On This Page

ASA Clients API

Get started

The Advanced Server Access (ASA) API is logically separate from the rest of the Okta APIs and uses a different API namespace:

https://app.scaleft.com/v1/

An Advanced Server Access (ASA) Client corresponds to a user's device. Clients are the primary way users access servers managed by ASA.

Explore the Clients API: Run in Postman (opens new window).

Clients API operations

The Clients API has the following operations:

List ASA Clients

GET https://app.scaleft.com/v1/teams/${team_name}/clients

Returns a list of ASA Clients. By default, this API returns the ASA Clients for the requesting ASA User. You can provide query options to filter by ASA User or state.

This endpoint requires one of the following roles: access_user, access_admin, or reporting_user.

Request path parameters

Parameter Type Description
team_name string The name of your Team

Request query parameters

Parameter Type Description
all boolean (Optional) When true, returns all Clients for the Team
count number (Optional) The number of objects per page
descending boolean (Optional) The object order
offset string (Optional) The page offset
prev boolean (Optional) The direction of paging
state string (Optional) The state of the ASA Client: ACTIVE, PENDING, or DELETED
username string (Optional) List Clients assigned to a single User. An empty string returns unassigned Clients.

Request body

This endpoint has no request body.

Response body

This endpoint returns a list of objects with the following fields and a 200 code on a successful call.

Properties Type Description
deleted_at string The time the ASA Client was deleted
description string A description of the ASA Client
encrypted boolean A boolean that reflects whether sft was able to determine that the ASA Client was encrypted
hostname string The hostname of the ASA Client
id string The UUID of the ASA Client
os string The operating system (OS) of the ASA Client device
state string The state of the ASA Client: ACTIVE, PENDING, or DELETED
user_name string The ASA User to whom this ASA Client belongs

Usage example

Request
curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/clients
Response
{
	"list": [
		{
			"deleted_at": null,
			"description": "Work laptop",
			"encrypted": true,
			"hostname": "LightInAugust",
			"id": "9c199afe-0ca5-427a-baac-c4341707d82b",
			"os": "macOS 10.14.6",
			"state": "PENDING",
			"user_name": "Jason.Compson.IV"
		},
		{
			"deleted_at": null,
			"description": "Personal laptop",
			"encrypted": true,
			"hostname": "Absalom",
			"id": "5e9d8179-2fca-4905-8405-3cd3e0c5280e",
			"os": "macOS 10.14.6",
			"state": "ACTIVE",
			"user_name": "Jason.Compson.IV"
		}
	]
}

Fetch an ASA Client

GET https://app.scaleft.com/v1/teams/${team_name}/clients/${client_id}

Fetches a single ASA Client with the specified Client ID on the specified Team

This endpoint requires one of the following roles: access_user, access_admin, or reporting_user.

Request path parameters

Parameter Type Description
client_id string The UUID of the Client
team_name string The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns an object with the following fields and a 200 code on a successful call.

Properties Type Description
deleted_at string The time the ASA Client was deleted
description string A description of the ASA Client
encrypted boolean A boolean that reflects whether sft was able to determine that the ASA Client was encrypted
hostname string The hostname of the ASA Client
id string The UUID of the ASA Client
os string The operating system (OS) of the ASA Client device
state string The state of the ASA Client: ACTIVE, PENDING, or DELETED
user_name string The ASA User to whom this ASA Client belongs

Usage example

Request
curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/clients/${client_id}
Response
{
	"deleted_at": null,
	"description": "Work laptop",
	"encrypted": true,
	"hostname": "LightInAugust",
	"id": "9c199afe-0ca5-427a-baac-c4341707d82b",
	"os": "macOS 10.14.6",
	"state": "PENDING",
	"user_name": "Jason.Compson.IV"
}

Revoke an ASA Client

DELETE https://app.scaleft.com/v1/teams/${team_name}/clients/${client_id}

Revokes an ASA Client's access to this Team

This endpoint requires one of the following roles: access_admin, authenticated_client, or access_user.

Request path parameters

Parameter Type Description
client_id string The UUID of the Client
team_name string The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request
curl -v -X DELETE \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/clients/${client_id}
Response
HTTP 204 No Content

Approve or assign an ASA Client

PUT https://app.scaleft.com/v1/teams/${team_name}/clients/${client_id}

Approves or assigns an ASA Client to be used by an ASA User. Used for ASA Clients enrolled using a token policy or a policy that requires approval.

This endpoint requires the access_admin role.

Request path parameters

Parameter Type Description
client_id string The UUID of the Client
team_name string The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields.

Properties Type Description
state string The state of the ASA Client:ACTIVE, PENDING, or DELETED
user_name string The ASA User to whom this ASA Client belongs

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request
curl -v -X PUT \
-H "Authorization: Bearer ${jwt}" \
--data '{
	"state": "ACTIVE",
	"user_name": "Jason.Compson.IV"
}' \
https://app.scaleft.com/v1/teams/${team_name}/clients/${client_id}
Response
HTTP 204 No Content