Okta API wrapper for Node.js

Class: Client

Client

new Client()

Base client that encapsulates the HTTP request mechanism, and knowledge of how to authenticate with the Okta API

Extends

Methods

activateApplication(appId)

Activates an inactive application.
Parameters:
Name Type Description
appId String
Inherited From:

activateAuthorizationServer(authServerId)

Success
Parameters:
Name Type Description
authServerId String
Inherited From:

activateAuthorizationServerPolicy(authServerId, policyId)

Activate Authorization Server Policy
Parameters:
Name Type Description
authServerId String
policyId String
Inherited From:

activateAuthorizationServerPolicyRule(authServerId, policyId, ruleId)

Activate Authorization Server Policy Rule
Parameters:
Name Type Description
authServerId String
policyId String
ruleId String
Inherited From:

activateEventHook(eventHookId)

Success
Parameters:
Name Type Description
eventHookId String
Inherited From:
Returns:
Type
Promise.<EventHook>

activateFactor(userId, factorId, activateFactorRequest)

The `sms` and `token:software:totp` factor types require activation to complete the enrollment process.
Parameters:
Name Type Description
userId String
factorId String
activateFactorRequest ActivateFactorRequest
Inherited From:
Returns:
Type
Promise.<UserFactor>

activateGroupRule(ruleId)

Activates a specific group rule by id from your organization
Parameters:
Name Type Description
ruleId String
Inherited From:

activateIdentityProvider(idpId)

Activates an inactive IdP.
Parameters:
Name Type Description
idpId String
Inherited From:
Returns:
Type
Promise.<IdentityProvider>

activateInlineHook(inlineHookId)

Activates the Inline Hook matching the provided id
Parameters:
Name Type Description
inlineHookId String
Inherited From:
Returns:
Type
Promise.<InlineHook>

activateNetworkZone(zoneId)

Activate Network Zone
Parameters:
Name Type Description
zoneId String
Inherited From:
Returns:
Type
Promise.<NetworkZone>

activateOrigin(trustedOriginId)

Success
Parameters:
Name Type Description
trustedOriginId String
Inherited From:
Returns:
Type
Promise.<TrustedOrigin>

activatePolicy(policyId)

Activates a policy.
Parameters:
Name Type Description
policyId String
Inherited From:

activatePolicyRule(policyId, ruleId)

Activates a policy rule.
Parameters:
Name Type Description
policyId String
ruleId String
Inherited From:

activateUser(userId, queryParams)

Activates a user. This operation can only be performed on users with a `STAGED` status. Activation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `ACTIVE` during activation to indicate that the user hasn't completed the asynchronous operation. The user will have a status of `ACTIVE` when the activation process is complete.
Parameters:
Name Type Description
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
sendEmail String <optional>
Inherited From:
Returns:
Type
Promise.<UserActivationToken>

addAllAppsAsTargetToRole(userId, roleId)

Success
Parameters:
Name Type Description
userId String
roleId String
Inherited From:

addApplicationInstanceTargetToAppAdminRoleGivenToGroup(groupId, roleId, appName, applicationId)

Add App Instance Target to App Administrator Role given to a Group
Parameters:
Name Type Description
groupId String
roleId String
appName String
applicationId String
Inherited From:

addApplicationTargetToAdminRoleForUser(userId, roleId, appName)

Success
Parameters:
Name Type Description
userId String
roleId String
appName String
Inherited From:

addApplicationTargetToAdminRoleGivenToGroup(groupId, roleId, appName)

Success
Parameters:
Name Type Description
groupId String
roleId String
appName String
Inherited From:

addApplicationTargetToAppAdminRoleForUser(userId, roleId, appName, applicationId)

Add App Instance Target to App Administrator Role given to a User
Parameters:
Name Type Description
userId String
roleId String
appName String
applicationId String
Inherited From:

addGroupTargetToGroupAdministratorRoleForGroup(groupId, roleId, targetGroupId)

Convenience method for /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}
Parameters:
Name Type Description
groupId String
roleId String
targetGroupId String
Inherited From:

addGroupTargetToRole(userId, roleId, groupId)

Success
Parameters:
Name Type Description
userId String
roleId String
groupId String
Inherited From:

addLinkedObjectDefinition(linkedObject)

Success
Parameters:
Name Type Description
linkedObject LinkedObject
Inherited From:
Returns:
Type
Promise.<LinkedObject>

addUserToGroup(groupId, userId)

Adds a user to a group with 'OKTA_GROUP' type.
Parameters:
Name Type Description
groupId String
userId String
Inherited From:

assignRoleToGroup(groupId, assignRoleRequest, queryParams)

Assigns a Role to a Group
Parameters:
Name Type Description
groupId String
assignRoleRequest AssignRoleRequest
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
disableNotifications String <optional>
Inherited From:
Returns:
Type
Promise.<Role>

assignRoleToUser(userId, assignRoleRequest, queryParams)

Assigns a role to a user.
Parameters:
Name Type Description
userId String
assignRoleRequest AssignRoleRequest
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
disableNotifications String <optional>
Inherited From:
Returns:
Type
Promise.<Role>

assignUserToApplication(appId, appUser)

Assigns an user to an application with [credentials](#application-user-credentials-object) and an app-specific [profile](#application-user-profile-object). Profile mappings defined for the application are first applied before applying any profile properties specified in the request.
Parameters:
Name Type Description
appId String
appUser AppUser
Inherited From:
Returns:
Type
Promise.<AppUser>

changePassword(userId, changePasswordRequest, queryParams)

Changes a user's password by validating the user's current password. This operation can only be performed on users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid password credential
Parameters:
Name Type Description
userId String
changePasswordRequest ChangePasswordRequest
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
strict String <optional>
Inherited From:
Returns:
Type
Promise.<UserCredentials>

changeRecoveryQuestion(userId, userCredentials)

Changes a user's recovery question & answer credential by validating the user's current password. This operation can only be performed on users in **STAGED**, **ACTIVE** or **RECOVERY** `status` that have a valid password credential
Parameters:
Name Type Description
userId String
userCredentials UserCredentials
Inherited From:
Returns:
Type
Promise.<UserCredentials>

clearUserSessions(userId, queryParams)

Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
Parameters:
Name Type Description
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
oauthTokens String <optional>
Inherited From:

cloneApplicationKey(appId, keyId, queryParams)

Clones a X.509 certificate for an application key credential from a source application to target application.
Parameters:
Name Type Description
appId String
keyId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
targetAid String <optional>
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

cloneIdentityProviderKey(idpId, keyId, queryParams)

Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP
Parameters:
Name Type Description
idpId String
keyId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
targetIdpId String <optional>
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

createApplication(application, queryParams)

Adds a new application to your Okta organization.
Parameters:
Name Type Description
application Application
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
activate String <optional>
Inherited From:
Returns:
Type
Promise.<Application>

createApplicationGroupAssignment(appId, groupId, applicationGroupAssignment)

Assigns a group to an application
Parameters:
Name Type Description
appId String
groupId String
applicationGroupAssignment ApplicationGroupAssignment
Inherited From:
Returns:
Type
Promise.<ApplicationGroupAssignment>

createAuthorizationServer(authorizationServer)

Success
Parameters:
Name Type Description
authorizationServer AuthorizationServer
Inherited From:
Returns:
Type
Promise.<AuthorizationServer>

createAuthorizationServerPolicy(authServerId, authorizationServerPolicy)

Success
Parameters:
Name Type Description
authServerId String
authorizationServerPolicy AuthorizationServerPolicy
Inherited From:
Returns:
Type
Promise.<AuthorizationServerPolicy>

createAuthorizationServerPolicyRule(policyId, authServerId, authorizationServerPolicyRule)

Creates a policy rule for the specified Custom Authorization Server and Policy.
Parameters:
Name Type Description
policyId String
authServerId String
authorizationServerPolicyRule AuthorizationServerPolicyRule
Inherited From:
Returns:
Type
Promise.<AuthorizationServerPolicyRule>

createCertificate(domainId, domainCertificate)

Creates the Certificate for the Domain.
Parameters:
Name Type Description
domainId String
domainCertificate DomainCertificate
Inherited From:

createDomain(domain)

Creates your domain.
Parameters:
Name Type Description
domain Domain
Inherited From:
Returns:
Type
Promise.<Domain>

createEventHook(eventHook)

Success
Parameters:
Name Type Description
eventHook EventHook
Inherited From:
Returns:
Type
Promise.<EventHook>

createGroup(group)

Adds a new group with `OKTA_GROUP` type to your organization.
Parameters:
Name Type Description
group Group
Inherited From:
Returns:
Type
Promise.<Group>

createGroupRule(groupRule)

Creates a group rule to dynamically add users to the specified group if they match the condition
Parameters:
Name Type Description
groupRule GroupRule
Inherited From:
Returns:
Type
Promise.<GroupRule>

createIdentityProvider(identityProvider)

Adds a new IdP to your organization.
Parameters:
Name Type Description
identityProvider IdentityProvider
Inherited From:
Returns:
Type
Promise.<IdentityProvider>

createIdentityProviderKey(jsonWebKey)

Adds a new X.509 certificate credential to the IdP key store.
Parameters:
Name Type Description
jsonWebKey JsonWebKey
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

createInlineHook(inlineHook)

Success
Parameters:
Name Type Description
inlineHook InlineHook
Inherited From:
Returns:
Type
Promise.<InlineHook>

createNetworkZone(networkZone)

Adds a new network zone to your Okta organization.
Parameters:
Name Type Description
networkZone NetworkZone
Inherited From:
Returns:
Type
Promise.<NetworkZone>

createOAuth2Claim(authServerId, oAuth2Claim)

Success
Parameters:
Name Type Description
authServerId String
oAuth2Claim OAuth2Claim
Inherited From:
Returns:
Type
Promise.<OAuth2Claim>

createOAuth2Scope(authServerId, oAuth2Scope)

Success
Parameters:
Name Type Description
authServerId String
oAuth2Scope OAuth2Scope
Inherited From:
Returns:
Type
Promise.<OAuth2Scope>

createOrigin(trustedOrigin)

Success
Parameters:
Name Type Description
trustedOrigin TrustedOrigin
Inherited From:
Returns:
Type
Promise.<TrustedOrigin>

createPolicy(policy, queryParams)

Creates a policy.
Parameters:
Name Type Description
policy Policy
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
activate String <optional>
Inherited From:
Returns:
Type
Promise.<Policy>

createPolicyRule(policyId, policyRule)

Creates a policy rule.
Parameters:
Name Type Description
policyId String
policyRule PolicyRule
Inherited From:
Returns:
Type
Promise.<PolicyRule>

createSession(createSessionRequest)

Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL.
Parameters:
Name Type Description
createSessionRequest CreateSessionRequest
Inherited From:
Returns:
Type
Promise.<Session>

createSmsTemplate(smsTemplate)

Adds a new custom SMS template to your organization.
Parameters:
Name Type Description
smsTemplate SmsTemplate
Inherited From:
Returns:
Type
Promise.<SmsTemplate>

createUser(createUserRequest, queryParams)

Creates a new user in your Okta organization with or without credentials.
Parameters:
Name Type Description
createUserRequest CreateUserRequest
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
activate String <optional>
provider String <optional>
nextLogin String <optional>
Inherited From:
Returns:
Type
Promise.<User>

createUserType(userType)

Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.
Parameters:
Name Type Description
userType UserType
Inherited From:
Returns:
Type
Promise.<UserType>

deactivateApplication(appId)

Deactivates an active application.
Parameters:
Name Type Description
appId String
Inherited From:

deactivateAuthorizationServer(authServerId)

Success
Parameters:
Name Type Description
authServerId String
Inherited From:

deactivateAuthorizationServerPolicy(authServerId, policyId)

Deactivate Authorization Server Policy
Parameters:
Name Type Description
authServerId String
policyId String
Inherited From:

deactivateAuthorizationServerPolicyRule(authServerId, policyId, ruleId)

Deactivate Authorization Server Policy Rule
Parameters:
Name Type Description
authServerId String
policyId String
ruleId String
Inherited From:

deactivateEventHook(eventHookId)

Success
Parameters:
Name Type Description
eventHookId String
Inherited From:
Returns:
Type
Promise.<EventHook>

deactivateGroupRule(ruleId)

Deactivates a specific group rule by id from your organization
Parameters:
Name Type Description
ruleId String
Inherited From:

deactivateIdentityProvider(idpId)

Deactivates an active IdP.
Parameters:
Name Type Description
idpId String
Inherited From:
Returns:
Type
Promise.<IdentityProvider>

deactivateInlineHook(inlineHookId)

Deactivates the Inline Hook matching the provided id
Parameters:
Name Type Description
inlineHookId String
Inherited From:
Returns:
Type
Promise.<InlineHook>

deactivateNetworkZone(zoneId)

Deactivates a network zone.
Parameters:
Name Type Description
zoneId String
Inherited From:
Returns:
Type
Promise.<NetworkZone>

deactivateOrDeleteUser(userId, queryParams)

Deletes a user permanently. This operation can only be performed on users that have a `DEPROVISIONED` status. **This action cannot be recovered!**
Parameters:
Name Type Description
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
sendEmail String <optional>
Inherited From:

deactivateOrigin(trustedOriginId)

Success
Parameters:
Name Type Description
trustedOriginId String
Inherited From:
Returns:
Type
Promise.<TrustedOrigin>

deactivatePolicy(policyId)

Deactivates a policy.
Parameters:
Name Type Description
policyId String
Inherited From:

deactivatePolicyRule(policyId, ruleId)

Deactivates a policy rule.
Parameters:
Name Type Description
policyId String
ruleId String
Inherited From:

deactivateUser(userId, queryParams)

Deactivates a user. This operation can only be performed on users that do not have a `DEPROVISIONED` status. Deactivation of a user is an asynchronous operation. The user will have the `transitioningToStatus` property with a value of `DEPROVISIONED` during deactivation to indicate that the user hasn't completed the asynchronous operation. The user will have a status of `DEPROVISIONED` when the deactivation process is complete.
Parameters:
Name Type Description
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
sendEmail String <optional>
Inherited From:

deleteApplication(appId)

Removes an inactive application.
Parameters:
Name Type Description
appId String
Inherited From:

deleteApplicationGroupAssignment(appId, groupId)

Removes a group assignment from an application.
Parameters:
Name Type Description
appId String
groupId String
Inherited From:

deleteApplicationUser(appId, userId, queryParams)

Removes an assignment for a user from an application.
Parameters:
Name Type Description
appId String
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
sendEmail String <optional>
Inherited From:

deleteAuthorizationServer(authServerId)

Success
Parameters:
Name Type Description
authServerId String
Inherited From:

deleteAuthorizationServerPolicy(authServerId, policyId)

Success
Parameters:
Name Type Description
authServerId String
policyId String
Inherited From:

deleteAuthorizationServerPolicyRule(policyId, authServerId, ruleId)

Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.
Parameters:
Name Type Description
policyId String
authServerId String
ruleId String
Inherited From:

deleteDomain(domainId)

Deletes a Domain by `id`.
Parameters:
Name Type Description
domainId String
Inherited From:

deleteEventHook(eventHookId)

Success
Parameters:
Name Type Description
eventHookId String
Inherited From:

deleteFactor(userId, factorId)

Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.
Parameters:
Name Type Description
userId String
factorId String
Inherited From:

deleteGroup(groupId)

Removes a group with `OKTA_GROUP` type from your organization.
Parameters:
Name Type Description
groupId String
Inherited From:

deleteGroupRule(ruleId, queryParams)

Removes a specific group rule by id from your organization
Parameters:
Name Type Description
ruleId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
removeUsers String <optional>
Inherited From:

deleteIdentityProvider(idpId)

Removes an IdP from your organization.
Parameters:
Name Type Description
idpId String
Inherited From:

deleteIdentityProviderKey(keyId)

Deletes a specific IdP Key Credential by `kid` if it is not currently being used by an Active or Inactive IdP.
Parameters:
Name Type Description
keyId String
Inherited From:

deleteInlineHook(inlineHookId)

Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.
Parameters:
Name Type Description
inlineHookId String
Inherited From:

deleteLinkedObjectDefinition(linkedObjectName)

Success
Parameters:
Name Type Description
linkedObjectName String
Inherited From:

deleteNetworkZone(zoneId)

Removes network zone.
Parameters:
Name Type Description
zoneId String
Inherited From:

deleteOAuth2Claim(authServerId, claimId)

Success
Parameters:
Name Type Description
authServerId String
claimId String
Inherited From:

deleteOAuth2Scope(authServerId, scopeId)

Success
Parameters:
Name Type Description
authServerId String
scopeId String
Inherited From:

deleteOrigin(trustedOriginId)

Success
Parameters:
Name Type Description
trustedOriginId String
Inherited From:

deletePolicy(policyId)

Removes a policy.
Parameters:
Name Type Description
policyId String
Inherited From:

deletePolicyRule(policyId, ruleId)

Removes a policy rule.
Parameters:
Name Type Description
policyId String
ruleId String
Inherited From:

deleteSmsTemplate(templateId)

Removes an SMS template.
Parameters:
Name Type Description
templateId String
Inherited From:

deleteUserType(typeId)

Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users
Parameters:
Name Type Description
typeId String
Inherited From:

endSession(sessionId)

Convenience method for /api/v1/sessions/{sessionId}
Parameters:
Name Type Description
sessionId String
Inherited From:

enrollFactor(userId, userFactor, queryParams)

Enrolls a user with a supported factor.
Parameters:
Name Type Description
userId String
userFactor UserFactor
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
updatePhone String <optional>
templateId String <optional>
tokenLifetimeSeconds String <optional>
activate String <optional>
Inherited From:
Returns:
Type
Promise.<UserFactor>

executeInlineHook(inlineHookId, inlineHookPayload)

Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.
Parameters:
Name Type Description
inlineHookId String
inlineHookPayload InlineHookPayload
Inherited From:
Returns:
Type
Promise.<InlineHookResponse>

expirePassword(userId)

This operation transitions the user to the status of `PASSWORD_EXPIRED` so that the user is required to change their password at their next login.
Parameters:
Name Type Description
userId String
Inherited From:
Returns:
Type
Promise.<User>

expirePasswordAndGetTemporaryPassword(userId)

This operation transitions the user to the status of `PASSWORD_EXPIRED` and the user's password is reset to a temporary password that is returned.
Parameters:
Name Type Description
userId String
Inherited From:
Returns:
Type
Promise.<TempPassword>

extendOktaSupport()

Extends the length of time that Okta Support can access your org by 24 hours. This means that 24 hours are added to the remaining access time.
Inherited From:
Returns:
Type
Promise.<OrgOktaSupportSettingsObj>

forgotPasswordGenerateOneTimeToken(userId, queryParams)

Generates a one-time token (OTT) that can be used to reset a user's password
Parameters:
Name Type Description
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
sendEmail String <optional>
Inherited From:
Returns:
Type
Promise.<ForgotPasswordResponse>

forgotPasswordSetNewPassword(userId, userCredentials, queryParams)

Sets a new password for a user by validating the user's answer to their current recovery question
Parameters:
Name Type Description
userId String
userCredentials UserCredentials
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
sendEmail String <optional>
Inherited From:
Returns:
Type
Promise.<ForgotPasswordResponse>

generateApplicationKey(appId, queryParams)

Generates a new X.509 certificate for an application key credential
Parameters:
Name Type Description
appId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
validityYears String <optional>
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

generateCsrForApplication(appId, csrMetadata)

Generates a new key pair and returns the Certificate Signing Request for it.
Parameters:
Name Type Description
appId String
csrMetadata CsrMetadata
Inherited From:
Returns:
Type
Promise.<Csr>

generateCsrForIdentityProvider(idpId, csrMetadata)

Generates a new key pair and returns a Certificate Signing Request for it.
Parameters:
Name Type Description
idpId String
csrMetadata CsrMetadata
Inherited From:
Returns:
Type
Promise.<Csr>

generateIdentityProviderSigningKey(idpId, queryParams)

Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP
Parameters:
Name Type Description
idpId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
validityYears String <optional>
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

getApplication(appId, queryParams)

Fetches an application from your Okta organization by `id`.
Parameters:
Name Type Description
appId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
Type
Promise.<Application>

getApplicationGroupAssignment(appId, groupId, queryParams)

Fetches an application group assignment
Parameters:
Name Type Description
appId String
groupId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
Type
Promise.<ApplicationGroupAssignment>

getApplicationKey(appId, keyId)

Gets a specific application key credential by kid
Parameters:
Name Type Description
appId String
keyId String
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

getApplicationUser(appId, userId, queryParams)

Fetches a specific user assignment for application by `id`.
Parameters:
Name Type Description
appId String
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
Type
Promise.<AppUser>

getApplicationUserSchema(appInstanceId)

Fetches the Schema for an App User
Parameters:
Name Type Description
appInstanceId String
Inherited From:
Returns:
Type
Promise.<UserSchema>

getAuthorizationServer(authServerId)

Success
Parameters:
Name Type Description
authServerId String
Inherited From:
Returns:
Type
Promise.<AuthorizationServer>

getAuthorizationServerPolicy(authServerId, policyId)

Success
Parameters:
Name Type Description
authServerId String
policyId String
Inherited From:
Returns:
Type
Promise.<AuthorizationServerPolicy>

getAuthorizationServerPolicyRule(policyId, authServerId, ruleId)

Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy.
Parameters:
Name Type Description
policyId String
authServerId String
ruleId String
Inherited From:
Returns:
Type
Promise.<AuthorizationServerPolicyRule>

getCsrForApplication(appId, csrId)

Convenience method for /api/v1/apps/{appId}/credentials/csrs/{csrId}
Parameters:
Name Type Description
appId String
csrId String
Inherited From:
Returns:
Type
Promise.<Csr>

getCsrForIdentityProvider(idpId, csrId)

Gets a specific Certificate Signing Request model by id
Parameters:
Name Type Description
idpId String
csrId String
Inherited From:
Returns:
Type
Promise.<Csr>

getCurrentConfiguration()

Gets current ThreatInsight configuration
Inherited From:
Returns:
Type
Promise.<ThreatInsightConfiguration>

getDomain(domainId)

Fetches a Domain by `id`.
Parameters:
Name Type Description
domainId String
Inherited From:
Returns:
Type
Promise.<Domain>

getEventHook(eventHookId)

Success
Parameters:
Name Type Description
eventHookId String
Inherited From:
Returns:
Type
Promise.<EventHook>

getFactor(userId, factorId)

Fetches a factor for the specified user
Parameters:
Name Type Description
userId String
factorId String
Inherited From:
Returns:
Type
Promise.<UserFactor>

getFactorTransactionStatus(userId, factorId, transactionId)

Polls factors verification transaction for status.
Parameters:
Name Type Description
userId String
factorId String
transactionId String
Inherited From:
Returns:
Type
Promise.<VerifyUserFactorResponse>

getFeature(featureId)

Success
Parameters:
Name Type Description
featureId String
Inherited From:
Returns:
Type
Promise.<Feature>

getGroup(groupId)

Fetches a group from your organization.
Parameters:
Name Type Description
groupId String
Inherited From:
Returns:
Type
Promise.<Group>

getGroupRule(ruleId, queryParams)

Fetches a specific group rule by id from your organization
Parameters:
Name Type Description
ruleId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
Type
Promise.<GroupRule>

getGroupSchema()

Fetches the group schema
Inherited From:
Returns:
Type
Promise.<GroupSchema>

getIdentityProvider(idpId)

Fetches an IdP by `id`.
Parameters:
Name Type Description
idpId String
Inherited From:
Returns:
Type
Promise.<IdentityProvider>

getIdentityProviderApplicationUser(idpId, userId)

Fetches a linked IdP user by ID
Parameters:
Name Type Description
idpId String
userId String
Inherited From:
Returns:
Type
Promise.<IdentityProviderApplicationUser>

getIdentityProviderKey(keyId)

Gets a specific IdP Key Credential by `kid`
Parameters:
Name Type Description
keyId String
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

getIdentityProviderSigningKey(idpId, keyId)

Gets a specific IdP Key Credential by `kid`
Parameters:
Name Type Description
idpId String
keyId String
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

getInlineHook(inlineHookId)

Gets an inline hook by ID
Parameters:
Name Type Description
inlineHookId String
Inherited From:
Returns:
Type
Promise.<InlineHook>

getLinkedObjectDefinition(linkedObjectName)

Success
Parameters:
Name Type Description
linkedObjectName String
Inherited From:
Returns:
Type
Promise.<LinkedObject>

getLinkedObjectsForUser(userId, relationshipName, queryParams)

Get linked objects for a user, relationshipName can be a primary or associated relationship name
Parameters:
Name Type Description
userId String
relationshipName String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield ResponseLinks instances.
Type
Promise.<Collection>

getLogs(queryParams)

The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
since String <optional>
until String <optional>
filter String <optional>
q String <optional>
limit String <optional>
sortOrder String <optional>
after String <optional>
Inherited From:
Returns:
A collection that will yield LogEvent instances.
Type
Promise.<Collection>

getNetworkZone(zoneId)

Fetches a network zone from your Okta organization by `id`.
Parameters:
Name Type Description
zoneId String
Inherited From:
Returns:
Type
Promise.<NetworkZone>

getOAuth2Claim(authServerId, claimId)

Success
Parameters:
Name Type Description
authServerId String
claimId String
Inherited From:
Returns:
Type
Promise.<OAuth2Claim>

getOAuth2Scope(authServerId, scopeId)

Success
Parameters:
Name Type Description
authServerId String
scopeId String
Inherited From:
Returns:
Type
Promise.<OAuth2Scope>

getOAuth2TokenForApplication(appId, tokenId, queryParams)

Gets a token for the specified application
Parameters:
Name Type Description
appId String
tokenId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
Type
Promise.<OAuth2Token>

getOktaCommunicationSettings()

Gets Okta Communication Settings of your organization.
Inherited From:
Returns:
Type
Promise.<OrgOktaCommunicationSetting>

getOrgContactTypes()

Gets Contact Types of your organization.
Inherited From:
Returns:
A collection that will yield OrgContactTypeObj instances.
Type
Promise.<Collection>

getOrgContactUser(contactType)

Retrieves the URL of the User associated with the specified Contact Type.
Parameters:
Name Type Description
contactType String
Inherited From:
Returns:
Type
Promise.<OrgContactUser>

getOrgOktaSupportSettings()

Gets Okta Support Settings of your organization.
Inherited From:
Returns:
Type
Promise.<OrgOktaSupportSettingsObj>

getOrgPreferences()

Gets preferences of your organization.
Inherited From:
Returns:
Type
Promise.<OrgPreferences>

getOrgSettings()

Get settings of your organization.
Inherited From:
Returns:
Type
Promise.<OrgSetting>

getOrigin(trustedOriginId)

Success
Parameters:
Name Type Description
trustedOriginId String
Inherited From:
Returns:
Type
Promise.<TrustedOrigin>

getPolicy(policyId, queryParams)

Gets a policy.
Parameters:
Name Type Description
policyId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
Type
Promise.<Policy>

getPolicyRule(policyId, ruleId)

Gets a policy rule.
Parameters:
Name Type Description
policyId String
ruleId String
Inherited From:
Returns:
Type
Promise.<PolicyRule>

getProfileMapping(mappingId)

Fetches a single Profile Mapping referenced by its ID.
Parameters:
Name Type Description
mappingId String
Inherited From:
Returns:
Type
Promise.<ProfileMapping>

getRefreshTokenForAuthorizationServerAndClient(authServerId, clientId, tokenId, queryParams)

Success
Parameters:
Name Type Description
authServerId String
clientId String
tokenId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
Type
Promise.<OAuth2RefreshToken>

getRefreshTokenForUserAndClient(userId, clientId, tokenId, queryParams)

Gets a refresh token issued for the specified User and Client.
Parameters:
Name Type Description
userId String
clientId String
tokenId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
limit String <optional>
after String <optional>
Inherited From:
Returns:
Type
Promise.<OAuth2RefreshToken>

getRole(groupId, roleId)

Success
Parameters:
Name Type Description
groupId String
roleId String
Inherited From:
Returns:
Type
Promise.<Role>

getScopeConsentGrant(appId, grantId, queryParams)

Fetches a single scope consent grant for the application
Parameters:
Name Type Description
appId String
grantId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
Type
Promise.<OAuth2ScopeConsentGrant>

getSession(sessionId)

Get details about a session.
Parameters:
Name Type Description
sessionId String
Inherited From:
Returns:
Type
Promise.<Session>

getSmsTemplate(templateId)

Fetches a specific template by `id`
Parameters:
Name Type Description
templateId String
Inherited From:
Returns:
Type
Promise.<SmsTemplate>

getUser(userId)

Fetches a user from your Okta organization.
Parameters:
Name Type Description
userId String
Inherited From:
Returns:
Type
Promise.<User>

getUserGrant(userId, grantId, queryParams)

Gets a grant for the specified user
Parameters:
Name Type Description
userId String
grantId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
Type
Promise.<OAuth2ScopeConsentGrant>

getUserRole(userId, roleId)

Gets role that is assigne to user.
Parameters:
Name Type Description
userId String
roleId String
Inherited From:
Returns:
Type
Promise.<Role>

getUserSchema(schemaId)

Fetches the schema for a Schema Id.
Parameters:
Name Type Description
schemaId String
Inherited From:
Returns:
Type
Promise.<UserSchema>

getUserType(typeId)

Fetches a User Type by ID. The special identifier `default` may be used to fetch the default User Type.
Parameters:
Name Type Description
typeId String
Inherited From:
Returns:
Type
Promise.<UserType>

grantConsentToScope(appId, oAuth2ScopeConsentGrant)

Grants consent for the application to request an OAuth 2.0 Okta scope
Parameters:
Name Type Description
appId String
oAuth2ScopeConsentGrant OAuth2ScopeConsentGrant
Inherited From:
Returns:
Type
Promise.<OAuth2ScopeConsentGrant>

grantOktaSupport()

Enables you to temporarily allow Okta Support to access your org as an administrator for eight hours.
Inherited From:
Returns:
Type
Promise.<OrgOktaSupportSettingsObj>

hideOktaUIFooter()

Hide the Okta UI footer for all end users of your organization.
Inherited From:
Returns:
Type
Promise.<OrgPreferences>

linkUserToIdentityProvider(idpId, userId, userIdentityProviderLinkRequest)

Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type
Parameters:
Name Type Description
idpId String
userId String
userIdentityProviderLinkRequest UserIdentityProviderLinkRequest
Inherited From:
Returns:
Type
Promise.<IdentityProviderApplicationUser>

listApplicationGroupAssignments(appId, queryParams)

Enumerates group assignments for an application.
Parameters:
Name Type Description
appId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
q String <optional>
after String <optional>
limit String <optional>
expand String <optional>
Inherited From:
Returns:
A collection that will yield ApplicationGroupAssignment instances.
Type
Promise.<Collection>

listApplicationKeys(appId)

Enumerates key credentials for an application
Parameters:
Name Type Description
appId String
Inherited From:
Returns:
A collection that will yield JsonWebKey instances.
Type
Promise.<Collection>

listApplications(queryParams)

Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query.
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
q String <optional>
after String <optional>
limit String <optional>
filter String <optional>
expand String <optional>
includeNonDeleted String <optional>
Inherited From:
Returns:
A collection that will yield Application instances.
Type
Promise.<Collection>

listApplicationTargetsForApplicationAdministratorRoleForGroup(groupId, roleId, queryParams)

Lists all App targets for an `APP_ADMIN` Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
Parameters:
Name Type Description
groupId String
roleId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield CatalogApplication instances.
Type
Promise.<Collection>

listApplicationTargetsForApplicationAdministratorRoleForUser(userId, roleId, queryParams)

Lists all App targets for an `APP_ADMIN` Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an `ID` value, while Application will not have an ID.
Parameters:
Name Type Description
userId String
roleId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield CatalogApplication instances.
Type
Promise.<Collection>

listApplicationUsers(appId, queryParams)

Enumerates all assigned [application users](#application-user-model) for an application.
Parameters:
Name Type Description
appId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
q String <optional>
query_scope String <optional>
after String <optional>
limit String <optional>
filter String <optional>
expand String <optional>
Inherited From:
Returns:
A collection that will yield AppUser instances.
Type
Promise.<Collection>
Fetches appLinks for all direct or indirect (via group membership) assigned applications.
Parameters:
Name Type Description
userId String
Inherited From:
Returns:
A collection that will yield AppLink instances.
Type
Promise.<Collection>

listAssignedApplicationsForGroup(groupId, queryParams)

Enumerates all applications that are assigned to a group.
Parameters:
Name Type Description
groupId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield Application instances.
Type
Promise.<Collection>

listAssignedRolesForUser(userId, queryParams)

Lists all roles assigned to a user.
Parameters:
Name Type Description
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
A collection that will yield Role instances.
Type
Promise.<Collection>

listAuthorizationServerKeys(authServerId)

Success
Parameters:
Name Type Description
authServerId String
Inherited From:
Returns:
A collection that will yield JsonWebKey instances.
Type
Promise.<Collection>

listAuthorizationServerPolicies(authServerId)

Success
Parameters:
Name Type Description
authServerId String
Inherited From:
Returns:
A collection that will yield AuthorizationServerPolicy instances.
Type
Promise.<Collection>

listAuthorizationServerPolicyRules(policyId, authServerId)

Enumerates all policy rules for the specified Custom Authorization Server and Policy.
Parameters:
Name Type Description
policyId String
authServerId String
Inherited From:
Returns:
A collection that will yield AuthorizationServerPolicyRule instances.
Type
Promise.<Collection>

listAuthorizationServers(queryParams)

Success
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
q String <optional>
limit String <optional>
after String <optional>
Inherited From:
Returns:
A collection that will yield AuthorizationServer instances.
Type
Promise.<Collection>

listCsrsForApplication(appId)

Enumerates Certificate Signing Requests for an application
Parameters:
Name Type Description
appId String
Inherited From:
Returns:
A collection that will yield Csr instances.
Type
Promise.<Collection>

listCsrsForIdentityProvider(idpId)

Enumerates Certificate Signing Requests for an IdP
Parameters:
Name Type Description
idpId String
Inherited From:
Returns:
A collection that will yield Csr instances.
Type
Promise.<Collection>

listDomains()

List all verified custom Domains for the org.
Inherited From:
Returns:
Type
Promise.<DomainListResponse>

listEventHooks()

Success
Inherited From:
Returns:
A collection that will yield EventHook instances.
Type
Promise.<Collection>

listFactors(userId)

Enumerates all the enrolled factors for the specified user
Parameters:
Name Type Description
userId String
Inherited From:
Returns:
A collection that will yield UserFactor instances.
Type
Promise.<Collection>

listFeatureDependencies(featureId)

Success
Parameters:
Name Type Description
featureId String
Inherited From:
Returns:
A collection that will yield Feature instances.
Type
Promise.<Collection>

listFeatureDependents(featureId)

Success
Parameters:
Name Type Description
featureId String
Inherited From:
Returns:
A collection that will yield Feature instances.
Type
Promise.<Collection>

listFeatures()

Success
Inherited From:
Returns:
A collection that will yield Feature instances.
Type
Promise.<Collection>

listGrantsForUserAndClient(userId, clientId, queryParams)

Lists all grants for a specified user and client
Parameters:
Name Type Description
userId String
clientId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield OAuth2ScopeConsentGrant instances.
Type
Promise.<Collection>

listGroupAssignedRoles(groupId, queryParams)

Success
Parameters:
Name Type Description
groupId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
A collection that will yield Role instances.
Type
Promise.<Collection>

listGroupRules(queryParams)

Lists all group rules for your organization.
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
limit String <optional>
after String <optional>
search String <optional>
expand String <optional>
Inherited From:
Returns:
A collection that will yield GroupRule instances.
Type
Promise.<Collection>

listGroups(queryParams)

Enumerates groups in your organization with pagination. A subset of groups can be returned that match a supported filter expression or query.
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
q String <optional>
search String <optional>
after String <optional>
limit String <optional>
expand String <optional>
Inherited From:
Returns:
A collection that will yield Group instances.
Type
Promise.<Collection>

listGroupTargetsForGroupRole(groupId, roleId, queryParams)

Success
Parameters:
Name Type Description
groupId String
roleId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield Group instances.
Type
Promise.<Collection>

listGroupTargetsForRole(userId, roleId, queryParams)

Success
Parameters:
Name Type Description
userId String
roleId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield Group instances.
Type
Promise.<Collection>

listGroupUsers(groupId, queryParams)

Enumerates all users that are a member of a group.
Parameters:
Name Type Description
groupId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield User instances.
Type
Promise.<Collection>

listIdentityProviderApplicationUsers(idpId)

Find all the users linked to an identity provider
Parameters:
Name Type Description
idpId String
Inherited From:
Returns:
A collection that will yield IdentityProviderApplicationUser instances.
Type
Promise.<Collection>

listIdentityProviderKeys(queryParams)

Enumerates IdP key credentials.
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield JsonWebKey instances.
Type
Promise.<Collection>

listIdentityProviders(queryParams)

Enumerates IdPs in your organization with pagination. A subset of IdPs can be returned that match a supported filter expression or query.
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
q String <optional>
after String <optional>
limit String <optional>
type String <optional>
Inherited From:
Returns:
A collection that will yield IdentityProvider instances.
Type
Promise.<Collection>

listIdentityProviderSigningKeys(idpId)

Enumerates signing key credentials for an IdP
Parameters:
Name Type Description
idpId String
Inherited From:
Returns:
A collection that will yield JsonWebKey instances.
Type
Promise.<Collection>

listInlineHooks(queryParams)

Success
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
type String <optional>
Inherited From:
Returns:
A collection that will yield InlineHook instances.
Type
Promise.<Collection>

listLinkedObjectDefinitions()

Success
Inherited From:
Returns:
A collection that will yield LinkedObject instances.
Type
Promise.<Collection>

listNetworkZones(queryParams)

Enumerates network zones added to your organization with pagination. A subset of zones can be returned that match a supported filter expression or query.
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
after String <optional>
limit String <optional>
filter String <optional>
Inherited From:
Returns:
A collection that will yield NetworkZone instances.
Type
Promise.<Collection>

listOAuth2Claims(authServerId)

Success
Parameters:
Name Type Description
authServerId String
Inherited From:
Returns:
A collection that will yield OAuth2Claim instances.
Type
Promise.<Collection>

listOAuth2ClientsForAuthorizationServer(authServerId)

Success
Parameters:
Name Type Description
authServerId String
Inherited From:
Returns:
A collection that will yield OAuth2Client instances.
Type
Promise.<Collection>

listOAuth2Scopes(authServerId, queryParams)

Success
Parameters:
Name Type Description
authServerId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
q String <optional>
filter String <optional>
cursor String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield OAuth2Scope instances.
Type
Promise.<Collection>

listOAuth2TokensForApplication(appId, queryParams)

Lists all tokens for the application
Parameters:
Name Type Description
appId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield OAuth2Token instances.
Type
Promise.<Collection>

listOrigins(queryParams)

Success
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
q String <optional>
filter String <optional>
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield TrustedOrigin instances.
Type
Promise.<Collection>

listPolicies(queryParams)

Gets all policies with the specified type.
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
type String <optional>
status String <optional>
expand String <optional>
Inherited From:
Returns:
A collection that will yield Policy instances.
Type
Promise.<Collection>

listPolicyRules(policyId)

Enumerates all policy rules.
Parameters:
Name Type Description
policyId String
Inherited From:
Returns:
A collection that will yield PolicyRule instances.
Type
Promise.<Collection>

listProfileMappings(queryParams)

Enumerates Profile Mappings in your organization with pagination.
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
after String <optional>
limit String <optional>
sourceId String <optional>
targetId String <optional>
Inherited From:
Returns:
A collection that will yield ProfileMapping instances.
Type
Promise.<Collection>

listRefreshTokensForAuthorizationServerAndClient(authServerId, clientId, queryParams)

Success
Parameters:
Name Type Description
authServerId String
clientId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield OAuth2RefreshToken instances.
Type
Promise.<Collection>

listRefreshTokensForUserAndClient(userId, clientId, queryParams)

Lists all refresh tokens issued for the specified User and Client.
Parameters:
Name Type Description
userId String
clientId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield OAuth2RefreshToken instances.
Type
Promise.<Collection>

listScopeConsentGrants(appId, queryParams)

Lists all scope consent grants for the application
Parameters:
Name Type Description
appId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
expand String <optional>
Inherited From:
Returns:
A collection that will yield OAuth2ScopeConsentGrant instances.
Type
Promise.<Collection>

listSmsTemplates(queryParams)

Enumerates custom SMS templates in your organization. A subset of templates can be returned that match a template type.
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
templateType String <optional>
Inherited From:
Returns:
A collection that will yield SmsTemplate instances.
Type
Promise.<Collection>

listSocialAuthTokens(idpId, userId)

Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.
Parameters:
Name Type Description
idpId String
userId String
Inherited From:
Returns:
A collection that will yield SocialAuthToken instances.
Type
Promise.<Collection>

listSupportedFactors(userId)

Enumerates all the supported factors that can be enrolled for the specified user
Parameters:
Name Type Description
userId String
Inherited From:
Returns:
A collection that will yield UserFactor instances.
Type
Promise.<Collection>

listSupportedSecurityQuestions(userId)

Enumerates all available security questions for a user's `question` factor
Parameters:
Name Type Description
userId String
Inherited From:
Returns:
A collection that will yield SecurityQuestion instances.
Type
Promise.<Collection>

listUserClients(userId)

Lists all client resources for which the specified user has grants or tokens.
Parameters:
Name Type Description
userId String
Inherited From:
Returns:
A collection that will yield OAuth2Client instances.
Type
Promise.<Collection>

listUserGrants(userId, queryParams)

Lists all grants for the specified user
Parameters:
Name Type Description
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
scopeId String <optional>
expand String <optional>
after String <optional>
limit String <optional>
Inherited From:
Returns:
A collection that will yield OAuth2ScopeConsentGrant instances.
Type
Promise.<Collection>

listUserGroups(userId)

Fetches the groups of which the user is a member.
Parameters:
Name Type Description
userId String
Inherited From:
Returns:
A collection that will yield Group instances.
Type
Promise.<Collection>

listUserIdentityProviders(userId)

Lists the IdPs associated with the user.
Parameters:
Name Type Description
userId String
Inherited From:
Returns:
A collection that will yield IdentityProvider instances.
Type
Promise.<Collection>

listUsers(queryParams)

Lists users in your organization with pagination in most cases. A subset of users can be returned that match a supported filter expression or search criteria.
Parameters:
Name Type Description
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
q String <optional>
after String <optional>
limit String <optional>
filter String <optional>
search String <optional>
sortBy String <optional>
sortOrder String <optional>
Inherited From:
Returns:
A collection that will yield User instances.
Type
Promise.<Collection>

listUserTypes()

Fetches all User Types in your org
Inherited From:
Returns:
A collection that will yield UserType instances.
Type
Promise.<Collection>

optInUsersToOktaCommunicationEmails()

Opts in all users of this org to Okta Communication emails.
Inherited From:
Returns:
Type
Promise.<OrgOktaCommunicationSetting>

optOutUsersFromOktaCommunicationEmails()

Opts out all users of this org from Okta Communication emails.
Inherited From:
Returns:
Type
Promise.<OrgOktaCommunicationSetting>

partialUpdateOrgSetting(orgSetting)

Partial update settings of your organization.
Parameters:
Name Type Description
orgSetting OrgSetting
Inherited From:
Returns:
Type
Promise.<OrgSetting>

partialUpdateSmsTemplate(templateId, smsTemplate)

Updates only some of the SMS template properties:
Parameters:
Name Type Description
templateId String
smsTemplate SmsTemplate
Inherited From:
Returns:
Type
Promise.<SmsTemplate>

partialUpdateUser(userId, user, queryParams)

Fetch a user by `id`, `login`, or `login shortname` if the short name is unambiguous.
Parameters:
Name Type Description
userId String
user User
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
strict String <optional>
Inherited From:
Returns:
Type
Promise.<User>

publishBinaryCerCert(appId, csrId, string)

Convenience method for /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
Parameters:
Name Type Description
appId String
csrId String
string string
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

publishBinaryCerCertForIdentityProvider(idpId, csrId, string)

Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
Parameters:
Name Type Description
idpId String
csrId String
string string
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

publishBinaryDerCert(appId, csrId, string)

Convenience method for /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
Parameters:
Name Type Description
appId String
csrId String
string string
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

publishBinaryDerCertForIdentityProvider(idpId, csrId, string)

Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
Parameters:
Name Type Description
idpId String
csrId String
string string
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

publishBinaryPemCert(appId, csrId, string)

Convenience method for /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
Parameters:
Name Type Description
appId String
csrId String
string string
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

publishBinaryPemCertForIdentityProvider(idpId, csrId, string)

Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
Parameters:
Name Type Description
idpId String
csrId String
string string
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

publishCerCert(appId, csrId, string)

Convenience method for /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
Parameters:
Name Type Description
appId String
csrId String
string string
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

publishCerCertForIdentityProvider(idpId, csrId, string)

Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
Parameters:
Name Type Description
idpId String
csrId String
string string
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

publishDerCert(appId, csrId, string)

Convenience method for /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
Parameters:
Name Type Description
appId String
csrId String
string string
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

publishDerCertForIdentityProvider(idpId, csrId, string)

Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.
Parameters:
Name Type Description
idpId String
csrId String
string string
Inherited From:
Returns:
Type
Promise.<JsonWebKey>

reactivateUser(userId, queryParams)

Reactivates a user. This operation can only be performed on users with a `PROVISIONED` status. This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from [Activate User](#activate-user).
Parameters:
Name Type Description
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
sendEmail String <optional>
Inherited From:
Returns:
Type
Promise.<UserActivationToken>

refreshSession(sessionId)

Convenience method for /api/v1/sessions/{sessionId}/lifecycle/refresh
Parameters:
Name Type Description
sessionId String
Inherited From:
Returns:
Type
Promise.<Session>

removeApplicationTargetFromAdministratorRoleForUser(userId, roleId, appName, applicationId)

Remove App Instance Target to App Administrator Role given to a User
Parameters:
Name Type Description
userId String
roleId String
appName String
applicationId String
Inherited From:

removeApplicationTargetFromAdministratorRoleGivenToGroup(groupId, roleId, appName, applicationId)

Remove App Instance Target to App Administrator Role given to a Group
Parameters:
Name Type Description
groupId String
roleId String
appName String
applicationId String
Inherited From:

removeApplicationTargetFromApplicationAdministratorRoleForUser(userId, roleId, appName)

Success
Parameters:
Name Type Description
userId String
roleId String
appName String
Inherited From:

removeApplicationTargetFromApplicationAdministratorRoleGivenToGroup(groupId, roleId, appName)

Success
Parameters:
Name Type Description
groupId String
roleId String
appName String
Inherited From:

removeGroupTargetFromGroupAdministratorRoleGivenToGroup(groupId, roleId, targetGroupId)

Convenience method for /api/v1/groups/{groupId}/roles/{roleId}/targets/groups/{targetGroupId}
Parameters:
Name Type Description
groupId String
roleId String
targetGroupId String
Inherited From:

removeGroupTargetFromRole(userId, roleId, groupId)

Success
Parameters:
Name Type Description
userId String
roleId String
groupId String
Inherited From:

removeLinkedObjectForUser(userId, relationshipName)

Delete linked objects for a user, relationshipName can be ONLY a primary relationship name
Parameters:
Name Type Description
userId String
relationshipName String
Inherited From:

removeRoleFromGroup(groupId, roleId)

Unassigns a Role from a Group
Parameters:
Name Type Description
groupId String
roleId String
Inherited From:

removeRoleFromUser(userId, roleId)

Unassigns a role from a user.
Parameters:
Name Type Description
userId String
roleId String
Inherited From:

removeUserFromGroup(groupId, userId)

Removes a user from a group with 'OKTA_GROUP' type.
Parameters:
Name Type Description
groupId String
userId String
Inherited From:

replaceUserType(typeId, userType)

Replace an existing User Type
Parameters:
Name Type Description
typeId String
userType UserType
Inherited From:
Returns:
Type
Promise.<UserType>

resetFactors(userId)

This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.
Parameters:
Name Type Description
userId String
Inherited From:

resetPassword(userId, queryParams)

Generates a one-time token (OTT) that can be used to reset a user's password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.
Parameters:
Name Type Description
userId String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
sendEmail String <optional>
Inherited From:
Returns:
Type
Promise.<ResetPasswordToken>

revokeCsrForIdentityProvider(idpId, csrId)

Revoke a Certificate Signing Request and delete the key pair from the IdP
Parameters:
Name Type Description
idpId String
csrId String
Inherited From:

revokeCsrFromApplication(appId, csrId)

Convenience method for /api/v1/apps/{appId}/credentials/csrs/{csrId}
Parameters:
Name Type Description
appId String
csrId String
Inherited From:

revokeGrantsForUserAndClient(userId, clientId)

Revokes all grants for the specified user and client
Parameters:
Name Type Description
userId String
clientId String
Inherited From:

revokeOAuth2TokenForApplication(appId, tokenId)

Revokes the specified token for the specified application
Parameters:
Name Type Description
appId String
tokenId String
Inherited From:

revokeOAuth2TokensForApplication(appId)

Revokes all tokens for the specified application
Parameters:
Name Type Description
appId String
Inherited From:

revokeOktaSupport()

Revokes Okta Support access to your organization.
Inherited From:
Returns:
Type
Promise.<OrgOktaSupportSettingsObj>

revokeRefreshTokenForAuthorizationServerAndClient(authServerId, clientId, tokenId)

Success
Parameters:
Name Type Description
authServerId String
clientId String
tokenId String
Inherited From:

revokeRefreshTokensForAuthorizationServerAndClient(authServerId, clientId)

Success
Parameters:
Name Type Description
authServerId String
clientId String
Inherited From:

revokeScopeConsentGrant(appId, grantId)

Revokes permission for the application to request the given scope
Parameters:
Name Type Description
appId String
grantId String
Inherited From:

revokeTokenForUserAndClient(userId, clientId, tokenId)

Revokes the specified refresh token.
Parameters:
Name Type Description
userId String
clientId String
tokenId String
Inherited From:

revokeTokensForUserAndClient(userId, clientId)

Revokes all refresh tokens issued for the specified User and Client.
Parameters:
Name Type Description
userId String
clientId String
Inherited From:

revokeUserGrant(userId, grantId)

Revokes one grant for a specified user
Parameters:
Name Type Description
userId String
grantId String
Inherited From:

revokeUserGrants(userId)

Revokes all grants for a specified user
Parameters:
Name Type Description
userId String
Inherited From:

rotateAuthorizationServerKeys(authServerId)

Success
Parameters:
Name Type Description
authServerId String
Inherited From:
Returns:
A collection that will yield JsonWebKey instances.
Type
Promise.<Collection>

setLinkedObjectForUser(associatedUserId, primaryRelationshipName, primaryUserId)

Convenience method for /api/v1/users/{associatedUserId}/linkedObjects/{primaryRelationshipName}/{primaryUserId}
Parameters:
Name Type Description
associatedUserId String
primaryRelationshipName String
primaryUserId String
Inherited From:

showOktaUIFooter()

Makes the Okta UI footer visible for all end users of your organization.
Inherited From:
Returns:
Type
Promise.<OrgPreferences>

suspendUser(userId)

Suspends a user. This operation can only be performed on users with an `ACTIVE` status. The user will have a status of `SUSPENDED` when the process is complete.
Parameters:
Name Type Description
userId String
Inherited From:

unlinkUserFromIdentityProvider(idpId, userId)

Removes the link between the Okta user and the IdP user.
Parameters:
Name Type Description
idpId String
userId String
Inherited From:

unlockUser(userId)

Unlocks a user with a `LOCKED_OUT` status and returns them to `ACTIVE` status. Users will be able to login with their current password.
Parameters:
Name Type Description
userId String
Inherited From:

unsuspendUser(userId)

Unsuspends a user and returns them to the `ACTIVE` state. This operation can only be performed on users that have a `SUSPENDED` status.
Parameters:
Name Type Description
userId String
Inherited From:

updateApplication(appId, application)

Updates an application in your organization.
Parameters:
Name Type Description
appId String
application Application
Inherited From:
Returns:
Type
Promise.<Application>

updateApplicationUser(appId, userId, appUser)

Updates a user's profile for an application
Parameters:
Name Type Description
appId String
userId String
appUser AppUser
Inherited From:
Returns:
Type
Promise.<AppUser>

updateApplicationUserProfile(appInstanceId, userSchema)

Partial updates on the User Profile properties of the Application User Schema.
Parameters:
Name Type Description
appInstanceId String
userSchema UserSchema
Inherited From:
Returns:
Type
Promise.<UserSchema>

updateAuthorizationServer(authServerId, authorizationServer)

Success
Parameters:
Name Type Description
authServerId String
authorizationServer AuthorizationServer
Inherited From:
Returns:
Type
Promise.<AuthorizationServer>

updateAuthorizationServerPolicy(authServerId, policyId, authorizationServerPolicy)

Success
Parameters:
Name Type Description
authServerId String
policyId String
authorizationServerPolicy AuthorizationServerPolicy
Inherited From:
Returns:
Type
Promise.<AuthorizationServerPolicy>

updateAuthorizationServerPolicyRule(policyId, authServerId, ruleId, authorizationServerPolicyRule)

Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.
Parameters:
Name Type Description
policyId String
authServerId String
ruleId String
authorizationServerPolicyRule AuthorizationServerPolicyRule
Inherited From:
Returns:
Type
Promise.<AuthorizationServerPolicyRule>

updateConfiguration(threatInsightConfiguration)

Updates ThreatInsight configuration
Parameters:
Name Type Description
threatInsightConfiguration ThreatInsightConfiguration
Inherited From:
Returns:
Type
Promise.<ThreatInsightConfiguration>

updateEventHook(eventHookId, eventHook)

Success
Parameters:
Name Type Description
eventHookId String
eventHook EventHook
Inherited From:
Returns:
Type
Promise.<EventHook>

updateFeatureLifecycle(featureId, lifecycle, queryParams)

Success
Parameters:
Name Type Description
featureId String
lifecycle String
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
mode String <optional>
Inherited From:
Returns:
Type
Promise.<Feature>

updateGroup(groupId, group)

Updates the profile for a group with `OKTA_GROUP` type from your organization.
Parameters:
Name Type Description
groupId String
group Group
Inherited From:
Returns:
Type
Promise.<Group>

updateGroupRule(ruleId, groupRule)

Updates a group rule. Only `INACTIVE` rules can be updated.
Parameters:
Name Type Description
ruleId String
groupRule GroupRule
Inherited From:
Returns:
Type
Promise.<GroupRule>

updateGroupSchema(groupSchema)

Updates, adds ore removes one or more custom Group Profile properties in the schema
Parameters:
Name Type Description
groupSchema GroupSchema
Inherited From:
Returns:
Type
Promise.<GroupSchema>

updateIdentityProvider(idpId, identityProvider)

Updates the configuration for an IdP.
Parameters:
Name Type Description
idpId String
identityProvider IdentityProvider
Inherited From:
Returns:
Type
Promise.<IdentityProvider>

updateInlineHook(inlineHookId, inlineHook)

Updates an inline hook by ID
Parameters:
Name Type Description
inlineHookId String
inlineHook InlineHook
Inherited From:
Returns:
Type
Promise.<InlineHook>

updateNetworkZone(zoneId, networkZone)

Updates a network zone in your organization.
Parameters:
Name Type Description
zoneId String
networkZone NetworkZone
Inherited From:
Returns:
Type
Promise.<NetworkZone>

updateOAuth2Claim(authServerId, claimId, oAuth2Claim)

Success
Parameters:
Name Type Description
authServerId String
claimId String
oAuth2Claim OAuth2Claim
Inherited From:
Returns:
Type
Promise.<OAuth2Claim>

updateOAuth2Scope(authServerId, scopeId, oAuth2Scope)

Success
Parameters:
Name Type Description
authServerId String
scopeId String
oAuth2Scope OAuth2Scope
Inherited From:
Returns:
Type
Promise.<OAuth2Scope>

updateOrgContactUser(contactType, userIdString)

Updates the User associated with the specified Contact Type.
Parameters:
Name Type Description
contactType String
userIdString UserIdString
Inherited From:
Returns:
Type
Promise.<OrgContactUser>

updateOrgSetting(orgSetting)

Update settings of your organization.
Parameters:
Name Type Description
orgSetting OrgSetting
Inherited From:
Returns:
Type
Promise.<OrgSetting>

updateOrigin(trustedOriginId, trustedOrigin)

Success
Parameters:
Name Type Description
trustedOriginId String
trustedOrigin TrustedOrigin
Inherited From:
Returns:
Type
Promise.<TrustedOrigin>

updatePolicy(policyId, policy)

Updates a policy.
Parameters:
Name Type Description
policyId String
policy Policy
Inherited From:
Returns:
Type
Promise.<Policy>

updatePolicyRule(policyId, ruleId, policyRule)

Updates a policy rule.
Parameters:
Name Type Description
policyId String
ruleId String
policyRule PolicyRule
Inherited From:
Returns:
Type
Promise.<PolicyRule>

updateProfileMapping(mappingId, profileMapping)

Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.
Parameters:
Name Type Description
mappingId String
profileMapping ProfileMapping
Inherited From:
Returns:
Type
Promise.<ProfileMapping>

updateSmsTemplate(templateId, smsTemplate)

Updates the SMS template.
Parameters:
Name Type Description
templateId String
smsTemplate SmsTemplate
Inherited From:
Returns:
Type
Promise.<SmsTemplate>

updateUser(userId, user, queryParams)

Update a user's profile and/or credentials using strict-update semantics.
Parameters:
Name Type Description
userId String
user User
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
strict String <optional>
Inherited From:
Returns:
Type
Promise.<User>

updateUserProfile(schemaId, userSchema)

Partial updates on the User Profile properties of the user schema.
Parameters:
Name Type Description
schemaId String
userSchema UserSchema
Inherited From:
Returns:
Type
Promise.<UserSchema>

updateUserType(typeId, userType)

Updates an existing User Type
Parameters:
Name Type Description
typeId String
userType UserType
Inherited From:
Returns:
Type
Promise.<UserType>

verifyDomain(domainId)

Verifies the Domain by `id`.
Parameters:
Name Type Description
domainId String
Inherited From:
Returns:
Type
Promise.<Domain>

verifyEventHook(eventHookId)

Success
Parameters:
Name Type Description
eventHookId String
Inherited From:
Returns:
Type
Promise.<EventHook>

verifyFactor(userId, factorId, verifyFactorRequest, queryParams)

Verifies an OTP for a `token` or `token:hardware` factor
Parameters:
Name Type Description
userId String
factorId String
verifyFactorRequest VerifyFactorRequest
queryParams Object Map of query parameters to add to this request
Properties
Name Type Argument Description
templateId String <optional>
tokenLifetimeSeconds String <optional>
Inherited From:
Returns:
Type
Promise.<VerifyUserFactorResponse>