Clients

An OPA Client corresponds to a specific device. Clients are the primary way Users access OPA resources.

See Okta Privileged Access clients.

List all Clients

Returns a list of Clients for your Team. By default, this only returns Clients associated with the requesting User. Use query parameters to adjust the list of returned Clients.

This endpoint requires one of the following roles: end_user, security_admin, resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

query Parameters
all
boolean

When true, returns all Clients for the Team

count
integer <int32>

The number of objects per page

descending
boolean

The object order

offset
string

The offset value for pagination. The rel="next" and rel="prev" Link headers define the offset for subsequent or previous pages.

prev
boolean

The direction of paging

state
string

Only return Clients with the specified state. Valid statuses: ACTIVE, PENDING, or DELETED.

username
string

Only return Clients assigned to the specified User. An empty string returns unassigned Clients.

Responses
200

OK

get/v1/teams/{team_name}/clients
Request samples
Response samples
application/json
{
  • "list": [
    • {
      },
    • {
      }
    ]
}

Retrieve a Client

Retrieves the properties of a specified Client

This endpoint requires one of the following roles: end_user, security_admin, resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

client_id
required
string

The UUID of a Client

Responses
200

OK

get/v1/teams/{team_name}/clients/{client_id}
Request samples
Response samples
application/json
{
  • "deleted_at": null,
  • "description": "Work laptop",
  • "encrypted": true,
  • "hostname": "LightInAugust",
  • "id": "9c199afe-0ca5-427a-baac-c4341707d82b",
  • "os": "macOS 10.14.6",
  • "state": "PENDING",
  • "user_name": "Jason.Compson.IV"
}

Update a Client

Updates the state or assigned user for a specified Client. This is required for some enrollment policies. See Silently enroll the Client.

This endpoint requires the following role: resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

client_id
required
string

The UUID of a Client

Request Body schema: application/json
required
state
string or null <= 255 characters

The state of the Client: ACTIVE, PENDING, or DELETED

user_name
string or null <= 255 characters

The User associated with the Client

Responses
204

No Content

put/v1/teams/{team_name}/clients/{client_id}
Request samples
application/json
{
  • "state": "ACTIVE",
  • "user_name": "Jason.Compson.IV"
}

Revoke access to a Client

Revokes access to a specified Client from your Team

This endpoint requires one of the following roles: end_user, security_admin, resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

client_id
required
string

The UUID of a Client

Responses
204

No Content

delete/v1/teams/{team_name}/clients/{client_id}
Request samples