Groups

An Okta Privileged Access group is a collection of users that share permissions and access to resources.

See Groups.

List all groups for a team
Admin roles:
  • pam_admin
  • resource_admin
  • security_admin
  • delegated_resource_admin

Lists all groups for your team

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your team

query Parameters
contains
string

Only return results that include the specified value

count
integer <int32>

The number of objects per page

descending
boolean

The object order

id
string

Only return results with the specified IDs

ignore
string

Ignore groups with the specified names. This is case sensitive.

include_deleted
boolean

If true, include deleted groups in the results

offset
string

The offset value for pagination. The rel="next" and rel="prev" Link headers define the offset for subsequent or previous pages.

only_include_deleted
boolean

If true, only return deleted groups in the results

prev
boolean

The direction of paging

Responses
200

OK

get/v1/teams/{team_name}/groups
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      },
    • {
      }
    ]
}
Create a group
Admin roles: 
  • pam_admin
Creates a group for your team. Groups allow you to assign RBAC roles to users and manage user access to resource groups and projects. To assign the delegated_resource_admin role, you need to add the group to the delegated_resource_admin_groups list for a specific resource group. See Resource Groups.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
Request Body schema: application/json
name
required
string  [ 1 .. 255 ] characters 
The name of the group


 
roles
required
Array of strings (GroupCreateRole) 
The roles assigned to the group


Items Enum: "pam_admin" "resource_admin" "security_admin"  
Responses 
201
Created


post/v1/teams/{team_name}/groups
Request samples 
application/json
{
  • "deleted_at": null,
  • "id": "",
  • "name": "compsons",
  • "roles": [
    • "pam_admin",
    • "resource_admin"
    ]
}
Response samples 
application/json
{
  • "deleted_at": "0001-01-01T00:00:00Z",
  • "id": "b5a346c5-bafa-40eb-bb9f-401c0f57db36",
  • "name": "compsons",
  • "roles": [
    • "pam_admin",
    • "resource_admin"
    ]
}
Retrieve a group
Admin roles: 
  • pam_admin
  • resource_admin
  • security_admin
  • delegated_resource_admin
Retrieves a specified group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
group_name
required
string
The name of a group


 
Responses 
200
OK


get/v1/teams/{team_name}/groups/{group_name}
Request samples 
Response samples 
application/json
{
  • "deleted_at": "0001-01-01T00:00:00Z",
  • "id": "b5a346c5-bafa-40eb-bb9f-401c0f57db36",
  • "name": "compsons",
  • "roles": [
    • "pam_admin",
    • "resource_admin"
    ]
}
Update a group
Admin roles: 
  • pam_admin
Updates the access privileges of the specified group. To assign the delegated_resource_admin role, you need to add the group to the delegated_resource_admin_groups list for a specific resource group. See Resource Groups.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
group_name
required
string
The name of a group


 
Request Body schema: application/json
required
roles
required
Array of strings (GroupUpdateRole) 
The roles assigned to the group


Items Enum: "end_user" "pam_admin" "resource_admin" "security_admin"  
Responses 
204
No Content


put/v1/teams/{team_name}/groups/{group_name}
Request samples 
application/json
{
  • "roles": [
    • "pam_admin",
    • "resource_admin"
    ]
}
Delete a group from a team
Admin roles: 
  • pam_admin
Removes a group from your team. This also removes the group from any associated projects.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
group_name
required
string
The name of a group


 
Responses 
204
No Content


delete/v1/teams/{team_name}/groups/{group_name}
Request samples 
List all users for a group
Admin roles: 
  • pam_admin
  • resource_admin
  • security_admin
  • delegated_resource_admin
Lists all users in a specified group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
group_name
required
string
The name of a group


 
query Parameters
contains
string
Only return results that include the specified value


 
count
integer <int32> 
The number of objects per page


 
descending
boolean
The object order


 
offset
string
The offset value for pagination. The rel="next" and rel="prev" Link headers define the offset for subsequent or previous pages.


 
prev
boolean
The direction of paging


 
starts_with
string
Only return users with a name that begins with the specified value


 
status
string
Only return users with the specified status. Valid statuses: ACTIVE, DISABLED, and DELETED.


 
user_type
string
Only return users of the specified type. Valid types: human and service.


 
Responses 
200
OK


get/v1/teams/{team_name}/groups/{group_name}/users
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      }
    ]
}
Add a user to a group
Admin roles: 
  • pam_admin
Adds a user to a group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
group_name
required
string
The name of a group


 
Request Body schema: application/json
required
name
string  [ 1 .. 255 ] characters 
The username of the user


 
Responses 
204
No Content


post/v1/teams/{team_name}/groups/{group_name}/users
Request samples 
application/json
{
  • "name": "Jason.Compson.IV"
}
Remove a user from a group
Admin roles: 
  • pam_admin
Removes a user from a group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
group_name
required
string
The name of a group


 
user_name
required
string
The username for an existing user


 
Responses 
204
No Content


delete/v1/teams/{team_name}/groups/{group_name}/users/{user_name}
Request samples