okta.groups.read
Lists all groups with pagination support.
The number of groups returned depends on the specified limit
, if you have a search, filter, and/or query parameter set, and if that parameter is not null. We recommend using a limit less than or equal to 200.
A subset of groups can be returned that match a supported filter expression, query, or search criteria.
Note: Results from the filter or query parameter are driven from an eventually consistent datasource. The synchronization lag is typically less than one second. See Filtering for more information on expressions.
q | string Finds a group that matches the
Example: q=West&limit=10 |
filter | string Filter expression for groups
filter=id eq "00g1emaKYZTWRYYRRTSK" filter=type eq "OKTA_GROUP" filter=type eq "OKTA_GROUP" and lastUpdated gt "2016-11-11T00:00:00.000Z" filter=type eq "OKTA_GROUP" and (lastUpdated lt "2015-11-11T00:00:00.000Z" or lastMembershipUpdated lt "2015-11-11T00:00:00.000Z") |
after | string Specifies the pagination cursor for the next page of groups. The |
limit | integer <int32> <= 10000 Specifies the number of group results in a page. Don't write code that depends on the default or maximum value, as it might change. If you receive an The Okta default Everyone group isn't returned for users with a group Admin role.
|
expand | string If specified, additional metadata is included in the response. Possible values are
|
search | string Searches for groups with a supported filtering expression for all attributes except for Search currently performs a Using search requires URL encoding, for example, This operation searches many properties:
* Any group profile property, including imported app group profile properties.
* The top-level properties search=type eq "APP_GROUP" search=lastMembershipUpdated gt "2014-01-01T00:00:00.000Z" search=id eq "00gak46y5hydV6NdM0g4" search=profile.name eq "West Coast users" search=profile.samAccountName sw "West Coast" search=source.id eq "0oa2v0el0gP90aqjJ0g7" search=type eq "APP_GROUP" and (created lt "2014-01-01T00:00:00.000Z" and source.id eq "0oa2v0el0gP90aqjJ0g7") |
sortBy | string Specifies field to sort by (for search queries only). Example: sortBy=lastUpdated |
sortOrder | string Default: "asc" Specifies sort order: |
Success
Forbidden
Too Many Requests
Lists an example of an OKTA_GROUP and an APP_GROUP
[- {
- "id": "00g1emaKYZTWRYYRRTSK",
- "created": "2015-02-06T10:11:28.000Z",
- "lastUpdated": "2015-10-05T19:16:43.000Z",
- "lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
- "objectClass": [
- "okta:user_group"
], - "type": "OKTA_GROUP",
- "profile": {
- "name": "West Coast users",
- "description": "All users West of The Rockies"
}, - "_links": {
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}, - {
- "name": "large",
- "type": "image/png"
}
],
}
}, - {
- "id": "00garwpuyxHaWOkdV0g4",
- "created": "2015-08-15T19:15:17.000Z",
- "lastUpdated": "2015-11-18T04:02:19.000Z",
- "lastMembershipUpdated": "2015-08-15T19:15:17.000Z",
- "objectClass": [
- "okta:windows_security_principal"
], - "type": "APP_GROUP",
- "profile": {
- "name": "Engineering users",
- "description": "corp.example.com/Engineering/Engineering users",
- "groupType": "Security",
- "samAccountName": "Engineering users",
- "objectSid": "S-1-5-21-717838489-685202119-709183397-1177",
- "groupScope": "Global",
- "dn": "CN=Engineering users,OU=Engineering,DC=corp,DC=example,DC=com",
- "windowsDomainQualifiedName": "CORP\\Engineering users",
- "externalId": "OZJdWdONCU6h7WjQKp+LPA=="
}, - "source": {
- "id": "0oa2v0el0gP90aqjJ0g7"
}, - "_links": {
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}, - {
- "name": "large",
- "type": "image/png"
}
],
}
}
]
okta.groups.manage
Adds a new group with the OKTA_GROUP
type to your org
Note: App import operations are responsible for syncing groups with
APP_GROUP
type such as Active Directory groups. See About groups.
Success
Bad Request
Forbidden
Too Many Requests
{- "profile": {
- "description": "All users West of The Rockies",
- "name": "West Coast users"
}
}
Example of a group
{- "id": "00g1emaKYZTWRYYRRTSK",
- "created": "2015-02-06T10:11:28.000Z",
- "lastUpdated": "2015-10-05T19:16:43.000Z",
- "lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
- "objectClass": [
- "okta:user_group"
], - "type": "OKTA_GROUP",
- "profile": {
- "name": "West Coast users",
- "description": "All users West of The Rockies"
}, - "_links": {
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}, - {
- "name": "large",
- "type": "image/png"
}
],
}
}
okta.groups.read
Retrieves a specific group by id
from your org
Success
Forbidden
Not Found
Too Many Requests
Example of a group
{- "id": "00g1emaKYZTWRYYRRTSK",
- "created": "2015-02-06T10:11:28.000Z",
- "lastUpdated": "2015-10-05T19:16:43.000Z",
- "lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
- "objectClass": [
- "okta:user_group"
], - "type": "OKTA_GROUP",
- "profile": {
- "name": "West Coast users",
- "description": "All users West of The Rockies"
}, - "_links": {
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}, - {
- "name": "large",
- "type": "image/png"
}
],
}
}
okta.groups.manage
Replaces the profile for a group of OKTA_GROUP
type from your org
Note : You only can modify profiles for groups of the
OKTA_GROUP
type.App imports are responsible for updating profiles for groups of the
APP_GROUP
type, such as Active Directory groups.
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "profile": {
- "description": "All users West of The Rockies",
- "name": "West Coast users"
}
}
Example of a group
{- "id": "00g1emaKYZTWRYYRRTSK",
- "created": "2015-02-06T10:11:28.000Z",
- "lastUpdated": "2015-10-05T19:16:43.000Z",
- "lastMembershipUpdated": "2015-11-28T19:15:32.000Z",
- "objectClass": [
- "okta:user_group"
], - "type": "OKTA_GROUP",
- "profile": {
- "name": "West Coast users",
- "description": "All users West of The Rockies"
}, - "_links": {
- "logo": [
- {
- "name": "medium",
- "type": "image/png"
}, - {
- "name": "large",
- "type": "image/png"
}
],
}
}
okta.groups.manage
Deletes a group of the OKTA_GROUP
or APP_GROUP
type from your org
Note: You can't remove groups of type
APP_GROUP
if they are used in a group push mapping.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.groups.read
Lists all apps that are assigned to a group. See Application Groups API.
Success
Forbidden
Not Found
Too Many Requests
List all apps example
[- {
- "id": "0oafwvZDWJKVLDCUWUAC",
- "name": "template_basic_auth",
- "label": "Sample Basic Auth App",
- "status": "ACTIVE",
- "lastUpdated": "2013-09-30T00:56:52.000Z",
- "created": "2013-09-30T00:56:52.000Z",
- "accessibility": {
- "selfService": false,
- "errorRedirectUrl": null
}, - "visibility": {
- "autoSubmitToolbar": false,
- "hide": {
- "iOS": false,
- "web": false
}, - "appLinks": {
- "login": true
}
}, - "features": [ ],
- "signOnMode": "BASIC_AUTH",
- "credentials": {
- "scheme": "EDIT_USERNAME_AND_PASSWORD",
- "userNameTemplate": {
- "template": "${source.login}",
- "type": "BUILT_IN"
}
}, - "settings": {
}, - "_links": {
- "appLinks": [
- {
- "name": "login",
- "type": "text/html"
}
], - "deactivate": {
},
}
}
]
okta.groups.read
Lists all users that are a member of a group.
The default user limit is set to a very high number due to historical reasons that are no longer valid for most orgs. This will change in a future version of this API. The recommended page limit is now limit=200
.
after | string The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the |
limit | integer <int32> Default: 1000 Specifies the number of user results in a page |
Success
Forbidden
Not Found
Too Many Requests
[- {
- "id": "00u118oQYT4TBTemp0g4",
- "status": "ACTIVE",
- "created": "2022-04-04T15:56:05.000Z",
- "activated": null,
- "statusChanged": null,
- "lastLogin": "2022-05-04T19:50:52.000Z",
- "lastUpdated": "2022-05-05T18:15:44.000Z",
- "passwordChanged": "2022-04-04T16:00:22.000Z",
- "type": {
- "id": "oty1162QAr8hJjTaq0g4"
}, - "profile": {
- "firstName": "Alice",
- "lastName": "Smith",
- "mobilePhone": null,
- "secondEmail": null,
- "login": "alice.smith@example.com",
- "email": "alice.smith@example.com"
}, - "credentials": {
- "password": { },
- "provider": {
- "type": "OKTA",
- "name": "OKTA"
}
},
}
]
okta.groups.manage
Assigns a user to a group with the OKTA_GROUP
type
Note: You only can modify memberships for groups of the
OKTA_GROUP
type. App imports are responsible for managing group memberships for groups of theAPP_GROUP
type, such as Active Directory groups.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.groups.manage
Unassigns a user from a group with the OKTA_GROUP
type
Note: You only can modify memberships for groups of the
OKTA_GROUP
type.App imports are responsible for managing group memberships for groups of the
APP_GROUP
type, such as Active Directory groups.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}