The User Role Assignments APIs allow you to assign roles and designate third-party admin status to Users.
okta.roles.read
Lists all users with Role Assignments
Success
Forbidden
Too Many Requests
{- "value": [
- {
- "id": "00u118oQYT4TBGuay0g4",
- "orn": "orn:okta:00o5rb5mt2H3d1TJd0h7:users:00u118oQYT4TBGuay0g4",
- "_links": {
}
}
], - "_links": {
}
}
okta.roles.read
Lists all roles assigned to a user (identified by userId
)
Success
Forbidden
Not Found
Too Many Requests
[- {
- "id": "IFIFAX2BIRGUSTQ",
- "label": "Application administrator",
- "type": "APP_ADMIN",
- "status": "ACTIVE",
- "created": "2019-02-06T16:17:40.000Z",
- "lastUpdated": "2019-02-06T16:17:40.000Z",
- "assignmentType": "USER",
}, - {
- "id": "JBCUYUC7IRCVGS27IFCE2SKO",
- "label": "Help Desk administrator",
- "type": "HELP_DESK_ADMIN",
- "status": "ACTIVE",
- "created": "2019-02-06T16:17:40.000Z",
- "lastUpdated": "2019-02-06T16:17:40.000Z",
- "assignmentType": "USER",
}, - {
- "id": "ra125eqBFpETrMwu80g4",
- "label": "Organization administrator",
- "type": "ORG_ADMIN",
- "status": "ACTIVE",
- "created": "2019-02-06T16:17:40.000Z",
- "lastUpdated": "2019-02-06T16:17:40.000Z",
- "assignmentType": "USER",
}, - {
- "id": "gra25fapn1prGTBKV0g4",
- "label": "API Access Management administrator",
- "type": "API_ACCESS_MANAGEMENT_ADMIN",
- "status": "ACTIVE",
- "created"": "2019-02-06T16:20:57.000Z",
- "lastUpdated"": "2019-02-06T16:20:57.000Z",
- "assignmentType"": "GROUP",
}
]
okta.roles.manage
Assigns a standard role to a user.
You can also assign a custom role to a user, but the preferred method to assign a custom role to a user is to create a binding between the custom role, the resource set, and the user. See Create a Role Resource Set Binding.
Notes:
- The request payload is different for standard and custom role assignments.
- For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response.
type | string Specify the standard or IAM-based role type. See standard roles. |
Created
Bad Request
Forbidden
Not Found
Too Many Requests
{- "type": "string"
}
{- "id": "ra1b8anIk7rx7em7L0g4",
- "label": "Super Organization administrator",
- "type": "SUPER_ADMIN",
- "status": "ACTIVE",
- "created": "2015-09-06T15:28:47.000Z",
- "lastUpdated": "2015-09-06T15:28:47.000Z",
- "assignmentType": "USER",
}
okta.roles.read
Retrieves a role assigned to a user (identified by userId
). The roleAssignmentId
parameter is the unique identifier for either a standard role assignment object or a custom role resource set binding object.
Success
Forbidden
Not Found
Too Many Requests
{- "id": "ra1b8anIk7rx7em7L0g4",
- "label": "Super Organization administrator",
- "type": "SUPER_ADMIN",
- "status": "ACTIVE",
- "created": "2015-09-06T15:28:47.000Z",
- "lastUpdated": "2015-09-06T15:28:47.000Z",
- "assignmentType": "USER",
}
okta.roles.manage
Unassigns a role assignment (identified by roleAssignmentId
) from a user (identified by userId
)
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.roles.read
Retrieves the governance sources of a Role (identified by roleAssignmentId
) that's assigned to a User (identified by userId
)
Success
Forbidden
Not Found
Too Many Requests
{- "grants": [
- {
- "type": "CUSTOM",
- "grantId": "grai24zWTjnDazeOI0g4",
- "_links": {
}
}, - {
- "type": "ENTITLEMENT-BUNDLE",
- "grantId": "grai2556vZgWesWf10g4",
- "bundleId": "enbhz2pAwtts9UBes0g4",
- "expirationDate": "2024-12-09 14:17:22.0",
- "_links": {
}
}
], - "_links": {
}
}
okta.roles.read
Retrieves a Governance Source (identified by grantId
) for a Role (identified by roleAssignmentId
) that's assigned to a User (identified by userId
)
Success
Forbidden
Not Found
Too Many Requests
{- "type": "ENTITLEMENT-BUNDLE",
- "grantId": "grai2556vZgWesWf10g4",
- "bundleId": "enbhz2pAwtts9UBes0g4",
- "expirationDate": "2024-12-09 14:17:22.0",
}
okta.roles.read
Retrieves the resources of a Governance Source (identified by grantId
) for a Role (identified by roleAssignmentId
) that's assigned to a User (identified by userId
)
Success
Forbidden
Not Found
Too Many Requests
{- "resources": [
- {
- "resource": "orn:okta:directory:00ozmkUsqWxsUxhGO0g3:groups:00g114290ar1oCC5A0g5",
- "label": "test-group-1"
}, - {
- "resource": "orn:okta:directory:00ozmkUsqWxsUxhGO0g3:groups:00g118990hl1oCC5B0g5",
- "label": "test-group-2"
}
], - "_links": {
}
}