Package com.okta.sdk.resource.model
package com.okta.sdk.resource.model
-
ClassDescription<x-lifecycle class=\"ea\"></x-lifecycle> The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature.AccessPolicyAccessPolicyConstraintGets or Sets methodsGets or Sets typesAccessPolicyConstraintsAccessPolicyLinkAccessPolicyRuleAccessPolicyRuleActionsAccessPolicyRuleApplicationSignOnGets or Sets AccessPolicyRuleApplicationSignOnAccessAccessPolicyRuleConditionsAccessPolicyRuleCustomConditionAn array of ACS endpoints.ActionsAddGroupRequestSettings specific to the Okta Admin ConsoleAgent detailsDetails about the AD Group membership updateAn AgentPool is a collection of agents that serve a common purpose.Various information about agent auto update configurationSetting for auto-updateAgent types that are being monitoredStatus for one agent regarding the status to auto-update that agentOverall state for the auto-update job from admin perspectiveThe allowed types of uses for the AuthenticatorAPIServiceIntegrationInstanceAPIServiceIntegrationInstanceSecretStatus of the API Service Integration instance SecretSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.An API token for an Okta User.The Network Condition of the API TokenAn API Token Update Object for an Okta user.APNSConfigurationAPNSPushProviderContainer details for resource type APP_ACCOUNTAppAndInstanceConditionEvaluatorAppOrInstanceAppAndInstancePolicyRuleConditionType of appAppCustomHrefObjectDescribes allowed HTTP verbs for the `href`Current status of the application instanceAppInstancePolicyRuleConditionInformation used to generate the secret JSON Web Token for the token requests to Apple IdP > **Note:** The `privateKey` property is required for a CREATE request.ApplicationGets or Sets featuresSpecifies access settings for the appCredentials for the specified `signOnMode`ApplicationCredentialsOAuthClientApps with `BASIC_AUTH`, `BROWSER_PLUGIN`, or `SECURE_PASSWORD_STORE` sign-on modes have credentials vaulted by Okta and can be configured with the following schemes.App signing key properties > **Note:** Only apps with SAML_2_0, SAML_1_1, WS_FEDERATION, or OPENID_CONNECT `signOnMode` support the key rotation feature.Specifies the intended use of the keyThe template used to generate the username when the app is assigned through a group or directly to a userDetermines if the username is pushed to the app on updates for CUSTOM `type`Type of mapping expression.Embedded resources related to the app using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.The Feature object is used to configure app feature settings.ApplicationFeatureLinksKey name of the feature | Feature name | Description | | --------- | ------------- | | USER_PROVISIONING | User profiles are pushed from Okta to the third-party app.The Application Group object that defines a group of users' app-specific profile and credentials for an appApplicationGroupAssignmentLinksApplicationLayoutApplicationLayoutRuleApplicationLayoutRuleConditionApplicationLayoutsApplicationLayoutsLinksLicenses for the appApp instance statusDiscoverable resources related to the appApp settingsApp notes visible to either the admin or end userSpecifies notifications settings for the appSends customizable messages with conditions to end users when a VPN connection is requiredDefines network zones for VPN notificationSpecifies the VPN connection details required to access the appAuthentication mode for the app | signOnMode | Description | | ---------- | ----------- | | AUTO_LOGIN | Secure Web Authentication (SWA) | | BASIC_AUTH | HTTP Basic Authentication with Okta Browser Plugin | | BOOKMARK | Just a bookmark (no-authentication) | | BROWSER_PLUGIN | Secure Web Authentication (SWA) with Okta Browser Plugin | | OPENID_CONNECT | Federated Authentication with OpenID Connect (OIDC) | | SAML_1_1 | Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) | | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO | | SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) | | WS_FEDERATION | Federated Authentication with WS-Federation Passive Requestor Profile | Select the `signOnMode` for your custom app:The type of client application.Specifies visibility settings for the appHides the app for specific end-user appsAppLinkAppResourceHrefObjectThe Application User object defines a user's app-specific profile and credentials for an appIndicates if the assignment is direct (`USER`) or by group membership (`GROUP`).AppUserAssignRequestIndicates if the assignment is direct (`USER`) or by group membership (`GROUP`).Specifies a user's credentials for the app.Updates the assigned user credentialsThe user's password.Updates the assigned user profile > **Note:** The Okta API currently doesn't support entity tags for conditional updates.Status of an Application UserThe synchronization state for the Application User.AppUserUpdateRequestAssignGroupOwnerRequestBodyAssignRoleRequestAssignRoleToGroupRequestAssignRoleToUser201ResponseAssignRoleToUserRequestAssignUserToRealmAssociatedServerMediatedAssuranceMethodGets or Sets AssuranceMethodFactorModeAttackProtectionAuthenticatorSettingsAuthenticationMethodIndicates if any secrets or private keys used during authentication must be hardware protected and not exportable.Indicates if phishing-resistant Factors are required.Indicates the user interaction requirement (PIN or biometrics) to ensure verification of a possession factorAuthenticationMethodChainAuthenticationMethodChainMethodAuthenticationMethodObjectSpecifies the authentication provider that validates the User's password credential.The type of authentication providerAuthenticatorBaseAuthenticatorEnrollmentPolicyAuthenticatorEnrollmentPolicyAuthenticatorSettingsConstraints for the authenticatorEnrollment requirements for the authenticatorRequirements for the user-initiated enrollmentA label that identifies the authenticatorAuthenticatorEnrollmentPolicyConditionsIdentifies Users and Groups that are used togetherSpecifies a set of Groups whose Users are to be included or excludedAuthenticatorEnrollmentPolicyRuleSpecifies whether the User is to be enrolled the first time they `LOGIN`, the next time they are in the `CHALLENGE` process, or `NEVER`Gets or Sets selfAuthenticatorEnrollmentPolicyRuleActionsAuthenticatorEnrollmentPolicyRuleConditionsIdentifies Users and Groups that are used togetherSpecifies a set of Users to be included or excluded**Note:** In Identity Engine, the Multifactor (MFA) Enrollment Policy name has changed to authenticator enrollment policy.Type of policy configuration object <x-lifecycle class=\"oie\"></x-lifecycle> The `type` property in the policy `settings` is only applicable to the authenticator enrollment policy available in Identity Engine.Represents a particular authenticator serving as a constraint on a methodAuthenticatorKeyCustomAppAuthenticatorKeyCustomAppAllOfProviderProvider typeThe configuration of the providerAuthenticatorKeyCustomAppAllOfProviderConfigurationApnsAuthenticatorKeyCustomAppAllOfProviderConfigurationFcmAuthenticatorKeyCustomAppAllOfSettingsAuthenticatorKeyDuoAuthenticatorKeyDuoAllOfProviderProvider typeAuthenticatorKeyDuoAllOfProviderConfigurationAuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplateAuthenticatorKeyEmailAuthenticatorKeyEmailAllOfSettingsA human-readable string that identifies the AuthenticatorAuthenticatorKeyExternalIdpAuthenticatorKeyGoogleOtpAuthenticatorKeyOktaVerifyAuthenticatorKeyOktaVerifyAllOfSettingsAuthenticatorKeyOnpremAuthenticatorKeyPasswordAuthenticatorKeyPhoneAuthenticatorKeyPhoneAllOfSettingsAuthenticatorKeySecurityKeyAuthenticatorKeySecurityQuestionAuthenticatorKeySmartCardAuthenticatorKeySymantecVipAuthenticatorKeyWebauthnAuthenticatorKeyYubikeyAuthenticatorLinksGets or Sets AuthenticatorMethodAlgorithmAuthenticatorMethodBaseLimits the authenticators that can be used for a given method.Gets or Sets methodAuthenticatorMethodOtpGets or Sets AuthenticatorMethodPropertyAuthenticatorMethodPushAuthenticatorMethodPushAllOfSettingsAuthenticatorMethodSignedNonceAuthenticatorMethodSignedNonceAllOfSettingsAuthenticatorMethodSimpleAuthenticatorMethodTotpAuthenticatorMethodTotpAllOfSettingsGets or Sets AuthenticatorMethodTransactionTypeThe type of authenticator methodAuthenticatorMethodWebAuthnAuthenticatorMethodWebAuthnAllOfSettingsAuthenticatorMethodWithVerifiablePropertiesAuthenticatorSimpleThe type of AuthenticatorAuthorizationServerAuthorizationServerCredentialsThe Key rotation mode for the authorization serverAuthorizationServerCredentialsSigningConfigHow the key is usedAuthorizationServerJsonWebKeyAuthorizationServerPolicySpecifies whether requests have access to this PolicyIndicates that the Policy is an authorization server PolicyAuthorizationServerPolicyAllOfLinksAuthorizationServerPolicyAllOfLinksAllOfRulesAuthorizationServerPolicyConditionsIdentifies Users and Groups that are used togetherAuthorizationServerPolicyRuleStatus of the ruleRule typeAuthorizationServerPolicyRuleActionsAuthorizationServerPolicyRuleConditionsSpecifies a set of Groups whose Users are to be includedAuthorizationServerPolicyRuleRequestStatus of the ruleRule typeSpecifies a set of Users to be includedAuthorizationServerResourceHrefObjectAuthServerLinksAuthServerLinksAllOfClaimsAuthServerLinksAllOfPoliciesAuthServerLinksAllOfRotateKeyAuthServerLinksAllOfScopesThe org setting that automatically assigns the Okta Admin Console when an admin role is assignedAutoLoginApplicationAutoLoginApplicationSettingsAutoLoginApplicationSettingsSignOnThe schedule of auto-update configured by admin.The destination AWS region where your event source is locatedThis object contains a number of sub-objects, each of which provide some type of contextual information.Details of the user sessionIdentifies the Okta user that the token was generated to authenticate and provides details of their Okta user profileSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of the user.BaseContextUserProfileBaseEmailDomainBaseEmailServerBaseTokenLifetime of the tokenBasicApplicationSettingsBasicApplicationSettingsApplicationBasicAuthApplication`template_basic_auth` is the key name for a Basic Authentication scheme app instanceBeforeScheduledActionPolicyRuleConditionBehaviorRuleBehaviorRuleAnomalousDeviceBehaviorRuleAnomalousIPBehaviorRuleAnomalousLocationBehaviorRuleSettingsAnomalousDeviceBehaviorRuleSettingsAnomalousIPBehaviorRuleSettingsAnomalousLocationBehaviorRuleSettingsHistoryBasedBehaviorRuleSettingsVelocityGets or Sets BehaviorRuleTypeBehaviorRuleVelocityThe method used to bind the out-of-band channel with the primary channel.BookmarkApplication`bookmark` is the key name for a Bookmark appBookmarkApplicationSettingsBookmarkApplicationSettingsApplicationBouncesRemoveListErrorBouncesRemoveListObjBouncesRemoveListResultBrandBrandRequestBrandWithEmbeddedBrowserPluginApplicationThe key name for the app definitionBulkDeleteRequestBodyGets or Sets entityTypeBulkUpsertRequestBodyGets or Sets entityTypeBulkUpsertRequestBodyProfilesInnerBundleEntitlementBundleEntitlementLinksBundleEntitlementsResponseSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specificationBundleEntitlementsResponseLinksBundleBundleEntitlementsResponseLinksNextThe subject's device compliance was revokedCurrent device compliance statusThe entity that initiated the eventPrevious device compliance statusCaepDeviceComplianceChangeEventReasonAdminCaepDeviceComplianceChangeEventReasonUserCaepSecurityEventThe entity that initiated the eventThe session of the subject was revokedThe entity that initiated the eventDetermines whether Okta assigns a new app account to each user managed by Okta.Defines user import rulesRules for matching and creating usersDetermines the attribute to match usersDefines import settingsDefines the configuration for the INBOUND_PROVISIONING featureDefines the configurations for the USER_PROVISIONING featureDetermines whether updates to a user's profile are pushed to the appThe type of CAPTCHA providerCatalogApplicationGets or Sets CatalogApplicationStatusGets or Sets ChallengeTypeDetermines whether a change in a user's password also updates the user's password in the appChangePasswordRequestThe out-of-band channel for use with authentication.ChannelBindingGets or Sets styleChildOrgEdition for the Org.Status of the Org.Type of returned `token`.Current version of the Chrome BrowserClientSpecifies which clients are included in the PolicyThe org setting that assigns the super admin role by default to a public client appGets or Sets CodeChallengeMethodComplianceConditionsContentSecurityPolicySettingGets or Sets modeContextPolicyRuleConditionCreateBrandRequestCreateGroupRuleRequestGets or Sets typeCreateIamRoleRequestCreateRealmAssignmentRequestCreateRealmRequestCreateResourceSetRequestCreateSessionRequestThe request body properties for the new UI SchemaCreateUpdateIamRolePermissionRequestCreateUserRequestThe ID of the User type.CreateUserTypeRequestCredentialSyncInfoCurrent credential sync status of the privileged resourceCsrSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of a CSR object using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.CsrMetadataCsrMetadataSubjectCsrMetadataSubjectAltNamesDescribes allowed HTTP verbs for the `href`Gets or Sets allowDescribes allowed HTTP verbs for the `href`Gets or Sets allowUser verification settingCustomizablePageCustomRoleCUSTOM for a custom roleCustomRoleAssignmentSchemaThe type of role.DefaultAppDesktopMFAEnforceNumberMatchingChallengeOrgSettingDesktopMFARecoveryPinOrgSettingA key object with public key detailsGets or Sets DetectedRiskEventsDevice<x-lifecycle class=\"oie\"></x-lifecycle> Specifies the device condition to match onDeviceAssuranceDeviceAssuranceAndroidPlatformDeviceAssuranceAndroidPlatformAllOfDiskEncryptionTypeDeviceAssuranceAndroidPlatformAllOfScreenLockTypeDeviceAssuranceChromeOSPlatformSettings for third-party signal providers (based on the `CHROMEOS` platform)DeviceAssuranceIOSPlatformDeviceAssuranceMacOSPlatformDeviceAssuranceMacOSPlatformAllOfDiskEncryptionTypeSettings for third-party signal providers (based on the `MACOS` platform)DeviceAssuranceWindowsPlatformSettings for third-party signal providers (based on the `WINDOWS` platform)DeviceCheckGets or Sets DeviceChecksPlatformDisplay name of the deviceDeviceListList of associated users for the device if the `expand=user` query parameter is specified in the request.OS platform of the deviceGets or Sets DevicePolicyMDMFrameworkGets or Sets DevicePolicyPlatformTypeDevicePolicyRuleConditionDevicePolicyRuleConditionAssuranceDevicePolicyRuleConditionPlatformGets or Sets DevicePolicyTrustLevelDeviceProfileThe state object of the deviceDeviceUserThe management status of the deviceScreen lock type of the deviceAlgorithm used to generate the key.Gets or Sets DiskEncryptionTypeAndroidType of encryption used on the device > **Note:** The following values map to Disk Encryption ON: `FULL`, `USER`, `ALL_INTERNAL_VOLUMES`.Gets or Sets DiskEncryptionTypeDesktopDNS TXT and CNAME records to be registered for the DomainGets or Sets DNSRecordTypeDefines the properties of the certificateCertificate metadata for the domainCertificate source type that indicates whether the certificate is provided by the user or Okta.Certificate typeDomainLinksDomainLinksAllOfBrandDomainLinksAllOfCertificateDomainLinksAllOfVerifyDefines a list of domains with a subset of the properties for each domain.DomainRequestThe properties that define an individual domain.Status of the domainProvides the status whether a domain has been failed over or notGoogle Chrome Device Trust Connector providerGoogle Chrome Device Trust Connector providerGoogle Chrome Device Trust Connector providerDurationDynamicNetworkZoneThe proxy type used for a Dynamic Network ZoneDynamicNetworkZoneAllOfAsnsDynamicNetworkZoneAllOfLocationsElliptic Curve Key in JWK format, currently used during enrollment to encrypt fulfillment requests to Yubico, or during activation to verify Yubico's JWS objects in fulfillment responses.Gets or Sets crvThe type of public keyThe intended use for the key.EmailContentEmailCustomizationEmailCustomizationAllOfLinksEmailDefaultContentEmailDomainEmailDomainDNSRecordGets or Sets EmailDomainDNSRecordTypeEmailDomainResponseEmailDomainResponseWithEmbeddedGets or Sets EmailDomainStatusEmailPreviewEmailPreviewLinksEmailServerListResponseEmailServerPostEmailServerRequestEmailServerResponseEmailSettingsGets or Sets recipientsEmailSettingsResponseGets or Sets recipientsEmailSettingsResponseLinksEmailTemplateResponseEmailTemplateResponseEmbeddedEmailTemplateResponseLinksVariant for email templates.EmailTestAddressesThe Public Key Details are defined in the `_embedded` property of the Key object.Gets or Sets enabledPagesTypeSetting statusRequested authentication method for OAuth 2.0 endpoints.Variant for the Okta End-User Dashboard.EnhancedDynamicNetworkZone<div class=\"x-lifecycle-container\"><x-lifecycle class=\"ea\"></x-lifecycle></div>The list of ASNs associated with an Enhanced Dynamic Network ZoneEnhancedDynamicNetworkZoneAllOfAsnsInclude<div class=\"x-lifecycle-container\"><x-lifecycle class=\"ea\"></x-lifecycle></div>IP services, such as a proxy or VPN, to include or exclude for an Enhanced Dynamic Network Zone<div class=\"x-lifecycle-container\"><x-lifecycle class=\"ea\"></x-lifecycle></div>The list of geolocations to include or exclude for an Enhanced Dynamic Network ZoneEnhancedDynamicNetworkZoneAllOfLocationsExcludeEnhancedDynamicNetworkZoneAllOfLocationsIncludeEnrollment Initialization RequestName of the fulfillment provider for the WebAuthn Preregistration FactorEnrollment Initialization ResponseName of the fulfillment provider for the WebAuthn Preregistration FactorEnrollment Initialization RequestName of the fulfillment provider for the WebAuthn Preregistration FactorYubico Transport Key in the form of a JWK, used to encrypt our fulfillment request to Yubico.Name of the fulfillment provider for the WebAuthn Preregistration FactorEntitlementValueSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specificationEntitlementValuesResponseEntitlementValuesResponseLinksEntityRiskPolicyEntityRiskPolicyRuleEntityRiskPolicyRuleActionRunWorkflowGets or Sets actionThis action runs a workflowEntityRiskPolicyRuleActionsObjectGets or Sets actionEntityRiskPolicyRuleActionTerminateAllSessionsThis action revokes or terminates all of the user's active sessions.The action to take based on the risk eventThe object that contains the `actions` arrayEntityRiskPolicyRuleConditions<x-lifecycle class=\"oie\"></x-lifecycle> The risk score level of the entity risk policy ruleGets or Sets levelErrorErrorCauseErrorPageVariant for the error page.ErrorResponseEventHookStatus of the event hookEventHookChannelEventHookChannelConfigThe authentication scheme used for this request.The authentication scheme type.EventHookChannelConfigHeaderThe channel type.EventHookFilterMapObjectEventHookFilterMapObjectConditionThe optional filter defined on a specific event type > **Note:** Event hook filters is a [self-service Early Access (EA)](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) to enable.EventHookLinksVerification status of the event hook.EventSubscriptionsThe events object type.ExpressionFCMConfigurationFCMPushProviderSpecifies feature release cycle informationGets or Sets FeatureLifecycleFeatureLinksLink to feature dependenciesLink to feature dependentsCurrent release cycle stage of a feature If a feature's stage value is `EA`, the state is `null` and not returned.Indicates the release state of the featureCurrent release stage of the featureType of featureGets or Sets FipsEnumForgotPasswordResponseFulfillment provider detailsFulfillment RequestName of the fulfillment provider for the WebAuthn Preregistration FactorGetSsfStreams200ResponseThe Subject Identifier format expected for any SET transmitted.Schema for the Google Workspace app (key name: `google`) To create a Google Workspace app, use the [Create an Application](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.Gets or Sets nameGets or Sets signOnModeGoogleApplicationSettingsGoogle app instance propertiesGovernanceBundleGovernanceBundleCreateRequestGovernanceBundleLinksGovernanceBundlesResponseGovernanceBundlesResponseLinksGovernanceBundleUpdateRequestThe grant typeStatusGrantResourcesHrefObjectDetermines the mechanism Okta uses to authorize the creation of the tokens.Array of grant types that this condition includes.GroupSpecifies a set of Groups whose Users are to be included or excluded[Discoverable resources](/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroups!c=200&path=_links&t=response) related to the GroupGroupOwnerThe source where group ownership is managedThe entity type of the ownerSpecifies a set of Groups whose Users are to be included or excludedSpecifies required and optional properties for a Group.GroupRuleDefines which users and groups to assignDefines group rule conditionsDefines Okta specific [group-rules expression](https://developer.okta.com/docs/reference/okta-expression-language/#expressions-in-group-rules)Contains the `groupIds` arrayCurrently not supportedDefines conditions for `people` in a group ruleStatus of group ruleDefines conditions specific to user exclusionGroupSchemaGroupSchemaAttributeGroupSchemaAttributeEnumInnerGroupSchemaBaseAll Okta-defined Profile properties are defined in a Profile subschema with the resolution scope `#base`.All custom Profile properties are defined in a Profile subschema with the resolution scope `#custom`GroupSchemaDefinitionsGroupsLinkDetermines how a Group's Profile and memberships are managedHelpLinkThe `id` property in the response as `id` serves as the unique ID for the key, which you can specify when invoking other CRUD operations.HostedPageGets or Sets HostedPageTypeLink to publish CSRLink to the resource (self)Describes allowed HTTP verbs for the `href`HrefHintsGuidanceObjectHrefObjectHrefObjectActivateLinkHrefObjectAppLinkHrefObjectAssigneeLinkLink to authorize scopesHrefObjectClientLinkHrefObjectDeactivateLinkHrefObjectDeleteLinkHrefObjectGovernanceResourcesLinkHrefObjectGrantAerialConsentHrefObjectGroupLinkHrefObjectLogoLinkHrefObjectMappingsLinkHrefObjectMemberLinkHrefObjectPermissionsLinkHrefObjectResourceSetLinkHrefObjectRetrieveAerialConsentHrefObjectRevokeAerialConsentHrefObjectRoleLinkHrefObjectRulesLinkHrefObjectSelfLinkHrefObjectSuspendLinkHrefObjectUnsuspendLinkHrefObjectUserLinkGets or Sets HttpMethodIAMBundleEntitlementIamRoleIamRoleLinksIamRolesIdentityProviderIdentityProviderApplicationUserIdentityProviderApplicationUserLinksIdentityProviderCredentialsIdentityProviderCredentialsClientIdentityProviderCredentialsSigningIdentityProviderCredentialsTrustGets or Sets IdentityProviderCredentialsTrustRevocationIndicates whether Okta uses the original Okta org domain URL or a custom domain URL in the request to the social IdPIdentityProviderLinksPolicy settings for the IdP.Gets or Sets IdentityProviderPolicyProviderIdentityProviderPolicyRuleConditionThe properties in the Identity Provider Properties object vary depending on the IdP typeGets or Sets additionalAmrThe Identity Provider object's `type` property identifies the social or enterprise Identity Provider used for authentication.IdentitySourceSessionGets or Sets IdentitySourceSessionStatusIdentitySourceUserProfileForDeleteIdentitySourceUserProfileForUpsertIdPCertificateCredentialDefines a CSR for a signature or decryption credential for an IdPIdPCsrLinksIdpDiscoveryPolicyIdpDiscoveryPolicyRuleIdpDiscoveryPolicyRuleConditionA [JSON Web Key](https://tools.ietf.org/html/rfc7517) for a signature or encryption credential for an IdPIdpPolicyRuleActionIdpPolicyRuleActionIdpIdpPolicyRuleActionMatchCriteriaIdpPolicyRuleActionProviderDetermines whether the rule should use expression language or a specific IdPGets or Sets IframeEmbedScopeAllowedAppsImageUploadResponseImport schedule configurationImportScheduleObjectFullImportImportScheduleObjectIncrementalImportImportScheduleSettingsDetermines the Okta username for the imported userDetermines the username format when users sign in to OktaInactivityPolicyRuleConditionInboundProvisioningApplicationFeatureInlineHookInlineHookBasePayloadInlineHookChannelInlineHookChannelConfigInlineHookChannelConfigAuthSchemeInlineHookChannelConfigHeadersInlineHookChannelHttpInlineHookChannelOAuthGets or Sets InlineHookChannelTypeInlineHookOAuthBasicConfigInlineHookOAuthChannelConfigInlineHookOAuthClientSecretConfigInlineHookOAuthPrivateKeyJwtConfigThe API request that triggered the inline hookThe URL of the API endpointInlineHookResponseInlineHookResponseCommandsInlineHookResponseCommandValueGets or Sets InlineHookStatusGets or Sets InlineHookTypeIPNetworkZoneAn IP service offered by a provider, such as a proxy or VPNGets or Sets IssuerModeThe update actionJsonWebKeyJsonWebKeyECJsonWebKeyRsaThe status of the public keyThe type of public keyThe intended use of the public keyJwkUsePurpose of the certificate.KeepCurrentKeepMeSignedInWhether the post-authentication Keep Me Signed In flow is allowedKeyRequestRepresents the attestation strength used by the Chrome Verified Access APIRepresents the attestation strength used by the Chrome Verified Access APIKnowledgeConstraintGets or Sets methodsGets or Sets typesDetermines whether to update a user in the app when a user in Okta is updatedDetermines whether deprovisioning occurs when the app is unassignedLifecycleExpirationPolicyRuleConditionGets or Sets LifecycleStatusLinkedHrefObjectLinkedObjectLinkedObjectDetailsThe object type for this relationshipSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.LinksActivateLinksActivateActivateLinksAerialConsentGrantedLinksAerialConsentRevokedSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.LinksCancelLinksCancelCancelSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.LinksDeactivateLinksDeactivateDeactivateLinksEnrollLinksEnrollEnrollLinksFactorLinksFactorFactorSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the resources using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the sources using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.LinksNextForRoleAssignmentsNextLinksPollLinksPollPollLinksQrcodeLinksQrcodeQrcodeLinksQuestionsLinksQuestionsQuestionLinksResendLinksResendResendSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.LinksSelfAndFullUsersLifecycleLinksSelfAndLifecycleLinksSelfAndRolesSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.LinksSelfLifecycleAndAuthorizeLinksSendLinksSendSendLinksUserLinksUserRefLinksUserUserLinksVerifyLinksVerifyVerifyListGroupAssignedRoles200ResponseInnerA collection of the profile mappings that include a subset of the profile mapping object's properties.ListSubscriptionsRoleRoleRefParameterVariant for the Okta loading page.Gets or Sets LocationGranularityDescribes the user, app, client, or other entity (actor) who performs an action on a target.All authentication relies on validating one or more credentials that prove the authenticity of the actor's identity.The system that proves the identity of an actor using the credentials provided to itWhen an event is triggered by an HTTP request, the `client` object describes the [client](https://datatracker.ietf.org/doc/html/rfc2616) that issues the HTTP request.A credential provider is a software service that manages identities and their associated credentials.The underlying technology/scheme used in the credentialFor some kinds of events (for example, OLM provisioning, sign-in request, second factor SMS, and so on), the fields that are provided in other response objects aren't sufficient to adequately describe the operations that the event has performed.The entity that describes a device enrolled with passwordless authentication using Okta Verify.Gets or Sets LogDiskEncryptionTypeLogEventGeographical context describes a set of geographic coordinates.The latitude and longitude of the geolocation where an action was performed.LogIpAddressDescribes the issuer of the authorization server when the authentication is performed through OAuth.LogOutcomeResult of the actionThe `Request` object describes details that are related to the HTTP request that triggers this event, if available.Gets or Sets LogScreenLockTypeThe `securityContext` object provides security information that is directly related to the evaluation of the event's IP reputation.Indicates how severe the event isLogStreamLifecycle status of the Log Stream objectLogStreamActivateLinkHTTP method allowed for the resourceLogStreamAwsLogStreamAwsPutSchemaLogStreamDeactivateLinkHTTP method allowed for the resourceLogStreamLinkObjectHTTP method allowed for the resourceSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.LogStreamPutSchemaLogStreamSchemaLogStreamSelfLinkHTTP method allowed for the resourceSpecifies the configuration for the `aws_eventbridge` Log Stream type.Specifies the configuration for the `splunk_cloud_logstreaming` Log Stream type.Specifies the configuration for the `splunk_cloud_logstreaming` Log Stream type.LogStreamSplunkLogStreamSplunkPutSchemaSpecifies the streaming provider used Supported providers: * `aws_eventbridge` ([AWS EventBridge](https://aws.amazon.com/eventbridge)) * `splunk_cloud_logstreaming` ([Splunk Cloud](https://www.splunk.com/en_us/software/splunk-cloud-platform.html)) Select the provider type to see provider-specific configurations in the `settings` property:The entity that an actor performs an action on.Details on the target's changes.A `transaction` object comprises contextual information associated with its respective event.\"A user agent is software (a software agent) that is acting on behalf of a user.\" ([Definition of User Agent](https://developer.mozilla.org/en-US/docs/Glossary/User_agent)) In the Okta event data object, the `UserAgent` object provides specifications about the client software that makes event-triggering HTTP requests.Gets or Sets MDMEnrollmentPolicyEnrollmentMDMEnrollmentPolicyRuleConditionMetadataLinkCertificate chain description for verifying assertions from the Smart CardMtlsEndpointsThe Single Sign-On (SSO) endpoint is the IdP's `SingleSignOnService` endpointMtlsTrustCredentialsMechanism to validate the certificateNetworkZoneSpecifies the value of an IP address expressed using either `range` or `CIDR` form.Format of the IP addressesNetworkZoneLocationNetwork Zone statusThe type of Network ZoneThe usage of the Network ZoneThe type of notificationUser that created the objectOAuth2ClaimSpecifies the scopes for the ClaimSpecifies the type of group filter if `valueType` is `GROUPS` If `valueType` is `GROUPS`, then the groups returned are filtered according to the value of `group_filter_type`.Specifies whether the Claim is for an access token (`RESOURCE`) or an ID token (`IDENTITY`)Specifies whether the Claim is an Okta Expression Language (EL) expression (`EXPRESSION`), a set of groups (`GROUPS`), or a system claim (`SYSTEM`)OAuth2ClientOAuth2ClientJsonWebKeyStatus of the OAuth 2.0 Client JSON Web KeyOAuth2ClientJsonWebKeyRequestBodyStatus of the OAuth 2.0 Client JSON Web KeyOAuth2ClientLinksOAuth2ClientSecretStatus of the OAuth 2.0 Client SecretOAuth2ClientSecretRequestBodyStatus of the OAuth 2.0 Client SecretOAuth2RefreshTokenThe embedded resources related to the object if the `expand` query parameter is specifiedOAuth2RefreshTokenLinksLink to revoke the refresh TokenOAuth2RefreshTokenLinksAllOfRevokeAllOfHintsGets or Sets allowOAuth2RefreshTokenScopeSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.OAuth2ScopeGrant object that represents an app consent scope grantEmbedded resources related to the GrantOAuth2ScopeConsentGrantEmbeddedScopeOAuth2ScopeConsentGrantLinksUser type source that granted consentIndicates whether a consent dialog is needed for the ScopeIndicates whether the Scope is included in the metadataArray of scopes that the condition includesOAuth2TokenOAuthApplicationCredentialsEndpoint for an [OAuth 2.0 Authorization Server (AS)](https://tools.ietf.org/html/rfc6749#page-18)Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status of an application using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.Client authentication credentials for an [OAuth 2.0 Authorization Server](https://tools.ietf.org/html/rfc6749#section-2.3)OAuth 2.0 and OpenID Connect Client object > **Note:** You must complete client registration with the IdP Authorization Server for your Okta IdP instance to obtain client credentials.Client authentication methods supported by the token endpointRequested authentication method for the token endpointThe `OAUTH2` and `OIDC` protocols support the `authorization` and `token` endpoints.Array of OAuth 2.0 grant type stringsOAuthMetadataGets or Sets dpopSigningAlgValuesSupportedApplication name for the provisioning connectionArray of OAuth 2.0 response type stringsEndpoint for an [OAuth 2.0 Authorization Server (AS)](https://tools.ietf.org/html/rfc6749#page-18)Schema for the Microsoft Office 365 app (key name: `office365`) To create a Microsoft Office 365 app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.Gets or Sets nameGets or Sets signOnModeOffice365ApplicationSettingsOffice365 app instance propertiesSettings required for the Microsoft Office 365 Provisioning ConnectionOfflineAccessScopeResourceHrefObjectOIDC configuration detailsOidcAlgorithmsEndpoint for the JSON Web Key Set (JWKS) document.Algorithm settings used to sign an authorization requestSignature Algorithm settings for signing authorization requests sent to the IdP > **Note:** The `algorithm` property is ignored when you disable request signatures (`scope` set as `NONE`).Gets or Sets OidcSigningAlgorithmEndpoint for getting identity information about the User.OINApplicationContains SAML 1.1 sign-on mode attributesContains SAML 2.0 sign-on mode attributes.Profile for a Group that is imported from Active Directory.The device risk level changedCurrent risk level of the deviceThe entity that initiated the eventPrevious risk level of the deviceIP changed for the subject's sessionThe entity that initiated the eventDefines a list of Okta Personal settings that can be enabled or disabled for the orgOktaSignOnPolicyOktaSignOnPolicyConditionsIndicates if the User should be challenged for a second factor (MFA) based on the device being used, a Factor session lifetime, or on every sign-in attempt **Note:** Required only if `requireFactor` is set to `true`.OktaSignOnPolicyRuleOktaSignOnPolicyRuleActionsOktaSignOnPolicyRuleConditionsOktaSignOnPolicyRuleSignonActionsGets or Sets access<x-lifecycle class=\"oie\"></x-lifecycle> Indicates the primary factor used to establish a session for the org.Properties governing the User's session lifetimeProfile for any Group that is not imported from Active Directory.The user risk level changedCurrent risk level of the userThe entity that initiated the eventPrevious risk level of the userOpenIdConnectApplicationIndicates whether user consent is required or implicit.The type of IdP-initiated sign-in flow that the client supportsThe mode to use for the IdP-initiated sign-in flow.Indicates whether the Okta authorization server uses the original Okta org domain URL or a custom domain URL as the issuer of the ID token for this clientOpenIdConnectApplicationSettingsOpenIdConnectApplicationSettingsClientThe signing algorithm for Client-Initiated Backchannel Authentication (CIBA) signed requests using JWT.The delivery mode for Client-Initiated Backchannel Authentication (CIBA).The type of JSON Web Key Set (JWKS) algorithm that must be used for signing request objectsType of the subjectIndicates if the client is allowed to use wildcard matching of `redirect_uris`A [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) for validating JWTs presented to OktaRefresh token configuration for an OAuth 2.0 client When you create or update an OAuth 2.0 client, you can configure refresh token rotation by setting the `rotation_type` and `leeway` properties.The type of client app Specific `grant_types` are valid for each `application_type`.The refresh token rotation mode for the OAuth 2.0 clientOperational status of a given agentOperationRequestOperationResponseGets or Sets statusOperationResponseAssignmentOperationOperationResponseAssignmentOperationConfigurationOperationResponseAssignmentOperationConfigurationActionsOperationResponseAssignmentOperationConfigurationActionsAssignUserToRealmOptInStatusResponseGets or Sets optInStatusOptInStatusResponseLinksSchema for the Okta Org2Org app (key name: `okta_org2org`) To create an Org2Org app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.Gets or Sets nameGets or Sets signOnModeOrg2OrgApplicationSettingsOrg2Org app instance propertiesOrgAerialConsentOrgAerialConsentDetailsOrgAerialConsentRevokedOrgAerialGrantNotFoundOrg billing contactSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the org billing Contact Type object using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specificationOrgBillingContactTypeLinksBillingLink relations for the CAPTCHA settings objectType of contactOrgContactTypeObjOrgContactUserSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the Contact Type User object using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specificationProfile and credential information for the first super admin user of the child Org.Specifies primary authentication and recovery credentials for a User.Specifies a password for a user > **Note:** For information on defaults and configuring your password policies, see [Configure the password authenticator](https://help.okta.com/okta_help.htm?type=oie&id=ext-configure-password) in the help documentation.Specifies the profile attributes for the first super admin user.Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the org using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specificationOrgGeneralSettingLinksContactsOrgGeneralSettingLinksLogoOrgGeneralSettingLinksOktaCommunicationOrgGeneralSettingLinksOktaSupportOrgGeneralSettingLinksPreferencesOrgGeneralSettingLinksUploadLogoOrgOktaCommunicationSettingSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for this object using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specificationOrgOktaCommunicationSettingLinksOptInOrgOktaCommunicationSettingLinksOptOutStatus of Okta Support SettingsOrgOktaSupportSettingsObjSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the Okta Support Settings object using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specificationOrgOktaSupportSettingsObjLinksExtendOrgOktaSupportSettingsObjLinksGrantOrgOktaSupportSettingsObjLinksRevokeOrgPreferencesSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for this object using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specificationOrgPreferencesLinksHideEndUserFooterOrgPreferencesLinksShowEndUserFooterOrgSettingStatus of orgOrg technical contactSpecifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the org technical Contact Type object using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specificationOrgTechnicalContactTypeLinksTechnicalSpecifies the OS requirement for the policy.OSVersionConstraintIndicates the Windows major versionContains the necessary properties for a dynamic Windows version requirementIndicates the type of the dynamic Windows version requirement<div class=\"x-lifecycle-container\"><x-lifecycle class=\"ea\"></x-lifecycle></div>Contains the necessary properties for a dynamic version requirementIndicates the type of the dynamic OS version requirementCurrent version of the operating system (maximum of four components in the versioning scheme)Current version of the operating system (maximum of three components in the versioning scheme)The protocol usedHMAC algorithmThe shared secret encodingPageRootPageRootEmbeddedPageRootLinksAttributes used for processing AD Group membership updateThe update action to takeSpecifies a password for a user.Specifies a hashed password to import into Okta.The algorithm used to generate the hash using the password (and salt, when applicable).Specify a [password import inline hook](/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createPasswordImportInlineHook) to trigger verification of the User's password the first time the User signs in.Weak password dictionary lookup settingsLookup settings for commonly used passwordsPasswordExpirationPolicyRuleConditionPasswordImportRequestPasswordImportRequestDataThis object specifies the default action Okta is set to take.PasswordImportRequestDataContextPasswordImportRequestDataContextCredentialPasswordImportResponsePasswordImportResponseCommandsInnerThe parameter value of the command.Gets or Sets credentialPasswordPolicyPasswordPolicyAuthenticationProviderConditionGets or Sets PasswordPolicyAuthenticationProviderTypePasswordPolicyConditionsPasswordPolicyDelegationSettingsPasswordPolicyDelegationSettingsOptionsPasswordPolicyPasswordSettingsAge settingsComplexity settingsLockout settingsPasswordPolicyRecoveryEmailPasswordPolicyRecoveryEmailPropertiesPasswordPolicyRecoveryEmailRecoveryTokenSettings for the Factors that can be used for recoveryPasswordPolicyRecoveryFactorSettingsPasswordPolicyRecoveryQuestionPasswordPolicyRecoveryQuestionComplexityPasswordPolicyRecoveryQuestionPropertiesPasswordPolicyRecoverySettingsPasswordPolicyRulePasswordPolicyRuleActionPasswordPolicyRuleActionsPasswordPolicyRuleConditionsPasswordPolicySettingsIndicates whether the Password Protection Warning feature is enabledDetermines whether Okta creates and pushes a password in the app for each assigned userThe operation (PATCH action)Gets or Sets PerClientRateLimitModeA map of Per-Client Rate Limit Use Case to the applicable PerClientRateLimitMode.PermissionConditions for further restricting a permissionPermissionLinksPermissionsDefines a list of email domains with a subset of the properties for each domainPin RequestName of the fulfillment provider for the WebAuthn Preregistration FactorThe authentication pipeline of the orgGets or Sets PlatformPlatformConditionEvaluatorPlatformPlatformConditionEvaluatorPlatformOperatingSystemPlatformConditionEvaluatorPlatformOperatingSystemVersionGets or Sets PlatformConditionOperatingSystemVersionMatchTypePlatformPolicyRuleConditionPolicyGets or Sets PolicyAccessSpecifies the behavior for linking an IdP User to an existing Okta UserSpecifies the account linking action for an IdP UserSpecifies Group memberships to restrict which Users are available for account linking by an IdPGroup memberships used to determine link candidatesPolicyContextPolicyContextDeviceAn array of Group IDs for the simulate operation.The risk rule condition levelGets or Sets levelThe user ID for the simulate operation.The zone ID under the network rule condition.PolicyLinksPolicyMappingPolicyMappingLinksPolicyMappingLinksAllOfApplicationPolicyMappingLinksAllOfPolicyPolicyMappingRequestGets or Sets PolicyMappingResourceTypePolicyNetworkConditionNetwork selection modeIdentifies Users and Groups that are used togetherGets or Sets PolicyPlatformOperatingSystemTypeGets or Sets PolicyPlatformTypePolicyRulePolicyRuleActionsEnrollGets or Sets PolicyRuleActionsEnrollSelfPolicyRuleAuthContextConditionGets or Sets PolicyRuleAuthContextTypePolicyRuleConditionsRule typeVerification method typeSpecifies the behavior for establishing, validating, and matching a username for an IdP UserDetermines the Okta User profile attribute match conditions for account linking and authentication of the transformed IdP usernameAll Okta orgs contain only one IdP Discovery Policy with an immutable default Rule routing to your org's sign-in page.Gets or Sets PolicyTypeSimulation[Okta Expression Language (EL) expression](https://developer.okta.com/docs/reference/okta-expression-language/) to generate or transform a unique username for the IdP User.Gets or Sets PolicyUserStatusPossessionConstraintIndicates if device-bound Factors are required.Indicates if any secrets or private keys used during authentication must be hardware protected and not exportable.Gets or Sets methodsIndicates if phishing-resistant Factors are required.Gets or Sets typesIndicates if the user needs to approve an Okta Verify prompt or provide biometrics (meets NIST AAL2 requirements).Indicates the user interaction requirement (PIN or biometrics) to ensure verification of a possession factorPostAPIServiceIntegrationInstancePostAPIServiceIntegrationInstanceRequestPostAuthKeepMeSignedInPromptPostAuthSessionFailureActionsObjectGets or Sets actionPostAuthSessionPolicyPostAuthSessionPolicyRuleThe action to take in response to a failure of the reevaluated global session policy or authentication polices.This object contains a `failureActions` array that defines the specific action to take when post auth session evaluation detects a failure.PostAuthSessionPolicyRuleAllOfConditionsPostAuthSessionPolicyRuleRunWorkflowGets or Sets actionPostAuthSessionPolicyRuleTerminateSessionThe action to take when post auth session evaluation detects a failure.PreRegistrationInlineHookGets or Sets PrincipalTypePrivilegedAccountCredentials for a Privileged AccountDetails for a SaaS Application Account, which will be managed as a Privileged AccountDetails for a SaaS Application Account, which will be managed as a Privileged AccountDetails for managing an Okta Universal Directory Account as a Privileged AccountDetails for managing an Okta Universal Directory Account as a Privileged AccountPrivilegedAccountForUpdateDescribes the current status of a Privileged AccountDescribes the detailed status of a Privileged AccountThe type of Privileged AccountPrivilegedResourcePrivilegedResourceAccountAppPrivilegedResourceAccountOktaCredentials for the privileged accountCurrent status of the privileged resourceThe type of the resourceUpdate request for a privileged resourceProfileEnrollmentPolicyProfileEnrollmentPolicyRuleProfileEnrollmentPolicyRuleAction**Note:** The Profile Enrollment Action object can't be modified to set the `access` property to `DENY` after the policy is created.Progressive profile enrollment helps evaluate the profile enrollment policy at every user login.Which action should be taken if this User is newProfileEnrollmentPolicyRuleActionsContains a single Boolean property that indicates whether `emailVerification` should occur (`true`) or not (`false`, default)ProfileEnrollmentPolicyRuleProfileAttributeThe Profile Mapping object describes a mapping between an Okta User's and an App User's properties using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).A target property, in string form, that maps to a valid [JSON Schema Draft](https://tools.ietf.org/html/draft-zyp-json-schema-04) document.Indicates whether to update target properties for user create and update or just for user create.The updated request body propertiesThe parameter is the source of a profile mapping and is a valid [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04) document with the following properties.The parameter is the target of a profile mapping and is a valid [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04) document with the following properties.This setting determines whether a user in the app gets updated when they're updated in Okta.ProtocolSpecifies whether to digitally sign authorization requests to the IdPSpecifies whether to verify responses from the IdPProtocolAlgorithmsProtocolAlgorithmTypeProtocolAlgorithmTypeSignatureGets or Sets ProtocolAlgorithmTypeSignatureScopeProtocolEndpointGets or Sets ProtocolEndpointBindingProtocolEndpointsGets or Sets ProtocolEndpointTypeProtocol settings for the [MTLS Protocol](https://tools.ietf.org/html/rfc5246#section-7.4.4)Mutual TLSProtocol settings for authentication using the [OAuth 2.0 Authorization Code flow](https://tools.ietf.org/html/rfc6749#section-4.1)OAuth 2.0 Authorization Code flowProtocol settings for authentication using the [OpenID Connect Protocol](http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)OpenID Connect Authorization Code flowProtocolRelayStateGets or Sets ProtocolRelayStateFormatProtocol settings for the [SAML 2.0 Authentication Request Protocol](http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf)SAML 2.0 protocolProtocolSettingsGets or Sets ProtocolTypeGets or Sets ProviderTypeSpecifies the behavior for just-in-time (JIT) provisioning of an IdP User as a new Okta User and their Group membershipsSpecifies the User provisioning action during authentication when an IdP User isn't linked to an existing Okta User.Conditional behaviors for an IdP User during authenticationDefines the method of authenticationOAuth 2.0 is used to authenticate with the app.ProvisioningConnectionOauthRequestProvisioningConnectionOauthRequestProfileThe app provisioning connection profile used to configure the method of authentication and the credentials.Gets or Sets ProvisioningConnectionRequestAuthSchemeProvisioningConnectionResponseProvisioningConnectionResponseProfileProvisioning Connection statusA token is used to authenticate with the app.ProvisioningConnectionTokenRequestProvisioningConnectionTokenRequestProfileSpecifies the action during authentication when an IdP User is linked to a previously deprovisioned Okta UserBehavior for a previously deprovisioned IdP User during authentication.Provisioning settings for a User's Group membershipsProvisioning action for the IdP User's Group memberships | Enum | Description | Existing OKTA_GROUP Memberships | Existing APP_GROUP Memberships | Existing BUILT_IN Memberships | | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------ | ----------------------------- | | `APPEND` | Adds a User to any Group defined by the IdP as a value of the `sourceAttributeName` array that matches the name of the allow listed Group defined in the `filter` | Unchanged | Unchanged | Unchanged | | `ASSIGN` | Assigns a User to Groups defined in the `assignments` array | Unchanged | Unchanged | Unchanged | | `NONE` | Skips processing of Group memberships | Unchanged | Unchanged | Unchanged | | `SYNC` | Group memberships are sourced by the IdP as a value of the `sourceAttributeName` array that matches the name of the Group defined in the `filter` | Removed if not defined by the IdP in `sourceAttributeName` and matching name of the Group in `filter` | Unchanged | Unchanged | > **Note:** Group provisioning action is processed independently from profile sourcing.Specifies the action during authentication when an IdP User is linked to a previously suspended Okta UserBehavior for a previously suspended IdP User during authentication.Indicates whether you must use a hardware key storePushProviderRealmRealmAssignmentRealmProfileUsed to store partner users.Specifies a secret question and answer that's validated (case insensitive) when a User forgets their password or unlocks their account.The refresh tokenRegistrationInlineHookRegistrationInlineHookCommandGets or Sets typeRegistrationInlineHookPPDataRegistrationInlineHookPPDataAllOfDataRegistrationInlineHookPPDataAllOfDataContextRegistrationInlineHookPPDataAllOfDataContextUserRegistrationInlineHookRequestThe type of registration hook.RegistrationInlineHookResponseRegistrationInlineHookSSRDataRegistrationInlineHookSSRDataAllOfDataRegistrationInlineHookSSRDataAllOfDataContextRegistrationResponseRegistrationResponseCommandsInnerFor the registration inline hook, the `error` object provides a way of displaying an error message to the end user who is trying to register or update their profile.RegistrationResponseErrorErrorCausesInnerRelease channel for auto-updateGets or Sets RequiredEnumResendUserFactorType of the FactorResetPasswordTokenResourceSelectorCreateRequestSchemaResourceSelectorPatchRequestSchemaResourceSelectorResponseSchemaResourceSelectorResponseSchemaLinksResourceSelectorResponseWithoutSelfLinkSchemaResourceSelectorResponseWithoutSelfLinkSchemaLinksResourceSelectorsSchemaResourceSetResourceSetBindingAddMembersRequestResourceSetBindingCreateRequestResourceSetBindingMemberResourceSetBindingMembersResourceSetBindingMembersLinksResourceSetBindingResponseResourceSetBindingResponseLinksResourceSetBindingRoleResourceSetBindingRoleLinksResourceSetBindingsResourceSetLinksResourceSetResourceRelated discoverable resourcesResourceSetResourceLinksGroupsResourceSetResourceLinksResourceResourceSetResourceLinksSelfResourceSetResourceLinksUsersResourceSetResourcePatchRequestResourceSetResourcePostRequestResourceSetResourcesResourceSetResourcesLinksResourceSetsLink objectsGets or Sets ResponseModeGets or Sets ResponseTypeGets or Sets ResponseTypesSupportedRevokeRefreshTokenHrefObjectThe subject's identifier has changed, which is either an email address or a phone number change<x-lifecycle class=\"oie\"></x-lifecycle> An object that references detected risk events.RiskEventRiskEventSubjectThe risk level associated with the IPRiskPolicyRuleConditionRiskProviderAction taken by Okta during authentication attempts based on the risk events sent by this providerSpecifies a particular level of risk to match onThe level to matchRoleRoleAssignedUserRoleAssignedUsersRole assignment typeList of all User Role Governance SourcesThe resource of a grantThe resources of a grantRoleGovernanceResourcesLinksUser Role Governance SourceRoleGovernanceSourceLinksPermission typeStandard role typeRotate password request for the privileged accountRepresents the current value of the Safe Browsing protection levelSchema for the Salesforce app (key name: `salesforce`) To create a Salesforce app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.Gets or Sets nameGets or Sets signOnModeSalesforceApplicationSettingsSalesforce app instance propertiesSalesforce instance that you want to connect toSalesforce integration typeSAML configuration detailsSaml11ApplicationSaml11ApplicationSettingsSAML 1.1 sign-on mode attributesOkta's `SPSSODescriptor` endpoint where the IdP sends a `<SAMLResponse>` messageSamlAcsInnerSettings for signing and verifying SAML messagesSamlApplicationSamlApplicationSettingsSAML 2.0 sign-on attributes.Define custom attribute statements for the integration.SamlClaimsInnerFederation Trust Credentials for verifying assertions from the IdP and signing requests to the IdPSAML 2.0 HTTP binding settings for IdP and SP (Okta)Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadataSAMLHookResponseSAMLHookResponseCommandsInnerSAMLHookResponseCommandsInnerValueInnerThe value of the claim that you add or replace, and can also include other attributes.An object to return an error.SAML 2.0 Name Identifier formatsSAMLPayLoadSAMLPayLoadDataDetails of the SAML assertion that was generatedProvides a JSON representation of the `<saml:AuthnStatement>` element of the SAML assertionDetails of the authentication methods used for the SAML assertionSAMLPayLoadDataAssertionClaimsValueSAMLPayLoadDataAssertionClaimsValueAttributesSAMLPayLoadDataAssertionClaimsValueAttributeValuesInnerSAMLPayLoadDataAssertionClaimsValueAttributeValuesInnerAttributesProvides a JSON representation of the `<saml:Conditions>` element of the SAML assertionSpecifies the expiration time, in seconds, of the SAML assertionProvides a JSON representation of the `<saml:Subject>` element of the SAML assertionSAMLPayLoadDataAssertionSubjectConfirmationSAMLPayLoadDataAssertionSubjectConfirmationDataSAMLPayLoadDataContextDetails of the assertion protocol being usedSAMLPayLoadDataContextAllOfProtocolIssuerRelay state settings for IdPThe format used to generate the `relayState` in the SAML request.Algorithm settings used to secure an `<AuthnRequest>` messageXML digital Signature Algorithm settings for signing `<AuthnRequest>` messages sent to the IdP > **Note:** The `algorithm` property is ignored when you disable request signatures (`scope` set as `NONE`).Algorithm settings for verifying `<SAMLResponse>` messages and `<Assertion>` elements from the IdPXML digital Signature Algorithm settings for verifying `<SAMLResponse>` messages and `<Assertion>` elements from the IdPAdvanced settings for the SAML 2.0 protocolGets or Sets SamlSigningAlgorithmKey used for signing requests to the IdPThe certificate that Okta uses to validate Single Logout (SLO) requests and responsesIdP's `SingleSignOnService` endpoint where Okta sends an `<AuthnRequest>` messageFederation Trust Credentials for verifying assertions from the IdPScheduledUserLifecycleActionA [JSON Web Key (JWK)](https://tools.ietf.org/html/rfc7517) is a JSON representation of a cryptographic key.SchemeApplicationCredentialsScopeResourceHrefObjectGets or Sets ScreenLockTypeSecurePasswordStoreApplication`template_sps` is the key name for a SWA app instance that uses HTTP POST and doesn't require a browser pluginSecurePasswordStoreApplicationSettingsSecurePasswordStoreApplicationSettingsApplicationSecurityEventSecurityEventReasonThe request schema for creating or updating a Security Events Provider.Information about the Security Events Provider for signal ingestionThe Security Events Provider responseIndicates whether the Security Events Provider is active or notSecurity Events Provider with issuer and JWKS settings for signal ingestionSecurity Events Provider settingsSecurity Events Provider with well-known URL settingThe event subjectsError object thrown when parsing the Security Event TokenA code that describes the category of the errorJSON Web Token body payload for a Security Event TokenA non-empty collection of eventsJSON Web Token header for a Security Event TokenDetermines whether the generated password is the user's Okta password or a randomly generated passwordEnables or disables users to reset their own password and defines the authenticators and constraints needed to complete the reset<x-lifecycle class=\"oie\"></x-lifecycle> The type of rule actionSessionGets or Sets SessionAuthenticationMethodSessionIdentityProviderGets or Sets SessionIdentityProviderTypeGets or Sets SessionStatusControls whether to show the Sign in with Okta Verify button on the Sign-In WidgetGets or Sets SigningAlgorithmSignInPageSignInPageAllOfWidgetCustomizationsVariant for the Okta sign-in page.SignOnInlineHookThe request body required for a simulate policy operationSimulatePolicyEvaluationsA list of evaluated but not matched policies and rulesA list of undefined but not matched policies and rulesThe result of the policy evaluationSimulateResultConditionsSimulateResultPoliciesItemsSimulateResultRulesThe result of this entity evaluationDetermines if the app supports Single Logout (SLO)Schema for the Slack app (key name: `slack`) To create a Slack app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.Gets or Sets nameGets or Sets signOnModeSlackApplicationSettingsSlack app instance propertiesDetermines if the app participates in Single Logout (SLO)Request binding typeSmsTemplateType of the TemplateThe Social Authentication Token object provides the tokens and associated metadata provided by social providers during social authentication.SourceLinksSourceLinksAllOfSchemaEdition of the Splunk Cloud instanceSupported SSO protocol configurations.Defines the authenticators permitted for the initial authentication step of password recoveryGets or Sets methods<x-lifecycle class=\"oie\"></x-lifecycle> Describes the initial and secondary authenticator requirements a user needs to reset their passwordDetermines which authentication requirements a user needs to perform self-service operations.Defines the secondary authenticators needed for password reset if `required` is true.Gets or Sets methodsStandardRoleStandardRoleAssignmentSchemaOptional embedded resources for the Role AssignmentTargets configured for the Role AssignmentApp targetsStreamConfigurationThe Subject Identifier format expected for any SET transmitted.The audience used in the SET.StreamConfigurationCreateRequestThe Subject Identifier format expected for any SET transmitted.Contains information about the intended SET delivery method by the receiverThe delivery method that the transmitter uses for delivering a SETSubjectThe user identifierGets or Sets SubjectTypeSubmissionRequestSubmissionResponseSubmissionResponseConfigInnerSubscriptionDiscoverable resources related to the subscriptionThe status of the subscriptionThe supported methods of an AuthenticatorThe type of authenticator methodSupportedMethodsSettingsSwaApplicationSettingsSwaApplicationSettingsApplicationTelephonyRequestTelephonyRequestDataMessage profile specifies information about the telephony (sms/voice) message to be sent to the Okta userUser profile specifies information about the Okta userTelephonyResponseTelephonyResponseCommandsInnerTelephonyResponseCommandsInnerValueInnerStatus of telephony calloutTempPasswordIntegration Testing InformationOIDC test detailsSAML test detailsAn account on a test instance of your app with admin privileges.ThemeResponseThe third-party admin settingThreatInsightConfigurationSpecifies how Okta responds to authentication requests from suspicious IP addressesTokenAuthorizationServerPolicyRuleActionTokenAuthorizationServerPolicyRuleActionInlineHookGets or Sets TokenDeliveryModeFor the token inline hook, the `commands` and `error` objects that you can return in the JSON payload of your response are defined in the following sections.TokenHookResponseCommandsInnerTokenHookResponseCommandsInnerValueInnerValue to set the claim to.When an error object is returned, it causes Okta to return an OAuth 2.0 error to the requester of the token.TokenPayLoadTokenPayLoadDataTokenPayLoadDataAccessTokenPayLoadDataContextThe authorization server policy used to mint the tokenThe authorization server policy rule used to mint the tokenDetails of the authentication protocolThe client making the token requestThe authorization server's issuer identifierInformation about the original token request used to get the refresh token being used, when in a refresh token requestTokenPayLoadDataIdentityDetails of the token requestThe authorization response modeThe authorization response typeTokenRequestTokenResourcesHrefObjectTokenResponseThe token type in a `/token` response.The type of token for token exchange.Schema for Trend Micro Apex One as a Service app (key name: `trendmicroapexoneservice`) To create a Trend Micro Apex One as a Service app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.Gets or Sets nameGets or Sets signOnModeTrendMicroApexOneServiceApplicationSettingsTrend Micro Apex One as a Service app instance propertiesTrustedOriginTrustedOriginScopeThe scope type.TrustedOriginWriteSpecifies the configuration of an input field on an enrollment formUI Schema element options objectSpecifies how the input appearsProperties of the UI schemaUISchemasResponseObjectUpdateDefaultProvisioningConnectionForApplicationRequestUpdateDomainUpdateEmailDomainUpdateFeatureForApplicationRequestUpdateIamRoleRequestUpdateRealmAssignmentRequestUpdateRealmRequestUpdateThemeRequestThe updated request body propertiesUpdateUserRequestUploadYubikeyOtpTokenSeedRequestUserUserActivationTokenDescribes how the account is blocked from access.The devices that the block applies toType of access blockSpecifies a set of Users to be included or excludedSpecifies primary authentication and recovery credentials for a User.UserFactorActivation requests have a short lifetime and expire if the activation isn't completed before the indicated timestamp.Result of a Factor activationUserFactorActivateRequestUserFactorActivateResponseType of the FactorUserFactorActivateResponseLinksUserFactorCallUserFactorCallProfileUserFactorEmailUserFactorEmailProfileUserFactorLinksProvider for the FactorUserFactorPushUserFactorPushProfileUserFactorPushTransactionResult of the verification transactionUserFactorPushTransactionRejectedUserFactorPushTransactionRejectedAllOfLinksUserFactorPushTransactionRejectedAllOfProfileUserFactorPushTransactionTimeoutUserFactorPushTransactionTimeoutAllOfLinksUserFactorPushTransactionWaitingUserFactorPushTransactionWaitingAllOfLinksResult of a Factor verification attemptUserFactorSecurityQuestionUserFactorSecurityQuestionProfileUnique key for the questionUserFactorSMSUserFactorSMSProfileStatus of the FactorUserFactorSupportedIndicates if the Factor is required for the specified userUserFactorTokenUserFactorTokenAllOfVerifyUserFactorTokenFactorVerificationObjectUserFactorTokenHardwareUserFactorTokenHardwareAllOfVerifyUserFactorTokenHOTPUserFactorTokenHOTPProfileUserFactorTokenProfileUserFactorTokenSoftwareTOTPUserFactorTokenVerifyRSAUserFactorTokenVerifySymantecType of FactorUserFactorU2FUserFactorU2FProfileUserFactorVerifyRequestUserFactorVerifyResponseResult of a Factor verificationUserFactorWebUserFactorWebAuthnUserFactorWebAuthnProfileUserFactorWebProfileUserFactorYubikeyOtpTokenToken statusUserGetSingletonThe embedded resources related to the object if the `expand` query parameter is specifiedUsed in the User Identifier Condition object.The type of pattern.Specifies a user identifier condition to match onWhat to match against, either user ID or an attribute in the user's Okta profile.UserIdentityProviderLinkRequestUserImportRequestUserImportRequestDataThe object that specifies the default action Okta is set to takeThe current default action that results when Okta imports a user.The app user profile being importedUserImportRequestDataContextDetails of the app from which the user is being importedThe status of the appThe details of the running import jobProvides information on the Okta user profile currently set to be used for the user who is being imported, based on the matching rules and attribute mappings that were applied.UserImportResponseUserImportResponseCommandsInnerThe command types supported for the import inline hook.An object to return an error.UserLifecycleAttributePolicyRuleConditionUserLinkSpecifies link relations (see [Web Linking](https://datatracker.ietf.org/doc/html/rfc8288) available for the current status of a user.UserLockoutSettingsGets or Sets UserNextLoginSpecifies a set of Users to be included or excludedSpecifies the default and custom profile properties for a user.UserProvisioningApplicationFeatureUserResourceHrefObjectUserRiskGetResponseUserRiskGetResponseLinksThe risk level associated with the userUserRiskLevelExistsUserRiskLevelNoneThe risk level associated with the userUserRiskPutResponseUserRiskRequestThe risk level associated with the userUserSchemaUserSchemaAttributeUserSchemaAttributeEnumGets or Sets UserSchemaAttributeFormatUserSchemaAttributeItemsUserSchemaAttributeMasterUserSchemaAttributeMasterPriorityGets or Sets UserSchemaAttributeMasterTypeGets or Sets UserSchemaAttributeMutabilityStringUserSchemaAttributePermissionGets or Sets UserSchemaAttributeScopeGets or Sets UserSchemaAttributeTypeAll Okta-defined Profile properties are defined in a Profile subschema with the resolution scope `#base`.UserSchemaBasePropertiesUserSchemaDefinitionsUserSchemaPropertiesUserSchemaPropertiesProfileUserSchemaPropertiesProfileItemAll custom Profile properties are defined in a Profile subschema with the resolution scope `#custom`UsersLinkThe current status of the user.UserStatusPolicyRuleConditionUserType<x-lifecycle class=\"oie\"></x-lifecycle> Specifies which User Types to include and/or excludeUserTypeLinksUserTypeLinksAllOfSchemaUserTypePostRequestUserTypePutRequestUser verification setting.Describes the method for verifying the user.Method attachmentCredential request object for the initialized credential, along with the enrollment and key identifiers to associate with the credentialCredential response object for enrolled credential details, along with enrollment and key identifiers to associate the credentialUser Factor variant used for WebAuthn Preregistration FactorsWellKnownAppAuthenticatorConfigurationThe type of AuthenticatorWellKnownAppAuthenticatorConfigurationSettingsWellKnownOrgMetadataWellKnownOrgMetadataLinksWellKnownOrgMetadataSettingsMetadata about Okta as a transmitter and relevant information for configuration.The generation of the Sign-in WidgetWsFederationApplication`template_wsfed` is the key name for a WS-Federated app instance with a SAML 2.0 tokenWsFederationApplicationSettingsWsFederationApplicationSettingsApplicationSpecifies the WS-Fed assertion attribute value for filtered groups.Specifies additional username attribute statements to include in the WS-Fed assertionSchema for the Zoom app (key name: `zoomus`) To create a Zoom app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.Gets or Sets nameGets or Sets signOnModeZoomUsApplicationSettingsZoom app instance propertiesSchema for the Zscaler 2.0 app (key name: `zscalerbyz`) To create a Zscaler 2.0 app, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) request with the following parameters in the request body.Gets or Sets nameGets or Sets signOnModeZscalerbyzApplicationSettingsZscaler app instance properties