Attributes

The Attributes API allows you to control specific settings for Okta Privileged Access users and groups.

List all attribute conflicts for a team
OPA roles:
resource_admin
security_admin

Lists all attribute conflicts for a team

SecuritybearerAuth

Request

path Parameters

team_name

required

string

The name of your team

query Parameters

count	integer <int32> The number of objects per page
descending	boolean The object order
offset	string The offset value for pagination. The rel="next" and rel="prev" `Link` headers define the offset for subsequent or previous pages.
prev	boolean The direction of paging

Responses

200

get/v1/teams/{team_name}/attributes/conflicts

Request samples

Response samples

application/json

{"list": [{"attribute_name": "unix_user_name",
"attribute_value": "Sec.Admin",
"id": "11faefa1-6b59-4a5a-9492-43195cd07385",
"is_service_user": false,
"user_name": "OPA.User.1"
},
{"attribute_name": "unix_user_name",
"attribute_value": "Sec.Admin",
"id": "11faefa1-6b59-4a5b-9492-43195cd07385",
"is_service_user": false,
"user_name": "OPA.User.2"
},
{"attribute_name": "unix_gid",
"attribute_value": 1001,
"id": "b06dfc59-ae9c-4q43-b583-96d09988fd84",
"user_name": "OPA.User.3"
},
{"attribute_name": "unix_gid",
"attribute_value": 1001,
"id": "ff2c0f25-b73d-4t20-8aeb-b6c39a68a204",
"is_service_user": true,
"user_name": "OPA.User.4"
}
]
}

List all attribute options
OPA roles:
security_admin

Lists all attribute options configured for the team, such as unix_uid or unix_gid ranges

SecuritybearerAuth

Request

path Parameters

team_name

required

string

The name of your team

query Parameters

count	integer <int32> The number of objects per page
descending	boolean The object order
offset	string The offset value for pagination. The rel="next" and rel="prev" `Link` headers define the offset for subsequent or previous pages.
prev	boolean The direction of paging

Responses

200

400

Bad request

get/v1/teams/{team_name}/attributes/options

Request samples

Response samples

application/json

{"list": [{"namespace": "user",
"attribute_name": "unix_uid",
"details": {"min": 1001,
"max": 4294967295
}
},
{"namespace": "user",
"attribute_name": "unix_gid",
"details": {"min": 1001,
"max": 4294967295
}
},
{"namespace": "group",
"attribute_name": "unix_gid",
"details": {"min": 1001,
"max": 4294967295
}
}
]
}

Retrieve an attribute option
OPA roles:
security_admin

Retrieves the attribute range option for the specified namespace and attribute

SecuritybearerAuth

Request

path Parameters

team_name required	string The name of your team
namespace required	string Namespace for the attribute option. Valid values are `user` or `group`.
attribute_name required	string Attribute name. Valid values: `unix_uid`, `unix_gid` (for `user` namespace) `unix_gid` (for `group` namespace)

query Parameters

exclude_defaults

boolean

Default: false

Specify true to return the non-default option. If only the default option exists, an HTTP 404 error is returned. Specify false to return any option available, including the default option.

Responses

200

400

Bad request

get/v1/teams/{team_name}/attributes/options/{namespace}/{attribute_name}

Request samples

Response samples

application/json

{"attribute_name": "unix_uid",
"details": {"max": 1001,
"min": 1001
},
"namespace": "user",
"team_id": "810007d0-bec5-486c-b5d1-28fcd8a079ba",
"updated_at": "2019-08-24T14:15:22Z"
}

Upsert an attribute option
OPA roles:
security_admin

Creates or updates the attribute option (the minimum and maximum range) for the specified namespace and attribute

SecuritybearerAuth

Request

path Parameters

team_name required	string The name of your team
namespace required	string Namespace for the attribute option. Valid values are `user` or `group`.
attribute_name required	string Attribute name. Valid values: `unix_uid`, `unix_gid` (for `user` namespace) `unix_gid` (for `group` namespace)

Request Body schema: application/json
required

attribute_name

required

string

The attribute name. Valid values:

unix_uid, unix_gid (for user namespace)
unix_gid (for group namespace)

Enum: "unix_uid" "unix_gid"

required

object (AttributeOptionDetails)

Attribute option details (the range for UID or GID attributes)

max required	integer <int64> [ 1001 .. 4294967295 ] The maximum value of the attribute range. Must be greater than 1000 or greater than the `min` value.
min required	integer <int64> [ 1001 .. 4294967295 ] The minimum value for the attribute range. Must be greater than 1000 and less than the `max` value.

namespace

required

string

Namespace for the attribute option. Valid values are user or group.

Enum: "user" "group"

updated_at

string <date-time>

Timestamp of when the attribute option was last updated

Responses

201

Created or updated successfully

400

Bad request

put/v1/teams/{team_name}/attributes/options/{namespace}/{attribute_name}

Request samples

application/json

{"namespace": "user",
"attribute_name": "unix_uid",
"details": {"min": 1001,
"max": 4294967295
}
}

Response samples

application/json

{"attribute_name": "unix_uid",
"details": {"max": 1001,
"min": 1001
},
"namespace": "user",
"team_id": "810007d0-bec5-486c-b5d1-28fcd8a079ba",
"updated_at": "2019-08-24T14:15:22Z"
}

Delete an attribute option
OPA roles:
security_admin

Deletes the attribute option for the specified namespace and attribute

SecuritybearerAuth

Request

path Parameters

team_name required	string The name of your team
namespace required	string Namespace for the attribute option. Valid values are `user` or `group`.
attribute_name required	string Attribute name. Valid values: `unix_uid`, `unix_gid` (for `user` namespace) `unix_gid` (for `group` namespace)

Responses

204

No Content

delete/v1/teams/{team_name}/attributes/options/{namespace}/{attribute_name}

Request samples

List all attributes for a group
OPA roles:
resource_admin
security_admin
delegated_resource_admin

Lists all attributes for a specified group

SecuritybearerAuth

Request

path Parameters

team_name required	string The name of your team
group_name required	string The name of a group

query Parameters

count	integer <int32> The number of objects per page
descending	boolean The object order
offset	string The offset value for pagination. The rel="next" and rel="prev" `Link` headers define the offset for subsequent or previous pages.
prev	boolean The direction of paging
conflicting	boolean When `true`, only returns attributes that conflict with other attributes on your team

Responses

200

get/v1/teams/{team_name}/groups/{group_name}/attributes

Request samples

Response samples

application/json

{"list": [{"id": "36844d7c-f311-4a42-866c-f32a5a41e213",
"attribute_name": "unix_group_name",
"attribute_value": "group_old",
"managed": false
},
{"id": "8eb50e3f-ef90-4215-b358-9318b35867de",
"attribute_name": "windows_group_name",
"attribute_value": "group_new",
"managed": false
}
]
}

Retrieve a group attribute
OPA roles:
security_admin
resource_admin
delegated_resource_admin

Retrieves an attribute for a group.

SecuritybearerAuth

Request

path Parameters

team_name required	string The name of your team
group_name required	string The name of a group
attribute_id required	string The UUID of an attribute

Responses

200

get/v1/teams/{team_name}/groups/{group_name}/attributes/{attribute_id}

Request samples

Response samples

application/json

{"attribute_name": "unix_group_name",
"attribute_value": "group_old",
"id": "36844d7c-f311-4a42-866c-f32a5a41e213",
"managed": false
}

Update a group attribute
OPA roles:
security_admin

Updates an attribute for a group

SecuritybearerAuth

Request

path Parameters

team_name required	string The name of your team
group_name required	string The name of a group
attribute_id required	string The UUID of an attribute

Request Body schema: application/json
required

attribute_name required	string (GroupAttributeName) The type of attribute Enum: "unix_gid" "unix_group_name" "windows_group_name"
required	unix_gid (integer) or unix_group_name (string) or windows_group_name (string)
One of: The associated Unix group ID [ 100 .. 2147483647 ] integer <int32> (unix_gid) [ 100 .. 2147483647 ]

Responses

204

No Content

put/v1/teams/{team_name}/groups/{group_name}/attributes/{attribute_id}

Request samples

application/json

{"attribute_name": "unix_group_name",
"attribute_value": "new_name"
}

List all attributes for a user
OPA roles:
resource_admin
security_admin

Lists all attributes for a specified user

SecuritybearerAuth

Request

path Parameters

team_name required	string The name of your team
user_name required	string The username for an existing user

query Parameters

count	integer <int32> The number of objects per page
descending	boolean The object order
offset	string The offset value for pagination. The rel="next" and rel="prev" `Link` headers define the offset for subsequent or previous pages.
prev	boolean The direction of paging
conflicting	boolean When `true`, only returns attributes that conflict with other attributes on your team

Responses

200

get/v1/teams/{team_name}/users/{user_name}/attributes

Request samples

Response samples

application/json

{"list": [{"id": "11faefa1-6b59-4a52-9492-43195cd07385",
"attribute_name": "unix_user_name",
"attribute_value": "augusta_ada_king",
"managed": true
},
{"id": "11faefa1-6b59-4a52-9492-43195cd07385",
"attribute_name": "unix_uid",
"attribute_value": 1210,
"managed": true
},
{"id": "b06dfc59-ae9c-4243-b583-96d09988fd84",
"attribute_name": "unix_gid",
"attribute_value": 1210,
"managed": true
},
{"id": "ff2c0f25-b73d-4720-8aeb-b6c39a68a204",
"attribute_name": "windows_user_name",
"attribute_value": "augusta_ada_king",
"managed": true
}
]
}

Retrieve a user attribute
OPA roles:
resource_admin
security_admin

Retrieves an attribute for a user

SecuritybearerAuth

Request

path Parameters

team_name required	string The name of your team
user_name required	string The username for an existing user
attribute_id required	string The UUID of an attribute

Responses

200

get/v1/teams/{team_name}/users/{user_name}/attributes/{attribute_id}

Request samples

Response samples

application/json

{"attribute_name": "unix_user_name",
"attribute_value": "augusta_ada_king",
"id": "11faefa1-6b59-4a52-9492-43195cd07385",
"managed": true
}

Update a user attribute
OPA roles:
security_admin

Updates an attribute for a user

SecuritybearerAuth

Request

path Parameters

team_name required	string The name of your team
user_name required	string The username for an existing user
attribute_id required	string The UUID of an attribute

Request Body schema: application/json
required

attribute_name required	string (TeamUserAttributeName) The type of attribute Enum: "active_directory_identity" "active_directory_passwordless_identity" "gecos_field" "unix_gid" "unix_uid" "unix_user_name" "user_shell" "windows_user_name"
required	active_directory_identity (object) or active_directory_passwordless_identity (object) or gecos_field (object) or user_home_dir (object) or unix_gid (object) or unix_uid (object) or unix_user_name (object) or user_shell (object) or windows_user_name (object)
One of: The Active Directory usernames accessible by the user. Users must manually enter their password. <= 256 characters object (active_directory_identity) <= 256 characters

Responses

204

No Content

put/v1/teams/{team_name}/users/{user_name}/attributes/{attribute_id}

Request samples

application/json

{"attribute_name": "unix_user_name",
"attribute_value": "ada_lovelace"
}

Social
CONTACT & LEGAL
MORE INFORMATION
okta.com
Products, case studies, resources
Help Center
Knowledgebase, roadmaps, and more
Trust
System status, security, compliance

Attributes

List all attribute conflicts for a teamOPA roles: resource_adminsecurity_admin

path Parameters

query Parameters

List all attribute optionsOPA roles: security_admin

path Parameters

query Parameters

Retrieve an attribute optionOPA roles: security_admin

path Parameters

query Parameters

Upsert an attribute optionOPA roles: security_admin

path Parameters

Request Body schema: application/jsonrequired

Delete an attribute optionOPA roles: security_admin

path Parameters

List all attributes for a groupOPA roles: resource_adminsecurity_admindelegated_resource_admin

path Parameters

query Parameters

Retrieve a group attributeOPA roles: security_adminresource_admindelegated_resource_admin

path Parameters

Update a group attributeOPA roles: security_admin

path Parameters

Request Body schema: application/jsonrequired

List all attributes for a userOPA roles: resource_adminsecurity_admin

path Parameters

query Parameters

Retrieve a user attributeOPA roles: resource_adminsecurity_admin

path Parameters

Update a user attributeOPA roles: security_admin

path Parameters

Request Body schema: application/jsonrequired

List all attribute conflicts for a team
OPA roles:
resource_admin
security_admin

List all attribute options
OPA roles:
security_admin

Retrieve an attribute option
OPA roles:
security_admin

Upsert an attribute option
OPA roles:
security_admin

Request Body schema: application/json
required

Delete an attribute option
OPA roles:
security_admin

List all attributes for a group
OPA roles:
resource_admin
security_admin
delegated_resource_admin

Retrieve a group attribute
OPA roles:
security_admin
resource_admin
delegated_resource_admin

Update a group attribute
OPA roles:
security_admin

Request Body schema: application/json
required

List all attributes for a user
OPA roles:
resource_admin
security_admin

Retrieve a user attribute
OPA roles:
resource_admin
security_admin

Update a user attribute
OPA roles:
security_admin

Request Body schema: application/json
required