}