The Okta Universal Directory Accounts API provides operations to manage Universal Directory accounts for Okta Privileged Access teams
Lists all Universal Directory accounts
OK
{- "list": [
- {
- "created_at": "2019-08-24T14:15:22Z",
- "description": "Shared admin account for managing Active Directory integrations",
- "id": "d1b65a78-21ed-429b-8ea3-eec96f2748d6",
- "lcm_sync_possible": true,
- "name": "Active Directory Integrations Admin",
- "okta_user_id": "00u11s48P9zGW8yqm0g5",
- "sync_status": "NOT_SYNCED",
- "updated_at": "2019-08-24T14:15:22Z",
- "username": "shr-ad-admin-01@example.okta.com"
}
]
}
Lists all Universal Directory service accounts that you (as the request user) can access based on the security policies
OK
{- "list": [
- {
- "account": {
- "id": "a747a818-a4c4-4446-8a87-704216495a08",
- "name": "superadmin account for test instance",
- "username": "superadmin@okta.com",
- "lcm_sync_possible": true,
- "availability_status": "available",
- "account_status": "NO_ISSUES",
- "account_status_detail": "ROTATED"
}, - "checkout_details": {
- "checkout_enabled": true
}
}, - {
- "account": {
- "id": "b747a818-a4c4-4446-8a87-704216495a08",
- "name": "admin account for test instance",
- "username": "admin@okta.com",
- "lcm_sync_possible": true,
- "availability_status": "available",
- "account_status": "NO_ISSUES",
- "account_status_detail": "ROTATED"
}, - "checkout_details": {
- "current_user_checkout_expires_at": "2024-09-12T14:30:00Z",
- "checkout_enabled": true
}
}
]
}
Reveals the password for a Universal Directory account (managed and unmanaged) that you (as the request user) can access
required | object (RawJSONWebKey) A JSON Web Key formatted in accordance with RFC 7517. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
required | object (UserAccessMethod) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Success
Unauthorized
Forbidden
Not found
{- "public_key": {
- "alg": "RSA-OAEP-256",
- "crv": "P-256",
- "d": "string",
- "dp": "string",
- "dq": "string",
- "e": "string",
- "k": "string",
- "kid": "/regex/",
- "kty": "EC",
- "n": "string",
- "p": "string",
- "q": "string",
- "qi": "string",
- "use": "string",
- "x": "string",
- "x5c": [
- "string"
], - "x5t": "string",
- "x5t#S256": "string",
- "x5u": "string",
- "y": "string"
}, - "user_access_method": {
- "access_credential": "managed",
- "availability_details_text": "string",
- "brokered": true,
- "checkout_requirements": {
- "max_checkout_duration_in_seconds": 0,
- "required": true
}, - "conditionals": [
- {
- "access_request_type_id": "string",
- "access_request_type_name": "string",
- "acr_values": "phr",
- "condition_is_met": true,
- "description": "string",
- "expires_after_seconds": 0,
- "type": "access_request"
}
], - "current_user_checkout_expires_at": "2019-08-24T14:15:22Z",
- "details": {
- "path": [
- { }
], - "privileges": {
- "_type": "string",
- "folder_create": true,
- "folder_delete": true,
- "folder_update": true,
- "list": true,
- "secret_create": true,
- "secret_delete": true,
- "secret_reveal": true,
- "secret_update": true
}, - "secret_id": "string",
- "secret_name": "string"
}, - "identity": "string",
- "resource_status": "available",
- "rule_ids": [
- "string"
], - "server_host_name": "string",
- "server_id": "string",
- "short_text": "string",
- "sudo_command_bundles": [
- {
- "ent_type": "string",
- "sudo_add_env": [
- "string"
], - "sudo_commands": [
- "string"
], - "sudo_group_name": "string",
- "sudo_id": "string",
- "sudo_login_username": "string",
- "sudo_name": "string",
- "sudo_noexec": true,
- "sudo_nopasswd": true,
- "sudo_runas": "string",
- "sudo_setenv": true,
- "sudo_sub_env": [
- "string"
]
}
], - "user_access_type": "string"
}
}
{- "password_jwe": "string"
}
Lists the user access methods for a Universal Directory account based on the security policies
OK
{- "list": [
- {
- "identity": "admin-account@example.app.org",
- "conditionals": [
- {
- "type": "access_request",
- "condition_is_met": false,
- "description": "Approval",
- "access_request_type_id": "uuid",
- "access_request_type_name": "policy_access_request",
- "expires_after_seconds": 900
}
], - "rule_ids": [
- "uuid"
], - "user_access_type": "service_account",
- "details": {
- "account_id": "uuid",
- "account_username": "admin-account@example.app.org",
- "privileges": [
- {
- "privilege_type": "reveal_password",
- "privilege_value": {
- "_type": "reveal_password",
- "reveal_password": true
}
}
]
}
}
]
}
Lists all Universal Directory accounts in a resource group
OK
{- "list": [
- {
- "created_at": "2019-08-24T14:15:22Z",
- "description": "Shared admin account for managing Active Directory integrations",
- "id": "d1b65a78-21ed-429b-8ea3-eec96f2748d6",
- "lcm_sync_possible": true,
- "name": "Active Directory Integrations Admin",
- "okta_user_id": "00u11s48P9zGW8yqm0g5",
- "sync_status": "NOT_SYNCED",
- "updated_at": "2019-08-24T14:15:22Z",
- "username": "shr-ad-admin-01@example.okta.com"
}
]
}
Lists all Universal Directory accounts in a resource group project
OK
{- "list": [
- {
- "account_settings_enabled": [
- "CHECKOUT"
], - "last_password_change_system_timestamp": "2019-08-24T14:15:22Z",
- "created_at": "2019-08-24T14:15:22Z",
- "description": "Shared admin account for managing Active Directory integrations",
- "id": "d1b65a78-21ed-429b-8ea3-eec96f2748d6",
- "lcm_sync_possible": true,
- "name": "Active Directory Integrations Admin",
- "okta_user_id": "00u11s48P9zGW8yqm0g5",
- "sync_status": "NOT_SYNCED",
- "updated_at": "2019-08-24T14:15:22Z",
- "username": "shr-ad-admin-01@example.okta.com"
}
]
}
Retrieves a Universal Directory account from a resource group project
OK
{- "account_name": "AWS Prod-5 account",
- "checkout_enabled": true,
- "checkout_expiry_at": "2019-08-24T14:15:22Z",
- "checkout_status": "checked_out",
- "created_at": "2019-08-24T14:15:22Z",
- "id": "d1b65a78-21ed-429b-8ea3-eec96f2748d6",
- "last_checkout_user": "string",
- "next_scheduled_password_rotation_reason": "string",
- "next_scheduled_password_rotation_timestamp": "2019-08-24T14:15:22Z",
- "project_id": "string",
- "team_id": "string",
- "username": "OpsCaliforniaShared",
- "last_password_change_error_metadata": "string",
- "last_password_change_error_report_timestamp": "2019-08-24T14:15:22Z",
- "last_password_change_error_system_timestamp": "2019-08-24T14:15:22Z",
- "last_password_change_error_type": "string",
- "last_password_change_success_report_timestamp": "2019-08-24T14:15:22Z",
- "last_password_change_system_timestamp": "2019-08-24T14:15:22Z",
- "password_change_error_count": 0,
- "password_change_error_count_since_last_success": 0,
- "password_change_success_count": 0
}