Okta

App Vendor: Okta

App Category: Network Security

Connector Version: 1.2.0

API Version: 1.0.0

About App

Okta is a platform in the Identity-as-a-Service (IDaaS) category, which allows users within an organization to access the approved softwares with just one login. By using this app, you can manage and secure user authentication into applications, allow developers to build identity controls into applications, and also manage users and groups.

The Okta app is configured with the Orchestrate application to perform the following actions:

Action Name	Description
Create User Without Credentials	This action creates a user without a recovery question, password or answer.
Create User With Recovery Question	This action creates a user without a recovery question, password or answer.
Create User With Password	This action creates a user with a password, but without a recovery question or answer.
Create User With Imported Hashed Password	This action creates a user with a specified hashed password.
Create User With Password Import Inline Hook	This action creates a user with a password hook object specifying that a password inline hook must be used to handle password verification.
Create User With Password and Recovery Question	This action creates a user with a password, recovery question and answer.
Create User With Authentication Provider	This action creates a user with a social or federation authentication provider that must be authenticated via a trusted identity provider and without a password.
Create User With Non Default User Type	This action creates a user that is added to the specified groups upon creation.
Get Current User	This action fetches the current user linked to the API token or session cookie.
Get Users by ID	This action fetches specific users using the user's ID.
Get User With Login	This action fetches a specific user using the user's login.
Get User With Login Shortname	This action fetches a specific user using the user's login short name, which is unique within the organization.
List Users	This action returns a list of all users that do not have a status of deprovisioned. This action returns up to a maximum of 200, for most organizations.
Find User	This action searches for a specific user.
List Users With Filter	This action lists all the users that match the filter criteria.
Update User Profile	This action updates the user profile of a current user. You can update a profile only with this request.
Get Assigned App Links	This action fetches applinks for all direct or indirect (via group membership) assigned applications.
Get Users Groups	This action fetches the groups, of which the user is a member.
Activate User	This action activates a user and the operation can only be performed on users with a staged or deprovisioned status. The user's status is active when the activation process is complete.
Reactivate User	This action reactivates a user and the operation can only be performed on users with a provisioned status. The user's status is active when the activation process is complete.
Deactivate User	This action deactivates a user and the operation can only be performed on users that do not have a deprovisioned status. The user's status is active when the activation process is complete.
Suspend User	This action suspends a user and the operation can only be performed on users with an active status. The user has a status of suspended when the process is complete.
Unsuspend User	This action unsuspends a user and returns them to the active state. This operation can only be performed on users that have a suspended status.
Delete User	This action deletes a user permanently. This operation can only be performed on users that have a deprovisioned status else it will be deactivated. This action cannot be recovered.
Unlock User	This action unlocks a user with a locked_out status and returns them to active status. Users will be able to login with their current password. This operation works with okta-mastered users and it doesn't support directory-mastered accounts such as active directory.
Reset User Password	This action generates a One-Time Token (OTT) that can be used to reset a user's password. This operation will transition the user to the status of recovery and the user will not be able to login.
Expire User Password	This action generates a One-Time Token (OTT) that can be used to reset a user's password. This operation will transition the user to the status of recovery and the user will not be able to login.
Reset Factors For User	This action resets all factors for the specified user. All Multi-factor Authentication (MFA) factor enrollments will be returned to the unenrolled state. The user's status remains active and the link is present only if the user is currently enrolled in one or more MFA factors.
Clear User Sessions	This action removes all active identity provider sessions.
Get Group	This action fetches a specific group by ID from your organization.
List Groups	This action lists all groups in your organization.
Update Group	This action updates the profile for a group of okta_group type from your organization.
List Group Members	This action lists all users that are members of a group.
Add User To Group	This action adds a user to a specific group.
Remove User From Group	This action removes a specific user from a group.
List Assigned Applications	This action lists all the applications that are assigned to a group.
Get All User Types	This action fetches all the user types in an organization.
List Apps	This action fetches all apps in Okta.
List Assigned Users for an App	This action lists all assigned application users for an application.
Assign User to App for SSO and Provisioning	This action assigns a user to an application with credentials and an app-specific profile.
Get Assigned User for an App	This action fetches a specific user assignment for an application by ID.
List User with Search	This action searches for users based on the properties specified in the search parameter.
Assign Users to App for SSO	This action assigns a user without a profile to an application for SSO.
Generic Action	This is a generic action used to make requests to any Okta endpoint.

Configuration Parameters

The following configuration parameters are required for the Okta app to communicate with the Okta enterprise application. The parameters can be configured by creating instances in the app.

Parameter	Description	Field Type	Required/Optional	Comments
Base URL	Enter the base URL to be used for executing all actions. Example: https://server_fqdn:port	Text	Required
API Token	Enter the API token to be used for executing all actions.	Password	Required
Timeout	Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Okta.	Integer	Optional	Allowed Range: 15-120 Default values: 15
Verify	Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection.	Boolean	Optional	Default value: false

Action: Activate User

This action activates a user and can only be performed on users with a staged or deprovisioned status. The user's status is active when the activation process is complete.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID to activate. Example: 00ub0ongtswtbkolglnr	Text	Required
Send Email	Enter the allowed value.	Boolean	Required	Allowed values: true If the value is set to true, an activation email is sent. false If the value is set to false, an activation link is generated.

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID to activate.

Example:

00ub0ongtswtbkolglnr

Text

Required

Send Email

Enter the allowed value.

Boolean

Required

Allowed values:

true
- If the value is set to true, an activation email is sent.
false
- If the value is set to false, an activation link is generated.

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr",
        "send_email": false
    }
]

Action Response Parameters

Parameter	Type	Description
`app_instance`	Object	This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved.
`app_instance.response`	Object	Contains a detailed response from the application API.
`app_instance.response.activationToken`	String	Activation token for the user. Example: "kZ5kfGrqZxxxxxNr3p3G".
`app_instance.response.activationUrl`	String	URL to activate the user. Example: "https://exampledomain.okta.com/welcome/kZ5kfGrqZxxxxxNr3p3G".

Action: Create User Without Credentials

Creates a user without a password, or recovery question and answer.

If appropriate, when the user is activated, an email is sent to the user with an activation token that the user can use to complete the activation process. This is the default flow for new user registration using the administrator UI.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
First Name	Enter the user's first name. Example: John	Text	Required
Last Name	Enter the user's last name. Example: Smith	Text	Required
Login	Enter the login email ID of the user. Example: testuser@sampledomain.com	Text	Required
Email	Enter the user's email ID. Example: testuser@sampledomain.com	Text	Required
Mobile Phone	Enter the user's phone number. Example: 555-415-1337	Text	Optional
Activate	This action executes activation lifecycle operation when creating the user.	Boolean	Optional	Allowed values: true false Default value: false

Example Request

[
    {
        "email": "testuser@sampledomain.com",
        "login": "testuser@sampledomain.com",
        "last_name": "Smith",
        "first_name": "John"
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the user. Example: "00ub0oNGTSWTBKOLGLNR"
status	String	The current status of the user. Example: "STAGED"
created	String	The timestamp when the user was created, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z"
activated	String	The timestamp when the user was activated, in ISO 8601 format, or null if not activated.
statusChanged	String	The timestamp when the status last changed, in ISO 8601 format, or null if not changed.
lastLogin	String	The timestamp when the user last logged in, in ISO 8601 format, or null if never logged in. Example: null
lastUpdated	String	The timestamp when the user was last updated, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z"
passwordChanged	String	The timestamp when the password was last changed, in ISO 8601 format, or null if not changed. Example: null
profile	Object	An object containing the user's profile information.
profile.firstName	String	The user's first name. Example: "Isaac"
profile.lastName	String	The user's last name. Example: "Brock"
profile.email	String	The user's email address. Example: "isaac.brock@example.com"
profile.login	String	The user's login name. Example: "isaac.brock@example.com"
profile.mobilePhone	String	The user's mobile phone number. Example: "555-415-1337"
credentials	Object	An object containing credential-related information.
credentials.provider	Object	An object containing information about the credential provider. Example: { "type": "OKTA", "name": "OKTA" }
credentials.provider.type	String	The type of credential provider. Example: "OKTA"
credentials.provider.name	String	The name of the credential provider. Example: "OKTA"
_links	Object	An object containing hypermedia links related to the user.
_links.resetPassword.href	String	The URL to reset the user's password. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_password"
_links.resetFactors.href	String	The URL to reset the user's authentication factors. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_factors"

Action: Create User With Recovery Question

This action creates a user without a recovery question, password, or answer.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
First Name	Enter the user's first name. Example: John	Text	Required
Last Name	Enter the user's last name. Example: Smith	Text	Required
Email	Enter the user's email ID. Example: testuser@sampledomain.com	Text	Required
Login	Enter the login email ID of the user. Example: testuser@sampledomain.com	Text	Required
Recovery Question	Enter the recovery question. Example: what is your pet's name?	Text	Required
Recovery Answer	Enter the recovery question's answer. Example: chelsea	Text	Required
Mobile Phone	Enter the user's phone number. Example: 555-415-1337	Text	Optional
Activate	This action executes an activation lifecycle operation when creating the user.	Boolean	Optional	Allowed values: true false Default value: false

Example Request

[
    {
        "email": "testuser@sampledomain.com",
        "login": "testuser@sampledomain.com",
        "last_name": "John",
        "first_name": "Smith",
        "recovery_answer": "chelsea",
        "recovery_question": "what is your pet's name?"
    }
]

Action: Create User With Password

This action creates a user with a password and without a recovery question and answer.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
First Name	Enter the user's first name. Example: John	Text	Required
Last Name	Enter the user's last name. Example: Smith	Text	Required
Email	Enter the user's email ID. Example: testuser@sampledomain.com	Text	Required
Login	Enter the login email id of the user. Example: testuser@sampledomain.com	Text	Required
Password	Enter the password you want to set.	Password	Required
Mobile Phone	Enter the user's phone number. Example: 555-415-1337	Text	Optional
Activate	This action executes an activation lifecycle operation when creating the user.	Boolean	Optional	Allowed values: true false Default value: true

Example Request

[
    {
        "email": "testuser@sampledomain.com",
        "login": "testuser@sampledomain.com",
        "activate": false,
        "password": "APasswordYouCan'tComprehend",
        "last_name": "John",
        "first_name": "Smith"
    }
]

Action: Create User With Imported Hashed Password

This action creates a user with a specified hashed password.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
First Name	Enter the user's first name. Example: John	Text	Required
Last Name	Enter the user's last name. Example: Smith	Text	Required
Email	Enter the user's email ID. Example: testuser@sampledomain.com	Text	Required
Login	Enter the login email ID of the user. Example: testuser@sampledomain.com	Text	Required
Password Algorithm	This algorithm generates the hash using the password (and salt, when applicable), which must be set to bcrypt, sha-512, sha-256, sha-1, or md5. Example: bcrypt	Text	Required
Password Work Factor	This action governs the strength of the hash and the time required to compute it. Example: 10	Integer	Required	This is only required for bcrypt algorithm with a minimum value of 1, and maximum of 20.
Password Salt	Enter only for salted hashes. For bcrypt, this specifies the radix64-encoded salt used to generate the hash, which must be 22 characters long. For other salted hashes, this specifies the base64-encoded salt used to generate the hash. Example: rwh3vh166hch/nt9xv5fyu	Text	Required
Password Hash Value	Enter the value only for sha-512, sha-256, sha-1, and md5. This is the actual base64-encoded hash of the password (and salt, if used). Example: qamqvapulkbiqzktcwo5xdcvzpk8tna	Text	Required
Mobile Phone	Enter the user's phone number. Example: 555-415-1337	Text	Optional
Activate	This action executes an activation lifecycle operation when creating the user.	Boolean	Optional	Allowed values: true false Default value: true

Example Request

[
    {
        "email": "testuser@sampledomain.com",
        "login": "testuser@sampledomain.com",
        "last_name": "John",
        "first_name": "Smith",
        "password_salt": "rwh3vH166HCH/NT9XV5FYu",
        "password_algorithm": "BCRYPT",
        "password_hash_value": "qaMqvAPULkbiQzkTCWo5XDcvzpk8Tna",
        "password_work_factor": 10
    }
]

Action: Create User With Password Import Inline Hook

This action creates a user with a password hook object specifying that a password inline hook should be used to handle password verification.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
First Name	Enter the user's first name. Example: John	Text	Required
Last Name	Enter the user's last name. Example: Smith	Text	Required
Email	Enter the user's email ID. Example: testuser@sampledomain.com	Text	Required
Login	Enter the login email id of the user. Example: testuser@sampledomain.com	Text	Required
Mobile Phone	Enter the user's phone number. Example: 555-415-1337	Text	Optional
Activate	This action executes an activation lifecycle operation when creating the user.	Boolean	Optional	Allowed values: true false Default value: true

Example Request

[
    {
        "email": "testuser@sampledomain.com",
        "login": "testuser@sampledomain.com",
        "last_name": "John",
        "first_name": "Smith"
    }
]

Action: Create User With Password and Recovery Question

This action creates a user with a password, recovery question, and answer.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
First Name	Enter the user's first name. Example: John	Text	Required
Last Name	Enter the user's last name. Example: Smith	Text	Required
Email	Enter the user's email ID. Example: testuser@sampledomain.com	Text	Required
Login	Enter the login email ID of the user. Example: testuser@sampledomain.com	Text	Required
Password	Enter the password you want to set. Example: ex@mplep@$$word	Text	Required
Recovery Question	Enter the recovery question. Example: what is your pet's name?	Text	Required
Recovery Answer	Enter the recovery question's answer. Example: chelsea	Text	Required
Mobile Phone	Enter the user's phone number. Example: 555-415-1337	Text	Optional
Activate	This action executes an activation lifecycle operation when creating the user.	Boolean	Optional	Allowed values: true false Default value: false

Example Request

[
    {
        "email": "testuser@sampledomain.com",
        "login": "testuser@sampledomain.com",
        "password": "ex@mplep@$$word",
        "last_name": "John",
        "first_name": "Smith",
        "recovery_answer": "what is your pet's name?",
        "recovery_question": "chelsea"
    }
]

Action: Create User With Authentication Provider

This action creates a user with a social or federation authentication provider that must be authenticated through a trusted identity provider and without a password.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
First Name	Enter the user's first name. Example: John	Text	Required
Last Name	Enter the user's last name. Example: Smith	Text	Required
Email	Enter the user's email ID. Example: testuser@sampledomain.com	Text	Required
Login	Enter the login email ID of the user. Example: testuser@sampledomain.com	Text	Required
Provider Type	Enter the provider type. Example: federation	Text	Required
Provider Name	Enter the name of the provider. Example: Mark Adams	Text	Required
Mobile Phone	Enter the user's phone number. Example: 555-415-1337	Text	Optional
Activate	This action executes an activation lifecycle operation when creating the user.	Boolean	Optional	Allowed values: true false Default value: true

Example Request

[
    {
        "email": "testuser@sampledomain.com",
        "login": "testuser@sampledomain.com",
        "last_name": "John",
        "first_name": "Smith",
        "provider_name": "Mark Adams",
        "provider_type": "ACTIVE_DIRECTORY"
    }
]

Action: Create User With Non Default User Type

This action creates a user that is added to the specified groups upon creation.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
First Name	Enter the user's first name. Example: John	Text	Required
Last Name	Enter the user's last name. Example: Smith	Text	Required
Email	Enter the user's email ID. Example: testuser@sampledomain.com	Text	Required
Login	Enter the login email ID of the user. Example: testuser@sampledomain.com	Text	Required
Type ID	Enter the user type. Example: otyfnjfba4ye7pgjb0g4	Text	Required	You can retrieve this using the action Get All User Types.
Mobile Phone	Enter the user's phone number. Example: 555-415-1337	Text	Optional
Activate	Choose to activate or not. This executes the activation lifecycle operation when creating the user.	Boolean	Optional	Allowed values: true false Default value: false

Example Request

[
    {
        "email": "testuser@sampledomain.com",
        "login": "testuser@sampledomain.com",
        "type_id": "otyfnjfba4ye7pgjb0g4",
        "last_name": "John",
        "first_name": "Smith"
    }
]

Action: Get Current User

This action fetches the current user linked to an API token or session cookie.

Action Input Parameters

This action does not require any input parameters.

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the user. Example: "00ub0oNGTSWTBKOLGLNR"
status	String	The current status of the user. Example: "ACTIVE"
created	String	The timestamp when the user was created, in ISO 8601 format. Example: "2013-06-24T16:39:18.000Z"
activated	String	The timestamp when the user was activated, in ISO 8601 format. Example: "2013-06-24T16:39:19.000Z"
statusChanged	String	The timestamp when the status of the user last changed, in ISO 8601 format. Example: "2013-06-24T16:39:19.000Z"
lastLogin	String	The timestamp of the user's last login, in ISO 8601 format. Example: "2013-06-24T17:39:19.000Z"
lastUpdated	String	The timestamp when the user was last updated, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z"
passwordChanged	String	The timestamp when the user's password was last changed, in ISO 8601 format.
profile.firstName	String	The first name of the user. Example: "Isaac"
profile.lastName	String	The last name of the user.
profile.email	String	The email address of the user. Example: "isaac.brock@example.com"
profile.login	String	The login name of the user. Example: "isaac.brock@example.com"
profile.mobilePhone	String	The mobile phone number of the user.
credentials.password	Object	Object containing information about the user's password.
credentials.recovery_question	Object	Object containing the user's recovery question. Example: { "question": "Who's my first grade teacher?" }
credentials.provider.type	String	The type of credential provider. Example: "OKTA"
credentials.provider.name	String	The name of the credential provider.
_links.resetPassword.href	String	The URL to reset the user's password. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_password"
_links.resetFactors.href	String	The URL to reset factors. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_factors"
_links.expirePassword.href	String	The URL to expire the user's password. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/expire_password"
_links.forgotPassword.href	String	The URL for forgotten password. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/expire_password"

Action: Get Users by ID

This action fetches the user information using the user's ID.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID. Example: 00ub0ongtswtbkolglnr	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID.

Example:

00ub0ongtswtbkolglnr

Text

Required

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr"
    }
]

Action: Get User With Login

This action retrieves a specific user using the user's login.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Login ID	Enter the user's login ID. Example: testuser@sampledomain.com	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

Login ID

Enter the user's login ID.

Example:

testuser@sampledomain.com

Text

Required

Example Request

[
    {
        "login_id": "testuser@sampledomain.com"
    }
]

Action: Get User With Login Shortname

This action fetches a specific user using the user's login shortname which is unique within the organization.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Login Shortname	Enter the login shortname. Example: If johnadams@sampledomain.com is the login ID then login shortname would be johnadams.	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

Login Shortname

Enter the login shortname.

Example:

If johnadams@sampledomain.com is the login ID then login shortname would be johnadams.

Text

Required

Example Request

[
    {
        "login_short_name": "johnadams"
    }
]

Action Response Parameters

Parameter	Type	Description
app_instance	Object	This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved.
app_instance.response	Object	Contains the detailed response from the application API.
app_instance.response._links	Object	Contains hyperlinks for actions related to the user.
app_instance.response._links.activate	Object	Link to activate the user.
app_instance.response._links.activate.href	String	URL to activate the user. Example: "https://yourdomain.okta.com/api/v1/users/00uh79xxxxxUtCXyi5d7/lifecycle/activate".
app_instance.response._links.activate.method	String	HTTP method for activation. Example: "POST".
app_instance.response._links.delete	Object	Link to delete the user
app_instance.response._links.delete.href	String	URL to delete the user. Example: "https://yourdomain.okta.com/api/v1/users/00uh79xxxxxUtCXyi5d7".
app_instance.response._links.delete.method	String	HTTP method for deletion. Example: "DELETE".
app_instance.response._links.schema	Object	Link to the user's schema.
app_instance.response._links.self	Object	Link to the user's profile.
app_instance.response._links.type	Object	Link to the user's type.
app_instance.response.activated	String	Timestamp when the user was activated. Example: "2024-05-20T10:40:50.000Z".
app_instance.response.created	String	Timestamp when the user was created. Example: "2024-05-20T09:19:13.000Z".
app_instance.response.credentials	Object	Contains user credential details.
app_instance.response.credentials.emails	Array of Objects	List of user emails.
app_instance.response.credentials.emails.status	String	Status of the email. Example: "VERIFIED".
app_instance.response.credentials.emails.type	String	Type of the email. Example: "PRIMARY".
app_instance.response.credentials.emails.value	String	Email address of the user. Example: "johndoe@example.com".
app_instance.response.credentials.provider	Object	Contains provider details.
app_instance.response.credentials.provider.name	String	Name of the provider. Example: "OKTA".
app_instance.response.credentials.provider.type	String	Type of the provider. Example: "OKTA".
app_instance.response.id	String	The unique identifier of the user. Example: "00uh79f72pmUtCXyi5d7".
app_instance.response.lastLogin	String	Timestamp of the user's last login. Example: "2024-05-20T09:39:10.000Z".
app_instance.response.lastUpdated	String	Timestamp when the user was last updated. Example: "2024-05-20T10:41:17.000Z".
app_instance.response.passwordChanged	String	Timestamp when the user's password was last changed. Example: "2024-05-20T09:39:10.000Z".
app_instance.response.profile	Object	Contains user profile details.
app_instance.response.profile.email	String	User's email address. Example: "johndoe@example.com".
app_instance.response.profile.firstName	String	User's first name. Example: "John".
app_instance.response.profile.lastName	String	User's last name. Example: "Doe".
app_instance.response.profile.login	String	User's login name. Example: "johndoe@example.com".
app_instance.response.profile.mobilePhone	String	User's mobile phone number.
app_instance.response.profile.secondEmail	String	User's secondary email address
app_instance.response.status	String	Status of the user. Example: "DEPROVISIONED".
app_instance.response.statusChanged	String	Timestamp when the user's status was last changed. Example: "2024-05-20T10:41:17.000Z".
app_instance.response.type	Object	Contains the type details of the user.
app_instance.response.type.id	String	The type identifier of the user. Example: "oty3pxptyfTwAV49u5d7".

Action: List Users

This action lists all users that do not have a status of deprovisioned.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Limit	Specify the number of users returned (maximum 200).	Integer	Optional
User to Fetch after	Specify the pagination cursor for the next page of users.	Text	Optional

Example Request

[
    {
        "limit": 20
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	The ID of the user. For example, "00ub0oNGTSWTBKOLGLNR".
status	String	The status of the user account. For example, "ACTIVE".
created	String	The timestamp when the user was created. For example, "2013-06-24T16:39:18.000Z".
activated	String	The timestamp when the user account was activated. For example, "2013-06-24T16:39:19.000Z".
statusChanged	String	The timestamp when the user account status was last changed. For example, "2013-06-24T16:39:19.000Z".
lastLogin	String	The timestamp of the user's last login. For example, "2013-06-24T17:39:19.000Z".
lastUpdated	String	The timestamp when the user profile was last updated. For example, "2013-07-02T21:36:25.344Z".
passwordChanged	String	The timestamp when the user's password was last changed. For example, "2013-07-02T21:36:25.344Z".
profile	Object	Profile details of the user.
profile.firstName	String	The first name of the user. For example, "Isaac".
profile.lastName	String	The last name of the user. For example, "Brock".
profile.email	String	The email address of the user. For example, "isaac.brock@example.com".
profile.mobilePhone	String	The mobile phone number of the user. For example, "555-415-1337".
credentials	Object	Credential details of the user.
credentials.password	Object	The user's password information.
credentials.recovery_question	Object	Details of the user's recovery question.
credentials.provider	Object	The name and type of the authentication provider.
_links	Object	The URL to retrieve the user's details.

Action: Find User

This action searches for the specific user.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User to Find	Enter first name, last name, or email of the user. Example: John	Text	Required
Limit	Enter the number of users to list.	Integer	Optional	Default value: 1

Parameter

Description

Field Type

Required/Optional

Comments

User to Find

Enter first name, last name, or email of the user.

Example:

John

Text

Required

Limit

Enter the number of users to list.

Integer

Optional

Default value:

Example Request

[
    {
        "user_to_find": "John"
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the user. Example: "00ub0oNGTSWTBKOLGLNR"
status	String	The current status of the user. Example: "STAGED"
created	String	The timestamp when the user was created, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z"
activated	String	The timestamp when the user was activated, in ISO 8601 format, or null if not activated.
statusChanged	String	The timestamp when the status last changed, in ISO 8601 format, or null if not changed.
lastLogin	String	The timestamp when the user last logged in, in ISO 8601 format, or null if never logged in. Example: null
lastUpdated	String	The timestamp when the user was last updated, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z"
passwordChanged	String	The timestamp when the password was last changed, in ISO 8601 format, or null if not changed. Example: null
profile	Object	An object containing the user's profile information.
profile.firstName	String	The user's first name. Example: "Isaac"
profile.lastName	String	The user's last name. Example: "Brock"
profile.email	String	The user's email address. Example: "isaac.brock@example.com"
profile.login	String	The user's login name. Example: "isaac.brock@example.com"
profile.mobilePhone	String	The user's mobile phone number. Example: "555-415-1337"
credentials	Object	An object containing credential-related information.
credentials.provider	Object	An object containing information about the credential provider. Example: { "type": "OKTA", "name": "OKTA" }
credentials.provider.type	String	The type of credential provider. Example: "OKTA"
credentials.provider.name	String	`app_instance.response.id`
Long	The ID of the asset.	`app_instance.response.domain_id`
Long	The ID of the domain this asset belongs to.	The URL to the user's profile. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR""

Action: List Users With Filter

This action lists all users that match the filter criteria.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Filter Query	Enter the query with which you would want to filter users with. Example: To list active users, "status eq \"ACTIVE\"	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

Filter Query

Enter the query with which you would want to filter users with.

Example:

To list active users, "status eq \"ACTIVE\"

Text

Required

Example Request

[
    {
        "filter_query": "status eq \"ACTIVE\""
    }
]

Action: Update User Profile

This action updates the current user's profile.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
User ID	Enter the user ID to update. Example: 00ub0ongtswtbkolglnr	Text	Required
First Name	Enter the first name of the user. Example: Isaac	Text	Optional
Email	Enter the primary email address with a minimum length of 5. Example: isaac.brock@sampledomain.com	Text	Optional
Last Name	Enter the last name of the user. Example: Brock	Text	Optional
Login	Enter the unique identifier for the user with a minimum length of five. Example: isaac.brock@sampledomain.com	Text	Optional
Title	Enter the user's title. Example: Director	Text	Optional
Department	Enter the name of the user's department. Example: engineering	Text	Optional
Mobile Phone Number	Enter the user's mobile phone number. Example: +1-555-415-1337	Text	Optional
Extra Params	Enter other possible profile properties such as second email and middle name.	Key Value	Optional

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr",
        "department": "engineering",
        "extra_params": {}
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the user. For example, "00ub0oNGTSWTBKOLGLNR".
status	String	Current status of the user. For example, "ACTIVE".
created	String	Timestamp when the user was created. For example, "2013-06-24T16:39:18.000Z".
activated	String	Timestamp when the user was activated. For example, "2013-06-24T16:39:19.000Z".
statusChanged	String	Timestamp when the user's status last changed. For example, "2013-06-24T16:39:19.000Z".
lastLogin	String	Timestamp when the user last logged in. For example, "2013-06-24T17:39:19.000Z".
lastUpdated	String	Timestamp when the user was last updated. For example, "2015-07-02T21:36:25.344Z".
passwordChanged	String	Timestamp when the user's password was last changed. For example, "2013-07-02T21:36:25.344Z".
profile	Object	User's profile details.
profile.firstName	String	User's first name. For example, "Isaac".
profile.lastName	String	User's last name. For example, "Brock".
profile.email	String	User's email address. For example, "isaac.brock@update.example.com".
profile.login	String	User's login name. For example, "isaac.brock@example.com".
profile.mobilePhone	String	User's mobile phone number. For example, "555-415-1337".
credentials	Object	User's credential details
credentials.password	Object	Password credentials object.
credentials.recovery_question.question	String	User's recovery question. For example, "Who's my first grade teacher?".
credentials.provider.type	String	Type of the provider. For example, "OKTA".
credentials.provider.name	String	Name of the provider. For example, "OKTA".
_links	Object	Links associated with the user
_links.resetPassword.href	String	URL to reset the user's password. For example, "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_password".
_links.resetFactors.href	String	URL to reset the user's factors. For example, "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_factors".
_links.expirePassword.href	String	URL to expire the user's password. For example, "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/expire_password".
_links.forgotPassword.href	String	URL for the forgot password flow. For example, "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/forgot_password".
_links.changeRecoveryQuestion.href	String	URL to change the user's recovery question. For example, "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_recovery_question".
_links.deactivate.href	String	URL to deactivate the user. For example, "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/deactivate".
_links.changePassword.href	String	URL to change the user's password. For example, "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_password".

Action: Get Assigned App Links

This action fetches appLinks for all direct or indirect (through group membership) assigned applications.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID, login, or login shortname (as long as it is unambiguous) of user. Example: 00ub0ongtswtbkolglnr	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID, login, or login shortname (as long as it is unambiguous) of user.

Example:

00ub0ongtswtbkolglnr

Text

Required

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr"
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the application instance. Example: "00ub0oNGTSWTBKOLGLNR"
label	String	The label or name of the application. Example: "Google Apps Mail" / "Google Apps Calendar" / "Box" / "Salesforce.com"
linkUrl	String	The URL to access the application. Example: "https://{yourOktaDomain}/home/google/0oa3omz2i9XRNSRIHBZO/50"
logoUrl	String	The URL to the logo or icon of the application. Example: "https://{yourOktaDomain}/img/logos/google-mail.png"
appName	String	The name of the application. Example: "google" / "boxnet" / "salesforce"
appInstanceId	String	The unique identifier for the application instance. Example: "0oa3omz2i9XRNSRIHBZO"
appAssignmentId	String	The unique identifier for the application assignment. Example: "0ua3omz7weMMMQJERBKY"
credentialsSetup	Boolean	Indicates whether the credentials for the application are set up. Example: false
hidden	Boolean	Indicates whether the application is hidden. Example: false
sortOrder	Integer	The order in which the application should be sorted/displayed. Example: 0

Action: Get Users Groups

This action retrieves the list of all groups that the user is associated with.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID, login, or login shortname (as long as it is unambiguous) of user. Example: 00ub0ongtswtbkolglnr	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID, login, or login shortname (as long as it is unambiguous) of user.

Example:

00ub0ongtswtbkolglnr

Text

Required

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr"
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the group. Example: "00g1emaKYZTWRYYRRTSK"
created	String	The timestamp when the group was created, in ISO 8601 format. Example: "2015-02-06T10:11:28.000Z"
lastUpdated	String	The timestamp when the group was last updated, in ISO 8601 format. Example: "2015-10-05T19:16:43.000Z"
lastMembershipUpdated	String	The timestamp when the group's membership was last updated, in ISO 8601 format. Example: "2015-11-28T19:15:32.000Z"
objectClass	Array	An array indicating the class of the object. Example: ["okta:user_group"]
type	String	The type of group. Example: "OKTA_GROUP"
profile.name	String	The name of the group. Example: "West Coast Users"
profile.description	String	The description of the group. Example: "All Users West of The Rockies"

Action: Reactivate User

This action reactivates a user. This action can only be performed on users with PROVISIONED or RECOVERY statuses. The user's status is active when the activation process is complete.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user id, login, or login shortname (as long as it is unambiguous) of the user. Example: 00ub0ongtswtbkolglnr	Text	Required
Send Email	Sends an activation email to the user if true.	Boolean	Required	Allowed values: true If the value is set to true, a reactivation email is sent. false If the value is set to false, reactivation link is generated to set up the account.

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user id, login, or login shortname (as long as it is unambiguous) of the user.

Example:

00ub0ongtswtbkolglnr

Text

Required

Send Email

Sends an activation email to the user if true.

Boolean

Required

Allowed values:

true
- If the value is set to true, a reactivation email is sent.
false
- If the value is set to false, reactivation link is generated to set up the account.

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr",
        "send_email": false
    }
]

Action Response Parameters

Parameter	Type	Description
activationUrl	String	The URL to activate the user account. For example, "https://{yourOktaDomain}/welcome/XE6wE17zmphl3KqAPFxO".
activationToken	String	The token used to activate the user account. For example, "XE6wE17zmphl3KqAPFxO".

Action: Deactivate User

This action deactivates a user. This operation can only be performed on users that do not have a deprovisioned status. The user's status is deactive when the deactivation process is complete.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID that needs to be deactivated. Example: 00ub0ongtswtbkolglnr	Text	Required
Send Email	Enter the allowed value.	Boolean	Required	Allowed values: true If the value is set to true, a deactivation email is sent. false If the value is set to false, a deactivation link is generated.

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID that needs to be deactivated.

Example:

00ub0ongtswtbkolglnr

Text

Required

Send Email

Enter the allowed value.

Boolean

Required

Allowed values:

true
- If the value is set to true, a deactivation email is sent.
false
- If the value is set to false, a deactivation link is generated.

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr",
        "send_email": false
    }
]

Action Response Parameters

Parameter	Type	Description
`app_instance`	Object	This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved.
`app_instance.response`	Object	Contains the detailed response from the application API.
`app_instance.status_code`	Integer	HTTP status code of the response. Example: 200.

Action: Suspend User

This operation can only be performed on users with an ACTIVE status. The user has a status of SUSPENDED when the process is complete.

Suspended users:

Can't log in to Okta.
Their group and app assignments are retained and can only be unsuspended or deactivated.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID that needs to be suspended. Example: 00ub0ongtswtbkolglnr	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID that needs to be suspended.

Example:

00ub0ongtswtbkolglnr

Text

Required

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr"
    }
]

Action Response Parameters

Parameter	Type	Description
Status Code	Integer	The HTTP status code indicating successful operation. For example, "HTTP/1.1 200 OK".

Action: Unsuspend User

This action unsuspends a user and returns them to the active state. This operation can only be performed on users that have a suspended status.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID that needs to be unsuspended. Example: 00ub0ongtswtbkolglnr	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID that needs to be unsuspended.

Example:

00ub0ongtswtbkolglnr

Text

Required

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr"
    }
]

Action Response Parameters

Parameter	Type	Description
Status Code	Integer	The HTTP status code indicating successful operation. For example, "HTTP/1.1 200 OK".

Action: Delete User

This action deletes a user permanently. This operation can only be performed on users that have a DEPROVISIONED status. This operation on a user that hasn't been deactivated causes that user to be deactivated. A second delete operation is required to delete the user.

This action cannot be reversed.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID that needs to be deleted. Example: 00ub0ongtswtbkolglnr	Text	Required
Send Email	Sends a deactivation email to the administrator if true. Default value is false.	Boolean	Required	Allowed values: true If the value is set to true, deletion email is sent. false If the value is set to false, deletion link is generated.

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID that needs to be deleted.

Example:

00ub0ongtswtbkolglnr

Text

Required

Send Email

Sends a deactivation email to the administrator if true. Default value is false.

Boolean

Required

Allowed values:

true
- If the value is set to true, deletion email is sent.
false
- If the value is set to false, deletion link is generated.

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr",
        "send_email": false
    }
]

Action Response Parameters

Parameter	Type	Description
Status Code	Integer	On successful deletion, returns the HTTP status code 204 No Content means that the server successfully processed the request, but there is no content to send in the response.

Action: Unlock User

This action unlocks a user with a locked_out status and returns them to active status. Users will be able to login with their current password. This operation works with Okta-mastered users. It does not support directory-mastered accounts such as active directory.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID to unlock the user. Example: 00ub0ongtswtbkolglnr	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID to unlock the user.

Example:

00ub0ongtswtbkolglnr

Text

Required

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr"
    }
]

Action Response Parameters

Parameter	Type	Description
Status Code	Integer	The HTTP status code indicating successful operation. For example, "HTTP/1.1 200 OK"

Action: Reset User Password

This action generates a One-Time Token (OTT) that can be used to reset a user's password. This operation will transition the user to the status of recovery and the user will not be able to login.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID. Example: 00ub0ongtswtbkolglnr	Text	Required
Send Email	Set to true to send an email to the user with a link to reset their password. If false is set, the link to reset the password will be displayed in the console output. Example: false	Boolean	Optional	Default value: true
Revoke Session	Set to true to revoke all active sessions for the user except the current session.	Boolean	Optional	Default value: false

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID.

Example:

00ub0ongtswtbkolglnr

Text

Required

Send Email

Set to true to send an email to the user with a link to reset their password. If false is set, the link to reset the password will be displayed in the console output.

Example:

false

Boolean

Optional

Default value:

true

Revoke Session

Set to true to revoke all active sessions for the user except the current session.

Boolean

Optional

Default value:

false

Example Request

[
    {
        "user_id": "00u2ndtlfiyNGDQgq5d7",
        "send_email": false
    }
]

Action Response Parameters

Parameter	Type	Description
{app_instance}	Object	This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved.
app_instance.response	Object	Contains the detailed response from the application API.
app_instance.response.resetPasswordUrl	String	URL to reset the password. Example: "https://exampledomain.okta.com/reset_password/drpE8YRxxxxxkzzaawMz".

Action: Expire User Password

This action expires a users password so that they are required to change their password at their next login. If the temporary password is included in the request, the user's password is reset to a temporary password that is returned, and then the temporary password is expired.

If you have integrated Okta with your on-premise Active Directory (AD), then setting a user's password as expired in Okta also expires the password in Active Directory. When the user tries to log in to Okta, delegated authentication finds the password-expired status in the Active Directory, and the user is presented with the password-expired page where he or she can change the password.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID. Example: 00ub0ongtswtbkolglnr	Text	Required
Set Temporary Password	Sets the user's password to temporary password. Example: If the temporary password value is set to true, the user's password is set as temporary password.	Boolean	Optional	Default value: false

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID.

Example:

00ub0ongtswtbkolglnr

Text

Required

Set Temporary Password

Sets the user's password to temporary password.

Example:

If the temporary password value is set to true, the user's password is set as temporary password.

Boolean

Optional

Default value:

false

Example Request

[
    {
        "user_id": "00u2ndtlfiyNGDQgq5d7"
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the user. Example: "00ub0oNGTSWTBKOLGLNR"
status	String	The current status of the user. Example: "STAGED"
created	String	The timestamp when the user was created, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z"
activated	String	The timestamp when the user was activated, in ISO 8601 format, or null if not activated.
statusChanged	String	The timestamp when the status last changed, in ISO 8601 format, or null if not changed.
lastLogin	String	The timestamp when the user last logged in, in ISO 8601 format, or null if never logged in. Example: null
lastUpdated	String	The timestamp when the user was last updated, in ISO 8601 format. Example: "2013-07-02T21:36:25.344Z"
passwordChanged	String	The timestamp when the password was last changed, in ISO 8601 format, or null if not changed. Example: null
profile	Object	An object containing the user's profile information.
profile.firstName	String	The user's first name. Example: "Isaac"
profile.lastName	String	The user's last name. Example: "Brock"
profile.email	String	The user's email address. Example: "isaac.brock@example.com"
profile.login	String	The user's login name. Example: "isaac.brock@example.com"
profile.mobilePhone	String	The user's mobile phone number. Example: "555-415-1337"
credentials	Object	An object containing credential-related information.
credentials.provider	Object	An object containing information about the credential provider. Example: { "type": "OKTA", "name": "OKTA" }
credentials.provider.type	String	The type of credential provider. Example: "OKTA"
credentials.provider.name	String	The name of the credential provider. Example: "OKTA"
_links	Object	An object containing hypermedia links related to the user.
_links.resetPassword.href	String	The URL to reset the user's password. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_password"
_links.resetFactors.href	String	The URL to reset the user's authentication factors. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_factors"
_links.expirePassword.href	String	The URL to expire the user's password. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/expire_password"
_links.forgotPassword.href	String	The URL to initiate the forgot password flow. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/forgot_password"
_links.changeRecoveryQuestion.href	String	The URL to change the user's recovery question. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_recovery_question"
_links.deactivate.href	String	The URL to deactivate the user. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/deactivate"
_links.changePassword.href	String	The URL to change the user's password. Example: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_password"

Action: Reset Factors For User

This action resets all factors for the specified user. All Multi-factor Authentication enrollments are returned to the unenrolled state. The user's status remains active. This link is present only if the user is currently enrolled in one or more MFA factors.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID. Example: 00u2nds9crQpBlwOk5d7	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID.

Example:

00u2nds9crQpBlwOk5d7

Text

Required

Example Request

[
    {
        "user_id": "00u2nds9crQpBlwOk5d7"
    }
]

Action Response Parameters

Parameter	Type	Description
Status Code	Integer	The HTTP status code indicating successful operation. For example, "HTTP/1.1 200 OK"

Action: Clear User Sessions

Remove all active identity provider sessions. This forces the user to authenticate on the next operation. It optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter the user ID. Example: 00ub0ongtswtbkolglnr	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID.

Example:

00ub0ongtswtbkolglnr

Text

Required

Example Request

[
    {
        "user_id": "00ub0ongtswtbkolglnr"
    }
]

Action Response Parameters

Parameter	Type	Description
Status Code	Integer	Result of the operation. The connector returns an HTTP status code that indicates whether the action taken by the card succeeded or failed. Example: A 201 Created status code indicates success where a new resource was created. A 403 Forbidden error indicates that the HTTP request wasn't processed because the necessary permissions were missing. For a full list of possible status codes, see HTTP status codes.

Parameter

Type

Description

Status Code

Integer

Result of the operation. The connector returns an HTTP status code that indicates whether the action taken by the card succeeded or failed. Example:

A 201 Created status code indicates success where a new resource was created.
A 403 Forbidden error indicates that the HTTP request wasn't processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.

Action: Get Group

This action retrieves a specific group by ID from your organization.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Group ID	Enter the group ID. Example: 00g1emaKYZTWRYYRRTSK	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

Group ID

Enter the group ID.

Example:

00g1emaKYZTWRYYRRTSK

Text

Required

Example Request

[
    {
        "group_id": "00g1emakyztwryyrrtsk"
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the group. Example: "00g1emaKYZTWRYYRRTSK"
created	String	The timestamp when the group was created, in ISO 8601 format. Example: "2015-02-06T10:11:28.000Z"
lastUpdated	String	The timestamp when the group was last updated, in ISO 8601 format. Example: "2015-10-05T19:16:43.000Z"
lastMembershipUpdated	String	The timestamp when the group's membership was last updated, in ISO 8601 format. Example: "2015-11-28T19:15:32.000Z"
objectClass	Array	An array indicating the class of the object. Example: ["okta:user_group"]
type	String	The type of group. Example: "OKTA_GROUP"
profile.name	String	The name of the group. Example: "West Coast Users"
profile.description	String	The description of the group. Example: "All Users West of The Rockies"
_links.logo	Array	An array of logo objects containing information about the group's logos.
logo.name	String	The name of the logo size. Example: "medium"
logo.href	String	The URL of the logo. Example: "https://{yourOktaDomain}/img/logos/groups/okta-medium.png"
logo.type	String	The MIME type of the logo. Example: "image/png"
_links.users.href	String	The URL to fetch the list of users belonging to the group. Example: "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
_links.apps.href	String	The URL to fetch the list of apps assigned to the group. Example: "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"

Action: List Groups

This action lists all groups in your organization.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Limit

Enter the number of groups to list.

Integer

Optional

Maximum value:

200

Default value:

Return Groups After

Enter the group ID to get a list of groups after the given group ID.

Example:

00g1emakyztwryyrrtsk

Text

Optional

Return Groups Before

Enter the group ID to get a list of groups before the given group ID.

Example:

00g1emakyztwryyrrtsk

Text

Optional

Example Request

[
    {
        "limit": 20
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the group. Example: "00g1emaKYZTWRYYRRTSK"
created	String	The timestamp when the group was created, in ISO 8601 format. Example: "2015-02-06T10:11:28.000Z"
lastUpdated	String	The timestamp when the group was last updated, in ISO 8601 format. Example: "2015-10-05T19:16:43.000Z"
lastMembershipUpdated	String	The timestamp when the group's membership was last updated, in ISO 8601 format. Example: "2015-11-28T19:15:32.000Z"
objectClass	Array	An array indicating the class of the object. Example: ["okta:user_group"]
type	String	The type of group. Example: "OKTA_GROUP"
profile.name	String	The name of the group. Example: "West Coast Users"
profile.description	String	The description of the group. Example: "All Users West of The Rockies"
_links.logo	Array	An array of logo objects containing information about the group's logos.
logo.name	String	The name of the logo size. Example: "medium"
logo.href	String	The URL of the logo. Example: "https://{yourOktaDomain}/img/logos/groups/okta-medium.png"
logo.type	String	The MIME type of the logo. Example: "image/png"
_links.users.href	String	The URL to fetch the list of users belonging to the group. Example: "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
_links.apps.href	String	The URL to fetch the list of apps assigned to the group. Example: "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"

Action: Assign User to App for SSO

This action assigns a user without a profile to an application for SSO.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Application ID

Enter the ID of an app to assign a user.

Example:

0oa37zzoh7RMX2JTO5d7

Text

Required

Application User

Enter the user credentials for the app which includes the username and password.

Example:

$JSON[{'id': '00u2k4qtqd2lcGutD5d7','credentials': {'userName': 'saml.jackson@example.com','password':'abc'}}]

Any

Required

Example Request

[
    {
        "app_id": "0oa37zzoh7RMX2JTO5d7",
        "app_user": {
            "id": "00u2k4qtqd2lcGutD5d7
            "credentials": {
                "password": "abc",
                "userName": "saml.jackson@example.com"
            }
        }
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the user. Example: "00u15s1KDETTQMQYABRL"
externalId	String	An external identifier for the user is often used for mapping to an external system.
created	String	The timestamp when the user was created, in ISO 8601 format. Example: "2014-08-11T02:24:31.000Z"
lastUpdated	String	The timestamp when the user was last updated, in ISO 8601 format. Example: "2014-08-11T05:38:01.000Z"
scope	String	The scope of the user, that indicates the type of object (e.g., USER). Example: "USER"
status	String	The current status of the user. Example: "ACTIVE"
statusChanged	String	The timestamp when the status last changed, in ISO 8601 format. Example: "2014-08-11T02:24:32.000Z"
passwordChanged	String	The timestamp when the password was last changed, in ISO 8601 format, or null if not changed. Example: null
syncState	String	The synchronization state of the user, that indicates if the user is synchronized. Example: "DISABLED"
lastSync	String	The timestamp when the user was last synchronized, in ISO 8601 format, or null if not synced.
credentials	String	An object containing credential-related information. Example: { "userName": "user@example.com" }
credentials.userName	String	The username of the user. Example: "user@example.com"
profile	Object	An object containing the user's profile information.
_links	Object	An object containing hypermedia links related to the user. Example: { "app": { "href": "https://{yourOktaDomain}/api/v1/apps/0oaq2rRZUQAKJIZYFIGM" }, "user": { "href": "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL" } }

Action: Update Group

This action updates the profile for a group of okta_group type from your organization.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Group ID

Enter the group ID of the group to update.

Example:

00ub0ongtswtbkolglnr

Text

Required

Group Name

Enter the name of the group to update.

Example:

Test Group

Text

Required

Group Description

Enter the group description to update.

Example:

Group Description

Text

Required

Example Request

[
    {
        "group_id": "00ub0ongtswtbkolglnr",
        "group_name": "Test Group",
        "group_description": "Group Description"
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the group. For example, "00ub0oNGTSWTBKOLGLNR".
created	DateTime	Timestamp when the group was created. For example, "2015-02-06T10:11:28.000Z".
lastUpdated	String	Timestamp when the group was last updated. For example, "2015-11-28T19:15:32.000Z".
lastMembershipUpdated	String	Timestamp when the group's membership was last updated. For example, "2015-10-18T12:25:48.000Z".
objectClass	Array	List of object classes. For example, ["okta:user_group"].
type	String	Type of the group. For example, "OKTA_GROUP".
profile	Object	Profile details of the group.
profile.name	String	Name of the group. For example, "Ameliorate Name".
profile.description	String	Description of the group. For example, "Amended description".
_links	Object	Links associated with the group
_links.logo	Array	Logo details of the group such as the name, MIME type and href.
_links.users	Object	Users details of the group.
_links.users.href	String	URL to retrieve users in the group. For example, "https://{yourOktaDomain}/api/v1/groups/00ub0oNGTSWTBKOLGLNR/users".
_links.apps	Object	Details of applications associated with the group.
_links.apps.href	String	URL to retrieve applications associated with the group. For example, "https://{yourOktaDomain}/api/v1/groups/00ub0oNGTSWTBKOLGLNR/apps".

Action: Assign User to App for SSO And Provisioning

This action assigns a user to an application with credentials and an app-specific profile.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Application ID

Enter the ID of an app to assign a user.

Example:

0oa37zzoh7RMX2JTO5d7

Text

Required

Application User

Enter the user credentials for an app.

Example:

$JSON[{'credentials': {'userName': 'saml.jackson@example.com','password':'abc'},'profile':{'lastName':'smith'}}}]$JSON[ {"id": "00u2k4qtqd2lcGutD5d7", "scope": "USER","credentials": {"password": "abc", "userName": "saml.jackson@example.com"}]

Any

Optional

Example Request

[
    {
        "app_id": "0oa37zzoh7RMX2JTO5d7",
        "app_user": {
            "id": "00u2k4qtqd2lcGutD5d7",
            "scope": "USER",
            "credentials": {
                "password": "abc",
                "userName": "saml.jackson@example.com"
            }
        }
    }
]

Action: List Group Members

This action lists all the users that are a member of a group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Group ID

Enter the group ID.

Example:

00ub0ongtswtbkolglnr

Text

Required

Limit

Enter the number of user results in a page.

Integer

Optional

Maximum value:

1000

Default value:

Return Users After

Specify the pagination cursor for the next page of users

Example:

00g1emakyztwryyrrtsk

Text

Optional

Example Request

[
    {
        "group_id": "00ub0ongtswtbkolglnr"
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	The ID of the user.
status	String	The status of the user account.
created	String	The timestamp when the user was created.
activated	String	The timestamp when the user account was activated.
statusChanged	String	The timestamp when the user account status was last changed.
lastLogin	String	The timestamp of the user's last login.
lastUpdated	String	The timestamp when the user profile was last updated.
passwordChanged	String	The timestamp when the user's password was last changed.
profile	Object	The profile details of the user, such as the first name, last name, email, login, and mobile phone details.
credentials	Object	The credential details of the user such as the password and the provider.
_links	String	The URL to retrieve the user's details. Example, "https://{yourOktaDomain}/api/v1/users/00u1f96ECLNVOKVMUSEA"

Action: Add User To Group

This action adds a specific user to a specific group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Group ID

Enter the group ID.

Example:

00g1fanEFIQHMQQJMHZP

Text

Required

User ID

Enter the user ID.

Example:

00u1f96ECLNVOKVMUSEA

Text

Required

Example Request

[
    {
        "user_id": "00u2ndudhttUauH6Q5d7",
        "group_id": "00g2k73tukPDiTWvN5d7"
    }
]

Action Response Parameters

Parameter	Type	Description
Status code	Integer	The HTTP status code 204 means that the server successfully processed the request, but there is no content to send in the response

Action: Remove User From Group

This action removes a user from a group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Group ID

Enter the group ID.

Example:

00g2k73tukPDiTWvN5d7

Text

Required

User ID

Enter the user ID.

Example:

00ub0ongtswtbkolglnr

Text

Required

Example Request

[
    {
        "user_id": "00u2ndudhttUauH6Q5d7",
        "group_id": "00g2k73tukPDiTWvN5d7"
    }
]

Action Response Parameters

Parameter	Type	Description
Status Code	Integer	The HTTP status code indicating successful operation with no content in the response body. For example, "HTTP/1.1 204 No Content".

Action: List Assigned Applications

This action lists all applications that are assigned to a group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Group ID

Enter the group ID.

Example:

00g2k73tukPDiTWvN5d7

Text

Required

Limit

Enter the number of groups to list.

Integer

Optional

Maximum value:

1000

Default value:

Return Apps After

Enter the app ID to get a list of apps after the given app ID.

Example:

00g1fanefiqhmqqjmhzp

Text

Optional

Example Request

[
    {
        "group_id": "00g2k73tukPDiTWvN5d7"
    }
]

Action Response Parameters

Parameter	Type	Description
id	String	The ID of the application.
name	String	The name of the application.
label	String	The label of the app. Example: "Custom Saml 2.0 App"
status	String	The status of the app. Example: "ACTIVE"
lastUpdated	String	The timestamp when the app was last updated, in ISO 8601 format. Example: "2016-08-09T20:12:19.000Z"
created	String	The timestamp when the app was created, in ISO 8601 format. Example: "2016-08-09T20:12:19.000Z"
accessibility	Object	The accessibility details of the application.
visibility	Object	The visibility details of the application such as if the app is hidden in iOS and web devices and so on.
features	Array	Features associated with the application.
signOnMode	String	The sign-on mode of the app. Example: "SAML_2_0"
credentials	Object	The credential details of the application such as the username template and credential type.
settings	Object	The settings of the application such as the button, password, and username field.
_links	Object	Links to the logo, users, groups, self and deactivation associated with the application.

Action: Get All User Types

This action retrieves all the user types in your organization.

Action Input Parameters

This action does not require any input parameter.

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the user type. Example: "otyfnly5cQjJT9PnR0g4" / "otyfnjfba4ye7pgjB0g4"
displayName	String	Display name of the user type. Example: Nootype
name	String	Name of the user type. Example: newtype
description	String	Description of the user type. Example: "Custom user type" / "Okta user profile template with default permission settings"
createdBy	String	Identifier of the user who created the user type. Example: "00ufnlhzppWItClAI0g4"
lastUpdatedBy	String	Identifier of the user who last updated the user type. Example: "00ufnlhzppWItClAI0g4"
created	String	The timestamp when the user type was created, in ISO 8601 format. Example: "2019-04-10T02:00:01.000Z" / "2019-04-10T01:48:27.000Z"
lastUpdated	String	The timestamp when the user type was last updated, in ISO 8601 format. Example: "2019-04-10T02:00:01.000Z" / "2019-04-10T01:48:27.000Z"
default	Boolean	Indicates whether the user type is the default. Example: false
_links.schema.href	String	The URL to retrieve the schema of the user type. Example: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscfnly5cQjJT9PnR0g4" / "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscfnjfba4ye7pgjB0g4"
_links.self.href	String	The URL to retrieve the user type itself. Example: "https://{yourOktaDomain}/api/v1/meta/types/user/otyfnly5cQjJT9PnR0g4" / "https://{yourOktaDomain}/api/v1/meta/types/user/otyfnjfba4ye7pgjB0g4"

Action: List Apps

This action retrieves the list of all apps in Okta.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Filter Query

Enter the filter query.

Example:

group.id eq "00g2k73tukPDiTWvN5d7"

Text

Optional

Limit

Enter the number of results to be fetched per page. Example:

Integer

Optional

Maximum:

500

Default:

50.

Page Cursor

Specify the pagination cursor for the next page of assignments.

Example:

0oa2k4qtkrvOpxsYb5d7

Text

Optional

Action Response Parameters

Parameter	Type	Description
id	String	Unique identifier for the app. Example: "0oa1gjh63g214q0Hq0g4"
name	String	The name of the app. Example: "testorgone_customsaml20app_1"
label	String	The label of the app. Example: "Custom Saml 2.0 App"
status	String	The status of the app. Example: "ACTIVE"
lastUpdated	String	The timestamp when the app was last updated, in ISO 8601 format. Example: "2016-08-09T20:12:19.000Z"
created	String	The timestamp when the app was created, in ISO 8601 format. Example: "2016-08-09T20:12:19.000Z"
accessibility.selfService	Boolean	Indicates whether the app is self-service accessible. Example: false
visibility.autoSubmitToolbar	Boolean	Indicates whether the auto-submit toolbar is enabled. Example: false
visibility.hide.iOS	Boolean	Indicates whether the app is hidden on iOS devices. Example: false
visibility.hide.web	Boolean	Indicates whether the app is hidden on web. Example: false
visibility.appLinks	Object	Indicates whether the app link is enabled.
signOnMode	String	The sign-on mode of the app. Example: "SAML_2_0"
credentials.userNameTemplate.template	String	The template for the username. Example: "${fn:substringBefore(source.login, \"@\")}"
credentials.userNameTemplate.type	String	The type of the username template. Example: "BUILT_IN"
settings.signOn.ssoAcsUrl	String	The single sign-on ACS URL. Example: "https://{yourOktaDomain}"
settings.signOn.idpIssuer	String	The identity provider issuer. Example: "http://www.okta.com/${org.externalKey}"
settings.signOn.audience	String	The audience for the SAML assertion. Example: "https://example.com/tenant/123"
settings.signOn.recipient	String	The recipient for the SAML assertion. Example: "http://recipient.okta.com"
settings.signOn.destination	String	The destination for the SAML assertion. Example: "http://destination.okta.com"
settings.signOn.subjectNameIdTemplate	String	The subject NameID template. Example: "${user.userName}"
settings.signOn.subjectNameIdFormat	String	The format for the subject NameID. Example: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
settings.signOn.responseSigned	Boolean	Indicates whether the SAML response is signed. Example: true
settings.signOn.assertionSigned	Boolean	Indicates whether the SAML assertion is signed. Example: true
settings.signOn.signatureAlgorithm	String	The algorithm used for signing. Example: "RSA_SHA256"
settings.signOn.digestAlgorithm	String	The digest algorithm used for signing. Example: "SHA256"
settings.signOn.honorForceAuthn	Boolean	Indicates whether to honor forced authentication. Example: true
settings.signOn.authnContextClassRef	String	The authentication context class reference. Example: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
settings.signOn.slo.enabled	Boolean	Indicates whether single logout (SLO) is enabled. Example: true
settings.signOn.slo.spIssuer	String	The service provider issuer for SLO. Example: "https://testorgone.okta.com"
settings.signOn.slo.logoutUrl	String	The logout URL for SLO. Example: "https://testorgone.okta.com/logout"
settings.signOn.participateSlo.enabled	Boolean	Indicates whether to participate in SLO. Example: true
_links	Object	Links associated with the application.

Action: List Assigned Users for an App

This action lists all assigned application users for an application.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Application ID	Enter the application ID to list assigned users. Example: 0oa2k4qtkrvOpxsYb5d7	Text	Required
Limit	Enter the number of results to be fetched per page. Example: 20	Integer	Optional	Maximum value: 500 Default value: 50
Page Cursor	Enter the pagination cursor for the next page of assignments. Example: 00u2k4qtqd2lcGutD5d7	Text	Optional

Example Request

[
    {
        "app_id": "0oa2k4qtkrvOpxsYb5d7",
        "limit": 20,
        "cursor": "00u2k4qtqd2lcGutD5d7"
    }
]

Action Response Parameters

Parameter	Type	Description
Formatted	String	Indicates whether the user's login is formatted as an email address and thus includes an @ sign.
Name	String	Name of the user.
Nickname	String	Nickname of the user.
Given Name	String	First name of the user.
Middle Name	String	Middle name of the user.
Family Name	String	Last name or family name of the user.
Email	String	Email of the user.
Profile Url	String	URL of the user's online profile or a web page.
Picture Url	String	URL of the user's online picture.
Website	String	URL of the user's website.
Gender	String	User's gender.
Birthdate	String	Birth date of the user.
Time Zone	String	Time zone of the user.
Locale Name	String	User's default location for purposes of localizing items like currency, date/time format, and numerical representations.
Phone Number	String	Phone number of the user.
Street Address	String	Full street address component of user's address.
Locality	String	Locality component of the user's address.
Region	String	Region component of the user's address.
Country	String	Country component of the user's address.
User ID	String	Unique identifier of the user.
External ID	String	Unique external ID of the user.
Created	String	Date and time when the user was created.
Last Updated	String	Timestamp when the user was last updated.
Scope	String	Scope of the user.
Status	String	Current status of the user.
Status Changed	String	Timestamp when the user's status was changed.
Password Changed	String	Timestamp when the user's password was changed.
Sync State	String	Current sync state of the user.
Last Sync	String	Timestamp when the last sync happened.
Username	String	Username of the user.
Password	String	Password of the user.
Records Streamed	String	Number of records streamed in a streaming flow. Appears when you select the Stream Records option from the Result Set field.

Action: Get Assigned User for an App

This action fetches a specific user assignment for an application by ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Application ID

Enter the ID of an app to retrieve the assigned user.

Example:

00u2k4qtqd2lcGutD5d7

Text

Required

User ID

Enter the unique key of the assigned user.

Example:

0oa2k4qtkrvOpxsYb5d7

Text

Required

Example Request

[
    {
        "uid": "00u2k4qtqd2lcGutD5d7",
        "app_id": "0oa2k4qtkrvOpxsYb5d7"
    }
]

Action: List User With Search

This action searches for users based on the properties specified in the search parameter.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Search Query

Enter the search query.

Example:

profile.department eq \"Engineering\"

Text

Required

Example Request

[
    {
        "search_query": "profile.department eq \"Engineering\""
    }
]

Action: Generic Action

This is a generic action used to make requests to any Okta endpoint.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Method	Enter the HTTP method to make the request. Example: GET	Text	Required	Allowed values: GET POST PUT DELETE
Endpoint	Enter the endpoint to make the request. Example: /incidents	Text	Required
Query Params	Enter the query parameters to pass to the API.	Key Value	Optional
Payload	Enter the payload to pass to the API.	Any	Optional
Extra Fields	Enter the extra fields to pass to the API.	Key Value	Optional

Cyware Orchestrate

Okta

About App

Configuration Parameters

Action: Activate User

Action: Create User Without Credentials

Action: Create User With Recovery Question

Action: Create User With Password

Action: Create User With Imported Hashed Password

Action: Create User With Password Import Inline Hook

Action: Create User With Password and Recovery Question

Action: Create User With Authentication Provider

Action: Create User With Non Default User Type

Action: Get Current User

Action: Get Users by ID

Action: Get User With Login

Action: Get User With Login Shortname

Action: List Users

Action: Find User

Action: List Users With Filter

Action: Update User Profile

Action: Get Assigned App Links

Action: Get Users Groups

Action: Reactivate User

Action: Deactivate User

Action: Suspend User

Action: Unsuspend User

Action: Delete User

Action: Unlock User

Action: Reset User Password

Action: Expire User Password

Action: Reset Factors For User

Action: Clear User Sessions

Action: Get Group

Action: List Groups

Action: Assign User to App for SSO

Action: Update Group

Action: Assign User to App for SSO And Provisioning

Action: List Group Members

Action: Add User To Group

Action: Remove User From Group

Action: List Assigned Applications

Action: Get All User Types

Action: List Apps

Action: List Assigned Users for an App

Action: Get Assigned User for an App

Action: List User With Search

Action: Generic Action

Search results