Policies

The Okta Policy API enables an Administrator to perform Policy and Policy Rule operations. The Policy framework is used by Okta to control Rules and settings that govern, among other things, user session lifetime, whether multi-factor authentication is required when logging in, what MFA factors may be employed, password complexity requirements, what types of self-service operations are permitted under various circumstances, and what identity provider to route users to.

Policy settings for a particular Policy type, such as Sign On Policy, consist of one or more Policy objects, each of which contains one or more Policy Rules. Policies and Rules contain conditions that determine whether they are applicable to a particular user at a particular time.

List all Policies
OAuth 2.0: okta.policies.read

Lists all policies with the specified type

Request
query Parameters
type
required
string
status
string
expand
string
Default: ""
Responses
200

Success

403

Forbidden

429

Too Many Requests

get/api/v1/policies
Request samples 
Response samples 
application/json
[
  • {
    • "created": "2019-08-24T14:15:22Z",
    • "description": "string",
    • "id": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "name": "string",
    • "priority": 0,
    • "status": "ACTIVE",
    • "system": true,
    • "type": "ACCESS_POLICY",
    • "_embedded": {
      },
    • "_links": {
      }
    }
]
Create a Policy
OAuth 2.0: okta.policies.manage
Creates a policy


Request 
query Parameters
activate
boolean
 Default:  true
 
Request Body schema: application/json
description
string
 
name
string
 
priority
integer
 
status
string (LifecycleStatus) 
 Enum: "ACTIVE" "INACTIVE"  
system
boolean
 
type
string (PolicyType) 
 
object (PolicyRuleConditions) 
 
object (AppAndInstancePolicyRuleCondition) 
 
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance) 
 
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance) 
 
object (AppInstancePolicyRuleCondition) 
 
exclude
Array of strings
 
include
Array of strings
 
object (PolicyRuleAuthContextCondition) 
 
authType
string (PolicyRuleAuthContextType) 
 Enum: "ANY" "RADIUS"  
object (PasswordPolicyAuthenticationProviderCondition) 
 
include
Array of strings
 
provider
string (PasswordPolicyAuthenticationProviderType) 
 Enum: "ACTIVE_DIRECTORY" "ANY" "LDAP" "OKTA"  
object (BeforeScheduledActionPolicyRuleCondition) 
 
object (Duration) 
 
object (ScheduledUserLifecycleAction) 
 
object (ClientPolicyCondition) 
 
include
Array of strings
 
object (ContextPolicyRuleCondition) 
 
migrated
boolean
 
object (DevicePolicyRuleConditionPlatform) 
 
rooted
boolean
 
trustLevel
string (DevicePolicyTrustLevel) 
 Enum: "ANY" "TRUSTED"  
expression
string
 
object (DevicePolicyRuleCondition) 
 
migrated
boolean
 
object (DevicePolicyRuleConditionPlatform) 
 
rooted
boolean
 
trustLevel
string (DevicePolicyTrustLevel) 
 Enum: "ANY" "TRUSTED"  
object (GrantTypePolicyRuleCondition) 
 
include
Array of strings
 
object (GroupPolicyRuleCondition) 
 
exclude
Array of strings
 
include
Array of strings
 
object (IdentityProviderPolicyRuleCondition) 
 
idpIds
Array of strings
 
provider
string (IdentityProviderPolicyProvider) 
 Enum: "ANY" "OKTA" "SPECIFIC_IDP"  
object (MDMEnrollmentPolicyRuleCondition) 
 
blockNonSafeAndroid
boolean
 
enrollment
string (MDMEnrollmentPolicyEnrollment) 
 Enum: "ANY_OR_NONE" "OMM"  
object (PolicyNetworkCondition) 
 
connection
string (PolicyNetworkConnection) 
 Enum: "ANYWHERE" "ZONE"  
exclude
Array of strings
 
include
Array of strings
 
object (PolicyPeopleCondition) 
 
object (GroupCondition) 
 
object (UserCondition) 
 
object (PlatformPolicyRuleCondition) 
 
Array of objects (PlatformConditionEvaluatorPlatform) 
 
Array of objects (PlatformConditionEvaluatorPlatform) 
 
object (RiskPolicyRuleCondition) 
 
behaviors
Array of strings  unique 
 
object (RiskScorePolicyRuleCondition) 
 
level
string
 
object (OAuth2ScopesMediationPolicyRuleCondition) 
 
include
Array of strings
 
object (UserIdentifierPolicyRuleCondition) 
 
attribute
string
 
Array of objects (UserIdentifierConditionEvaluatorPattern) 
 
type
string (UserIdentifierType) 
 Enum: "ATTRIBUTE" "IDENTIFIER"  
object (UserPolicyRuleCondition) 
 
exclude
Array of strings
 
object (InactivityPolicyRuleCondition) 
 
include
Array of strings
 
object (LifecycleExpirationPolicyRuleCondition) 
 
object (PasswordExpirationPolicyRuleCondition) 
 
object (UserLifecycleAttributePolicyRuleCondition) 
 
object (UserStatusPolicyRuleCondition) 
 
value
string (PolicyUserStatus) 
 Enum: "ACTIVATING" "ACTIVE" "DELETED" "DELETING" "EXPIRED_PASSWORD" "INACTIVE" "PENDING" "SUSPENDED"  
Responses 
200
Success


400
Bad Request


403
Forbidden


429
Too Many Requests


post/api/v1/policies
Request samples 
application/json
{
  • "description": "string",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}
Response samples 
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "self": {
      }
    },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}
Create a Policy Simulation
Identity Engine
OAuth 2.0: okta.policies.read
Creates a policy or policy rule simulation. The access simulation evaluates policy and policy rules based on the existing policy rule configuration.
The evaluation result simulates what the real-world authentication flow is and what policy rules have been applied or matched to the authentication flow.


Request 
query Parameters
expand
string
Use expand=EVALUATED to include a list of evaluated but not matched policies and policy rules. Use expand=RULE to include details about why a rule condition was (not) matched.


 
 Example:  expand=expand=EVALUATED&expand=RULE
Request Body schema: application/json
 Array 
appInstance
required
string
The application instance ID for a simulate operation


 
object (PolicyContext) 
 
object
 
required
object
An array of Group IDs for the simulate operation. Only user IDs or Group IDs are allowed, not both.


 
ip
string
The network rule condition, zone, or IP address


 
object
The risk rule condition level


 
required
object
The user ID for the simulate operation. Only user IDs or Group IDs are allowed, not both.


 
object
 
policyTypes
Array of strings (PolicyType) 
Supported policy types for a simulate operation. The default value, null, returns all types.


Items Enum: "ACCESS_POLICY" "IDP_DISCOVERY" "MFA_ENROLL" "OKTA_SIGN_ON" "PASSWORD" "PROFILE_ENROLLMENT"  
Responses 
204
Success


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/policies/simulate
Request samples 
application/json
Simulate policy request body


{
  • "policyType": [
    • "OKTA_SIGN_ON",
    • "MFA_ENROLL"
    ],
  • "appInstance": "0oa4eroj3nYCIJIW70g7",
  • "policyContext": {
    • "groups": {
      }
    },
  • "risk": {
    • "level": "LOW"
    },
  • "zones": {
    • "ids": [
      ]
    },
  • "device": {
    • "platform": "IOS",
    • "registered": true,
    • "managed": true
    }
}
Response samples 
application/json
Simulate policy response body


{
  • "evaluation": [
    • {
      },
    • {
      },
    • {
      }
    ]
}
Retrieve a Policy
OAuth 2.0: okta.policies.read
Retrieves a policy


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
query Parameters
expand
string
 Default:  ""
 
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/policies/{policyId}
Request samples 
Response samples 
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "self": {
      }
    },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}
Replace a Policy
OAuth 2.0: okta.policies.manage
Replaces the properties of a Policy identified by policyId


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Request Body schema: application/json
description
string
 
name
string
 
priority
integer
 
status
string (LifecycleStatus) 
 Enum: "ACTIVE" "INACTIVE"  
system
boolean
 
type
string (PolicyType) 
 
object (PolicyRuleConditions) 
 
object (AppAndInstancePolicyRuleCondition) 
 
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance) 
 
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance) 
 
object (AppInstancePolicyRuleCondition) 
 
exclude
Array of strings
 
include
Array of strings
 
object (PolicyRuleAuthContextCondition) 
 
authType
string (PolicyRuleAuthContextType) 
 Enum: "ANY" "RADIUS"  
object (PasswordPolicyAuthenticationProviderCondition) 
 
include
Array of strings
 
provider
string (PasswordPolicyAuthenticationProviderType) 
 Enum: "ACTIVE_DIRECTORY" "ANY" "LDAP" "OKTA"  
object (BeforeScheduledActionPolicyRuleCondition) 
 
object (Duration) 
 
object (ScheduledUserLifecycleAction) 
 
object (ClientPolicyCondition) 
 
include
Array of strings
 
object (ContextPolicyRuleCondition) 
 
migrated
boolean
 
object (DevicePolicyRuleConditionPlatform) 
 
rooted
boolean
 
trustLevel
string (DevicePolicyTrustLevel) 
 Enum: "ANY" "TRUSTED"  
expression
string
 
object (DevicePolicyRuleCondition) 
 
migrated
boolean
 
object (DevicePolicyRuleConditionPlatform) 
 
rooted
boolean
 
trustLevel
string (DevicePolicyTrustLevel) 
 Enum: "ANY" "TRUSTED"  
object (GrantTypePolicyRuleCondition) 
 
include
Array of strings
 
object (GroupPolicyRuleCondition) 
 
exclude
Array of strings
 
include
Array of strings
 
object (IdentityProviderPolicyRuleCondition) 
 
idpIds
Array of strings
 
provider
string (IdentityProviderPolicyProvider) 
 Enum: "ANY" "OKTA" "SPECIFIC_IDP"  
object (MDMEnrollmentPolicyRuleCondition) 
 
blockNonSafeAndroid
boolean
 
enrollment
string (MDMEnrollmentPolicyEnrollment) 
 Enum: "ANY_OR_NONE" "OMM"  
object (PolicyNetworkCondition) 
 
connection
string (PolicyNetworkConnection) 
 Enum: "ANYWHERE" "ZONE"  
exclude
Array of strings
 
include
Array of strings
 
object (PolicyPeopleCondition) 
 
object (GroupCondition) 
 
object (UserCondition) 
 
object (PlatformPolicyRuleCondition) 
 
Array of objects (PlatformConditionEvaluatorPlatform) 
 
Array of objects (PlatformConditionEvaluatorPlatform) 
 
object (RiskPolicyRuleCondition) 
 
behaviors
Array of strings  unique 
 
object (RiskScorePolicyRuleCondition) 
 
level
string
 
object (OAuth2ScopesMediationPolicyRuleCondition) 
 
include
Array of strings
 
object (UserIdentifierPolicyRuleCondition) 
 
attribute
string
 
Array of objects (UserIdentifierConditionEvaluatorPattern) 
 
type
string (UserIdentifierType) 
 Enum: "ATTRIBUTE" "IDENTIFIER"  
object (UserPolicyRuleCondition) 
 
exclude
Array of strings
 
object (InactivityPolicyRuleCondition) 
 
include
Array of strings
 
object (LifecycleExpirationPolicyRuleCondition) 
 
object (PasswordExpirationPolicyRuleCondition) 
 
object (UserLifecycleAttributePolicyRuleCondition) 
 
object (UserStatusPolicyRuleCondition) 
 
value
string (PolicyUserStatus) 
 Enum: "ACTIVATING" "ACTIVE" "DELETED" "DELETING" "EXPIRED_PASSWORD" "INACTIVE" "PENDING" "SUSPENDED"  
Responses 
200
Success


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


put/api/v1/policies/{policyId}
Request samples 
application/json
{
  • "description": "string",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}
Response samples 
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "self": {
      }
    },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}
Delete a Policy
OAuth 2.0: okta.policies.manage
Deletes a policy


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


delete/api/v1/policies/{policyId}
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
List all Applications mapped to a Policy
OAuth 2.0: okta.policies.read
Deprecated
Lists all applications mapped to a policy identified by policyId




Note: Use List all resources mapped to a Policy to list all applications mapped to a policy.




Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/policies/{policyId}/app
Request samples 
Response samples 
application/json
[
  • {
    • "accessibility": {
      },
    • "created": "2019-08-24T14:15:22Z",
    • "features": [
      ],
    • "id": "string",
    • "label": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "licensing": {
      },
    • "profile": {
      },
    • "signOnMode": "AUTO_LOGIN",
    • "status": "ACTIVE",
    • "visibility": {
      },
    • "_embedded": {
      },
    • "_links": {
      }
    }
]
Clone an existing Policy
Identity Engine
OAuth 2.0: okta.policies.manage
Clones an existing policy


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Responses 
200
Success


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/policies/{policyId}/clone
Request samples 
Response samples 
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "ACCESS_POLICY",
  • "_embedded": {
    • "property1": { },
    • "property2": { }
    },
  • "_links": {
    • "self": {
      }
    },
  • "conditions": {
    • "app": {
      },
    • "apps": {
      },
    • "authContext": {
      },
    • "authProvider": {
      },
    • "beforeScheduledAction": {
      },
    • "clients": {
      },
    • "context": {
      },
    • "device": {
      },
    • "grantTypes": {
      },
    • "groups": {
      },
    • "identityProvider": {
      },
    • "mdmEnrollment": {
      },
    • "network": {
      },
    • "people": {
      },
    • "platform": {
      },
    • "risk": {
      },
    • "riskScore": {
      },
    • "scopes": {
      },
    • "userIdentifier": {
      },
    • "users": {
      },
    • "userStatus": {
      }
    }
}
Activate a Policy
OAuth 2.0: okta.policies.manage
Activates a policy


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/policies/{policyId}/lifecycle/activate
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
Deactivate a Policy
OAuth 2.0: okta.policies.manage
Deactivates a policy


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/policies/{policyId}/lifecycle/deactivate
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
List all resources mapped to a Policy
OAuth 2.0: okta.policies.read
Lists all resources mapped to a Policy identified by policyId


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/policies/{policyId}/mappings
Request samples 
Response samples 
application/json
[
  • {
    • "id": "string",
    • "_links": {
      }
    }
]
Map a resource to a Policy
OAuth 2.0: okta.policies.manage
Maps a resource to a Policy identified by policyId


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Request Body schema: application/json
resourceId
string
 
resourceType
string (PolicyMappingResourceType) 
 Value: "APP"  
Responses 
200
Success


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/policies/{policyId}/mappings
Request samples 
application/json
{
  • "resourceId": "string",
  • "resourceType": "APP"
}
Response samples 
application/json
{
  • "id": "string",
  • "_links": {
    • "self": {
      },
    • "application": {
      }
    }
}
Retrieve a policy resource Mapping
OAuth 2.0: okta.policies.read
Retrieves a resource Mapping for a Policy identified by policyId and mappingId


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
mappingId
required
string
id of the policy resource Mapping


 
 Example:  maplr2rLjZ6NsGn1P0g3
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/policies/{policyId}/mappings/{mappingId}
Request samples 
Response samples 
application/json
{
  • "id": "string",
  • "_links": {
    • "self": {
      },
    • "application": {
      }
    }
}
Delete a policy resource Mapping
OAuth 2.0: okta.policies.manage
Deletes the resource Mapping for a Policy identified by  policyId and mappingId


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
mappingId
required
string
id of the policy resource Mapping


 
 Example:  maplr2rLjZ6NsGn1P0g3
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


delete/api/v1/policies/{policyId}/mappings/{mappingId}
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
List all Policy Rules
OAuth 2.0: okta.policies.read
Lists all policy rules


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/policies/{policyId}/rules
Request samples 
Response samples 
application/json
[
  • {
    • "created": "2019-08-24T14:15:22Z",
    • "id": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "name": "string",
    • "priority": 0,
    • "status": "ACTIVE",
    • "system": false,
    • "type": "ACCESS_POLICY"
    }
]
Create a Policy Rule
OAuth 2.0: okta.policies.manage
Creates a policy rule


Request 
path Parameters
policyId
required
string
id of the Policy


 
 Example:  00plrilJ7jZ66Gn0X0g3
Request Body schema: application/json
id
string
 
name
string
 
priority
integer
 
status
string (LifecycleStatus) 
 Enum: "ACTIVE" "INACTIVE"  
system
boolean
 Default:  false
 
type
string (PolicyRuleType) 
 
object (AccessPolicyRuleActions) 
 
object (AccessPolicyRuleApplicationSignOn) 
 
access
string
 
object (VerificationMethod) 
 
object (AccessPolicyRuleConditions) 
 
object (AppAndInstancePolicyRuleCondition) 
 
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance) 
 
Array of objects (AppAndInstanceConditionEvaluatorAppOrInstance) 
 
object (AppInstancePolicyRuleCondition) 
 
exclude
Array of strings
 
include
Array of strings
 
object (PolicyRuleAuthContextCondition) 
 
authType
string (PolicyRuleAuthContextType) 
 Enum: "ANY" "RADIUS"  
object (PasswordPolicyAuthenticationProviderCondition) 
 
include
Array of strings
 
provider
string (PasswordPolicyAuthenticationProviderType) 
 Enum: "ACTIVE_DIRECTORY" "ANY" "LDAP" "OKTA"  
object (BeforeScheduledActionPolicyRuleCondition) 
 
object