All Classes and Interfaces
Class
Description
<x-lifecycle class=\"ea\"></x-lifecycle> The AAGUID Group object supports the Early Access
(Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature.
AccessPolicy
AccessPolicyConstraint
Gets or Sets methods
Gets or Sets types
AccessPolicyConstraints
AccessPolicyLink
AccessPolicyRule
AccessPolicyRuleActions
AccessPolicyRuleApplicationSignOn
Gets or Sets AccessPolicyRuleApplicationSignOnAccess
AccessPolicyRuleConditions
AccessPolicyRuleCustomCondition
Abstraction for OAuth2 access token retrieval service function.
Implementation of
AccessTokenRetrieverService interface.An array of ACS endpoints.
Actions
AddGroupRequest
Settings specific to the Okta Admin Console
Agent details
Details about the AD Group membership update
An AgentPool is a collection of agents that serve a common purpose.
Various information about agent auto update configuration
Setting for auto-update
Agent types that are being monitored
Status for one agent regarding the status to auto-update that agent
Overall state for the auto-update job from admin perspective
The allowed types of uses for the Authenticator
APIServiceIntegrationInstance
APIServiceIntegrationInstanceSecret
Status of the API Service Integration instance Secret
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status
of an application using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status
of an application using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
An API token for an Okta User.
The Network Condition of the API Token
An API Token Update Object for an Okta user.
APNSConfiguration
APNSPushProvider
Container details for resource type APP_ACCOUNT
AppAndInstanceConditionEvaluatorAppOrInstance
AppAndInstancePolicyRuleCondition
Type of app
AppCustomHrefObject
Describes allowed HTTP verbs for the `href`
Current status of the application instance
AppInstancePolicyRuleCondition
Information used to generate the secret JSON Web Token for the token requests to Apple IdP > **Note:** The
`privateKey` property is required for a CREATE request.
Application
Gets or Sets features
Specifies access settings for the app
Credentials for the specified `signOnMode`
ApplicationCredentialsOAuthClient
Apps with `BASIC_AUTH`, `BROWSER_PLUGIN`, or `SECURE_PASSWORD_STORE` sign-on modes have
credentials vaulted by Okta and can be configured with the following schemes.
App signing key properties > **Note:** Only apps with SAML_2_0, SAML_1_1, WS_FEDERATION, or OPENID_CONNECT
`signOnMode` support the key rotation feature.
Specifies the intended use of the key
The template used to generate the username when the app is assigned through a group or directly to a user
Determines if the username is pushed to the app on updates for CUSTOM `type`
Type of mapping expression.
Embedded resources related to the app using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
The Feature object is used to configure app feature settings.
ApplicationFeatureLinks
Key name of the feature | Feature name | Description | | --------- | ------------- | | USER_PROVISIONING | User
profiles are pushed from Okta to the third-party app.
The Application Group object that defines a group of users' app-specific profile and credentials for an app
ApplicationGroupAssignmentLinks
ApplicationLayout
ApplicationLayoutRule
ApplicationLayoutRuleCondition
ApplicationLayouts
ApplicationLayoutsLinks
Licenses for the app
App instance status
Discoverable resources related to the app
App settings
App notes visible to either the admin or end user
Specifies notifications settings for the app
Sends customizable messages with conditions to end users when a VPN connection is required
Defines network zones for VPN notification
Specifies the VPN connection details required to access the app
Authentication mode for the app | signOnMode | Description | | ---------- | ----------- | | AUTO_LOGIN | Secure Web
Authentication (SWA) | | BASIC_AUTH | HTTP Basic Authentication with Okta Browser Plugin | | BOOKMARK | Just a
bookmark (no-authentication) | | BROWSER_PLUGIN | Secure Web Authentication (SWA) with Okta Browser Plugin | |
OPENID_CONNECT | Federated Authentication with OpenID Connect (OIDC) | | SAML_1_1 | Federated Authentication with
SAML 1.1 WebSSO (not supported for custom apps) | | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO | |
SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) | | WS_FEDERATION | Federated
Authentication with WS-Federation Passive Requestor Profile | Select the `signOnMode` for your custom app:
The type of client application.
Specifies visibility settings for the app
Hides the app for specific end-user apps
AppLink
AppResourceHrefObject
The Application User object defines a user's app-specific profile and credentials for an app
Indicates if the assignment is direct (`USER`) or by group membership (`GROUP`).
AppUserAssignRequest
Indicates if the assignment is direct (`USER`) or by group membership (`GROUP`).
Specifies a user's credentials for the app.
Updates the assigned user credentials
The user's password.
Updates the assigned user profile > **Note:** The Okta API currently doesn't support entity tags for
conditional updates.
Status of an Application User
The synchronization state for the Application User.
AppUserUpdateRequest
AssignGroupOwnerRequestBody
AssignRoleRequest
AssignRoleToGroupRequest
AssignRoleToUser201Response
AssignRoleToUserRequest
AssignUserToRealm
AssociatedServerMediated
AssuranceMethod
Gets or Sets AssuranceMethodFactorMode
AttackProtectionAuthenticatorSettings
AuthenticationMethod
Indicates if any secrets or private keys used during authentication must be hardware protected and not
exportable.
Indicates if phishing-resistant Factors are required.
Indicates the user interaction requirement (PIN or biometrics) to ensure verification of a possession factor
AuthenticationMethodChain
AuthenticationMethodChainMethod
AuthenticationMethodObject
Specifies the authentication provider that validates the User's password credential.
The type of authentication provider
Enumeration that defines the available HTTP authentication schemes to be used when communicating with the Okta API server.
AuthenticatorBase
AuthenticatorEnrollmentPolicy
AuthenticatorEnrollmentPolicyAuthenticatorSettings
Constraints for the authenticator
Enrollment requirements for the authenticator
Requirements for the user-initiated enrollment
A label that identifies the authenticator
AuthenticatorEnrollmentPolicyConditions
Identifies Users and Groups that are used together
Specifies a set of Groups whose Users are to be included or excluded
AuthenticatorEnrollmentPolicyRule
Specifies whether the User is to be enrolled the first time they `LOGIN`, the next time they are in the
`CHALLENGE` process, or `NEVER`
Gets or Sets self
AuthenticatorEnrollmentPolicyRuleActions
AuthenticatorEnrollmentPolicyRuleConditions
Identifies Users and Groups that are used together
Specifies a set of Users to be included or excluded
**Note:** In Identity Engine, the Multifactor (MFA) Enrollment Policy name has changed to authenticator enrollment
policy.
Type of policy configuration object <x-lifecycle class=\"oie\"></x-lifecycle> The
`type` property in the policy `settings` is only applicable to the authenticator enrollment
policy available in Identity Engine.
Represents a particular authenticator serving as a constraint on a method
AuthenticatorKeyCustomApp
AuthenticatorKeyCustomAppAllOfProvider
Provider type
The configuration of the provider
AuthenticatorKeyCustomAppAllOfProviderConfigurationApns
AuthenticatorKeyCustomAppAllOfProviderConfigurationFcm
AuthenticatorKeyCustomAppAllOfSettings
AuthenticatorKeyDuo
AuthenticatorKeyDuoAllOfProvider
Provider type
AuthenticatorKeyDuoAllOfProviderConfiguration
AuthenticatorKeyDuoAllOfProviderConfigurationUserNameTemplate
AuthenticatorKeyEmail
AuthenticatorKeyEmailAllOfSettings
A human-readable string that identifies the Authenticator
AuthenticatorKeyExternalIdp
AuthenticatorKeyGoogleOtp
AuthenticatorKeyOktaVerify
AuthenticatorKeyOktaVerifyAllOfSettings
AuthenticatorKeyOnprem
AuthenticatorKeyPassword
AuthenticatorKeyPhone
AuthenticatorKeyPhoneAllOfSettings
AuthenticatorKeySecurityKey
AuthenticatorKeySecurityQuestion
AuthenticatorKeySmartCard
AuthenticatorKeySymantecVip
AuthenticatorKeyWebauthn
AuthenticatorKeyYubikey
AuthenticatorLinks
Gets or Sets AuthenticatorMethodAlgorithm
AuthenticatorMethodBase
Limits the authenticators that can be used for a given method.
Gets or Sets method
AuthenticatorMethodOtp
Gets or Sets AuthenticatorMethodProperty
AuthenticatorMethodPush
AuthenticatorMethodPushAllOfSettings
AuthenticatorMethodSignedNonce
AuthenticatorMethodSignedNonceAllOfSettings
AuthenticatorMethodSimple
AuthenticatorMethodTotp
AuthenticatorMethodTotpAllOfSettings
Gets or Sets AuthenticatorMethodTransactionType
The type of authenticator method
AuthenticatorMethodWebAuthn
AuthenticatorMethodWebAuthnAllOfSettings
AuthenticatorMethodWithVerifiableProperties
AuthenticatorSimple
The type of Authenticator
Enumeration that defines the mapping between available Authentication schemes and Authorization modes.
AuthorizationServer
AuthorizationServerCredentials
The Key rotation mode for the authorization server
AuthorizationServerCredentialsSigningConfig
How the key is used
AuthorizationServerJsonWebKey
AuthorizationServerPolicy
Specifies whether requests have access to this Policy
Indicates that the Policy is an authorization server Policy
AuthorizationServerPolicyAllOfLinks
AuthorizationServerPolicyAllOfLinksAllOfRules
AuthorizationServerPolicyConditions
Identifies Users and Groups that are used together
AuthorizationServerPolicyRule
Status of the rule
Rule type
AuthorizationServerPolicyRuleActions
AuthorizationServerPolicyRuleConditions
Specifies a set of Groups whose Users are to be included
AuthorizationServerPolicyRuleRequest
Status of the rule
Rule type
Specifies a set of Users to be included
AuthorizationServerResourceHrefObject
AuthServerLinks
AuthServerLinksAllOfClaims
AuthServerLinksAllOfPolicies
AuthServerLinksAllOfRotateKey
AuthServerLinksAllOfScopes
The org setting that automatically assigns the Okta Admin Console when an admin role is assigned
AutoLoginApplication
AutoLoginApplicationSettings
AutoLoginApplicationSettingsSignOn
The schedule of auto-update configured by admin.
The destination AWS region where your event source is located
This object contains a number of sub-objects, each of which provide some type of contextual information.
Details of the user session
Identifies the Okta user that the token was generated to authenticate and provides details of their Okta user profile
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status
of the user.
BaseContextUserProfile
BaseEmailDomain
BaseEmailServer
BaseToken
Lifetime of the token
BasicApplicationSettings
BasicApplicationSettingsApplication
BasicAuthApplication
`template_basic_auth` is the key name for a Basic Authentication scheme app instance
BeforeScheduledActionPolicyRuleCondition
BehaviorRule
BehaviorRuleAnomalousDevice
BehaviorRuleAnomalousIP
BehaviorRuleAnomalousLocation
BehaviorRuleSettingsAnomalousDevice
BehaviorRuleSettingsAnomalousIP
BehaviorRuleSettingsAnomalousLocation
BehaviorRuleSettingsHistoryBased
BehaviorRuleSettingsVelocity
Gets or Sets BehaviorRuleType
BehaviorRuleVelocity
The method used to bind the out-of-band channel with the primary channel.
BookmarkApplication
`bookmark` is the key name for a Bookmark app
BookmarkApplicationSettings
BookmarkApplicationSettingsApplication
BouncesRemoveListError
BouncesRemoveListObj
BouncesRemoveListResult
Brand
BrandRequest
BrandWithEmbedded
BrowserPluginApplication
The key name for the app definition
BulkDeleteRequestBody
Gets or Sets entityType
BulkUpsertRequestBody
Gets or Sets entityType
BulkUpsertRequestBodyProfilesInner
BundleEntitlement
BundleEntitlementLinks
BundleEntitlementsResponse
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON
Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
BundleEntitlementsResponseLinksBundle
BundleEntitlementsResponseLinksNext
A Cache efficiently stores temporary objects primarily to improve an application's performance.
Represents configuration settings for a particular
Cache region.A Builder to specify configuration for
Cache regions.A CacheManager provides and maintains the lifecycle of
Cache instances.Builder for creating simple
CacheManager instances suitable for SINGLE-JVM APPLICATIONS.Static utility/helper factory methods for
building
CacheManagers and their associated cache regions, suitable for SINGLE-JVM APPLICATIONS.The subject's device compliance was revoked
Current device compliance status
The entity that initiated the event
Previous device compliance status
CaepDeviceComplianceChangeEventReasonAdmin
CaepDeviceComplianceChangeEventReasonUser
CaepSecurityEvent
The entity that initiated the event
The session of the subject was revoked
The entity that initiated the event
Determines whether Okta assigns a new app account to each user managed by Okta.
Defines user import rules
Rules for matching and creating users
Determines the attribute to match users
Defines import settings
Defines the configuration for the INBOUND_PROVISIONING feature
Defines the configurations for the USER_PROVISIONING feature
Determines whether updates to a user's profile are pushed to the app
The type of CAPTCHA provider
CatalogApplication
Gets or Sets CatalogApplicationStatus
Gets or Sets ChallengeType
Determines whether a change in a user's password also updates the user's password in the app
ChangePasswordRequest
The out-of-band channel for use with authentication.
ChannelBinding
Gets or Sets style
ChildOrg
Edition for the Org.
Status of the Org.
Type of returned `token`.
Current version of the Chrome Browser
Client
The
ClientBuilder is used to construct Client instances with Okta credentials,
Proxy and Cache configuration.This class holds the default configuration properties.
Credentials to be used when authenticating requests to the Okta API server.
Specifies which clients are included in the Policy
The org setting that assigns the super admin role by default to a public client app
Static utility/helper class for working with
ApiClient resources.Gets or Sets CodeChallengeMethod
Compliance
Conditions
ContentSecurityPolicySetting
Gets or Sets mode
ContextPolicyRuleCondition
CreateBrandRequest
CreateGroupRuleRequest
Gets or Sets type
CreateIamRoleRequest
CreateRealmAssignmentRequest
CreateRealmRequest
CreateResourceSetRequest
CreateSessionRequest
The request body properties for the new UI Schema
CreateUpdateIamRolePermissionRequest
CreateUserRequest
The ID of the User type.
CreateUserTypeRequest
CredentialSyncInfo
Current credential sync status of the privileged resource
Csr
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status
of a CSR object using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
CsrMetadata
CsrMetadataSubject
CsrMetadataSubjectAltNames
Describes allowed HTTP verbs for the `href`
Gets or Sets allow
Describes allowed HTTP verbs for the `href`
Gets or Sets allow
User verification setting
CustomizablePage
CustomRole
CUSTOM for a custom role
CustomRoleAssignmentSchema
The type of role.
DefaultApp
An Entry is a wrapper that encapsulates the actual
value stored in the cache as well as
creationTimeMillis and lastAccessTimeMillis
metadata about the entry itself.Very simple default
CacheManager implementation that retains all created Cache instances in
an in-memory ConcurrentMap.The default
ClientBuilder implementation.DesktopMFAEnforceNumberMatchingChallengeOrgSetting
DesktopMFARecoveryPinOrgSetting
A key object with public key details
Gets or Sets DetectedRiskEvents
Device
<x-lifecycle class=\"oie\"></x-lifecycle> Specifies the device condition to match on
DeviceAssurance
DeviceAssuranceAndroidPlatform
DeviceAssuranceAndroidPlatformAllOfDiskEncryptionType
DeviceAssuranceAndroidPlatformAllOfScreenLockType
DeviceAssuranceChromeOSPlatform
Settings for third-party signal providers (based on the `CHROMEOS` platform)
DeviceAssuranceIOSPlatform
DeviceAssuranceMacOSPlatform
DeviceAssuranceMacOSPlatformAllOfDiskEncryptionType
Settings for third-party signal providers (based on the `MACOS` platform)
DeviceAssuranceWindowsPlatform
Settings for third-party signal providers (based on the `WINDOWS` platform)
DeviceCheck
Gets or Sets DeviceChecksPlatform
Display name of the device
DeviceList
List of associated users for the device if the `expand=user` query parameter is specified in the
request.
OS platform of the device
Gets or Sets DevicePolicyMDMFramework
Gets or Sets DevicePolicyPlatformType
DevicePolicyRuleCondition
DevicePolicyRuleConditionAssurance
DevicePolicyRuleConditionPlatform
Gets or Sets DevicePolicyTrustLevel
DeviceProfile
The state object of the device
DeviceUser
The management status of the device
Screen lock type of the device
Algorithm used to generate the key.
A disabled implementation that does nothing.
A disabled implementation that does nothing.
Gets or Sets DiskEncryptionTypeAndroid
Type of encryption used on the device > **Note:** The following values map to Disk Encryption ON:
`FULL`, `USER`, `ALL_INTERNAL_VOLUMES`.
Gets or Sets DiskEncryptionTypeDesktop
DNS TXT and CNAME records to be registered for the Domain
Gets or Sets DNSRecordType
Defines the properties of the certificate
Certificate metadata for the domain
Certificate source type that indicates whether the certificate is provided by the user or Okta.
Certificate type
DomainLinks
DomainLinksAllOfBrand
DomainLinksAllOfCertificate
DomainLinksAllOfVerify
Defines a list of domains with a subset of the properties for each domain.
DomainRequest
The properties that define an individual domain.
Status of the domain
Interceptor that handle DPoP handshake during auth and adds DPoP header to regular requests.
Provides the status whether a domain has been failed over or not
Google Chrome Device Trust Connector provider
Google Chrome Device Trust Connector provider
Google Chrome Device Trust Connector provider
Duration
DynamicNetworkZone
The proxy type used for a Dynamic Network Zone
DynamicNetworkZoneAllOfAsns
DynamicNetworkZoneAllOfLocations
Elliptic Curve Key in JWK format, currently used during enrollment to encrypt fulfillment requests to Yubico, or
during activation to verify Yubico's JWS objects in fulfillment responses.
Gets or Sets crv
The type of public key
The intended use for the key.
EmailContent
EmailCustomization
EmailCustomizationAllOfLinks
EmailDefaultContent
EmailDomain
EmailDomainDNSRecord
Gets or Sets EmailDomainDNSRecordType
EmailDomainResponse
EmailDomainResponseWithEmbedded
Gets or Sets EmailDomainStatus
EmailPreview
EmailPreviewLinks
EmailServerListResponse
EmailServerPost
EmailServerRequest
EmailServerResponse
EmailSettings
Gets or Sets recipients
EmailSettingsResponse
Gets or Sets recipients
EmailSettingsResponseLinks
EmailTemplateResponse
EmailTemplateResponseEmbedded
EmailTemplateResponseLinks
Variant for email templates.
EmailTestAddresses
The Public Key Details are defined in the `_embedded` property of the Key object.
Gets or Sets enabledPagesType
Setting status
Requested authentication method for OAuth 2.0 endpoints.
Variant for the Okta End-User Dashboard.
EnhancedDynamicNetworkZone
<div class=\"x-lifecycle-container\"><x-lifecycle
class=\"ea\"></x-lifecycle></div>The list of ASNs associated with an Enhanced Dynamic
Network Zone
EnhancedDynamicNetworkZoneAllOfAsnsInclude
<div class=\"x-lifecycle-container\"><x-lifecycle
class=\"ea\"></x-lifecycle></div>IP services, such as a proxy or VPN, to include or
exclude for an Enhanced Dynamic Network Zone
<div class=\"x-lifecycle-container\"><x-lifecycle
class=\"ea\"></x-lifecycle></div>The list of geolocations to include or exclude for an
Enhanced Dynamic Network Zone
EnhancedDynamicNetworkZoneAllOfLocationsExclude
EnhancedDynamicNetworkZoneAllOfLocationsInclude
Enrollment Initialization Request
Name of the fulfillment provider for the WebAuthn Preregistration Factor
Enrollment Initialization Response
Name of the fulfillment provider for the WebAuthn Preregistration Factor
Enrollment Initialization Request
Name of the fulfillment provider for the WebAuthn Preregistration Factor
Yubico Transport Key in the form of a JWK, used to encrypt our fulfillment request to Yubico.
Name of the fulfillment provider for the WebAuthn Preregistration Factor
EntitlementValue
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON
Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
EntitlementValuesResponse
EntitlementValuesResponseLinks
EntityRiskPolicy
EntityRiskPolicyRule
EntityRiskPolicyRuleActionRunWorkflow
Gets or Sets action
This action runs a workflow
EntityRiskPolicyRuleActionsObject
Gets or Sets action
EntityRiskPolicyRuleActionTerminateAllSessions
This action revokes or terminates all of the user's active sessions.
The action to take based on the risk event
The object that contains the `actions` array
EntityRiskPolicyRuleConditions
<x-lifecycle class=\"oie\"></x-lifecycle> The risk score level of the entity risk policy
rule
Gets or Sets level
Error
ErrorCause
ErrorPage
Variant for the error page.
ErrorResponse
EventHook
Status of the event hook
EventHookChannel
EventHookChannelConfig
The authentication scheme used for this request.
The authentication scheme type.
EventHookChannelConfigHeader
The channel type.
EventHookFilterMapObject
EventHookFilterMapObjectCondition
The optional filter defined on a specific event type > **Note:** Event hook filters is a [self-service Early
Access (EA)](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) to enable.
EventHookLinks
Verification status of the event hook.
EventSubscriptions
The events object type.
Expression
FCMConfiguration
FCMPushProvider
Specifies feature release cycle information
Gets or Sets FeatureLifecycle
FeatureLinks
Link to feature dependencies
Link to feature dependents
Current release cycle stage of a feature If a feature's stage value is `EA`, the state is
`null` and not returned.
Indicates the release state of the feature
Current release stage of the feature
Type of feature
Gets or Sets FipsEnum
ForgotPasswordResponse
Fulfillment provider details
Fulfillment Request
Name of the fulfillment provider for the WebAuthn Preregistration Factor
GetSsfStreams200Response
The Subject Identifier format expected for any SET transmitted.
Schema for the Google Workspace app (key name: `google`) To create a Google Workspace app, use the [Create
an
Application](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication)
request with the following parameters in the request body.
Gets or Sets name
Gets or Sets signOnMode
GoogleApplicationSettings
Google app instance properties
GovernanceBundle
GovernanceBundleCreateRequest
GovernanceBundleLinks
GovernanceBundlesResponse
GovernanceBundlesResponseLinks
GovernanceBundleUpdateRequest
The grant type
Status
GrantResourcesHrefObject
Determines the mechanism Okta uses to authorize the creation of the tokens.
Array of grant types that this condition includes.
Group
Specifies a set of Groups whose Users are to be included or excluded
[Discoverable
resources](/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroups!c=200&path=_links&t=response)
related to the Group
GroupOwner
The source where group ownership is managed
The entity type of the owner
Specifies a set of Groups whose Users are to be included or excluded
Specifies required and optional properties for a Group.
GroupRule
Defines which users and groups to assign
Defines group rule conditions
Defines Okta specific [group-rules
expression](https://developer.okta.com/docs/reference/okta-expression-language/#expressions-in-group-rules)
Contains the `groupIds` array
Currently not supported
Defines conditions for `people` in a group rule
Status of group rule
Defines conditions specific to user exclusion
GroupSchema
GroupSchemaAttribute
GroupSchemaAttributeEnumInner
GroupSchemaBase
All Okta-defined Profile properties are defined in a Profile subschema with the resolution scope `#base`.
All custom Profile properties are defined in a Profile subschema with the resolution scope `#custom`
GroupSchemaDefinitions
GroupsLink
Determines how a Group's Profile and memberships are managed
HelpLink
The `id` property in the response as `id` serves as the unique ID for the key, which you can
specify when invoking other CRUD operations.
HostedPage
Gets or Sets HostedPageType
Link to publish CSR
Link to the resource (self)
Describes allowed HTTP verbs for the `href`
HrefHintsGuidanceObject
HrefObject
HrefObjectActivateLink
HrefObjectAppLink
HrefObjectAssigneeLink
Link to authorize scopes
HrefObjectClientLink
HrefObjectDeactivateLink
HrefObjectDeleteLink
HrefObjectGovernanceResourcesLink
HrefObjectGrantAerialConsent
HrefObjectGroupLink
HrefObjectLogoLink
HrefObjectMappingsLink
HrefObjectMemberLink
HrefObjectPermissionsLink
HrefObjectResourceSetLink
HrefObjectRetrieveAerialConsent
HrefObjectRevokeAerialConsent
HrefObjectRoleLink
HrefObjectRulesLink
HrefObjectSelfLink
HrefObjectSuspendLink
HrefObjectUnsuspendLink
HrefObjectUserLink
Gets or Sets HttpMethod
IAMBundleEntitlement
IamRole
IamRoleLinks
IamRoles
IdentityProvider
IdentityProviderApplicationUser
IdentityProviderApplicationUserLinks
IdentityProviderCredentials
IdentityProviderCredentialsClient
IdentityProviderCredentialsSigning
IdentityProviderCredentialsTrust
Gets or Sets IdentityProviderCredentialsTrustRevocation
Indicates whether Okta uses the original Okta org domain URL or a custom domain URL in the request to the social IdP
IdentityProviderLinks
Policy settings for the IdP.
Gets or Sets IdentityProviderPolicyProvider
IdentityProviderPolicyRuleCondition
The properties in the Identity Provider Properties object vary depending on the IdP type
Gets or Sets additionalAmr
The Identity Provider object's `type` property identifies the social or enterprise Identity Provider
used for authentication.
IdentitySourceSession
Gets or Sets IdentitySourceSessionStatus
IdentitySourceUserProfileForDelete
IdentitySourceUserProfileForUpsert
IdPCertificateCredential
Defines a CSR for a signature or decryption credential for an IdP
IdPCsrLinks
IdpDiscoveryPolicy
IdpDiscoveryPolicyRule
IdpDiscoveryPolicyRuleCondition
A [JSON Web Key](https://tools.ietf.org/html/rfc7517) for a signature or encryption credential for an IdP
IdpPolicyRuleAction
IdpPolicyRuleActionIdp
IdpPolicyRuleActionMatchCriteria
IdpPolicyRuleActionProvider
Determines whether the rule should use expression language or a specific IdP
Gets or Sets IframeEmbedScopeAllowedApps
ImageUploadResponse
Import schedule configuration
ImportScheduleObjectFullImport
ImportScheduleObjectIncrementalImport
ImportScheduleSettings
Determines the Okta username for the imported user
Determines the username format when users sign in to Okta
InactivityPolicyRuleCondition
InboundProvisioningApplicationFeature
InlineHook
InlineHookBasePayload
InlineHookChannel
InlineHookChannelConfig
InlineHookChannelConfigAuthScheme
InlineHookChannelConfigHeaders
InlineHookChannelHttp
InlineHookChannelOAuth
Gets or Sets InlineHookChannelType
InlineHookOAuthBasicConfig
InlineHookOAuthChannelConfig
InlineHookOAuthClientSecretConfig
InlineHookOAuthPrivateKeyJwtConfig
The API request that triggered the inline hook
The URL of the API endpoint
InlineHookResponse
InlineHookResponseCommands
InlineHookResponseCommandValue
Gets or Sets InlineHookStatus
Gets or Sets InlineHookType
IPNetworkZone
An IP service offered by a provider, such as a proxy or VPN
Gets or Sets IssuerMode
Class that add parsing/formatting support for Java 8+
OffsetDateTime class.The update action
JsonWebKey
JsonWebKeyEC
JsonWebKeyRsa
The status of the public key
The type of public key
The intended use of the public key
JwkUse
Purpose of the certificate.
KeepCurrent
KeepMeSignedIn
Whether the post-authentication Keep Me Signed In flow is allowed
KeyRequest
Represents the attestation strength used by the Chrome Verified Access API
Represents the attestation strength used by the Chrome Verified Access API
KnowledgeConstraint
Gets or Sets methods
Gets or Sets types
Determines whether to update a user in the app when a user in Okta is updated
Determines whether deprovisioning occurs when the app is unassigned
LifecycleExpirationPolicyRuleCondition
Gets or Sets LifecycleStatus
LinkedHrefObject
LinkedObject
LinkedObjectDetails
The object type for this relationship
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status
of an application using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
LinksActivate
LinksActivateActivate
LinksAerialConsentGranted
LinksAerialConsentRevoked
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON
Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON
Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
LinksCancel
LinksCancelCancel
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON
Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
LinksDeactivate
LinksDeactivateDeactivate
LinksEnroll
LinksEnrollEnroll
LinksFactor
LinksFactorFactor
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the resources
using the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06)
specification.
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the sources using
the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06)
specification.
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status
of an application using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON
Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
LinksNextForRoleAssignmentsNext
LinksPoll
LinksPollPoll
LinksQrcode
LinksQrcodeQrcode
LinksQuestions
LinksQuestionsQuestion
LinksResend
LinksResendResend
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON
Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
LinksSelfAndFullUsersLifecycle
LinksSelfAndLifecycle
LinksSelfAndRoles
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available using the [JSON
Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
LinksSelfLifecycleAndAuthorize
LinksSend
LinksSendSend
LinksUser
LinksUserRef
LinksUserUser
LinksVerify
LinksVerifyVerify
ListGroupAssignedRoles200ResponseInner
A collection of the profile mappings that include a subset of the profile mapping object's properties.
ListSubscriptionsRoleRoleRefParameter
Variant for the Okta loading page.
Gets or Sets LocationGranularity
Describes the user, app, client, or other entity (actor) who performs an action on a target.
All authentication relies on validating one or more credentials that prove the authenticity of the actor's
identity.
The system that proves the identity of an actor using the credentials provided to it
When an event is triggered by an HTTP request, the `client` object describes the
[client](https://datatracker.ietf.org/doc/html/rfc2616) that issues the HTTP request.
A credential provider is a software service that manages identities and their associated credentials.
The underlying technology/scheme used in the credential
For some kinds of events (for example, OLM provisioning, sign-in request, second factor SMS, and so on), the fields
that are provided in other response objects aren't sufficient to adequately describe the operations that the
event has performed.
The entity that describes a device enrolled with passwordless authentication using Okta Verify.
Gets or Sets LogDiskEncryptionType
LogEvent
Geographical context describes a set of geographic coordinates.
The latitude and longitude of the geolocation where an action was performed.
LogIpAddress
Describes the issuer of the authorization server when the authentication is performed through OAuth.
LogOutcome
Result of the action
The `Request` object describes details that are related to the HTTP request that triggers this event, if
available.
Gets or Sets LogScreenLockType
The `securityContext` object provides security information that is directly related to the evaluation of
the event's IP reputation.
Indicates how severe the event is
LogStream
Lifecycle status of the Log Stream object
LogStreamActivateLink
HTTP method allowed for the resource
LogStreamAws
LogStreamAwsPutSchema
LogStreamDeactivateLink
HTTP method allowed for the resource
LogStreamLinkObject
HTTP method allowed for the resource
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status
of an application using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
LogStreamPutSchema
LogStreamSchema
LogStreamSelfLink
HTTP method allowed for the resource
Specifies the configuration for the `aws_eventbridge` Log Stream type.
Specifies the configuration for the `splunk_cloud_logstreaming` Log Stream type.
Specifies the configuration for the `splunk_cloud_logstreaming` Log Stream type.
LogStreamSplunk
LogStreamSplunkPutSchema
Specifies the streaming provider used Supported providers: * `aws_eventbridge` ([AWS
EventBridge](https://aws.amazon.com/eventbridge)) * `splunk_cloud_logstreaming` ([Splunk
Cloud](https://www.splunk.com/en_us/software/splunk-cloud-platform.html)) Select the provider type to see
provider-specific configurations in the `settings` property:
The entity that an actor performs an action on.
Details on the target's changes.
A `transaction` object comprises contextual information associated with its respective event.
\"A user agent is software (a software agent) that is acting on behalf of a user.\" ([Definition of User
Agent](https://developer.mozilla.org/en-US/docs/Glossary/User_agent)) In the Okta event data object, the
`UserAgent` object provides specifications about the client software that makes event-triggering HTTP
requests.
Gets or Sets MDMEnrollmentPolicyEnrollment
MDMEnrollmentPolicyRuleCondition
MetadataLink
Certificate chain description for verifying assertions from the Smart Card
MtlsEndpoints
The Single Sign-On (SSO) endpoint is the IdP's `SingleSignOnService` endpoint
MtlsTrustCredentials
Mechanism to validate the certificate
NetworkZone
Specifies the value of an IP address expressed using either `range` or `CIDR` form.
Format of the IP addresses
NetworkZoneLocation
Network Zone status
The type of Network Zone
The usage of the Network Zone
The type of notification
Represents the OAuth2 access token returned by Authorization server.
User that created the object
OAuth2Claim
Specifies the scopes for the Claim
Specifies the type of group filter if `valueType` is `GROUPS` If `valueType` is
`GROUPS`, then the groups returned are filtered according to the value of `group_filter_type`.
Specifies whether the Claim is for an access token (`RESOURCE`) or an ID token (`IDENTITY`)
Specifies whether the Claim is an Okta Expression Language (EL) expression (`EXPRESSION`), a set of groups
(`GROUPS`), or a system claim (`SYSTEM`)
OAuth2Client
This implementation represents client credentials specific to OAuth2 Authentication scheme.
OAuth2ClientJsonWebKey
Status of the OAuth 2.0 Client JSON Web Key
OAuth2ClientJsonWebKeyRequestBody
Status of the OAuth 2.0 Client JSON Web Key
OAuth2ClientLinks
OAuth2ClientSecret
Status of the OAuth 2.0 Client Secret
OAuth2ClientSecretRequestBody
Status of the OAuth 2.0 Client Secret
OAuth2RefreshToken
The embedded resources related to the object if the `expand` query parameter is specified
OAuth2RefreshTokenLinks
Link to revoke the refresh Token
OAuth2RefreshTokenLinksAllOfRevokeAllOfHints
Gets or Sets allow
OAuth2RefreshTokenScope
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status
of an application using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
OAuth2Scope
Grant object that represents an app consent scope grant
Embedded resources related to the Grant
OAuth2ScopeConsentGrantEmbeddedScope
OAuth2ScopeConsentGrantLinks
User type source that granted consent
Indicates whether a consent dialog is needed for the Scope
Indicates whether the Scope is included in the metadata
Array of scopes that the condition includes
OAuth2Token
OAuthApplicationCredentials
Endpoint for an [OAuth 2.0 Authorization Server (AS)](https://tools.ietf.org/html/rfc6749#page-18)
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the current status
of an application using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification.
Client authentication credentials for an [OAuth 2.0 Authorization
Server](https://tools.ietf.org/html/rfc6749#section-2.3)
OAuth 2.0 and OpenID Connect Client object > **Note:** You must complete client registration with the IdP
Authorization Server for your Okta IdP instance to obtain client credentials.
Client authentication methods supported by the token endpoint
Requested authentication method for the token endpoint
The `OAUTH2` and `OIDC` protocols support the `authorization` and `token`
endpoints.
OAuth flows that are supported by this client
Array of OAuth 2.0 grant type strings
OAuthMetadata
Gets or Sets dpopSigningAlgValuesSupported
Application name for the provisioning connection
Array of OAuth 2.0 response type strings
Endpoint for an [OAuth 2.0 Authorization Server (AS)](https://tools.ietf.org/html/rfc6749#page-18)
Schema for the Microsoft Office 365 app (key name: `office365`) To create a Microsoft Office 365 app, use
the [Create an
Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication)
request with the following parameters in the request body.
Gets or Sets name
Gets or Sets signOnMode
Office365ApplicationSettings
Office365 app instance properties
Settings required for the Microsoft Office 365 Provisioning Connection
OfflineAccessScopeResourceHrefObject
OIDC configuration details
OidcAlgorithms
Endpoint for the JSON Web Key Set (JWKS) document.
Algorithm settings used to sign an authorization request
Signature Algorithm settings for signing authorization requests sent to the IdP > **Note:** The
`algorithm` property is ignored when you disable request signatures (`scope` set as
`NONE`).
Gets or Sets OidcSigningAlgorithm
Endpoint for getting identity information about the User.
OINApplication
Contains SAML 1.1 sign-on mode attributes
Contains SAML 2.0 sign-on mode attributes.
Profile for a Group that is imported from Active Directory.
The device risk level changed
Current risk level of the device
The entity that initiated the event
Previous risk level of the device
IP changed for the subject's session
The entity that initiated the event
Defines a list of Okta Personal settings that can be enabled or disabled for the org
OktaSignOnPolicy
OktaSignOnPolicyConditions
Indicates if the User should be challenged for a second factor (MFA) based on the device being used, a Factor session
lifetime, or on every sign-in attempt **Note:** Required only if `requireFactor` is set to
`true`.
OktaSignOnPolicyRule
OktaSignOnPolicyRuleActions
OktaSignOnPolicyRuleConditions
OktaSignOnPolicyRuleSignonActions
Gets or Sets access
<x-lifecycle class=\"oie\"></x-lifecycle> Indicates the primary factor used to establish a
session for the org.
Properties governing the User's session lifetime
Profile for any Group that is not imported from Active Directory.
The user risk level changed
Current risk level of the user
The entity that initiated the event
Previous risk level of the user
OpenIdConnectApplication
Indicates whether user consent is required or implicit.
The type of IdP-initiated sign-in flow that the client supports
The mode to use for the IdP-initiated sign-in flow.
Indicates whether the Okta authorization server uses the original Okta org domain URL or a custom domain URL as the
issuer of the ID token for this client
OpenIdConnectApplicationSettings
OpenIdConnectApplicationSettingsClient
The signing algorithm for Client-Initiated Backchannel Authentication (CIBA) signed requests using JWT.
The delivery mode for Client-Initiated Backchannel Authentication (CIBA).
The type of JSON Web Key Set (JWKS) algorithm that must be used for signing request objects
Type of the subject
Indicates if the client is allowed to use wildcard matching of `redirect_uris`
A [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) for validating JWTs presented to Okta
Refresh token configuration for an OAuth 2.0 client When you create or update an OAuth 2.0 client, you can configure
refresh token rotation by setting the `rotation_type` and `leeway` properties.
The type of client app Specific `grant_types` are valid for each `application_type`.
The refresh token rotation mode for the OAuth 2.0 client
Operational status of a given agent
OperationRequest
OperationResponse
Gets or Sets status
OperationResponseAssignmentOperation
OperationResponseAssignmentOperationConfiguration
OperationResponseAssignmentOperationConfigurationActions
OperationResponseAssignmentOperationConfigurationActionsAssignUserToRealm
OptInStatusResponse
Gets or Sets optInStatus
OptInStatusResponseLinks
Schema for the Okta Org2Org app (key name: `okta_org2org`) To create an Org2Org app, use the [Create an
Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication)
request with the following parameters in the request body.
Gets or Sets name
Gets or Sets signOnMode
Org2OrgApplicationSettings
Org2Org app instance properties
OrgAerialConsent
OrgAerialConsentDetails
OrgAerialConsentRevoked
OrgAerialGrantNotFound
Org billing contact
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the org billing
Contact Type object using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
OrgBillingContactTypeLinksBilling
Link relations for the CAPTCHA settings object
Type of contact
OrgContactTypeObj
OrgContactUser
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the Contact Type
User object using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
Profile and credential information for the first super admin user of the child Org.
Specifies primary authentication and recovery credentials for a User.
Specifies a password for a user > **Note:** For information on defaults and configuring your password policies,
see [Configure the password
authenticator](https://help.okta.com/okta_help.htm?type=oie&id=ext-configure-password) in the help
documentation.
Specifies the profile attributes for the first super admin user.
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the org using the
[JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
OrgGeneralSettingLinksContacts
OrgGeneralSettingLinksLogo
OrgGeneralSettingLinksOktaCommunication
OrgGeneralSettingLinksOktaSupport
OrgGeneralSettingLinksPreferences
OrgGeneralSettingLinksUploadLogo
OrgOktaCommunicationSetting
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for this object using
the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06)
specification
OrgOktaCommunicationSettingLinksOptIn
OrgOktaCommunicationSettingLinksOptOut
Status of Okta Support Settings
OrgOktaSupportSettingsObj
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the Okta Support
Settings object using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
OrgOktaSupportSettingsObjLinksExtend
OrgOktaSupportSettingsObjLinksGrant
OrgOktaSupportSettingsObjLinksRevoke
OrgPreferences
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for this object using
the [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06)
specification
OrgPreferencesLinksHideEndUserFooter
OrgPreferencesLinksShowEndUserFooter
OrgSetting
Status of org
Org technical contact
Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288)) available for the org technical
Contact Type object using the [JSON Hypertext Application
Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06) specification
OrgTechnicalContactTypeLinksTechnical
Specifies the OS requirement for the policy.
OSVersionConstraint
Indicates the Windows major version
Contains the necessary properties for a dynamic Windows version requirement
Indicates the type of the dynamic Windows version requirement
<div class=\"x-lifecycle-container\"><x-lifecycle
class=\"ea\"></x-lifecycle></div>Contains the necessary properties for a dynamic
version requirement
Indicates the type of the dynamic OS version requirement
Current version of the operating system (maximum of four components in the versioning scheme)
Current version of the operating system (maximum of three components in the versioning scheme)
The protocol used
HMAC algorithm
The shared secret encoding
Deprecated.
PageRoot
PageRootEmbedded
PageRootLinks
Helper class for Pagination related functions.
Attributes used for processing AD Group membership update
The update action to take
Specifies a password for a user.
Specifies a hashed password to import into Okta.
The algorithm used to generate the hash using the password (and salt, when applicable).
Specify a [password import inline
hook](/openapi/okta-management/management/tag/InlineHook/#tag/InlineHook/operation/createPasswordImportInlineHook) to
trigger verification of the User's password the first time the User signs in.
Weak password dictionary lookup settings
Lookup settings for commonly used passwords
PasswordExpirationPolicyRuleCondition
PasswordImportRequest
PasswordImportRequestData
This object specifies the default action Okta is set to take.
PasswordImportRequestDataContext
PasswordImportRequestDataContextCredential
PasswordImportResponse
PasswordImportResponseCommandsInner
The parameter value of the command.
Gets or Sets credential
PasswordPolicy
PasswordPolicyAuthenticationProviderCondition
Gets or Sets PasswordPolicyAuthenticationProviderType
PasswordPolicyConditions
PasswordPolicyDelegationSettings
PasswordPolicyDelegationSettingsOptions
PasswordPolicyPasswordSettings
Age settings
Complexity settings
Lockout settings
PasswordPolicyRecoveryEmail
PasswordPolicyRecoveryEmailProperties
PasswordPolicyRecoveryEmailRecoveryToken
Settings for the Factors that can be used for recovery
PasswordPolicyRecoveryFactorSettings
PasswordPolicyRecoveryQuestion
PasswordPolicyRecoveryQuestionComplexity
PasswordPolicyRecoveryQuestionProperties
PasswordPolicyRecoverySettings
PasswordPolicyRule
PasswordPolicyRuleAction
PasswordPolicyRuleActions
PasswordPolicyRuleConditions
PasswordPolicySettings
Indicates whether the Password Protection Warning feature is enabled
Determines whether Okta creates and pushes a password in the app for each assigned user
The operation (PATCH action)
Gets or Sets PerClientRateLimitMode
A map of Per-Client Rate Limit Use Case to the applicable PerClientRateLimitMode.
Permission
Conditions for further restricting a permission
PermissionLinks
Permissions
Defines a list of email domains with a subset of the properties for each domain
Pin Request
Name of the fulfillment provider for the WebAuthn Preregistration Factor
The authentication pipeline of the org
Gets or Sets Platform
PlatformConditionEvaluatorPlatform
PlatformConditionEvaluatorPlatformOperatingSystem
PlatformConditionEvaluatorPlatformOperatingSystemVersion
Gets or Sets PlatformConditionOperatingSystemVersionMatchType
PlatformPolicyRuleCondition
Policy
Gets or Sets PolicyAccess
Specifies the behavior for linking an IdP User to an existing Okta User
Specifies the account linking action for an IdP User
Specifies Group memberships to restrict which Users are available for account linking by an IdP
Group memberships used to determine link candidates
PolicyContext
PolicyContextDevice
An array of Group IDs for the simulate operation.
The risk rule condition level
Gets or Sets level
The user ID for the simulate operation.
The zone ID under the network rule condition.
PolicyLinks
PolicyMapping
PolicyMappingLinks
PolicyMappingLinksAllOfApplication
PolicyMappingLinksAllOfPolicy
PolicyMappingRequest
Gets or Sets PolicyMappingResourceType
PolicyNetworkCondition
Network selection mode
Identifies Users and Groups that are used together
Gets or Sets PolicyPlatformOperatingSystemType
Gets or Sets PolicyPlatformType
PolicyRule
PolicyRuleActionsEnroll
Gets or Sets PolicyRuleActionsEnrollSelf
PolicyRuleAuthContextCondition
Gets or Sets PolicyRuleAuthContextType
PolicyRuleConditions
Rule type
Verification method type
Specifies the behavior for establishing, validating, and matching a username for an IdP User
Determines the Okta User profile attribute match conditions for account linking and authentication of the transformed
IdP username
All Okta orgs contain only one IdP Discovery Policy with an immutable default Rule routing to your org's sign-in
page.
Gets or Sets PolicyTypeSimulation
[Okta Expression Language (EL) expression](https://developer.okta.com/docs/reference/okta-expression-language/) to
generate or transform a unique username for the IdP User.
Gets or Sets PolicyUserStatus
PossessionConstraint
Indicates if device-bound Factors are required.
Indicates if any secrets or private keys used during authentication must be hardware protected and not
exportable.
Gets or Sets methods
Indicates if phishing-resistant Factors are required.
Gets or Sets types
Indicates if the user needs to approve an Okta Verify prompt or provide biometrics (meets NIST AAL2
requirements).
Indicates the user interaction requirement (PIN or biometrics) to ensure verification of a possession factor
PostAPIServiceIntegrationInstance
PostAPIServiceIntegrationInstanceRequest
PostAuthKeepMeSignedInPrompt
PostAuthSessionFailureActionsObject
Gets or Sets action
PostAuthSessionPolicy
PostAuthSessionPolicyRule
The action to take in response to a failure of the reevaluated global session policy or authentication polices.
This object contains a `failureActions` array that defines the specific action to take when post auth
session evaluation detects a failure.
PostAuthSessionPolicyRuleAllOfConditions
PostAuthSessionPolicyRuleRunWorkflow
Gets or Sets action
PostAuthSessionPolicyRuleTerminateSession
The action to take when post auth session evaluation detects a failure.
PreRegistrationInlineHook
Gets or Sets PrincipalType
PrivilegedAccount
Credentials for a Privileged Account
Details for a SaaS Application Account, which will be managed as a Privileged Account
Details for a SaaS Application Account, which will be managed as a Privileged Account
Details for managing an Okta Universal Directory Account as a Privileged Account
Details for managing an Okta Universal Directory Account as a Privileged Account
PrivilegedAccountForUpdate
Describes the current status of a Privileged Account
Describes the detailed status of a Privileged Account
The type of Privileged Account
PrivilegedResource
PrivilegedResourceAccountApp
PrivilegedResourceAccountOkta
Credentials for the privileged account
Current status of the privileged resource
The type of the resource
Update request for a privileged resource
ProfileEnrollmentPolicy
ProfileEnrollmentPolicyRule
ProfileEnrollmentPolicyRuleAction
**Note:** The Profile Enrollment Action object can't be modified to set the `access` property to
`DENY` after the policy is created.
Progressive profile enrollment helps evaluate the profile enrollment policy at every user login.
Which action should be taken if this User is new
ProfileEnrollmentPolicyRuleActions
Contains a single Boolean property that indicates whether `emailVerification` should occur
(`true`) or not (`false`, default)
ProfileEnrollmentPolicyRuleProfileAttribute
The Profile Mapping object describes a mapping between an Okta User's and an App User's properties using
[JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
A target property, in string form, that maps to a valid [JSON Schema
Draft](https://tools.ietf.org/html/draft-zyp-json-schema-04) document.
Indicates whether to update target properties for user create and update or just for user create.
The updated request body properties
The parameter is the source of a profile mapping and is a valid [JSON Schema Draft
4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04) document with the following properties.
The parameter is the target of a profile mapping and is a valid [JSON Schema Draft
4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04) document with the following properties.
This setting determines whether a user in the app gets updated when they're updated in Okta.
Parses a
.properties source (string, file, stream, etc) and returns a Map<String,String>
that reflects the parsed properties.Protocol
Specifies whether to digitally sign authorization requests to the IdP
Specifies whether to verify responses from the IdP
ProtocolAlgorithms
ProtocolAlgorithmType
ProtocolAlgorithmTypeSignature
Gets or Sets ProtocolAlgorithmTypeSignatureScope
ProtocolEndpoint
Gets or Sets ProtocolEndpointBinding
ProtocolEndpoints
Gets or Sets ProtocolEndpointType
Protocol settings for the [MTLS Protocol](https://tools.ietf.org/html/rfc5246#section-7.4.4)
Mutual TLS
Protocol settings for authentication using the [OAuth 2.0 Authorization Code
flow](https://tools.ietf.org/html/rfc6749#section-4.1)
OAuth 2.0 Authorization Code flow
Protocol settings for authentication using the [OpenID Connect
Protocol](http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
OpenID Connect Authorization Code flow
ProtocolRelayState
Gets or Sets ProtocolRelayStateFormat
Protocol settings for the [SAML 2.0 Authentication Request
Protocol](http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf)
SAML 2.0 protocol
ProtocolSettings
Gets or Sets ProtocolType
Gets or Sets ProviderType
Specifies the behavior for just-in-time (JIT) provisioning of an IdP User as a new Okta User and their Group
memberships
Specifies the User provisioning action during authentication when an IdP User isn't linked to an existing Okta
User.
Conditional behaviors for an IdP User during authentication
Defines the method of authentication
OAuth 2.0 is used to authenticate with the app.
ProvisioningConnectionOauthRequest
ProvisioningConnectionOauthRequestProfile
The app provisioning connection profile used to configure the method of authentication and the credentials.
Gets or Sets ProvisioningConnectionRequestAuthScheme
ProvisioningConnectionResponse
ProvisioningConnectionResponseProfile
Provisioning Connection status
A token is used to authenticate with the app.
ProvisioningConnectionTokenRequest
ProvisioningConnectionTokenRequestProfile
Specifies the action during authentication when an IdP User is linked to a previously deprovisioned Okta User
Behavior for a previously deprovisioned IdP User during authentication.
Provisioning settings for a User's Group memberships
Provisioning action for the IdP User's Group memberships | Enum | Description | Existing OKTA_GROUP Memberships |
Existing APP_GROUP Memberships | Existing BUILT_IN Memberships | | -------- |
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
| ----------------------------------------------------------------------------------------------------- |
------------------------------ | ----------------------------- | | `APPEND` | Adds a User to any Group
defined by the IdP as a value of the `sourceAttributeName` array that matches the name of the allow listed
Group defined in the `filter` | Unchanged | Unchanged | Unchanged | | `ASSIGN` | Assigns a User
to Groups defined in the `assignments` array | Unchanged | Unchanged | Unchanged | | `NONE` |
Skips processing of Group memberships | Unchanged | Unchanged | Unchanged | | `SYNC` | Group memberships
are sourced by the IdP as a value of the `sourceAttributeName` array that matches the name of the Group
defined in the `filter` | Removed if not defined by the IdP in `sourceAttributeName` and matching
name of the Group in `filter` | Unchanged | Unchanged | > **Note:** Group provisioning action is
processed independently from profile sourcing.
Specifies the action during authentication when an IdP User is linked to a previously suspended Okta User
Behavior for a previously suspended IdP User during authentication.
Indicates whether you must use a hardware key store
PushProvider
This class demonstrates the code found in the Okta Java SDK QuickStart Guide
Example snippets used for this projects README.md.
Realm
RealmAssignment
RealmProfile
Used to store partner users.
Specifies a secret question and answer that's validated (case insensitive) when a User forgets their password or
unlocks their account.
The refresh token
RegistrationInlineHook
RegistrationInlineHookCommand
Gets or Sets type
RegistrationInlineHookPPData
RegistrationInlineHookPPDataAllOfData
RegistrationInlineHookPPDataAllOfDataContext
RegistrationInlineHookPPDataAllOfDataContextUser
RegistrationInlineHookRequest
The type of registration hook.
RegistrationInlineHookResponse
RegistrationInlineHookSSRData
RegistrationInlineHookSSRDataAllOfData
RegistrationInlineHookSSRDataAllOfDataContext
RegistrationResponse
RegistrationResponseCommandsInner
For the registration inline hook, the `error` object provides a way of displaying an error message to the
end user who is trying to register or update their profile.
RegistrationResponseErrorErrorCausesInner
Release channel for auto-update
Gets or Sets RequiredEnum
ResendUserFactor
Type of the Factor
ResetPasswordToken
ResourceSelectorCreateRequestSchema
ResourceSelectorPatchRequestSchema
ResourceSelectorResponseSchema
ResourceSelectorResponseSchemaLinks
ResourceSelectorResponseWithoutSelfLinkSchema
ResourceSelectorResponseWithoutSelfLinkSchemaLinks
ResourceSelectorsSchema
ResourceSet
ResourceSetBindingAddMembersRequest
ResourceSetBindingCreateRequest
ResourceSetBindingMember
ResourceSetBindingMembers
ResourceSetBindingMembersLinks
ResourceSetBindingResponse
ResourceSetBindingResponseLinks
ResourceSetBindingRole
ResourceSetBindingRoleLinks
ResourceSetBindings
ResourceSetLinks
ResourceSetResource
Related discoverable resources
ResourceSetResourceLinksGroups
ResourceSetResourceLinksResource
ResourceSetResourceLinksSelf
ResourceSetResourceLinksUsers
ResourceSetResourcePatchRequest
ResourceSetResourcePostRequest
ResourceSetResources
ResourceSetResourcesLinks
ResourceSets
Link objects
Gets or Sets ResponseMode
Gets or Sets ResponseType
Gets or Sets ResponseTypesSupported
RevokeRefreshTokenHrefObject
The subject's identifier has changed, which is either an email address or a phone number change
<x-lifecycle class=\"oie\"></x-lifecycle> An object that references detected risk events.
RiskEvent
RiskEventSubject
The risk level associated with the IP
RiskPolicyRuleCondition
RiskProvider
Action taken by Okta during authentication attempts based on the risk events sent by this provider
Specifies a particular level of risk to match on
The level to match
Role
RoleAssignedUser
RoleAssignedUsers
Role assignment type
List of all User Role Governance Sources
The resource of a grant
The resources of a grant
RoleGovernanceResourcesLinks
User Role Governance Source
RoleGovernanceSourceLinks
Permission type
Standard role type
Rotate password request for the privileged account
Represents the current value of the Safe Browsing protection level
Schema for the Salesforce app (key name: `salesforce`) To create a Salesforce app, use the [Create an
Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication)
request with the following parameters in the request body.
Gets or Sets name
Gets or Sets signOnMode
SalesforceApplicationSettings
Salesforce app instance properties
Salesforce instance that you want to connect to
Salesforce integration type
SAML configuration details
Saml11Application
Saml11ApplicationSettings
SAML 1.1 sign-on mode attributes
Okta's `SPSSODescriptor` endpoint where the IdP sends a `<SAMLResponse>` message
SamlAcsInner
Settings for signing and verifying SAML messages
SamlApplication
SamlApplicationSettings
SAML 2.0 sign-on attributes.
Define custom attribute statements for the integration.
SamlClaimsInner
Federation Trust Credentials for verifying assertions from the IdP and signing requests to the IdP
SAML 2.0 HTTP binding settings for IdP and SP (Okta)
Determines whether to publish an instance-specific (trust) or organization (shared) ACS endpoint in the SAML metadata
SAMLHookResponse
SAMLHookResponseCommandsInner
SAMLHookResponseCommandsInnerValueInner
The value of the claim that you add or replace, and can also include other attributes.
An object to return an error.
SAML 2.0 Name Identifier formats
SAMLPayLoad
SAMLPayLoadData
Details of the SAML assertion that was generated
Provides a JSON representation of the `<saml:AuthnStatement>` element of the SAML assertion
Details of the authentication methods used for the SAML assertion
SAMLPayLoadDataAssertionClaimsValue
SAMLPayLoadDataAssertionClaimsValueAttributes
SAMLPayLoadDataAssertionClaimsValueAttributeValuesInner
SAMLPayLoadDataAssertionClaimsValueAttributeValuesInnerAttributes
Provides a JSON representation of the `<saml:Conditions>` element of the SAML assertion
Specifies the expiration time, in seconds, of the SAML assertion
Provides a JSON representation of the `<saml:Subject>` element of the SAML assertion
SAMLPayLoadDataAssertionSubjectConfirmation
SAMLPayLoadDataAssertionSubjectConfirmationData
SAMLPayLoadDataContext
Details of the assertion protocol being used
SAMLPayLoadDataContextAllOfProtocolIssuer
Relay state settings for IdP
The format used to generate the `relayState` in the SAML request.
Algorithm settings used to secure an `<AuthnRequest>` message
XML digital Signature Algorithm settings for signing `<AuthnRequest>` messages sent to the IdP >
**Note:** The `algorithm` property is ignored when you disable request signatures (`scope` set as
`NONE`).
Algorithm settings for verifying `<SAMLResponse>` messages and `<Assertion>` elements
from the IdP
XML digital Signature Algorithm settings for verifying `<SAMLResponse>` messages and
`<Assertion>` elements from the IdP
Advanced settings for the SAML 2.0 protocol
Gets or Sets SamlSigningAlgorithm
Key used for signing requests to the IdP
The certificate that Okta uses to validate Single Logout (SLO) requests and responses
IdP's `SingleSignOnService` endpoint where Okta sends an `<AuthnRequest>` message
Federation Trust Credentials for verifying assertions from the IdP
ScheduledUserLifecycleAction
A [JSON Web Key (JWK)](https://tools.ietf.org/html/rfc7517) is a JSON representation of a cryptographic key.
SchemeApplicationCredentials
ScopeResourceHrefObject
Gets or Sets ScreenLockType
SecurePasswordStoreApplication
`template_sps` is the key name for a SWA app instance that uses HTTP POST and doesn't require a
browser plugin
SecurePasswordStoreApplicationSettings
SecurePasswordStoreApplicationSettingsApplication
SecurityEvent
SecurityEventReason
The request schema for creating or updating a Security Events Provider.
Information about the Security Events Provider for signal ingestion
The Security Events Provider response
Indicates whether the Security Events Provider is active or not
Security Events Provider with issuer and JWKS settings for signal ingestion
Security Events Provider settings
Security Events Provider with well-known URL setting
The event subjects
Error object thrown when parsing the Security Event Token
A code that describes the category of the error
JSON Web Token body payload for a Security Event Token
A non-empty collection of events
JSON Web Token header for a Security Event Token
Determines whether the generated password is the user's Okta password or a randomly generated password
Enables or disables users to reset their own password and defines the authenticators and constraints needed to
complete the reset
<x-lifecycle class=\"oie\"></x-lifecycle> The type of rule action
Representing a Server configuration.
Representing a Server Variable for server URL template substitution.
Session
Gets or Sets SessionAuthenticationMethod
SessionIdentityProvider
Gets or Sets SessionIdentityProviderType
Gets or Sets SessionStatus
Controls whether to show the Sign in with Okta Verify button on the Sign-In Widget
Gets or Sets SigningAlgorithm
SignInPage
SignInPageAllOfWidgetCustomizations
Variant for the Okta sign-in page.
SignOnInlineHook
The request body required for a simulate policy operation
SimulatePolicyEvaluations
A list of evaluated but not matched policies and rules
A list of undefined but not matched policies and rules
The result of the policy evaluation
SimulateResultConditions
SimulateResultPoliciesItems
SimulateResultRules
The result of this entity evaluation
Determines if the app supports Single Logout (SLO)
Schema for the Slack app (key name: `slack`) To create a Slack app, use the [Create an
Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication)
request with the following parameters in the request body.
Gets or Sets name
Gets or Sets signOnMode
SlackApplicationSettings
Slack app instance properties
Determines if the app participates in Single Logout (SLO)
Request binding type
SmsTemplate
Type of the Template
The Social Authentication Token object provides the tokens and associated metadata provided by social providers
during social authentication.
A
SoftHashMap is a memory-constrained map that stores its values in
SoftReferences.SourceLinks
SourceLinksAllOfSchema
Edition of the Splunk Cloud instance
Supported SSO protocol configurations.
Defines the authenticators permitted for the initial authentication step of password recovery
Gets or Sets methods
<x-lifecycle class=\"oie\"></x-lifecycle> Describes the initial and secondary
authenticator requirements a user needs to reset their password
Determines which authentication requirements a user needs to perform self-service operations.
Defines the secondary authenticators needed for password reset if `required` is true.
Gets or Sets methods
StandardRole
StandardRoleAssignmentSchema
Optional embedded resources for the Role Assignment
Targets configured for the Role Assignment
App targets
StreamConfiguration
The Subject Identifier format expected for any SET transmitted.
The audience used in the SET.
StreamConfigurationCreateRequest
The Subject Identifier format expected for any SET transmitted.
Contains information about the intended SET delivery method by the receiver
The delivery method that the transmitter uses for delivering a SET
Subject
The user identifier
Gets or Sets SubjectType
SubmissionRequest
SubmissionResponse
SubmissionResponseConfigInner
Subscription
Discoverable resources related to the subscription
The status of the subscription
The supported methods of an Authenticator
The type of authenticator method
SupportedMethodsSettings
SwaApplicationSettings
SwaApplicationSettingsApplication
TelephonyRequest
TelephonyRequestData
Message profile specifies information about the telephony (sms/voice) message to be sent to the Okta user
User profile specifies information about the Okta user
TelephonyResponse
TelephonyResponseCommandsInner
TelephonyResponseCommandsInnerValueInner
Status of telephony callout
TempPassword
Integration Testing Information
OIDC test details
SAML test details
An account on a test instance of your app with admin privileges.
ThemeResponse
The third-party admin setting
ThreatInsightConfiguration
Specifies how Okta responds to authentication requests from suspicious IP addresses
TokenAuthorizationServerPolicyRuleAction
TokenAuthorizationServerPolicyRuleActionInlineHook
This implementation represents the api key that is used to authenticate a Tenant in Okta.
Gets or Sets TokenDeliveryMode
For the token inline hook, the `commands` and `error` objects that you can return in the JSON
payload of your response are defined in the following sections.
TokenHookResponseCommandsInner
TokenHookResponseCommandsInnerValueInner
Value to set the claim to.
When an error object is returned, it causes Okta to return an OAuth 2.0 error to the requester of the token.
TokenPayLoad
TokenPayLoadData
TokenPayLoadDataAccess
TokenPayLoadDataContext
The authorization server policy used to mint the token
The authorization server policy rule used to mint the token
Details of the authentication protocol
The client making the token request
The authorization server's issuer identifier
Information about the original token request used to get the refresh token being used, when in a refresh token
request
TokenPayLoadDataIdentity
Details of the token request
The authorization response mode
The authorization response type
TokenRequest
TokenResourcesHrefObject
TokenResponse
The token type in a `/token` response.
The type of token for token exchange.
Schema for Trend Micro Apex One as a Service app (key name: `trendmicroapexoneservice`) To create a Trend
Micro Apex One as a Service app, use the [Create an
Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication)
request with the following parameters in the request body.
Gets or Sets name
Gets or Sets signOnMode
TrendMicroApexOneServiceApplicationSettings
Trend Micro Apex One as a Service app instance properties
TrustedOrigin
TrustedOriginScope
The scope type.
TrustedOriginWrite
Specifies the configuration of an input field on an enrollment form
UI Schema element options object
Specifies how the input appears
Properties of the UI schema
UISchemasResponseObject
UpdateDefaultProvisioningConnectionForApplicationRequest
UpdateDomain
UpdateEmailDomain
UpdateFeatureForApplicationRequest
UpdateIamRoleRequest
UpdateRealmAssignmentRequest
UpdateRealmRequest
UpdateThemeRequest
The updated request body properties
UpdateUserRequest
UploadYubikeyOtpTokenSeedRequest
User
UserActivationToken
Describes how the account is blocked from access.
The devices that the block applies to
Type of access block
Specifies a set of Users to be included or excluded
Specifies primary authentication and recovery credentials for a User.
UserFactor
Activation requests have a short lifetime and expire if the activation isn't completed before the indicated
timestamp.
Result of a Factor activation
UserFactorActivateRequest
UserFactorActivateResponse
Type of the Factor
UserFactorActivateResponseLinks
UserFactorCall
UserFactorCallProfile
UserFactorEmail
UserFactorEmailProfile
UserFactorLinks
Provider for the Factor
UserFactorPush
UserFactorPushProfile
UserFactorPushTransaction
Result of the verification transaction
UserFactorPushTransactionRejected
UserFactorPushTransactionRejectedAllOfLinks
UserFactorPushTransactionRejectedAllOfProfile
UserFactorPushTransactionTimeout
UserFactorPushTransactionTimeoutAllOfLinks
UserFactorPushTransactionWaiting
UserFactorPushTransactionWaitingAllOfLinks
Result of a Factor verification attempt
UserFactorSecurityQuestion
UserFactorSecurityQuestionProfile
Unique key for the question
UserFactorSMS
UserFactorSMSProfile
Status of the Factor
UserFactorSupported
Indicates if the Factor is required for the specified user
UserFactorToken
UserFactorTokenAllOfVerify
UserFactorTokenFactorVerificationObject
UserFactorTokenHardware
UserFactorTokenHardwareAllOfVerify
UserFactorTokenHOTP
UserFactorTokenHOTPProfile
UserFactorTokenProfile
UserFactorTokenSoftwareTOTP
UserFactorTokenVerifyRSA
UserFactorTokenVerifySymantec
Type of Factor
UserFactorU2F
UserFactorU2FProfile
UserFactorVerifyRequest
UserFactorVerifyResponse
Result of a Factor verification
UserFactorWeb
UserFactorWebAuthn
UserFactorWebAuthnProfile
UserFactorWebProfile
UserFactorYubikeyOtpToken
Token status
UserGetSingleton
The embedded resources related to the object if the `expand` query parameter is specified
Used in the User Identifier Condition object.
The type of pattern.
Specifies a user identifier condition to match on
What to match against, either user ID or an attribute in the user's Okta profile.
UserIdentityProviderLinkRequest
UserImportRequest
UserImportRequestData
The object that specifies the default action Okta is set to take
The current default action that results when Okta imports a user.
The app user profile being imported
UserImportRequestDataContext
Details of the app from which the user is being imported
The status of the app
The details of the running import job
Provides information on the Okta user profile currently set to be used for the user who is being imported, based on
the matching rules and attribute mappings that were applied.
UserImportResponse
UserImportResponseCommandsInner
The command types supported for the import inline hook.
An object to return an error.
UserLifecycleAttributePolicyRuleCondition
UserLink
Specifies link relations (see [Web Linking](https://datatracker.ietf.org/doc/html/rfc8288) available for the current
status of a user.
UserLockoutSettings
Gets or Sets UserNextLogin
Specifies a set of Users to be included or excluded
Specifies the default and custom profile properties for a user.
UserProvisioningApplicationFeature
UserResourceHrefObject
UserRiskGetResponse
UserRiskGetResponseLinks
The risk level associated with the user
UserRiskLevelExists
UserRiskLevelNone
The risk level associated with the user
UserRiskPutResponse
UserRiskRequest
The risk level associated with the user
UserSchema
UserSchemaAttribute
UserSchemaAttributeEnum
Gets or Sets UserSchemaAttributeFormat
UserSchemaAttributeItems
UserSchemaAttributeMaster
UserSchemaAttributeMasterPriority
Gets or Sets UserSchemaAttributeMasterType
Gets or Sets UserSchemaAttributeMutabilityString
UserSchemaAttributePermission
Gets or Sets UserSchemaAttributeScope
Gets or Sets UserSchemaAttributeType
All Okta-defined Profile properties are defined in a Profile subschema with the resolution scope `#base`.
UserSchemaBaseProperties
UserSchemaDefinitions
UserSchemaProperties
UserSchemaPropertiesProfile
UserSchemaPropertiesProfileItem
All custom Profile properties are defined in a Profile subschema with the resolution scope `#custom`
UsersLink
The current status of the user.
UserStatusPolicyRuleCondition
UserType
<x-lifecycle class=\"oie\"></x-lifecycle> Specifies which User Types to include and/or
exclude
UserTypeLinks
UserTypeLinksAllOfSchema
UserTypePostRequest
UserTypePutRequest
User verification setting.
Describes the method for verifying the user.
Method attachment
Credential request object for the initialized credential, along with the enrollment and key identifiers to associate
with the credential
Credential response object for enrolled credential details, along with enrollment and key identifiers to associate
the credential
User Factor variant used for WebAuthn Preregistration Factors
WellKnownAppAuthenticatorConfiguration
The type of Authenticator
WellKnownAppAuthenticatorConfigurationSettings
WellKnownOrgMetadata
WellKnownOrgMetadataLinks
WellKnownOrgMetadataSettings
Metadata about Okta as a transmitter and relevant information for configuration.
The generation of the Sign-in Widget
WsFederationApplication
`template_wsfed` is the key name for a WS-Federated app instance with a SAML 2.0 token
WsFederationApplicationSettings
WsFederationApplicationSettingsApplication
Specifies the WS-Fed assertion attribute value for filtered groups.
Specifies additional username attribute statements to include in the WS-Fed assertion
Schema for the Zoom app (key name: `zoomus`) To create a Zoom app, use the [Create an
Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication)
request with the following parameters in the request body.
Gets or Sets name
Gets or Sets signOnMode
ZoomUsApplicationSettings
Zoom app instance properties
Schema for the Zscaler 2.0 app (key name: `zscalerbyz`) To create a Zscaler 2.0 app, use the [Create an
Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication)
request with the following parameters in the request body.
Gets or Sets name
Gets or Sets signOnMode
ZscalerbyzApplicationSettings
Zscaler app instance properties