The Client Role Assignments APIs allow you to assign roles and designate third-party admin status to public client apps.
okta.roles.read
Lists all roles assigned to a Client Application identified by clientId
Success
Forbidden
Not Found
Too Many Requests
[- {
- "id": "JBCUYUC7IRCVGS27IFCE2SKO",
- "label": "Help Desk Administrator",
- "type": "HELP_DESK_ADMIN",
- "status": "ACTIVE",
- "created": "2023-05-01T14:24:54.000Z",
- "lastUpdated": "2023-05-01T14:24:54.000Z",
- "assignmentType": "CLIENT",
- "_links": {
}
}
]
okta.roles.manage
Assigns a standard role to a Client Application.
You can also assign a custom role to a Client Application, but the preferred method to assign a custom role to a client is to create a binding between the Custom Role, the Resource Set, and the Client Application. See Create a Role Resource Set Binding.
Notes:
- The request payload is different for standard and custom role assignments.
- For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response.
type | string Specify the standard or IAM-based role type. See standard roles. |
Success
Forbidden
Not Found
Too Many Requests
{- "type": "HELP_DESK_ADMIN"
}
{- "id": "JBCUYUC7IRCVGS27IFCE2SKO",
- "label": "Help Desk Administrator",
- "type": "HELP_DESK_ADMIN",
- "status": "ACTIVE",
- "created": "2023-05-01T14:24:54.000Z",
- "lastUpdated": "2023-05-01T14:24:54.000Z",
- "assignmentType": "CLIENT",
- "_links": {
}
}
okta.roles.read
Retrieves a Role Assignment (identified by roleAssignmentId
) for a Client Application (identified by clientId
)
Success
Forbidden
Not Found
Too Many Requests
{- "id": "JBCUYUC7IRCVGS27IFCE2SKO",
- "label": "Help Desk Administrator",
- "type": "HELP_DESK_ADMIN",
- "status": "ACTIVE",
- "created": "2023-05-01T14:24:54.000Z",
- "lastUpdated": "2023-05-01T14:24:54.000Z",
- "assignmentType": "CLIENT",
- "_links": {
}
}
okta.roles.manage
Unassigns a Role Assignment (identified by roleAssignmentId
) from a Client Application (identified by clientId
)
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}