User role targets are a way of limiting the app or group resources for a standard role that's assigned to an admin User within your org. You can define admin roles to target groups, Applications, and Application Instances.
Note: You can only use the User Role Targets API with standard roles. You can define specific targets for custom roles with Resource Set Resources. See the Role Assignments concept.
okta.roles.read
Lists all app targets for an APP_ADMIN
role assigned to a user. The response is a list that includes OIN-cataloged apps or app instances. The response payload for an app instance contains the id
property, but an OIN-cataloged app payload doesn't.
Success
Forbidden
Not Found
Too Many Requests
[- {
- "category": "string",
- "description": "string",
- "displayName": "string",
- "features": [
- "string"
], - "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "name": "string",
- "signOnModes": [
- "string"
], - "status": "ACTIVE",
- "verificationStatus": "string",
- "website": "string",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}
}
}
]
okta.roles.manage
Assigns all apps as target to role
Success
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.roles.manage
Assigns an OIN app target for an APP_ADMIN
role assignment to an admin user. When you assign the first app target, you reduce the scope of the role assignment.
The role no longer applies to all app targets, but applies only to the specified target. Assigning an OIN app target overrides any existing app instance targets of the OIN app.
For example, if a user was assigned to administer a specific Facebook instance, a successful request to add an OIN app target with facebook
for appName
makes that user the administrator for all Facebook instances.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.roles.manage
Unassigns an OIN app target from an APP_ADMIN
role assignment to an admin user.
Note: You can't remove the last OIN app target from a role assignment since this causes an exception. If you need a role assignment that applies to all apps, delete the
APP_ADMIN
role assignment to the user and recreate a new one.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.roles.manage
Assigns an app instance target to an APP_ADMIN
role assignment to an admin user. When you assign the first OIN app or app instance target, you reduce the scope of the role assignment.
The role no longer applies to all app targets, but applies only to the specified target.
Note: You can target a mixture of both OIN app and app instance targets, but can't assign permissions to manage all instances of an OIN app and then assign a subset of permission to the same OIN app. For example, you can't specify that an admin has access to manage all instances of the Salesforce app and then also manage specific configurations of the Salesforce app.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.roles.manage
Unassigns an app instance target from an APP_ADMIN
role assignment to an admin user.
Note: You can't remove the last app instance target from a role assignment since this causes an exception. If you need a role assignment that applies to all apps, delete the
APP_ADMIN
role assignment and recreate a new one.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.roles.read
Lists all group targets for a USER_ADMIN
, HELP_DESK_ADMIN
, or GROUP_MEMBERSHIP_ADMIN
role assignment to an admin user.
If the role isn't scoped to specific group targets, an empty array []
is returned.
Success
Forbidden
Not Found
Too Many Requests
[- {
- "created": "2019-08-24T14:15:22Z",
- "id": "0gabcd1234",
- "lastMembershipUpdated": "2019-08-24T14:15:22Z",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "objectClass": [
- "string"
], - "profile": {
- "description": "All users West of The Rockies",
- "name": "West Coast users"
}, - "type": "APP_GROUP",
- "_embedded": {
- "property1": { },
- "property2": { }
}, - "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "apps": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "logo": [
- {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}
], - "source": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}, - "users": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "templated": true,
- "type": "string"
}
}
}
]
okta.roles.manage
Assigns a group target for a USER_ADMIN
, HELP_DESK_ADMIN
, or GROUP_MEMBERSHIP_ADMIN
role assignment to an admin user.
When you assign the first group target, you reduce the scope of the role assignment. The role no longer applies to all targets but applies only to the specified target.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.roles.manage
Unassigns a group target from a USER_ADMIN
, HELP_DESK_ADMIN
, or GROUP_MEMBERSHIP_ADMIN
role assignment to an admin user.
Note: You can't remove the last group target from a role assignment since this causes an exception. If you need a role assignment that applies to all groups, delete the role assignment to the user and recreate a new one.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}