Package com.okta.sdk.resource.api

Class UserCredApi

java.lang.Object
com.okta.sdk.resource.api.UserCredApi
@Generated(value="org.openapitools.codegen.languages.JavaClientCodegen", date="2024-09-23T08:35:59.300824-05:00[America/Chicago]", comments="Generator version: 7.8.0") public class UserCredApi extends Object

  • Constructor Details

    • UserCredApi

      public UserCredApi()

    • UserCredApi

      public UserCredApi(ApiClient apiClient)

  • Method Details

    • getApiClient

      public ApiClient getApiClient()

    • setApiClient

      public void setApiClient(ApiClient apiClient)

    • changePassword

      public UserCredentials changePassword(String userId, ChangePasswordRequest changePasswordRequest, Boolean strict) throws ApiException
      Update Password Updates a User's password by validating the User's current Password. This operation provides an option to delete all the sessions of the specified User. However, if the request is made in the context of a session owned by the specified User, that session isn't cleared. You can only perform this operation on Users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid [Password credential](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/createUser!path=credentials/password&t=request). The User transitions to `ACTIVE` status when successfully invoked in `RECOVERY` status.
      Parameters:
      userId - ID of an existing Okta user (required)
      changePasswordRequest - (required)
      strict - If true, validates against password minimum age policy (optional, default to false)
      Returns:
      UserCredentials
      Throws:
      ApiException - if fails to make API call

    • changePassword

      public UserCredentials changePassword(String userId, ChangePasswordRequest changePasswordRequest, Boolean strict, Map<String,String> additionalHeaders) throws ApiException
      Update Password Updates a User's password by validating the User's current Password. This operation provides an option to delete all the sessions of the specified User. However, if the request is made in the context of a session owned by the specified User, that session isn't cleared. You can only perform this operation on Users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid [Password credential](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/createUser!path=credentials/password&t=request). The User transitions to `ACTIVE` status when successfully invoked in `RECOVERY` status.
      Parameters:
      userId - ID of an existing Okta user (required)
      changePasswordRequest - (required)
      strict - If true, validates against password minimum age policy (optional, default to false)
      additionalHeaders - additionalHeaders for this call
      Returns:
      UserCredentials
      Throws:
      ApiException - if fails to make API call

    • changeRecoveryQuestion

      public UserCredentials changeRecoveryQuestion(String userId, UserCredentials userCredentials) throws ApiException
      Update Recovery Question Updates a User's Recovery Question and answer credential by validating the User's current Password. You can only perform this operation on Users in `STAGED`, `ACTIVE`, or `RECOVERY` status that have a valid [Password credential](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/createUser!path=credentials/password&t=request).
      Parameters:
      userId - ID of an existing Okta user (required)
      userCredentials - (required)
      Returns:
      UserCredentials
      Throws:
      ApiException - if fails to make API call

    • changeRecoveryQuestion

      public UserCredentials changeRecoveryQuestion(String userId, UserCredentials userCredentials, Map<String,String> additionalHeaders) throws ApiException
      Update Recovery Question Updates a User's Recovery Question and answer credential by validating the User's current Password. You can only perform this operation on Users in `STAGED`, `ACTIVE`, or `RECOVERY` status that have a valid [Password credential](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/createUser!path=credentials/password&t=request).
      Parameters:
      userId - ID of an existing Okta user (required)
      userCredentials - (required)
      additionalHeaders - additionalHeaders for this call
      Returns:
      UserCredentials
      Throws:
      ApiException - if fails to make API call

    • expirePassword

      public User expirePassword(String userId) throws ApiException
      Expire Password Expires the password. This operation transitions the User status to `PASSWORD_EXPIRED` so that the User must change their password the next time that they sign in. <br> If you have integrated Okta with your on-premises Active Directory (AD), then setting a User's Password as expired in Okta also expires the Password in AD. When the User tries to sign in to Okta, delegated authentication finds the password-expired status in AD, and the User is presented with the password-expired page where they can change their Password.
      Parameters:
      userId - ID of an existing Okta user (required)
      Returns:
      User
      Throws:
      ApiException - if fails to make API call

    • expirePassword

      public User expirePassword(String userId, Map<String,String> additionalHeaders) throws ApiException
      Expire Password Expires the password. This operation transitions the User status to `PASSWORD_EXPIRED` so that the User must change their password the next time that they sign in. <br> If you have integrated Okta with your on-premises Active Directory (AD), then setting a User's Password as expired in Okta also expires the Password in AD. When the User tries to sign in to Okta, delegated authentication finds the password-expired status in AD, and the User is presented with the password-expired page where they can change their Password.
      Parameters:
      userId - ID of an existing Okta user (required)
      additionalHeaders - additionalHeaders for this call
      Returns:
      User
      Throws:
      ApiException - if fails to make API call

    • expirePasswordWithTempPassword

      public User expirePasswordWithTempPassword(String userId, Boolean revokeSessions) throws ApiException
      Expire Password with temporary password Expires the password and resets the User's Password to a temporary password. This operation transitions the User status to `PASSWORD_EXPIRED` so that the User must change their password the next time that they sign in. User's Password is reset to a temporary password that is returned, and then the User's Password is expired. If `revokeSessions` is included in the request with a value of `true`, the User's current outstanding sessions are revoked and require re-authentication. <br> If you have integrated Okta with your on-premises Active Directory (AD), then setting a User's Password as expired in Okta also expires the Password in AD. When the User tries to sign in to Okta, delegated authentication finds the password-expired status in AD, and the User is presented with the password-expired page where they can change their Password.
      Parameters:
      userId - ID of an existing Okta user (required)
      revokeSessions - Revokes the User's existing sessions if `true` (optional, default to false)
      Returns:
      User
      Throws:
      ApiException - if fails to make API call

    • expirePasswordWithTempPassword

      public User expirePasswordWithTempPassword(String userId, Boolean revokeSessions, Map<String,String> additionalHeaders) throws ApiException
      Expire Password with temporary password Expires the password and resets the User's Password to a temporary password. This operation transitions the User status to `PASSWORD_EXPIRED` so that the User must change their password the next time that they sign in. User's Password is reset to a temporary password that is returned, and then the User's Password is expired. If `revokeSessions` is included in the request with a value of `true`, the User's current outstanding sessions are revoked and require re-authentication. <br> If you have integrated Okta with your on-premises Active Directory (AD), then setting a User's Password as expired in Okta also expires the Password in AD. When the User tries to sign in to Okta, delegated authentication finds the password-expired status in AD, and the User is presented with the password-expired page where they can change their Password.
      Parameters:
      userId - ID of an existing Okta user (required)
      revokeSessions - Revokes the User's existing sessions if `true` (optional, default to false)
      additionalHeaders - additionalHeaders for this call
      Returns:
      User
      Throws:
      ApiException - if fails to make API call

    • forgotPassword

      public ForgotPasswordResponse forgotPassword(String userId, Boolean sendEmail) throws ApiException
      Start forgot password flow Starts the forgot password flow. Generates a one-time token (OTT) that you can use to reset a User's Password. The User must validate their security question's answer when visiting the reset link. This operation can only be performed on Users with an ACTIVE status and a valid [Recovery Question credential](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/createUser!path=credentials/recovery_question&t=request). > **Note:** If you have migrated to Identity Engine, you can allow Users to recover passwords with any enrolled MFA authenticator. See [Self-service account recovery](https://help.okta.com/oie/en-us/content/topics/identity-engine/authenticators/configure-sspr.htm?cshid=ext-config-sspr) If an email address is associated with multiple Users, keep in mind the following to ensure a successful password recovery lookup: * Okta no longer includes deactivated Users in the lookup. * The lookup searches sign-in IDs first, then primary email addresses, and then secondary email addresses. If `sendEmail` is `false`, returns a link for the User to reset their Password. This operation doesn't affect the status of the User.
      Parameters:
      userId - ID of an existing Okta user (required)
      sendEmail - Sends a forgot password email to the User if `true` (optional, default to true)
      Returns:
      ForgotPasswordResponse
      Throws:
      ApiException - if fails to make API call

    • forgotPassword

      public ForgotPasswordResponse forgotPassword(String userId, Boolean sendEmail, Map<String,String> additionalHeaders) throws ApiException
      Start forgot password flow Starts the forgot password flow. Generates a one-time token (OTT) that you can use to reset a User's Password. The User must validate their security question's answer when visiting the reset link. This operation can only be performed on Users with an ACTIVE status and a valid [Recovery Question credential](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/createUser!path=credentials/recovery_question&t=request). > **Note:** If you have migrated to Identity Engine, you can allow Users to recover passwords with any enrolled MFA authenticator. See [Self-service account recovery](https://help.okta.com/oie/en-us/content/topics/identity-engine/authenticators/configure-sspr.htm?cshid=ext-config-sspr) If an email address is associated with multiple Users, keep in mind the following to ensure a successful password recovery lookup: * Okta no longer includes deactivated Users in the lookup. * The lookup searches sign-in IDs first, then primary email addresses, and then secondary email addresses. If `sendEmail` is `false`, returns a link for the User to reset their Password. This operation doesn't affect the status of the User.
      Parameters:
      userId - ID of an existing Okta user (required)
      sendEmail - Sends a forgot password email to the User if `true` (optional, default to true)
      additionalHeaders - additionalHeaders for this call
      Returns:
      ForgotPasswordResponse
      Throws:
      ApiException - if fails to make API call

    • forgotPasswordSetNewPassword

      public UserCredentials forgotPasswordSetNewPassword(String userId, UserCredentials userCredentials, Boolean sendEmail) throws ApiException
      Reset Password with Recovery Question Resets the User's password to the specified password if the provided answer to the recovery question is correct. You must include the Recovery Question answer with the submission.
      Parameters:
      userId - ID of an existing Okta user (required)
      userCredentials - (required)
      sendEmail - (optional, default to true)
      Returns:
      UserCredentials
      Throws:
      ApiException - if fails to make API call

    • forgotPasswordSetNewPassword

      public UserCredentials forgotPasswordSetNewPassword(String userId, UserCredentials userCredentials, Boolean sendEmail, Map<String,String> additionalHeaders) throws ApiException
      Reset Password with Recovery Question Resets the User's password to the specified password if the provided answer to the recovery question is correct. You must include the Recovery Question answer with the submission.
      Parameters:
      userId - ID of an existing Okta user (required)
      userCredentials - (required)
      sendEmail - (optional, default to true)
      additionalHeaders - additionalHeaders for this call
      Returns:
      UserCredentials
      Throws:
      ApiException - if fails to make API call

    • resetPassword

      public ResetPasswordToken resetPassword(String userId, Boolean sendEmail, Boolean revokeSessions) throws ApiException
      Reset password Resets password. Generates a one-time token (OTT) that you can use to reset a User's password. You can automatically email the OTT link to the User or return the OTT to the API caller and distribute using a custom flow. This operation transitions the User to the `RECOVERY` status. The User is then not able to sign in or initiate a forgot password flow until they complete the reset flow. This operation provides an option to delete all the User's sessions. However, if the request is made in the context of a session owned by the specified User, that session isn't cleared. > **Note:** You can also use this API to convert a User with the Okta Credential Provider to use a Federated Provider. After this conversion, the User can't directly sign in with a password. > To convert a federated User back to an Okta User, use the default API call. If an email address is associated with multiple Users, keep in mind the following to ensure a successful password recovery lookup: * Okta no longer includes deactivated Users in the lookup. * The lookup searches sign-in IDs first, then primary email addresses, and then secondary email addresses. If `sendEmail` is `false`, returns a link for the User to reset their password.
      Parameters:
      userId - ID of an existing Okta user (required)
      sendEmail - (required)
      revokeSessions - Revokes all User sessions, except for the current session, if set to `true` (optional, default to false)
      Returns:
      ResetPasswordToken
      Throws:
      ApiException - if fails to make API call

    • resetPassword

      public ResetPasswordToken resetPassword(String userId, Boolean sendEmail, Boolean revokeSessions, Map<String,String> additionalHeaders) throws ApiException
      Reset password Resets password. Generates a one-time token (OTT) that you can use to reset a User's password. You can automatically email the OTT link to the User or return the OTT to the API caller and distribute using a custom flow. This operation transitions the User to the `RECOVERY` status. The User is then not able to sign in or initiate a forgot password flow until they complete the reset flow. This operation provides an option to delete all the User's sessions. However, if the request is made in the context of a session owned by the specified User, that session isn't cleared. > **Note:** You can also use this API to convert a User with the Okta Credential Provider to use a Federated Provider. After this conversion, the User can't directly sign in with a password. > To convert a federated User back to an Okta User, use the default API call. If an email address is associated with multiple Users, keep in mind the following to ensure a successful password recovery lookup: * Okta no longer includes deactivated Users in the lookup. * The lookup searches sign-in IDs first, then primary email addresses, and then secondary email addresses. If `sendEmail` is `false`, returns a link for the User to reset their password.
      Parameters:
      userId - ID of an existing Okta user (required)
      sendEmail - (required)
      revokeSessions - Revokes all User sessions, except for the current session, if set to `true` (optional, default to false)
      additionalHeaders - additionalHeaders for this call
      Returns:
      ResetPasswordToken
      Throws:
      ApiException - if fails to make API call

    • getObjectMapper

      protected static com.fasterxml.jackson.databind.ObjectMapper getObjectMapper()