Clients

An Okta Privileged Access client corresponds to a specific device. Clients are the primary way users access Okta Privileged Access resources.

See Okta Privileged Access clients.

List all clients
Admin roles:
  • resource_admin
  • security_admin
  • end_user

Returns a list of clients for your team. By default, this only returns clients associated with the requesting user. Use query parameters to adjust the list of returned clients.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your team

query Parameters
all
boolean

When true, returns all clients for the team

count
integer <int32>

The number of objects per page

descending
boolean

The object order

offset
string

The offset value for pagination. The rel="next" and rel="prev" Link headers define the offset for subsequent or previous pages.

prev
boolean

The direction of paging

state
string

Only return clients with the specified state. Valid statuses: ACTIVE, PENDING, or DELETED.

username
string

Only return clients assigned to the specified user. An empty string returns unassigned clients.

Responses
200

OK

get/v1/teams/{team_name}/clients
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      },
    • {
      }
    ]
}
Retrieve a client
Admin roles: 
  • resource_admin
  • security_admin
  • end_user
Retrieves the properties of a specified client


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
client_id
required
string
The UUID of a client


 
Responses 
200
OK


get/v1/teams/{team_name}/clients/{client_id}
Request samples 
Response samples 
application/json
{
  • "deleted_at": null,
  • "description": "Work laptop",
  • "encrypted": true,
  • "hostname": "LightInAugust",
  • "id": "9c199afe-0ca5-427a-baac-c4341707d82b",
  • "os": "macOS 10.14.6",
  • "state": "PENDING",
  • "user_name": "Jason.Compson.IV"
}
Update a client
Admin roles: 
  • resource_admin
Updates the state or assigned user for a specified client. This is required for some enrollment policies. See Silently enroll the Client.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
client_id
required
string
The UUID of a client


 
Request Body schema: application/json
required
state
string or null  <= 255 characters 
The state of the client: ACTIVE, PENDING, or DELETED


 
user_name
string or null  <= 255 characters 
The user associated with the client


 
Responses 
204
No Content


put/v1/teams/{team_name}/clients/{client_id}
Request samples 
application/json
{
  • "state": "ACTIVE",
  • "user_name": "Jason.Compson.IV"
}
Revoke access to a client
Admin roles: 
  • resource_admin
  • security_admin
  • end_user
Revokes access to a specified client from your team


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
client_id
required
string
The UUID of a client


 
Responses 
204
No Content


delete/v1/teams/{team_name}/clients/{client_id}
Request samples