Active Directory Connections

The Active Directory (AD) Connections API provides create, read, update, and delete (CRUD) operations for AD connections.

List all Active Directory connections
Early Access
OPA roles:
  • resource_admin

Lists all Active Directory connections

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your team

Responses
200

Success

401

Unauthorized

404

Not found

get/v1/teams/{team_name}/connections/active_directory
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      }
    ]
}
Retrieve an Active Directory connection
Early Access
OPA roles: 
  • resource_admin
Retrieves an Active Directory connection


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
ad_connection_id
required
string <regex>  (UUID) ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-...
The UUID of an Active Directory connection


 
 Example:  a747a818-a4c4-4446-8a87-704216495a08
Responses 
200
Success


401
Unauthorized


404
Not found


get/v1/teams/{team_name}/connections/active_directory/{ad_connection_id}
Request samples 
Response samples 
application/json
{
  • "app_instance_id": "string",
  • "domain": "string",
  • "id": "a747a818-a4c4-4446-8a87-704216495a08",
  • "name": "string",
  • "status": "connected"
}
Update the status of an Active Directory connection
Early Access
OPA roles: 
  • resource_admin
Updates the status of an Active Directory connection. You can't create account assignment rules for this connection if the status is disconnected.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
ad_connection_id
required
string <regex>  (UUID) ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-...
The UUID of an Active Directory connection


 
 Example:  a747a818-a4c4-4446-8a87-704216495a08
Request Body schema: application/json
required
status
string (UpdateableADConnectionStatus) 
Statuses that can be updated via the API


 Enum: Description
connected
Indicates that the connection is in use and can be used to define account assignment rules


disconnected
Indicates that the connection is not in use and cannot be used to define account assignment rules


 
Responses 
204
No content. Status successfully updated.


401
Unauthorized


404
Not found


put/v1/teams/{team_name}/connections/active_directory/{ad_connection_id}/status
Request samples 
application/json
{
  • "status": "connected"
}
Response samples 
application/json
{
  • "code": 401,
  • "message": "Missing capability: role",
  • "nottype": "authorization_error"
}
Start Active Directory account force sync
Early Access
OPA roles: 
  • resource_admin
Starts Active Directory account force sync:


    

  • Updates the state of an Active Directory account managed by Okta Privileged Access with the state in Universal Directory AD apps
    • 

  • Performs account matching through configured account rules
    • 

  • Returns a conflict error if a sync is already running
    • 



SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
ad_connection_id
required
string <regex>  (UUID) ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-...
The UUID of an Active Directory connection


 
 Example:  a747a818-a4c4-4446-8a87-704216495a08
Responses 
204
No Content


401
Unauthorized


404
Not found


409
Conflict


put/v1/teams/{team_name}/resource_assignment/active_directory/{ad_connection_id}/force_sync
Request samples 
Response samples 
application/json
{
  • "code": 401,
  • "message": "Missing capability: role",
  • "nottype": "authorization_error"
}