Projects

An Okta Privileged Access project is a collection of resources that share settings.

See Projects.

List all projects in a resource group
Admin roles:
  • resource_admin
  • delegated_resource_admin

Lists all projects in the specified resource group

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your team

resource_group_id
required
string

The UUID of a resource group

Responses
200

OK

get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      }
    ]
}
Create a project in a resource group
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Creates a project in the specified resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
Request Body schema: application/json
active_resource_count
integer <int32> 
The number of active resources within this project


 
create_server_users
boolean or null
Whether to create server users for users in this project. Defaults to false. If false, you must ensure that accounts exist on the server for each user.


 
force_shared_ssh_users
boolean
Whether to force the project to use a shared SSH account


 
gateway_selector
string
A comma separated list of labels used to match to enrolled gateways. Labels should use the following format: key=value


 
name
required
string <regex>   [ 1 .. 255 ] characters ^[\w\-_.]+$
The name of the project


 
next_unix_gid
integer or null <int32>   [ 100 .. 65535 ] 
The GID used when creating a server user


 
next_unix_uid
integer or null <int32>   [ 100 .. 65535 ] 
The UID used when creating a server user


 
persistent_server_user_accounts
boolean or null
 Default:  null
If true, creates persistent user accounts and home folders on servers in this project for every user on your team. By default, on-demand accounts are only created when a user accesses a server.


 
require_preauth_for_creds
boolean or null
If true, the project requires preauthorization before a user can access a server. Default is false.


 
resource_group_id
string
The UUID of the resource group where the project is located


 
server_account_management
boolean
Whether to manage existing local accounts on the server


 
shared_admin_user_name
string
The shared username to use for root accounts


 
shared_standard_user_name
string
The shared username to use for non-root accounts


 
ssh_certificate_type
string or null (SSHCertificateType) 
(Optional) The type of signature algorithm used for authentication keys. Default is CERT_TYPE_ED25519_01.


 Enum: "CERT_TYPE_ECDSA_256_01" "CERT_TYPE_ECDSA_384_01" "CERT_TYPE_ECDSA_521_01" "CERT_TYPE_ED25519_01" "CERT_TYPE_RSA_01" "CERT_TYPE_RSA_SHA2_256_01" "CERT_TYPE_RSA_SHA2_512_01"  
stale_resource_count
integer <int32> 
The number of stale resources within this project


 
Responses 
201
Created


post/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects
Request samples 
application/json
{
  • "active_resource_count": 50,
  • "create_server_users": true,
  • "force_shared_ssh_users": true,
  • "gateway_selector": "REGION=WEST-EU,TEAM=MARKETING",
  • "name": "/regex/",
  • "next_unix_gid": 100,
  • "next_unix_uid": 100,
  • "persistent_server_user_accounts": null,
  • "require_preauth_for_creds": true,
  • "resource_group_id": "5f3159e9-e7ab-428e-8a87-c2ebffe407f6",
  • "server_account_management": true,
  • "shared_admin_user_name": "Server.Admin",
  • "shared_standard_user_name": "Server.User",
  • "ssh_certificate_type": "CERT_TYPE_ECDSA_256_01",
  • "stale_resource_count": 0
}
Response samples 
application/json
{
  • "active_resource_count": 50,
  • "create_server_users": true,
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "force_shared_ssh_users": true,
  • "gateway_selector": "REGION=WEST-EU,TEAM=MARKETING",
  • "id": "/regex/",
  • "name": "/regex/",
  • "next_unix_gid": 100,
  • "next_unix_uid": 100,
  • "persistent_server_user_accounts": null,
  • "require_preauth_for_creds": true,
  • "resource_group_id": "5f3159e9-e7ab-428e-8a87-c2ebffe407f6",
  • "server_account_management": true,
  • "shared_admin_user_name": "Server.Admin",
  • "shared_standard_user_name": "Server.User",
  • "ssh_certificate_type": "CERT_TYPE_ECDSA_256_01",
  • "stale_resource_count": 0,
  • "team": "Your_OPA_Team",
  • "user_on_demand_period": 4294967295
}
Retrieve a project from a resource group
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Retrieves a project from a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}
Request samples 
Response samples 
application/json
{
  • "active_resource_count": 50,
  • "create_server_users": true,
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "force_shared_ssh_users": true,
  • "gateway_selector": "REGION=WEST-EU,TEAM=MARKETING",
  • "id": "/regex/",
  • "name": "/regex/",
  • "next_unix_gid": 100,
  • "next_unix_uid": 100,
  • "persistent_server_user_accounts": null,
  • "require_preauth_for_creds": true,
  • "resource_group_id": "5f3159e9-e7ab-428e-8a87-c2ebffe407f6",
  • "server_account_management": true,
  • "shared_admin_user_name": "Server.Admin",
  • "shared_standard_user_name": "Server.User",
  • "ssh_certificate_type": "CERT_TYPE_ECDSA_256_01",
  • "stale_resource_count": 0,
  • "team": "Your_OPA_Team",
  • "user_on_demand_period": 4294967295
}
Update a project in a resource group
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Updates a project in a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Request Body schema: application/json
active_resource_count
integer <int32> 
The number of active resources within this project


 
create_server_users
boolean or null
Whether to create server users for users in this project. Defaults to false. If false, you must ensure that accounts exist on the server for each user.


 
force_shared_ssh_users
boolean
Whether to force the project to use a shared SSH account


 
gateway_selector
string
A comma separated list of labels used to match to enrolled gateways. Labels should use the following format: key=value


 
name
required
string <regex>   [ 1 .. 255 ] characters ^[\w\-_.]+$
The name of the project


 
next_unix_gid
integer or null <int32>   [ 100 .. 65535 ] 
The GID used when creating a server user


 
next_unix_uid
integer or null <int32>   [ 100 .. 65535 ] 
The UID used when creating a server user


 
persistent_server_user_accounts
boolean or null
 Default:  null
If true, creates persistent user accounts and home folders on servers in this project for every user on your team. By default, on-demand accounts are only created when a user accesses a server.


 
require_preauth_for_creds
boolean or null
If true, the project requires preauthorization before a user can access a server. Default is false.


 
resource_group_id
string
The UUID of the resource group where the project is located


 
server_account_management
boolean
Whether to manage existing local accounts on the server


 
shared_admin_user_name
string
The shared username to use for root accounts


 
shared_standard_user_name
string
The shared username to use for non-root accounts


 
ssh_certificate_type
string or null (SSHCertificateType) 
(Optional) The type of signature algorithm used for authentication keys. Default is CERT_TYPE_ED25519_01.


 Enum: "CERT_TYPE_ECDSA_256_01" "CERT_TYPE_ECDSA_384_01" "CERT_TYPE_ECDSA_521_01" "CERT_TYPE_ED25519_01" "CERT_TYPE_RSA_01" "CERT_TYPE_RSA_SHA2_256_01" "CERT_TYPE_RSA_SHA2_512_01"  
stale_resource_count
integer <int32> 
The number of stale resources within this project


 
Responses 
200
OK


put/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}
Request samples 
application/json
{
  • "active_resource_count": 50,
  • "create_server_users": true,
  • "force_shared_ssh_users": true,
  • "gateway_selector": "REGION=WEST-EU,TEAM=MARKETING",
  • "name": "/regex/",
  • "next_unix_gid": 100,
  • "next_unix_uid": 100,
  • "persistent_server_user_accounts": null,
  • "require_preauth_for_creds": true,
  • "resource_group_id": "5f3159e9-e7ab-428e-8a87-c2ebffe407f6",
  • "server_account_management": true,
  • "shared_admin_user_name": "Server.Admin",
  • "shared_standard_user_name": "Server.User",
  • "ssh_certificate_type": "CERT_TYPE_ECDSA_256_01",
  • "stale_resource_count": 0
}
Response samples 
application/json
{
  • "active_resource_count": 50,
  • "create_server_users": true,
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "force_shared_ssh_users": true,
  • "gateway_selector": "REGION=WEST-EU,TEAM=MARKETING",
  • "id": "/regex/",
  • "name": "/regex/",
  • "next_unix_gid": 100,
  • "next_unix_uid": 100,
  • "persistent_server_user_accounts": null,
  • "require_preauth_for_creds": true,
  • "resource_group_id": "5f3159e9-e7ab-428e-8a87-c2ebffe407f6",
  • "server_account_management": true,
  • "shared_admin_user_name": "Server.Admin",
  • "shared_standard_user_name": "Server.User",
  • "ssh_certificate_type": "CERT_TYPE_ECDSA_256_01",
  • "stale_resource_count": 0,
  • "team": "Your_OPA_Team",
  • "user_on_demand_period": 4294967295
}
Delete a project from a resource group
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Deletes a project from a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
204
No Content


delete/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}
Request samples 
List all Active Directory accounts in a project
Early Access
Admin roles: 
  • resource_admin
  • security_admin
  • delegated_resource_admin
  • delegated_security_admin
Lists all Active Directory accounts in a project in a resource group. The contains URL parameter
filters by UPN.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
query Parameters
contains
string
Only return results that include the specified value


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/active_directory_accounts
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      }
    ]
}
Retrieve the checkout settings for an Active Directory account resource group project
Early Access
Admin roles: 
  • resource_admin
  • security_admin
  • delegated_resource_admin
  • delegated_security_admin
Retrieves the checkout settings configured for a resource group project that's specific to the Active Directory account


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/active_directory_checkout_settings
Request samples 
Response samples 
application/json
{
  • "checkout_duration_in_seconds": 900,
  • "checkout_required": true,
  • "exclude_list": [
    • {
      }
    ],
  • "include_list": [
    • {
      }
    ]
}
Update the checkout settings for an Active Directory account resource group project
Early Access
Admin roles: 
  • security_admin
  • delegated_security_admin
Updates the checkout settings configured for a resource group project that's specific to the Active Directory account


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Request Body schema: application/json
checkout_duration_in_seconds
required
integer <int32>   [ 900 .. 86400 ] 
The duration in seconds for the checkout. If the checkout is enabled, the duration is the maximum time a user can access the resource before the checkout expires.


 
checkout_required
required
boolean
Indicates whether a checkout is mandatory for accessing resources within the project. If true, checkout is enforced for all applicable resources by default. If false, checkout is not required, and resources are accessible without it.


 
Array of objects (ActiveDirectorySettingNameObject) 
If provided, only the account identifiers listed are excluded from the checkout requirement. This list is only considered if checkout_required is set to true. Only one of include_list and exclude_list can be specified in a request since they are mutually exclusive.


 
 Array 
account_sid
required
string  [ 1 .. 256 ] characters 
The security identifier (SID) of the selected Active Directory account


 
domain
required
string  [ 1 .. 255 ] characters 
The domain of the selected Active Directory account


 
Array of objects (ActiveDirectorySettingNameObject) 
If provided, only the account identifiers listed are required to perform a checkout to access the resource. This list is only considered if checkout_required is set to true. Only one of include_list and exclude_list can be specified in a request since they are mutually exclusive.


 
 Array 
account_sid
required
string  [ 1 .. 256 ] characters 
The security identifier (SID) of the selected Active Directory account


 
domain
required
string  [ 1 .. 255 ] characters 
The domain of the selected Active Directory account


 
Responses 
204
No Content


put/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/active_directory_checkout_settings
Request samples 
application/json
{
  • "checkout_duration_in_seconds": 900,
  • "checkout_required": true,
  • "exclude_list": [
    • {
      }
    ],
  • "include_list": [
    • {
      }
    ]
}
Retrieve a project password policy for Active Directory resources
Early Access
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Retrieves a project password policy for Active Directory resources in a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/active_directory_password_settings
Request samples 
Response samples 
application/json
{
  • "character_options": {
    • "upper_case": true,
    • "lower_case": true,
    • "digits": true,
    • "punctuation": true,
    • "require_from_each_set": true
    },
  • "enable_periodic_rotation": true,
  • "max_length_in_bytes": 0,
  • "min_length_in_bytes": 0,
  • "modified_at": "2019-08-24T14:15:22Z",
  • "periodic_rotation_account_exclude_list": [
    • {
      }
    ],
  • "periodic_rotation_account_include_list": [
    • {
      }
    ],
  • "periodic_rotation_duration_in_seconds": 0
}
Update a project password policy for Active Directory resources
Early Access
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Updates a project password policy for Active Directory resources in a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Request Body schema: application/json
required
object
The specific characters rules required by the password policy


 
upper_case
boolean
If true, passwords can include one or more uppercase characters


 
lower_case
boolean
If true, passwords can include one or more lowercase characters


 
digits
boolean
If true, passwords can include one or more numbers


 
punctuation
boolean
If true, passwords can include one or more symbols


 
require_from_each_set
boolean
If true, passwords must contain at least one character from each selected rule in the character_options


 
enable_periodic_rotation
required
boolean
If true, rotates account passwords between the specified time period. You must also set the periodic_rotation_duration_in_seconds and periodic_rotation_account_selector_mode properties.


 
max_length_in_bytes
required
integer
The maximum length allowed for the password


 
min_length_in_bytes
required
integer
The minimum length allowed for the password


 
Array of objects (ActiveDirectorySettingNameObject) 
If periodic_rotation_account_selector_mode is set to EXCLUDE, all of the actively managed accounts in the project except those listed will have their password periodically rotated


 
 Array 
account_sid
required
string  [ 1 .. 256 ] characters 
The security identifier (SID) of the selected Active Directory account


 
domain
required
string  [ 1 .. 255 ] characters 
The domain of the selected Active Directory account


 
Array of objects (ActiveDirectorySettingNameObject) 
If periodic_rotation_account_selector_mode is set to INCLUDE, only the actively managed accounts listed will have their password periodically rotated


 
 Array 
account_sid
required
string  [ 1 .. 256 ] characters 
The security identifier (SID) of the selected Active Directory account


 
domain
required
string  [ 1 .. 255 ] characters 
The domain of the selected Active Directory account


 
periodic_rotation_duration_in_seconds
integer
Specifies how often the Okta Privileged Access platform rotates account passwords


 
Responses 
200
OK


put/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/active_directory_password_settings
Request samples 
application/json
{
  • "character_options": {
    • "upper_case": true,
    • "lower_case": true,
    • "digits": true,
    • "punctuation": true,
    • "require_from_each_set": true
    },
  • "enable_periodic_rotation": true,
  • "max_length_in_bytes": 0,
  • "min_length_in_bytes": 0,
  • "periodic_rotation_account_exclude_list": [
    • {
      }
    ],
  • "periodic_rotation_account_include_list": [
    • {
      }
    ],
  • "periodic_rotation_duration_in_seconds": 0
}
Response samples 
application/json
{
  • "character_options": {
    • "upper_case": true,
    • "lower_case": true,
    • "digits": true,
    • "punctuation": true,
    • "require_from_each_set": true
    },
  • "enable_periodic_rotation": true,
  • "max_length_in_bytes": 0,
  • "min_length_in_bytes": 0,
  • "modified_at": "2019-08-24T14:15:22Z",
  • "periodic_rotation_account_exclude_list": [
    • {
      }
    ],
  • "periodic_rotation_account_include_list": [
    • {
      }
    ],
  • "periodic_rotation_duration_in_seconds": 0
}
List all resources checked out in a project
Admin roles: 
  • end_user
Lists all the resources that are currently checked out within a specified resource group project


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
query Parameters
resource_type
string
If specified, only returns resources with a matching type. Valid resource types: server_account_password_login, managed_saas_app_account_password_login, okta_universal_directory_account_password_login.


 
include_pending_checkin
boolean
If specified, also returns resources that have already started the checkin process. These are not included by default.


 
count
integer <int32> 
The number of objects per page


 
descending
boolean
The object order


 
offset
string
The offset value for pagination. The rel="next" and rel="prev" Link headers define the offset for subsequent or previous pages.


 
prev
boolean
The direction of paging


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/checked_out_resources
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      }
    ]
}
Check in a resource
Admin roles: 
  • resource_admin
  • security_admin
  • delegated_resource_admin
  • delegated_security_admin
Checks in a resource (forcefully). As an admin, use this request to return a resource that any user has checked out.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Request Body schema: application/json
resource_id
required
string
The UUID or ORN of the resource


 
resource_type
required
string (CheckoutResourceType) 
The type of resource that was checked out


 Enum: "managed_saas_app_account_password_login" "okta_universal_directory_account_password_login" "server_account_password_login"  
Responses 
204
No Content


post/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/checkin_resource
Request samples 
application/json
{
  • "resource_id": "string",
  • "resource_type": "managed_saas_app_account_password_login"
}
Retrieve the checkout settings for a Universal Directory resource group project
Admin roles: 
  • resource_admin
  • security_admin
  • delegated_resource_admin
  • delegated_security_admin
Retrieves the checkout settings configured for a resource group project that's specific to the Universal Directory


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/okta_universal_directory_checkout_settings
Request samples 
Update the checkout settings for a Universal Directory resource group project
Admin roles: 
  • security_admin
  • delegated_security_admin
Updates the checkout settings configured for a resource group project that's specific to the Universal Directory


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
204
No Content


put/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/okta_universal_directory_checkout_settings
Request samples 
Retrieve the checkout settings for a SaaS app resource group project
Admin roles: 
  • resource_admin
  • security_admin
  • delegated_resource_admin
  • delegated_security_admin
Retrieves the checkout settings configured for a resource group project that's specific to the SaaS app


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/saas_app_checkout_settings
Request samples 
Update the checkout settings for a SaaS app resource group project
Admin roles: 
  • security_admin
  • delegated_security_admin
Updates the checkout settings configured for a resource group project that's specific to the SaaS app


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
204
No Content


put/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/saas_app_checkout_settings
Request samples 
List all server accounts in a project
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Lists all server accounts in a resource group project


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_accounts
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      }
    ]
}
Retrieve a server account
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Retrieves a server account from a project in a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
server_account_id
required
string
The UUID of a server account


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_accounts/{server_account_id}
Request samples 
Response samples 
application/json
{
  • "items": {
    • "created_at": "2019-08-24T14:15:22Z",
    • "deleted_at": "2019-08-24T14:15:22Z",
    • "hostname": "string",
    • "id": "string",
    • "last_password_change_error_metadata": "string",
    • "last_password_change_error_report_timestamp": "2019-08-24T14:15:22Z",
    • "last_password_change_error_system_timestamp": "2019-08-24T14:15:22Z",
    • "last_password_change_error_type": "string",
    • "last_password_change_success_report_timestamp": "2019-08-24T14:15:22Z",
    • "last_password_change_system_timestamp": "2019-08-24T14:15:22Z",
    • "login": "string",
    • "managed": true,
    • "project_id": "string",
    • "server_id": "string",
    • "team_id": "string"
    }
}
Retrieve the checkout settings for a server resource group project
Admin roles: 
  • resource_admin
  • security_admin
  • delegated_resource_admin
  • delegated_security_admin
Retrieves the checkout settings configured for a resource group project that's specific to the server


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_checkout_settings
Request samples 
Response samples 
application/json
{
  • "checkout_duration_in_seconds": 900,
  • "checkout_required": true,
  • "exclude_list": [
    • "string"
    ],
  • "include_list": [
    • "string"
    ]
}
Update the checkout settings for a server resource group project
Admin roles: 
  • security_admin
  • delegated_security_admin
Updates the checkout settings configured for a resource group project that's specific to the server


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Request Body schema: application/json
checkout_duration_in_seconds
integer <int32>   [ 900 .. 86400 ] 
The duration in seconds for the checkout. If the checkout is enabled, the duration is the maximum time a user can access the resource before the checkout expires.


 
checkout_required
required
boolean
Indicates whether a checkout is mandatory for accessing resources within the project. If true, checkout is enforced for all applicable resources by default. If false, checkout is not required, and resources are accessible without it.


 
exclude_list
Array of strings
If provided, only the account identifiers listed are excluded from the checkout requirement. This list is only considered if checkout_required is set to true. Only one of include_list and exclude_list can be specified in a request since they are mutually exclusive.


 
include_list
Array of strings
If provided, only the account identifiers listed are required to perform a checkout to access the resource. This list is only considered if checkout_required is set to true. Only one of include_list and exclude_list can be specified in a request since they are mutually exclusive.


 
Responses 
204
No Content


put/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_checkout_settings
Request samples 
application/json
{
  • "checkout_duration_in_seconds": 900,
  • "checkout_required": true,
  • "exclude_list": [
    • "string"
    ],
  • "include_list": [
    • "string"
    ]
}
List all server enrollment tokens in a project
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Lists all server enrollment tokens in a resource group project


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_enrollment_tokens
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      }
    ]
}
Create a server enrollment token
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Creates a server enrollment token for a project in a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Request Body schema: application/json
description
required
string  [ 1 .. 512 ] characters 
A human-readable description of the purpose of this server enrollment token


 
Responses 
201
Created


post/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_enrollment_tokens
Request samples 
application/json
{
  • "description": "string"
}
Response samples 
application/json
{
  • "created_by_user": "string",
  • "description": "string",
  • "id": "/regex/",
  • "issued_at": "2019-08-24T14:15:22Z",
  • "token": {
    • "property1": "string",
    • "property2": "string"
    }
}
Retrieve a server enrollment token
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Retrieves a server enrollment token from a project in a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
server_enrollment_token_id
required
string
The UUID of a server enrollment token


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_enrollment_tokens/{server_enrollment_token_id}
Request samples 
Response samples 
application/json
{
  • "created_by_user": "string",
  • "description": "string",
  • "id": "/regex/",
  • "issued_at": "2019-08-24T14:15:22Z",
  • "token": {
    • "property1": "string",
    • "property2": "string"
    }
}
Delete a server enrollment token
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Deletes a server enrollment token from a project in a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
server_enrollment_token_id
required
string
The UUID of a server enrollment token


 
Responses 
204
No Content


delete/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_enrollment_tokens/{server_enrollment_token_id}
Request samples 
Retrieve project password policy for server accounts
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Retrieves a password policy for a project in a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_password_settings
Request samples 
Response samples 
application/json
{
  • "character_options": {
    • "upper_case": true,
    • "lower_case": true,
    • "digits": true,
    • "punctuation": true,
    • "require_from_each_set": true
    },
  • "enable_periodic_rotation": true,
  • "managed_privileged_accounts_config": [
    • "string"
    ],
  • "max_length_in_bytes": 0,
  • "min_length_in_bytes": 0,
  • "modified_at": "2019-08-24T14:15:22Z",
  • "periodic_rotation_duration_in_seconds": 0
}
Update project password policy for server accounts
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Updates a password policy for a project in a resource group


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
Request Body schema: application/json
required
object
The specific characters rules required by the password policy


 
upper_case
boolean
If true, passwords can include one or more uppercase characters


 
lower_case
boolean
If true, passwords can include one or more lowercase characters


 
digits
boolean
If true, passwords can include one or more numbers


 
punctuation
boolean
If true, passwords can include one or more symbols.


 
require_from_each_set
boolean
If true, passwords must contain at least one character from each set selected above.


 
enable_periodic_rotation
required
boolean
If true, rotates account passwords after a period of time has passed. You must also set the periodic_rotation_duration_in_seconds parameter.


 
managed_privileged_accounts_config
Array of strings
An array of managed accounts for password rotation


 
max_length_in_bytes
required
integer
The maximum length allowed for the password


 
min_length_in_bytes
required
integer
The minimum length allowed for the password


 
periodic_rotation_duration_in_seconds
integer
If enable_periodic_rotation is enabled, specifies how often the Okta Privileged Access platform rotates account passwords.


 
Responses 
200
OK


put/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_password_settings
Request samples 
application/json
{
  • "character_options": {
    • "upper_case": true,
    • "lower_case": true,
    • "digits": true,
    • "punctuation": true,
    • "require_from_each_set": true
    },
  • "enable_periodic_rotation": true,
  • "managed_privileged_accounts_config": [
    • "string"
    ],
  • "max_length_in_bytes": 0,
  • "min_length_in_bytes": 0,
  • "periodic_rotation_duration_in_seconds": 0
}
Response samples 
application/json
{
  • "character_options": {
    • "upper_case": true,
    • "lower_case": true,
    • "digits": true,
    • "punctuation": true,
    • "require_from_each_set": true
    },
  • "enable_periodic_rotation": true,
  • "managed_privileged_accounts_config": [
    • "string"
    ],
  • "max_length_in_bytes": 0,
  • "min_length_in_bytes": 0,
  • "modified_at": "2019-08-24T14:15:22Z",
  • "periodic_rotation_duration_in_seconds": 0
}
List all server accounts for a server
Admin roles: 
  • resource_admin
  • delegated_resource_admin
Lists all server accounts for a server in a project


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your team


 
resource_group_id
required
string
The UUID of a resource group


 
project_id
required
string
The UUID of a project


 
server_id
required
string
The UUID of an enrolled server


 
Responses 
200
OK


get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/servers/{server_id}/server_accounts
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      }
    ]
}