• Home
• com.okta.sdk
• okta-sdk-api
• 20.0.0
• source code
• openapi.yaml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

api.openapi.yaml Maven / Gradle / Ivy

openapi: 3.0.3
info:
  contact:
    email: [email protected]
    name: Okta Developer Team
    url: https://developer.okta.com/
  description: Allows customers to easily access the Okta Management APIs
  license:
    name: Apache-2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html
  termsOfService: https://developer.okta.com/terms/
  title: Okta Admin Management
  version: 2024.08.3
  x-logo:
    url: logo.svg
    backgroundColor: transparent
    altText: Okta Developer
externalDocs:
  description: Find more info here
  url: https://developer.okta.com/docs/reference/core-okta-api/#design-principles
servers:
- url: "https://{yourOktaDomain}"
  variables:
    yourOktaDomain:
      default: subdomain.okta.com
      description: "The domain of your organization. This can be a provided subdomain\
        \ of an official okta domain (okta.com, oktapreview.com, etc) or one of your\
        \ configured custom domains."
tags:
- description: The Agent Pools API provides operation to manage the update settings
    of the agents for your organization.
  name: AgentPools
  x-displayName: Agent Pools
- description: |
    This API provides operations to manage API service integration instances in your organization.

    For a current list of available API service integrations, see the [Okta Integration Network catalog](https://www.okta.com/integrations/?capability=api).

    See [Add an API Service Integration](https://help.okta.com/okta_help.htm?type=oie&id=ext-add-api-service-integration) for corresponding admin instructions using the Admin Console.
    If you want to build an API service integration, see [API service integrations in the OIN](https://developer.okta.com/docs/guides/oin-api-service-overview/).
  name: ApiServiceIntegrations
  x-displayName: API Service Integrations
- description: The API Tokens API provides operations to manage SSWS API tokens for
    your organization.
  name: ApiToken
  x-displayName: API Tokens
- description: |-
    The Applications API provides operations to manage apps in your org.

    To create a custom app integration instance, use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication) operation with the schema provided in the request payload.

    To create an app instance from the Okta Integration Network (OIN), use the [Create an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication)
    operation with the corresponding OIN app schema in the request body.
  name: Application
  x-displayName: Applications
- description: |
    The Application Connections API provides operations for configuring connections to an app.

    Okta supports token-based and OAuth 2.0-based provisioning connections for supported apps.
    The following available provisioning connections are supported by the indicated apps:

      | 
Connection
 | Description | 
Apps supported
 |
      | -------------------------------- | -------------- | ----------- |
      | Token  | The provisioning API connection is based on bearer token authentication. |  
Okta Org2Org (`okta_org2org`)
 
Zscaler 2.0 (`zscalerbyz`)
 |
      | OAuth 2.0  | The provisioning API connection is based on OAuth 2.0 authentication. | 
Google Workspace (`google`)
 
Microsoft Office 365 (`office365`)
 
Okta Org2Org (`okta_org2org`)
  
Slack (`slack`)
 
Zoom (`zoomus`)
 |

      > **Note:** The Okta Org2Org (`okta_org2org`) app isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.
  name: ApplicationConnections
  x-displayName: Application Connections
- description: |
    The Application Features API supports operations to configure app provisioning feature settings.

    You must have app provisioning enabled to configure provisioning features. See [Update the default Provisioning Connection](/openapi/okta-management/management/tag/ApplicationConnections/#tag/ApplicationConnections/operation/updateDefaultProvisioningConnectionForApplication).

    The following available provisioning features are supported by the indicated apps:

    | 
Feature
 | Description | 
Apps supported
 |
    | -------------------- | -------------- | ----------- |
    | `USER_PROVISIONING`  | Similar to the app **Provisioning** > **To App** setting in the Admin Console, user profiles are pushed from Okta to the third-party app. You can configure rules for creating users, deactivating users, and syncing passwords. | 
Google Workspace (`google`)
 
Microsoft Office 365 (`office365`)
 
Okta Org2Org (`okta_org2org`)
 
Slack (`slack`)
 
Zoom (`zoomus`)
 
Zscaler 2.0 (`zscalerbyz`)
 |
    | `INBOUND_PROVISIONING` | Similar to the app **Provisioning** > **To Okta** provisioning setting in the Admin Console, user profiles are imported from the third-party app into Okta. You can schedule user import and configure rules for user creation and matching. | 
Google Workspace (`google`)
 
Microsoft Office 365 (`office365`)
 
Okta Org2Org (`okta_org2org`)
 
Slack (`slack`)
 
Zoom (`zoomus`)
 |

    > **Note:** The Okta Org2Org (`okta_org2org`) app isn't available in Okta Developer Edition orgs. If you need to test this feature in your Developer Edition org, contact your Okta account team.
  name: ApplicationFeatures
  x-displayName: Application Features
- description: |
    The Application Grants API provides a set of operations to manage scope consent grants for an app.

    A scope consent grant represents an app's permission to include specific Okta scopes in OAuth 2.0 Bearer tokens.
    If the app doesn't have permission to grant consent for a particular Okta scope, token requests that contain the scope are denied.
  name: ApplicationGrants
  x-displayName: Application Grants
- description: The Application Groups API provides a set of operations to manage group
    assignment for an app.
  name: ApplicationGroups
  x-displayName: Application Groups
- description: Provides a resource to manage the application instance logo
  name: ApplicationLogos
  x-displayName: Application Logos
- description: The Application Policies API provides a resource to manage authentication
    policies associated with an app.
  name: ApplicationPolicies
  x-displayName: Application Policies
- description: Provides a Single Sign-On (SSO) resource for an application
  name: ApplicationSSO
  x-displayName: Application SSO
- description: |
    The Application Key Credentials API provides a set of operations to manage an app's key store credentials.
  name: ApplicationSSOCredentialKey
  x-displayName: Application Key Credentials
- description: |
    The Application Client Authentication Credentials API provides a set of operations to manage credentials used for OAuth 2.0 client authentication as described in [Client authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/client-auth/).
  name: ApplicationSSOCredentialOAuth2ClientAuth
  x-displayName: Application Client Auth Credentials
- description: |
    Resource to manage OAuth 2.0 tokens for an app
    > **Note:** To configure refresh tokens for an app, see
    > [grant_types](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=4/settings/oauthClient/grant_types&t=request)
    > and [refresh_token](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=4/settings/oauthClient/refresh_token&t=request).
  name: ApplicationTokens
  x-displayName: Application Tokens
- description: |
    The Application Users API provides operations to manage app users and their assignments.
    The object returned from assigning a user to an app is known as the Application User.

    You can assign users to apps for:
      * SSO only
      * SSO and provisioning
  name: ApplicationUsers
  x-displayName: Application Users
- description: The Attack Protection API provides operations to configure the User
    Lockout Settings and the Authenticator Settings in your org to protect against
    password abuse.
  name: AttackProtection
  x-displayName: Attack Protection
- description: |-
    The Authenticators Administration API provides operations to configure which Authenticators are available to end users for use when they sign in to applications.

    End users are required to use one or more Authenticators based on the security requirements of the authentication policy.

    Okta Identity Engine currently supports Authenticators for the following factors:

    **Knowledge-based:**
    * Password
    * Security Question

    **Possession-based:**
    * Phone (SMS, voice call)
    * Email
    * WebAuthn
    * Duo
    * Custom app
  name: Authenticator
  x-displayName: Authenticators
- description: |-
    Authorization Servers generate OAuth 2.0 and OpenID Connect tokens, including access tokens and ID tokens. The Okta Management API gives you the ability to configure and manage Authorization Servers and the security policies that are attached to them.

    **Work with the Default Authorization Server**

    Okta provides a pre-configured Custom Authorization Server with the name `default`. This Default Authorization Server includes a basic access policy and rule, which you can edit to control access. It allows you to specify `default` instead of the `authorizationServerId` in requests to it:

    `https://${yourOktaDomain}/api/v1/authorizationServers/default`

    vs

    `https://${yourOktaDomain}/api/v1/authorizationServers/${authorizationServerId}` for other Custom Authorization Servers
  name: AuthorizationServer
  x-displayName: Authorization Servers
- description: "Associated authorization servers allow you to designate a trusted\
    \ authorization server that you associate with another authorization server. This\
    \ type of association provides a way to configure [token exchange](https://developer.okta.com/docs/guides/set-up-token-exchange/main/#trusted-servers)\
    \ between other authorization servers under the same Okta tenant."
  name: AuthorizationServerAssoc
  x-displayName: Authorization Server Associated Servers
- description: Provides operations to manage custom token claims for the given `authServerId`
    and `claimId`
  name: AuthorizationServerClaims
  x-displayName: Authorization Server Claims
- description: |-
    These endpoints allow you to manage tokens issued by an authorization server for a particular client. For example, you can revoke every active refresh token for a specific client. You can also revoke specific tokens or manage tokens at the User level.

    Read [Validate access tokens](https://developer.okta.com/docs/guides/validate-access-tokens/dotnet/main/) and [Validate ID tokens](https://developer.okta.com/docs/guides/validate-id-tokens/main/) to understand more about how OAuth 2.0 tokens work.
  name: AuthorizationServerClients
  x-displayName: Authorization Server Clients
- description: |-
    Provides operations to manage [JSON Web Key](https://datatracker.ietf.org/doc/html/rfc7517) credentials for the given `authServerId`.

    > **Note:** Looking for how to obtain the jwks_uri for your org or custom authorization server? See the [well-known OpenID metadata endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/CustomAS/#tag/CustomAS/operation/getWellKnownOpenIDConfigurationCustomAS) and the [well-known OAuth 2.0 metadata endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/CustomAS/#tag/CustomAS/operation/getWellKnownOAuthConfigurationCustomAS).
  name: AuthorizationServerKeys
  x-displayName: Authorization Server Keys
- description: Provides operations to manage policies for the given `authServerId`.
  name: AuthorizationServerPolicies
  x-displayName: Authorization Server Policies
- description: "Provides operations to manage policy rules for the given `authServerId`,\
    \ `policyId`, and `ruleId`."
  name: AuthorizationServerRules
  x-displayName: Authorization Server Rules
- description: "Provides operations to manage custom token scopes for the given `authServerId`\
    \ and `scopeId`. See [scope properties](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/#scope-properties)."
  name: AuthorizationServerScopes
  x-displayName: Authorization Server Scopes
- description: The Behavior Rules API provides operations to manage the behavior detection
    rules for your organization.
  name: Behavior
  x-displayName: Behavior Rules
- description: |-
    These endpoints allow you to manage Brands, and their metadata, in your orgs. With Brands, you can customize the following:
    * [The Okta-hosted sign-in page](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/CustomPages/)
    * [The sign-out page](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/CustomPages/)
    * [Error pages](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/CustomPages/)
    * [Email templates](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/CustomTemplates/)
    * [The Okta End-User Dashboard](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Themes/)

    > **Note:**  Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/).
  name: Brands
  x-displayName: Brands
- description: |-
    As an option to increase org security, Okta supports CAPTCHA services to prevent automated sign-in attempts. You can integrate one of two providers: [hCaptcha](https://www.hcaptcha.com/) or [reCAPTCHA v2](https://developers.google.com/recaptcha/docs/invisible).

    The vendor implementations supported by Okta are both invisible. They each run risk-analysis software in the background during user sign in to determine the likelihood that the user is a bot. This risk analysis is based on the settings that you configure with the provider that you choose.

    Before you configure your org to use CAPTCHA, sign in to the vendor of your choice or sign up for an account. For more details, refer to [CAPTCHA integration](https://help.okta.com/okta_help.htm?type=oie&id=csh-captcha).
  name: CAPTCHA
  x-displayName: CAPTCHAs
- description: The Custom Domains API provides operations to manage custom domains
    for your organization.
  name: CustomDomain
  x-displayName: Custom Domains
- description: |-
    These endpoints allow you to customize the contents of various pages, including:
    * The Okta-hosted sign-in page
    * Error pages
    * The sign-out page

    > **Note:**  Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/).
  name: CustomPages
  x-displayName: Custom Pages
- description: |-
    These endpoints allow you to programmatically manage email customizations.

    Okta provides many customizable email templates. For example, the `UserActivation` email template allows users to activate their account. Use email customizations to override a template's default content. See the [list of email templates](https://developer.okta.com/docs/guides/custom-email/main/#use-customizable-email-templates).

    Each template has default content that Okta translates to any one of the supported languages. The following settings determine the language for emails sent from Okta to a user, if the user hasn't selected a specific display language:
    * The user's locale property value (if specified)
    * The org's display language

    See [Supported languages](https://developer.okta.com/docs/guides/custom-email/main/#supported-languages).

    The following constraints apply to email customizations:
    * If an email template has any customizations at all, exactly one of them must be the default (where `isDefault` is `true`). Okta uses the default customization when no other customization applies to the user's language settings.
    * Each email template can have only one customization for each supported language.

    ### Enable other locales
    

    Use the [BCP 47 format](https://www.rfc-editor.org/info/bcp47) to enable more locales than Okta's 27 default languages.

    Once you create a customization with the new locale, the locale appears in the Admin Console along with the default-supported locales.

    Include `null` in the subject or body of the email customization. Okta replaces `null` with a default value based on the following order of priority:

    - An existing default email customization, if one exists
    - Okta-provided translated content for the specified language, if one exists
    - Okta-provided translated content for the brand locale, if it's set
    - Okta-provided content in English
  name: CustomTemplates
  x-displayName: Custom Email Templates
- description: |-
    The Okta Devices API provides a centralized integration platform to fetch and manage device information. Okta administrators can use these APIs to manage workforce identity Device object information.

    The Devices API supports the following **Device Operations**:
    * Get, Delete Device objects.
    * Perform lifecycle transitions on the Device objects.
      Device lifecycle is defined as transitions of the Device Status by the associated operations. The Device object follows a predefined lifecycle transition flow. Device Lifecycle operations are idempotent and its calls are synchronous.

    The Devices API supports the following **Authorization Schemes**:
    * SSWS - [API tokens](https://developer.okta.com/docs/reference/core-okta-api/#authentication)
    * Bearer - [OAuth2.0 and OpenID Connect](https://developer.okta.com/docs/concepts/oauth-openid/)

    > **Note:** For devices to enroll in Okta and show up in the Devices API, the following actions are required:
    > 1. Admins - Enable Okta FastPass. See [Enable FastPass](https://help.okta.com/okta_help.htm?type=oie&id=ext-fp-enable)
    > 2. End users with existing mobile Okta Verify enrollments - After you upgrade your org to Okta Identity Engine, direct end users with existing Okta Verify enrollments to use [FastPass](https://help.okta.com/okta_help.htm?type=oie&id=csh-fp-main).

    > **Note:** End users with a new enrollment in Okta Verify on an Okta Identity Engine org have a device record created in the device inventory by default.
    See [Device Registration](https://help.okta.com/okta_help.htm?type=oie&id=csh-device-registration), [Login Using Okta Verify](https://help.okta.com/okta_help.htm?type=eu&id=ext-ov-user-overview).
  name: Device
  x-displayName: Devices
- description: The Device Access API provides operations to configure device access
    settings.
  name: DeviceAccess
  x-displayName: Device Access
- description: The Device Assurance Policies API provides operations to manage device
    assurance policies in your organization.
  name: DeviceAssurance
  x-displayName: Device Assurance Policies
- description: |-
    > **Note:** Your Okta org needs to have the AD bidirectional group management feature enabled. Contact your Okta account team to enable this feature.

    The Directories Integration API provides operations to manage Active Directory objects in a connected on-premises directory through Okta.
  name: DirectoriesIntegration
  x-displayName: Directories Integration
- description: The Email Customization API provides operations to modify the email
    bounce list for your Okta org.
  name: EmailCustomization
  x-displayName: Email Customization
- description: The Email Domains API provides operations to manage email domains for
    your organization.
  name: EmailDomain
  x-displayName: Email Domains
- description: "The Email Servers API allows you to configure a custom external email\
    \ provider to send email notifications. By default, notifications such as the\
    \ welcome email or an account recovery email are sent through an Okta-managed\
    \ SMTP server. Adding a custom email provider gives you more control over your\
    \ email delivery."
  name: EmailServer
  x-displayName: Email Servers
- description: |-
    The Event Hooks API provides operations to manage event hooks for your organization.

    For general information on event hooks and how to create and use them, see [Event hooks](https://developer.okta.com/docs/concepts/event-hooks/). The following documentation is only for the management API, which provides a CRUD interface for registering event hooks.

    For a step-by-step guide on implementing an example event hook, see the [Event hook](https://developer.okta.com/docs/guides/event-hook-implementation/) guide.

    When you create an event hook, you need to specify which events you want to subscribe to. To see the list of event types currently eligible for use in event hooks, use the [Event Types](https://developer.okta.com/docs/reference/api/event-types/#catalog) catalog and search with the parameter `event-hook-eligible`.
  name: EventHook
  x-displayName: Event Hooks
- description: |-
    The Okta Features API provides operations to manage self-service Early Access (EA) and Beta features in your org.

    > **Note:** Important background information for this API is available on the [Feature Lifecycle Management](https://developer.okta.com/docs/concepts/feature-lifecycle-management/) page.
  name: Feature
  x-displayName: Features
- description: The Groups API provides operations to manage Okta Groups and their
    user members for your org.
  name: Group
  x-displayName: Groups
- description: |-
    The Group Owners API provides operations to manage owners of Okta Groups for your organization.

    > **Note**: This API is only available if you're subscribed to [Okta Identity Governance](https://www.okta.com/products/identity-governance/). Contact your Customer Success Manager or Account Executive for more information.
  name: GroupOwner
  x-displayName: Group Owners
- description: The Group Rules API provides operations to manage rules for Okta Groups
    in your org.
  name: GroupRule
  x-displayName: Group Rules
- description: |-
    The Okta Key Management API provides a CRUD interface for JSON Web Keys (JWK) used with other parts of the application, such as inline hooks. For information on how to create inline hooks, see [inline hooks](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/InlineHook/).

    > **Note:** Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/).
  name: HookKey
  x-displayName: Hook Keys
- description: "The Identity Providers API provides operations to manage federations\
    \ with external Identity Providers (IdP). For example, your app can support signing\
    \ in with credentials from Apple, Facebook, Google, LinkedIn, Microsoft, an enterprise\
    \ IdP using SAML 2.0, or an IdP using the OpenID Connect (`OIDC`) protocol."
  name: IdentityProvider
  x-displayName: Identity Providers
- description: The Identity Provider Keys API provides operations to manage Key Credentials
    for Identity Providers.
  name: IdentityProviderKeys
  x-displayName: Identity Provider Keys
- description: |-
    The Identity Provider Signing Keys API provides operations to manage signing Key Credentials and Certificate Signing Requests for Identity Providers.
    > **Note:** Okta currently uses the same key for both request signing and the decryption of SAML assertions that the IdP encrypts. Changing your signing key also changes your decryption key.
  name: IdentityProviderSigningKeys
  x-displayName: Identity Provider Signing Keys
- description: The Identity Provider Users API provides operations to manage Identity
    Provider Users.
  name: IdentityProviderUsers
  x-displayName: Identity Provider Users
- description: The Okta Identity Source API provides a mechanism to synchronize an
    HR source (the custom identity source) with Okta user profiles in an org.
  name: IdentitySource
  x-displayName: Identity Sources
- description: |-
    The Inline Hooks API provides operations to manage inline hooks for your organization.

    For general information on inline hooks and how to create and use them, see [inline hooks](https://developer.okta.com/docs/concepts/inline-hooks/). The following documentation is only for the management API, which provides a CRUD interface for registering inline hooks.
  name: InlineHook
  x-displayName: Inline Hooks
- description: |-
    Users have relationships to each other, like manager and subordinate or customer and sales representative. You can create users with relationships by using the Linked Objects API to represent the relationship.

    1. Create a Linked Object definition such as Manager:Subordinate or Case Worker:Client. These pairs are represented by a `primary` attribute and an `associated` attribute.
    2. Link users together to create the relationship between the two. You create a Linked Object value with a single request that links one `primary` and one `associated` user.

    For each relationship:

    * A user has at most one `primary` link (a user has a single manager), but can have many `associated` links (a user can have many subordinates).
    * A user can be the `primary` in one relationship and the `associated` in another.
    * A user can be both the `primary` and `associated` in the same relationship.

    Okta Expression Language function for [Linked Objects](https://developer.okta.com/docs/reference/okta-expression-language/#linked-object-function) provides access to the details about a linked user.

    > **Note:** The Linked Objects feature isn't available for OpenID Connect claims.

    ## Example usage

    Okta allows you to create up to 200 Linked Object definitions. These definitions are one-to-many, for example:

    * A manager has many subordinates. Each subordinate has one manager.
    * A sales representative has many customers. Each customer has one sales rep.
    * A case worker has many clients. Each client has one case worker.

    Most organizations have more than one manager or sales representative. You can create the Linked Object definition once, and then assign the `primary` relationship to as many users as you have people in that relationship.

    You can assign the `associated` relationship for a single `primary` user to as many users as needed. The `associated` user can be related to only one `primary` per Linked Object definition. But a user can be assigned to more than one Linked Object definition.

    For example, assume that you've created one Linked Object definition for manager (`primary`) and for subordinates (`associated`):

    * Joe is Frank's manager.
    * Bob is Joe's manager, but Jane's subordinate.
    * Jane is the CEO, so she reports to herself.

    Thus, you can create chains of relationships (Jane > Bob > Joe > Frank) or terminal relationships (Jane is both `primary` and `associated` user).

    Then, if you create another Linked Object relationship for scrum team membership, you could assign relationships to the same four users:

    * Bob is the scrum lead for the Identity Scrum team.
    * Joe and Frank are both contributors to the team.

    Bob can be the `primary` for a Manager:Subordinate, an `associated` user for that same Linked Object definition, and also the `primary` for the Scrumlead:Contributor Linked Object definition.

    To represent a relationship, create a Linked Object definition that specifies a `primary` (parent) relationship and an `associated` (child) relationship, and then add a link in which the appropriate user is assigned to each side of that link type.

    ## Links between User Types

    If you created multiple User Types (see [User Types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/)), they all share the same Linked Object definitions. For example, if you have separate User Types for employees and contractors, a link could designate an employee as the manager for a contractor, with the contractor being a subordinate of that employee.

    ## Link definition operations

    Link definition operations allow you to manage the creation and removal of the link definitions. If you remove a link definition, links based on that definition are unavailable.

    > **Note:** Links reappear if you recreate the definition. However, Okta is likely to change this behavior so that links don't reappear. Don't rely on this behavior in production environments.
  name: LinkedObject
  x-displayName: Linked Objects
- description: The Log Streaming API provides operations to manage Log Stream configurations
    for an org. You can configure up to two Log Stream integrations per org.
  name: LogStream
  x-displayName: Log Streaming
- description: |-
    The Network Zones API provides operations to manage system default and custom zones in your Okta org.
    Network Zones are configurable boundaries that you can use to grant or restrict access to resources in your organization.
    They're used for two purposes:
    * `POLICY`: Network Zones used to guide policy decisions
    * `BLOCKLIST`: Network Zones used to deny access from certain IP addresses, locations, Autonomous System Numbers (ASNs), proxy types, or IP service categories before policy evaluation
    > **Note:** The Network Zone blocklist applies to all URLs for the org.

    See [Network zones](https://help.okta.com/okta_help.htm?id=ext_Security_Network) in the Okta product documentation.

    Your Okta org provides the following default system Network Zones that you can modify and use:
    * `LegacyIpZone`: The system default IP Network Zone
    * `BlockedIpZone`: The system default IP Blocklist Network Zone
    * `DefaultEnhancedDynamicZone`: The system default Enhanced Dynamic Network Zone

    You can create and use the following custom Network Zones:
    * IP Network Zone (`IP`): Allows you to define network perimeters around a set of IPs
    * Dynamic Network Zone (`DYNAMIC`): Allows you to define network perimeters around location, IP type, or ASNs
    * Enhanced Dynamic Network Zone (`DYNAMIC_V2`): Extends the Dynamic Network Zone and allows you to include or exclude specific locations, ASNs, or IP service categories

    > **Notes:**
    > * To create multiple Network Zones, you must have Adaptive MFA enabled in your Okta org.
    > * Enhanced Dynamic Network Zones is a [self-service Early Access (EA)](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature. You must enable **Enhanced Dynamic Network Zones** in your Org settings to access this API. See [Manage Early Access and Beta features](https://help.okta.com/okta_help.htm?id=ext_secur_manage_ea_bata).
  name: NetworkZone
  x-displayName: Network Zones
- description: The Okta Application Settings API provides operations to manage settings
    for Okta apps in your org.
  name: OktaApplicationSettings
  x-displayName: Okta Application Settings
- description: |-
    > **Note:** You need to have the **Platform - Multi-org Deployment** product to enable the **Org Creator API** feature. Contact your Okta account team for more information.

    The Org Creator API provides an operation to create Okta orgs (child orgs) based on features from your current org (the parent org). See [Org Creator](https://developer.okta.com/docs/concepts/org-creator/).
  name: OrgCreator
  x-displayName: Org Creator
- description: The Org Admin Settings API provides operations to manage the admin
    settings for your Okta org.
  name: OrgSettingAdmin
  x-displayName: Org Admin Settings
- description: "The Org Communication Settings API provides operations to manage the\
    \ communication settings for your Okta org. For example, opt users in or out of\
    \ communication emails."
  name: OrgSettingCommunication
  x-displayName: Org Communication Settings
- description: The Org Contacts API provides operations to manage the contact types
    of your Okta org.
  name: OrgSettingContact
  x-displayName: Org Contacts
- description: The Org Customization API provides operations to retrieve and modify
    custom settings for your Okta org.
  name: OrgSettingCustomization
  x-displayName: Org Customization
- description: The Org General Settings API provides operations to manage the general
    settings of your Okta org.
  name: OrgSettingGeneral
  x-displayName: Org General Settings
- description: The Org Metadata API provides operation to fetch metadata for your
    Okta org.
  name: OrgSettingMetadata
  x-displayName: Org Metadata
- description: The Org Support Settings API provides operations to manage the support
    settings for your Okta org.
  name: OrgSettingSupport
  x-displayName: Org Support Settings
- description: |-
    The Okta Policy API enables an Administrator to perform Policy and Policy Rule operations. The Policy framework is used by Okta to control Rules and settings that govern, among other things, user session lifetime, whether multi-factor authentication is required when logging in, what MFA factors may be employed, password complexity requirements, what types of self-service operations are permitted under various circumstances, and what identity provider to route users to.

    Policy settings for a particular Policy type, such as Sign On Policy, consist of one or more Policy objects, each of which contains one or more Policy Rules. Policies and Rules contain conditions that determine whether they are applicable to a particular user at a particular time.
  name: Policy
  x-displayName: Policies
- description: The Principal Rate Limits API provides operations to manage Principal
    Rate Limits for your organization.
  name: PrincipalRateLimit
  x-displayName: Principal Rate Limits
- description: "The Mappings API provides operations to manage the mapping of Profile\
    \ properties between an Okta User and an App User using [Okta Expression Language](https://developer.okta.com/docs/reference/okta-expression-language).\
    \ More information on Okta User and App User Profiles can be found in Okta's [User\
    \ profiles](https://developer.okta.com/docs/concepts/user-profiles/#what-is-the-okta-universal-directory)."
  name: ProfileMapping
  x-displayName: Profile Mappings
- description: |-
    The Okta Push Providers API provides a centralized integration platform to fetch and manage push provider configurations. Okta administrators can use these APIs to provide their push provider credentials, for example from APNs and FCM, so that Okta can send push notifications to their own custom app authenticator applications.

    The Push Providers API supports the following **Authorization Schemes**:
    * SSWS - [API tokens](https://developer.okta.com/docs/reference/core-okta-api/#authentication)
    * Bearer - [OAuth2.0 and OpenID Connect](https://developer.okta.com/docs/concepts/oauth-openid/)

    > **Notes:**
    > * Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/reference/core-okta-api/#authentication).
    > * You can use the Push Providers API as part of the "Create a custom authenticator" flow. See the [Custom authenticator integration guide](https://developer.okta.com/docs/guides/authenticators-custom-authenticator/android/main/).
  name: PushProvider
  x-displayName: Push Providers
  x-okta-lifecycle:
    lifecycle: GA
    isGenerallyAvailable: false
    SKUs: []
- description: The Rate Limit Settings APIs provide operations to manage settings
    and configurations surrounding rate limiting in your Okta organization.
  name: RateLimitSettings
  x-displayName: Rate Limit Settings
- description: The Realms API provides operations to manage realms
  name: Realm
  x-displayName: Realms
- description: The Realm Assignments API provides operations to manage Realm Assignments
  name: RealmAssignment
  x-displayName: Realm Assignments
- description: "The Risk Events API provides the ability for third-party risk providers\
    \ to send risk events to Okta. See [Third-party risk provider integration](https://developer.okta.com/docs/guides/third-party-risk-integration/)\
    \ for guidance on integrating third-party risk providers with Okta."
  name: RiskEvent
  x-displayName: Risk Events
- description: "The Risk Providers API enables you to manage the Risk Providers within\
    \ Okta. See [Third-party risk provider integration](https://developer.okta.com/docs/guides/third-party-risk-integration/)\
    \ for guidance on integrating third-party risk providers with Okta."
  name: RiskProvider
  x-displayName: Risk Providers
- description: The User Role Assignments APIs allow you to assign roles and designate
    third-party admin status to Users.
  name: RoleAssignmentAUser
  x-displayName: User Role Assignments
- description: The Group Role Assignments APIs allow you to assign roles and designate
    third-party admin status to Groups.
  name: RoleAssignmentBGroup
  x-displayName: Group Role Assignments
- description: The Client Role Assignments APIs allow you to assign roles and designate
    third-party admin status to public client apps.
  name: RoleAssignmentClient
  x-displayName: Client Role Assignments
- description: |-
    User role targets are a way of limiting the app or group resources for a [standard role](/openapi/okta-management/guides/roles/#standard-roles) that's assigned to an admin User within your org.
    You can define admin roles to target Groups, Applications, and Application Instances.

    * **Group targets:** Grant an admin permission to manage only a specified Group. For example, an admin role may be assigned to manage only the IT Group.
    * **App targets:** Grant an admin permission to manage all instances of an OIN-cataloged app integration. For example, an admin role can manage all customer instances of an OIN-cataloged app, such as Salesforce or Facebook.
    * **App instance targets:** Grant an admin permission to manage an instance of an OIN-catalog app. For example, there may be a few Salesforce app instances configured for each sales region of an org. You can configure an admin to manage two Salesforce instances in a specific region and not the other regional Salesforce instances.

    > **Note:** You can only use the User Role Targets API with [standard roles](/openapi/okta-management/guides/roles/#standard-roles). You can define specific targets for custom roles with [Resource Set Resources](/openapi/okta-management/management/tag/RoleCResourceSet/). See the [Role Assignments concept](https://developer.okta.com/docs/concepts/role-assignment/).
  name: RoleBTargetAdmin
  x-displayName: User Role Targets
- description: |-
    Group role targets allow you to limit the app or group resources for a [standard role](/openapi/okta-management/guides/roles/#standard-roles) that's assigned to a Group within your org.
    You can define admin roles to target Groups, Applications, and Application Instances.

    * **Group targets:** Grant an admin permission to manage only a specified Group. For example, an admin role may be assigned to manage only the IT Group.
    * **App targets:** Grant an admin permission to manage all instances of an OIN-cataloged app integration. For example, an admin role can manage all customer instances of an OIN-cataloged app, such as Salesforce or Facebook.
    * **App instance targets:** Grant an admin permission to manage an instance of an OIN-catalog app. For example, there may be a few Salesforce app instances configured for each sales region of an org. You can configure an admin to manage two Salesforce instances in a specific region and not the other regional Salesforce instances.

    > **Note:** You can only use the User Role Targets API with [standard roles](/openapi/okta-management/guides/roles/#standard-roles). You can define specific targets for custom roles with [Resource Set Resources](/openapi/okta-management/management/tag/RoleCResourceSet/). See the [Role Assignments concept](https://developer.okta.com/docs/concepts/role-assignment/).
  name: RoleBTargetBGroup
  x-displayName: Group Role Targets
- description: |-
    Client role targets allow you to limit the app or group resources for a [standard role](/openapi/okta-management/guides/roles/#standard-roles) that's assigned to a client (Application) within your org.
    You can define admin roles to target Groups, Applications, and Application Instances.

    * **Group targets:** Grant an admin permission to manage only a specified Group. For example, an admin role may be assigned to manage only the IT Group.
    * **App targets:** Grant an admin permission to manage all instances of an OIN-cataloged app integration. For example, an admin role can manage all customer instances of an OIN-cataloged app, such as Salesforce or Facebook.
    * **App instance targets:** Grant an admin permission to manage an instance of an OIN-catalog app. For example, there may be a few Salesforce app instances configured for each sales region of an org. You can configure an admin to manage two Salesforce instances in a specific region and not the other regional Salesforce instances.

    > **Note:** You can only use the User Role Targets API with [standard roles](/openapi/okta-management/guides/roles/#standard-roles). You can define specific targets for custom roles with [Resource Sets](/openapi/okta-management/management/tag/RoleCResourceSet/). See the [Role Assignments concept](https://developer.okta.com/docs/concepts/role-assignment/).
  name: RoleBTargetClient
  x-displayName: Client Role Targets
- description: "The Resource Sets API provides operations to manage Resource Sets\
    \ as a custom set of resources. See [Supported Resources](/openapi/okta-management/guides/roles/#supported-resources)."
  name: RoleCResourceSet
  x-displayName: Resource Sets
- description: "The Resource Set Resources API provides operations to manage Resources\
    \ within a Resource Set. You can add or remove Resources in Resource Sets. See\
    \ [Supported Resources](/openapi/okta-management/guides/roles/#supported-resources)."
  name: RoleCResourceSetResource
  x-displayName: Resource Set Resources
- description: "The Role Resource Set Bindings API provides operations to assign members\
    \ to a [Custom Role](/openapi/okta-management/management/tag/RoleECustom/) that\
    \ targets resources in a [Resource Set](/openapi/okta-management/management/tag/RoleCResourceSet/).\
    \ The returned Role Resource Set Binding is a single unique combination of a principal,\
    \ a resource set, and a custom role. You can assign custom roles to admins who\
    \ are scoped to the designated resources in a resource set."
  name: RoleDResourceSetBinding
  x-displayName: Role Resource Set Bindings
- description: "The Role Resource Set Binding Members API provides operations to manage\
    \ members in a [Role Resource Set Binding](/openapi/okta-management/management/tag/RoleDResourceSetBinding/)."
  name: RoleDResourceSetBindingMember
  x-displayName: Role Resource Set Binding Members
- description: The Custom Roles API provides operations to manage custom roles that
    limit an admin's access to a subset of permissions and resources.
  name: RoleECustom
  x-displayName: Custom Roles
- description: The Custom Role Permissions API provides operations to manage the permissions
    assigned to a Custom Role.
  name: RoleECustomPermission
  x-displayName: Custom Role Permissions
- description: |-
    
    > This feature is only available with Identity Threat Protection in Identity Engine.

    Okta uses the [Shared Signals Framework (SSF)](https://sharedsignals.guide/) to receive security-related events and other data-subject signals from third-party security vendors. In this scenario, commonly used terms for third-party vendors that send signals are "transmitters", Okta is the "receiver", and the connection between the two entities is referred to as a "stream."

    The SSF Receiver API allows you to manage SSF vendor stream configurations between the transmitter and Okta. A stream is configured by [creating a Security Events Provider](/openapi/okta-management/management/tag/SSFReceiver/#tag/SSFReceiver/operation/createSecurityEventsProviderInstance) object in your Okta org. You can create a Security Events Provider object in Okta with a published well-known URL or an issuer-and-JWKS combination.

    After the Security Events Provider object is created for a transmitter, the provider can use the [SSF Security Event Tokens](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/SSFSecurityEventToken/) API to publish events to Okta. While the SSF allows ingestion through push and poll-based operations, Okta currently supports only push-based operations.
  name: SSFReceiver
  x-displayName: SSF Receiver
- description: |-
    
    > This feature is only available with Identity Threat Protection in Identity Engine.

    The Shared Signals Framework (SSF) Security Event Tokens API allows third-party security event providers to send Security Event Tokens (SETs) to Okta. The provider must be configured in Okta as a Security Events Provider instance before transmitting a SET to Okta. See [Create a Security Events Provider](/openapi/okta-management/management/tag/SSFReceiver/#tag/SSFReceiver/operation/createSecurityEventsProviderInstance). After the token is verified, any appropriate action is performed upon ingestion.

    Okta uses the Shared Signals Framework (SSF) defined by the [OpenID Shared Signals and Events Framework specification](https://openid.net/specs/openid-sse-framework-1_0.html). A risk signal is ingested as a Security Event Token (SET), a type of JSON Web Token (JWT) that must comply with the SET standard: [RFC 8417 - Security Event Token(SET)](https://datatracker.ietf.org/doc/html/rfc8417). The `security.events.provider.receive_event` System Log event is created when a SET is published to Okta successfully.
  name: SSFSecurityEventToken
  x-displayName: SSF Security Event Tokens
- description: |-
     
    > **Note:** The SSF Transmitter API is a [self-service Early Access (EA)](/openapi/okta-management/guides/release-lifecycle/#early-access-ea) feature. You must enable the **Enable Managed Apple ID federation and provisioning** feature in your Org settings to access this feature. See [Manage Early Access and Beta features](https://help.okta.com/okta_help.htm?id=ext_secur_manage_ea_bata).

    Okta uses the [Shared Signals Framework (SSF)](https://sharedsignals.guide) to send security-related events and other data-subject signals to third-party security vendors. In this scenario, commonly used terms for third-party vendors that receive signals are "receivers", Okta is the "transmitter", and the connection between the two entities is referred to as a "stream."

    The SSF Transmitter API allows you to manage SSF stream configurations between the receiver that receives signals transmitted by Okta. Okta sends signals in the form of [Security Event Tokens (SETs)](https://datatracker.ietf.org/doc/html/rfc8417) to a third-party SSF receiver. To enable the transmission of signals from Okta, you must create an SSF Stream using the SSF Transmitter API and configure the third-party receiver to accept signals from Okta.
  name: SSFTransmitter
  x-displayName: SSF Transmitter
- description: |-
    The Schemas API provides operations to manage custom User profiles as well as endpoints to discover the structure of the Log Stream configuration.

    Okta's [Universal Directory](https://help.okta.com/okta_help.htm?id=ext_About_Universal_Directory) allows administrators to define custom User profiles for Okta Users and Applications.
    Okta adopts a subset of [JSON Schema Draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) as the schema language to describe and validate extensible User profiles.
    For Log Stream Schemas, Okta uses [JSON Schema Draft 2020-12](https://json-schema.org/specification.html).
    [JSON Schema](http://json-schema.org/) is a lightweight declarative format for describing the structure, constraints, and validation of JSON documents.

    > **Note:** Okta implements only a subset of [JSON Schema Draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) and [JSON Schema Draft 2020-12](https://json-schema.org/specification.html). This document describes which parts apply to Okta, and any extensions Okta has made to [JSON Schema Draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) and [JSON Schema Draft 2020-12](https://json-schema.org/specification.html).

    ### Unique Attributes
    You can enforce uniqueness for custom properties in Okta user profiles or the Okta group profile, such as an employee identification number. You can declare a maximum of five unique properties for each user type and five unique properties in the Okta group profile. Different user types can have the same or different unique properties (up to the limit of five per type).

    Unique properties in Okta user profiles share a single namespace across all [user types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/) in an org. If user types A and B both contain the property `ice cream` and you identify it as unique in both profiles, then if a user of type A has the value `chocolate`, no other users of type A or B (or any other user type that declares `ice cream` as unique) can have that value.

    Properties that aren't unique also aren't tracked for uniqueness. Suppose the property `candy` is unique in type E and not unique in type F. If a user of type E has the value `caramel` for the `candy` property, no other users of type E can also have the value `caramel`, but any number of users of type F can already have or later be assigned the value `caramel`. Furthermore, because `candy` is not unique in type F, any values users of type F may have are not considered when enforcing uniqueness for users of type E. No matter how many users of type F already have the value `cotton`, it might be assigned to a user of type E as long as no other such user already has that value.

    If you attempt to create or update a user with a duplicate value for a custom user property with a uniqueness restriction, the user creation or update operation fails. The user isn't created or updated until you enter a unique value. Similarly, creating or updating a group fails when the request contains a value for a unique custom group property that is duplicated by another group.

    `null` values don't enter into the uniqueness calculation. If the unique property isn't also specified as being required, you can also omit the value entirely. Multiple users or groups can omit the property and not violate uniqueness.

    To enforce uniqueness for custom properties, you can either add new unique custom properties or update existing custom properties to be unique.

    #### Add new unique custom property

    You can use the [add property to user profile schema](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/#tag/Schema/operation/updateUserProfile) request or the [add property to group profile schema](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/#tag/Schema/operation/updateGroupSchema) request to add one or more unique custom user or group properties. Specify `"unique": true` on the properties to be marked as unique. The response shows the properties with `"unique": "UNIQUE_VALIDATED"` and uniqueness is then enforced on those properties.

    #### Update existing custom property to be unique

    You can use the [update user profile schema property](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/#tag/Schema/operation/updateUserProfile) request or the [update group profile schema property](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/#tag/Schema/operation/updateGroupSchema) request to mark existing custom user or group properties as unique by specifying `"unique": true` on the properties to be marked as unique.

    After the request to mark existing custom properties as unique is submitted, an asynchronous validation check is performed to make sure that there are no existing duplicate entries. If you have a significant number of users or groups, the validation can take some time.

    A uniqueness status of `"unique": "PENDING_UNIQUENESS"` indicates that the validation check is still in progress. Use the Universal Directory page in the Admin Console (**Directory** > **Directory Integrations**) to track the status of the validation check. After the validation completes, if you submit a retrieve user schema request or a retreive group schema request, the property's uniqueness status changes to `UNIQUE_VALIDATED` if no duplicate records are found, and uniqueness is then enforced on that property. Otherwise, if duplicate records are found, the `unique` attribute of the schema property isn't shown in the get schema request and uniqueness isn't enforced on the schema property.

    #### Update existing unique custom property to be non-unique

    You can use the [update user profile schema property](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/#tag/Schema/operation/updateUserProfile) request or the [update group profile schema property](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Schema/#tag/Schema/operation/updateGroupSchema) request to change existing unique custom user or group properties to be non-unique by specifying `"unique": false` on the properties to be changed to non-unique. The response shows the properties without the `unique` attribute and the uniqueness constraint is then removed on those properties.

    **Note:** If multiple user types declare a property as unique and you remove the uniqueness constraint on one type, there may be a delay before users of other types that declare the property as unique can be assigned values formerly held by users of the first type.
  name: Schema
  x-displayName: Schemas
- description: |-
    Okta uses a cookie-based authentication mechanism to maintain a user's authentication Session across web requests. The Okta Sessions API provides operations to create and manage authentication Sessions for users in your Okta organization.

    >**Notes:**
    > * Some browsers block third-party cookies by default, which disrupts Okta functionality in certain flows. See [Mitigate the impact of third-party cookie deprecation](https://help.okta.com/okta_help.htm?type=oie&id=ext-third-party-cookies).
    > * The Sessions API doesn't support direct authentication. Direct authentication is supported through the [Authentication API](https://developer.okta.com/docs/reference/api/authn/#authentication-operations) or through OIDC using the [Resource Owner Password flow](https://developer.okta.com/docs/guides/implement-grant-type/ropassword/main/).

    ### Session cookie

    Okta uses an HTTP session cookie to provide access to your Okta organization and applications across web requests for an interactive user agent such as a web browser. A session cookie has an expiration configurable by an administrator for the organization and is valid until the cookie expires or the user closes the Session (logout) or browser application.

    ### Session token

    A [session token](https://developer.okta.com/docs/reference/api/authn/#session-token) is a one-time bearer token that provides proof of authentication and may be redeemed for an interactive SSO session in Okta in a user agent. Session tokens can only be used **once** to establish a Session for a user and are revoked when the token expires.

    Okta provides a very rich [Authentication API](https://developer.okta.com/docs/reference/api/authn/) to validate a [user's primary credentials](https://developer.okta.com/docs/reference/api/authn/#primary-authentication) and secondary [MFA factor](https://developer.okta.com/docs/reference/api/authn/#verify-factor). A session token is returned after successful authentication, which can be later exchanged for a session cookie that uses one of the following flows:

    - [Retrieve a session cookie by visiting the OpenID Connect Authorization Endpoint](https://developer.okta.com/docs/guides/session-cookie/main/#retrieve-a-session-cookie-through-the-openid-connect-authorization-endpoint)
    - [Retrieve a session cookie by visiting a session redirect link](https://developer.okta.com/docs/guides/session-cookie/main/#retrieve-a-session-cookie-by-visiting-a-session-redirect-link)
    - [Retrieve a session cookie by visiting an application embed link](https://developer.okta.com/docs/guides/session-cookie/main/#retrieve-a-session-cookie-by-visiting-an-application-embed-link)

    >**Note:** **Session tokens** are secrets and should be protected at rest and during transit. A session token for a user is equivalent to having the user's actual credentials.
  name: Session
  x-displayName: Sessions
- description: The Subscriptions API provides operations to manage email subscription
    settings for Okta administrator notifications.
  name: Subscription
  x-displayName: Subscriptions
- description: |-
    The Okta System Log records system events that are related to your organization in order to provide an audit trail that can be used to understand platform activity and to diagnose problems.

    The Okta System Log API provides near real-time, read-only access to your organization's system log and is the programmatic counterpart of the [System Log UI](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog).

    The terms "event" and "log event" are often used interchangeably. In the context of this API, an "event" is an occurrence of interest within the system, and a "log" or "log event" is the recorded fact.

    The System Log API supports these primary use cases:
      * Event data export into a security information and event management system (SIEM)
      * System monitoring
      * Development debugging
      * Event introspection and audit

    > **Note:** Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/).
  name: SystemLog
  x-displayName: System Log
- description: |-
    The SMS Templates API provides operations to manage custom SMS templates for verification.

    > **Note:** Only SMS custom Templates are available through the API.

    SMS Templates customize the SMS message that is sent to users. One default SMS Template is provided. All custom Templates must have the variable `${code}` as part of the text. The `${code}` variable is replaced with the actual SMS code when the message is sent. Optionally, you can also use the variable `${org.name}`. If a Template contains `${org.name}`, it is replaced with the organization name before the SMS message is sent.

    ### SMS Template macros

    Only two macros are supported for SMS Templates:

    | 
Type
 | Description   |
    | -------------------- | ----------- |
    | ${code}  | The one-time verification code that's required for a user to sign in. |
    | ${org.name} | The Okta org name that the user is trying to authenticate into. |

    >**Note:** The length of your SMS message can't exceed 160 characters. If the verification code portion of the message falls outside of the 160-character limit, your message isn't sent.
  name: Template
  x-displayName: SMS Templates
- description: |-
    These endpoints allow you to customize the look and feel of pages and templates, including the following:
    * The Okta-hosted sign-in page
    * The sign-out page
    * Error pages
    * Email templates
    * The Okta End-User Dashboard

    Each new org contains Okta default branding. You can upload your own assets (colors, background image, logo, and favicon) to replace the default assets. Then you can publish these assets directly to your pages and templates.

    > **Notes:**
    > * Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/).
    > * Okta optimizes the `primaryColorContrastHex` and `secondaryColorContrastHex` properties for the highest contrast between the font color and the background or button color. To disable or override the contrast auto-detection, update either contrast value with an accepted contrast hex code. Any update disables future automatic optimizations for the contrast hex.
    > * Contrast color is used by pages to optimize the opacity of text color when primary or secondary color is used as the background.
  name: Themes
  x-displayName: Themes
- description: |-
    [Okta ThreatInsight](https://help.okta.com/okta_help.htm?id=ext_threatinsight) maintains a
    constantly evolving list of IP addresses that consistently exhibit malicious activity.
    Authentication requests that are associated with an IP in this list can be logged to the
    [System Log](https://help.okta.com/okta_help.htm?id=ext_Reports_SysLog) and blocked.
    ThreatInsight also covers non-authentication requests in limited capacity depending on the attack patterns of these malicious IPs.

    The ThreatInsight API provides operations to manage your org ThreatInsight configuration.

    > **Note:** To prevent abuse, Okta ThreatInsight works in a limited capacity for free trial edition orgs. Please contact Okta support if fully functional Okta ThreatInsight is required.
  name: ThreatInsight
  x-displayName: ThreatInsight
- description: "The Trusted Origins API provides operations to manage Trusted Origins\
    \ and sources.\n\nWhen external URLs are requested during sign-in, sign-out, or\
    \ recovery operations, Okta checks those URLs against the allowed list of Trusted\
    \ Origins. Trusted Origins also enable browser-based applications to access Okta\
    \ APIs from JavaScript (CORS). If the origins aren't specified, the related operation\
    \ (redirect or Okta API access) isn't permitted.\n\nYou can also configure Trusted\
    \ Origins to allow iFrame embedding of Okta resources, such as Okta sign-in pages\
    \ and the Okta End-User Dashboard, within that origin.\n\n> **Notes:**  \n> *\
    \ This feature is supported for Okta domains only. It isn't currently supported\
    \ for custom domains.\n> * Some of the curl code examples on this page include\
    \ SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0\
    \ and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0\
    \ and OIDC access tokens provide fine-grain control over the bearer's actions\
    \ on specific endpoints. See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/)."
  name: TrustedOrigin
  x-displayName: Trusted Origins
- description: |-
    The Okta UI Schema API allows you to control how inputs appear on an enrollment form. The UI Schema API is only available as a part of Okta Identity Engine.

    If you're not sure which solution you're using, check the footer on any page of the Admin Console. The version number is appended with E for Identity Engine orgs and C for Classic Engine orgs.
  name: UISchema
  x-displayName: UI Schema
- description: "The Users API provides operations to manage users in your organization.\n\
    > **Note:** Some of the curl code examples on this page include SSWS API token\
    \ authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access\
    \ tokens to authenticate with Okta management APIs.\n> OAuth 2.0 and OIDC access\
    \ tokens provide fine-grain control over the bearer's actions on specific endpoints.\
    \ See [Okta API authentication methods](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/).\n\
    \n### User status\nThe following diagram shows the flow of User status:\n![STAGED,\
    \ PROVISIONED, ACTIVE, RECOVERY, LOCKED_OUT, PASSWORD_EXPIRED, or DEPROVISIONED](../../../../../images/users/okta-user-status.png)\n\
    \n### User creation scenarios\n\n The following table describes the user experience\
    \ and expectation of user status and welcome screen, depending on which options\
    \ (security question and answer, password, and activate query) are defined during\
    \ user creation.\n\n  **User creation details and outcomes**\n\n  | Security Q\
    \ & A   | Password   | Activate Query Parameter   | User Status              \
    \  | Login Credential                | Welcome Screen   |\n  |     -----     \
    \   |  --------  |  ------------------------  |  -------------             | \
    \ ----------------------         |  --------------  |\n  |                  |\
    \            | FALSE                      | `STAGED`                   |     \
    \                            |                  |\n  |                  |    \
    \        | TRUE                       | `PROVISIONED` or `ACTIVE`  | One-Time\
    \ Token (Email) or Email | X                |\n  | X                |        \
    \    | FALSE                      | `STAGED`                   |             \
    \                    |                  |\n  | X                |            |\
    \ TRUE                       | `PROVISIONED` or `ACTIVE`  | One-Time Token (Email)\
    \ or Email | X                |\n  |                  | X          | FALSE   \
    \                   | `STAGED`                   |                           \
    \      |                  |\n  |                  | X          | TRUE        \
    \               | `ACTIVE`                   | Password                      \
    \  | X                |\n  | X                | X          | FALSE           \
    \           | `STAGED`                   |                                 | \
    \                 |\n  | X                | X          | TRUE                \
    \       | `ACTIVE`                   | Password                        |     \
    \             |\n\nCreating users with a `FEDERATION` or `SOCIAL` provider sets\
    \ the User status to either `ACTIVE` or `STAGED` based on the `activate` query\
    \ parameter since these two providers don't support a `password` or `recovery_question`\
    \ credential.\n\nMore information about the use cases are in the following sections\
    \ and in the examples for [Create a User](/openapi/okta-management/management/tag/User/#tag/User/operation/createUser).\n\
    \n#### Create User with Optional Password enabled\n\nWhen Optional Password is\
    \ enabled, the User status following User creation can be affected by the enrollment\
    \ policy. See [Create an authenticator enrollment policy](https://help.okta.com/okta_help.htm?type=oie&id=ext-create-mfa-policy).\n\
    Based on the group memberships that are specified when the User is created, a\
    \ password may or may not be required to make the user's status `ACTIVE`.\n\n\
    If the enrollment policy that applies to the User (as determined by the groups\
    \ assigned to the user) specifies that the Password authenticator is `required`,\
    \ then in the case where the User is created without a password, the User is in\
    \ the `PROVISIONED` status and\na One-Time Token is sent to the User through email.\
    \ If the User is created with a password, then their status is set to ACTIVE,\
    \ and they can immediately sign in using their Password authenticator.\n\nIf the\
    \ enrollment policy that applies to the groups specified for the newly created\
    \ User indicates that password is `optional` or `disabled`, then the Administrator\
    \ can't specify a password for the user. Instead, the user status is set to `ACTIVE`\
    \ and the User can immediately sign in using their Email authenticator. If policy\
    \ permits, and the User so chooses, they can enroll a password after they sign\
    \ in.\n\n#### Create User without credentials\n\nCreates a user without a `password`\
    \ or `recovery question & answer`\n\nIf appropriate, when the user is activated,\
    \ an email is sent to the user with an activation token that the user can use\
    \ to complete the activation process.\nThis is the default flow for new user registration\
    \ using the administrator UI.\n\n#### Create User with recovery question\n\nCreates\
    \ a user without a `password`\n\nWhen the user is activated, an email is sent\
    \ to the user with an activation token that can be used to complete the activation\
    \ process.\nThis flow is useful if migrating users from an existing user store.\n\
    \n#### Create User with password\n\nCreates a user without a `recovery question\
    \ & answer`\n\nThe new user is able to sign in after activation with the assigned\
    \ password. This flow is common when developing a custom user registration experience.\n\
    > **Important:** Do not generate or send a one-time activation token when activating\
    \ users with an assigned password.  Users should sign in with their assigned password.\n\
    \n#### Create User with imported hashed password\n\nCreates a user with a specified\
    \ `hashed password`.\n\nThe new user is able to sign in after activation with\
    \ the specified password.\nThis flow is common when migrating users from another\
    \ data store in cases where we want to allow the users to retain their current\
    \ passwords.\n> **Important:** Do not generate or send a one-time activation token\
    \ when activating users with an imported password.  Users should login with their\
    \ imported password.\n\n#### Create User with password import inline hook\n\n\
    Creates a user with a `Password Hook` object specifying that a password inline\
    \ hook should be used to handle password verification.\n\nThe password inline\
    \ hook is triggered to handle verification of the end user's password the first\
    \ time the user tries to sign in, with Okta calling the password inline hook to\
    \ check that the password the user supplied is valid. If the password is valid,\
    \ Okta stores the hash of the password that was provided and can authenticate\
    \ the user independently from then on. See [Password import inline hook](https://developer.okta.com/docs/reference/password-hook/)\
    \ for more details.\n\nThe new user is able to sign in after activation with the\
    \ valid password. This flow supports migrating users from another data store in\
    \ cases where we wish to allow the users to retain their current passwords.\n\
    > **Important:** Don't generate or send a one-time activation token when activating\
    \ users with an password inline hook. Users should sign in with their existing\
    \ password to be imported using the password import inline hook.\n\n#### Create\
    \ User with Password & Recovery Question\n\nCreates a new user with a `password`\
    \ and `recovery question & answer`.\n\nThe new user is able to log in with the\
    \ assigned password after activation. This flow is common when developing a custom\
    \ user-registration experience.\n> **Important:** Don't generate or send a one-time\
    \ activation token when activating users with an assigned password.  Users should\
    \ login with their assigned password.\n\n#### Create User with Authentication\
    \ Provider\n\nCreates a new passwordless user with a `SOCIAL` or `FEDERATION`\
    \ authentication provider that must be authenticated via a trusted Identity Provider.\n\
    \n#### Create User in Group\n\nCreates a user that is added to the specified groups\
    \ upon creation.\n\nUse this in conjunction with other create operations for a\
    \ Group Administrator that is scoped to create users only in specified groups.\
    \  The request may specify up to 20 group ids.  (This limit applies only when\
    \ creating a user.  The user may later be added to more groups.)\n\n#### Create\
    \ User with non-default User Type\nCreates a user with a specified User Type (see\
    \ [User Types](https://developer.okta.com/docs/reference/api/user-types)). The\
    \ type specification may be included with any of the above Create User operations;\
    \ this example demonstrates creating a user without credentials.\nThe User Type\
    \ determines which [Schema](/openapi/okta-management/management/tag/Schema/) applies\
    \ to that user. After a user has been created, the user can be assigned a different\
    \ User Type only by an administrator via a full replacement [PUT operation](https://developer.okta.com/docs/reference/api/user-types/#update-user-type).\n\
    \n### Links object\n\nThe Links object specifies link relations. See [`_links`](/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!c=200&path=_links&t=response).\n\
    \n> **Note:** This Links object is different from [Linked Objects](/openapi/okta-management/management/tag/LinkedObject/).\n\
    \n#### Individual Users versus collection of Users\n\nFor an individual User result,\
    \ the Links object contains a full set of link relations available for that User\
    \ as determined by your policies. For a collection of Users, the Links object\
    \ contains only the `self` link. Operations that return a collection of Users\
    \ include [List all Users](/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers)\
    \ and [List all Member Users](openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroupUsers).\n\
    \nThe following table shows some links that may be available on a User, as determined\
    \ by your policies:\n\n|   Link Relation Type   |                            \
    \                      Description                                           \
    \                                                                            \
    \ |\n|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n\
    |self\t                   |  A self-referential link to this user            \
    \                                                                            \
    \                                                       |\n|activate\t       \
    \        |  Lifecycle action to [activate the user](/openapi/okta-management/management/tag/UserLifecycle/#tag/UserLifecycle/operation/activateUser)\
    \                                           |\n|deactivate              |\tLifecycle\
    \ action to [deactivate the user](/openapi/okta-management/management/tag/UserLifecycle/#tag/UserLifecycle/operation/deactivateUser)\
    \                                       |\n|suspend                 |\tLifecycle\
    \ action to [suspend the user](/openapi/okta-management/management/tag/UserLifecycle/#tag/UserLifecycle/operation/suspendUser)\
    \                                             |\n|unsuspend               |\t\
    Lifecycle action to [unsuspend the user](/openapi/okta-management/management/tag/UserLifecycle/#tag/UserLifecycle/operation/unsuspendUser)\
    \                                         |\n|resetPassword           |\tLifecycle\
    \ action to [trigger a password reset](/openapi/okta-management/management/tag/UserCred/#tag/UserCred/operation/resetPassword)\
    \                                             |\n|expirePassword          |\t\
    Lifecycle action to [expire the user's password](/openapi/okta-management/management/tag/UserCred/#tag/UserCred/operation/expirePassword)\
    \                                          |\n|resetFactors            |\tLifecycle\
    \ action to [reset all MFA factors](/openapi/okta-management/management/tag/UserLifecycle/#tag/UserLifecycle/operation/resetFactors)\
    \                                       |\n|unlock                  |\tLifecycle\
    \ action to [unlock a locked-out user](/openapi/okta-management/management/tag/UserLifecycle/#tag/UserLifecycle/operation/unlockUser)\
    \                                      |\n|forgotPassword          |\t[Resets\
    \ a user's password](/openapi/okta-management/management/tag/UserCred/#tag/UserCred/operation/forgotPassword)\
    \ by validating the user's recovery credential.                  |\n|changePassword\
    \          |\t[Changes a user's password](/openapi/okta-management/management/tag/UserCred/#tag/UserCred/operation/changePassword)\
    \ validating the user's current password                        |\n|changeRecoveryQuestion\
    \  |\t[Changes a user's recovery credential](/openapi/okta-management/management/tag/UserCred/#tag/UserCred/operation/changeRecoveryQuestion)\
    \ by validating the user's current password  |"
  name: User
  x-displayName: Users
- description: The User Credentials API provides operations to manage user credentials
    in your org.
  name: UserCred
  x-displayName: User Credentials
- description: |-
    The Factors API provides operations to enroll, manage, and verify factors for multifactor authentication (MFA). Generally, authentication involves verifying a different one-time passcode (OTP). Manage both administration and end-user accounts, or verify an individual factor at any time.
    Okta supports several different types of Factors:

    | Factor Type           | Description |
    |-----------------------|-------------|
    | `call`                | Software OTP sent using a voice call to a registered phone number |
    | `sms`                 | Software OTP sent using SMS to a registered phone number |
    | `email`               | Software OTP sent using email |
    | `question`            | Additional knowledge-based security question |
    | `push`                | Out-of-band verification using a push notification to a device and transaction verification with digital signature |
    | `token`               | Software or hardware OTP sent to a device |
    | `token:hardware`      | Hardware OTP sent to a device |
    | `token:hotp`          | Custom [TOTP](https://www.ietf.org/rfc/rfc6238.txt) factor that uses an extension of the HMAC-based one-time passcode (HOTP) algorithm |
    | `token:software:totp` | Software time-based one-time passcode (TOTP) |
    | `u2f`                 | Hardware Universal 2nd Factor (U2F) device |
    | `web`                 | HTML inline frame (iframe) for embedding verification from a third party |
    | `webauthn`            | Hardware WebAuthn device |
    | `signed_nonce`        | Okta Fastpass (device-bound authentication). This is available for OIE orgs if the org has users that have enrolled with Okta Verify after the org started using OIE. |
  name: UserFactor
  x-displayName: User Factors
- description: |-
    The User Grants API provides operations to manage user consent Grants in your org.

    A consent represents a user's explicit permission to allow an app to access resources protected by scopes. Consent grants are different from tokens because a consent can outlast a token, and there can be multiple tokens with varying sets of scopes derived from a single consent. When an application comes back and needs to get a new access token, it may not need to prompt the user for consent if they've already consented to the specified scopes. Consent grants remain valid until the user manually revokes them, or until the user, application, authorization server or scope is deactivated or deleted.

    > **Hint:** For all grant operations, you can use `me` instead of the `userId` in an endpoint that contains `/users`, in an active session with no SSWS token (API token). For example: `https://${yourOktaDomain}/api/v1/users/me/grants` returns all the grants for the active session user.

    > **Note:** Some browsers have begun blocking third-party cookies by default, disrupting Okta functionality in certain flows. For more information, see [FAQ: How Blocking Third Party Cookies Can Potentially Impact Your Okta Environment](https://support.okta.com/help/s/article/FAQ-How-Blocking-Third-Party-Cookies-Can-Potentially-Impact-Your-Okta-Environment).
  name: UserGrant
  x-displayName: User Grants
- description: |-
    The User Lifecycle API provides lifecycle operations, which are non-idempotent operations that initiate a state transition for a user's status. Some operations are asynchronous while others are synchronous.
    The user's current status limits what operations are allowed.
  name: UserLifecycle
  x-displayName: User Lifecycle
- description: "The User Linked Objects API provides operations to manage User Linked\
    \ Objects in your org.\nUse link value operations to assign Users to a relationship,\
    \ represented by a pair of `primary` and `associated` links. See also the [Linked\
    \ Objects API](/openapi/okta-management/management/tag/LinkedObject/). \n\nFor\
    \ these operations, the examples use consistent IDs so that you can follow the\
    \ operations more easily:\n* `manager` is the `primary` relationship and is assigned\
    \ `00u5t60iloOHN9pBi0h7`\n* `subordinate` is the `associated` relationship and\
    \ is assigned to IDs `00u5zex6ztMbOZhF50h7` and `00u1tsf0nQKavLDUh0g5`"
  name: UserLinkedObject
  x-displayName: User Linked Objects
- description: |-
    The User OAuth 2.0 Token Management API provides operations to manage tokens issued by an Authorization Server for a particular User and Client in your org. For example, you can revoke every active refresh token for a User in the context of a specific Client. You can also [revoke specific tokens](https://developer.okta.com/docs/guides/revoke-tokens/main/) or [manage tokens at the authorization server level](/openapi/okta-management/management/tag/AuthorizationServer/).

    Read [Validate Access Tokens](https://developer.okta.com/docs/guides/validate-access-tokens/) to understand more about how OAuth 2.0 tokens work.
  name: UserOAuth
  x-displayName: User OAuth 2.0 Token Management
- description: The User Resources API provides operations related to User resources.
  name: UserResources
  x-displayName: User Resources
- description: The User Sessions API provides operations to manage User sessions in
    your org.
  name: UserSessions
  x-displayName: User Sessions
- description: The User Types API provides operations to manage User Types.
  name: UserType
  x-displayName: User Types
- description: The WebAuthn Preregistration API provides a flow to initiate and set
    up WebAuthn Preregistration authenticator enrollments through third-party fulfillment
    providers.
  name: WebAuthnPreregistration
  x-displayName: WebAuthn Preregistration
paths:
  /.well-known/app-authenticator-configuration:
    get:
      description: "Retrieves the well-known app authenticator configuration. Includes\
        \ an app authenticator's settings, supported methods, and other details."
      operationId: getWellKnownAppAuthenticatorConfiguration
      parameters:
      - description: Filters app authenticator configurations by `oauthClientId`
        explode: true
        in: query
        name: oauthClientId
        required: true
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                AuthenticatorConfiguration:
                  $ref: '#/components/examples/WellKnownAppAuthenticatorConfigurationCustomApp'
              schema:
                items:
                  $ref: '#/components/schemas/WellKnownAppAuthenticatorConfiguration'
                type: array
          description: Success
        "400":
          content:
            application/json:
              examples:
                MissingRequiredParameter:
                  $ref: '#/components/examples/ErrorMissingRequiredParameter'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security: []
      summary: Retrieve the Well-Known App Authenticator Configuration
      tags:
      - Authenticator
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /.well-known/okta-organization:
    get:
      description: "Retrieves the well-known org metadata, which includes the org\
        \ ID, configured custom domains, authentication pipeline, and various other\
        \ org settings"
      operationId: getWellknownOrgMetadata
      responses:
        "200":
          content:
            application/json:
              examples:
                Identity Engine Org with Custom Domain:
                  $ref: '#/components/examples/WellKnownOrgMetadataResponseCustomUrlOie'
                Classic Org:
                  $ref: '#/components/examples/WellKnownOrgMetadataResponseClassic'
              schema:
                $ref: '#/components/schemas/WellKnownOrgMetadata'
          description: Success
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security: []
      summary: Retrieve the Well-Known Org Metadata
      tags:
      - OrgSettingMetadata
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /.well-known/ssf-configuration:
    get:
      description: "Retrieves SSF Transmitter configuration metadata. This includes\
        \ all supported endpoints and key information about certain properties of\
        \ the Okta org as the transmitter, such as `delivery_methods_supported`, `issuer`,\
        \ and `jwks_uri`."
      operationId: getWellknownSsfMetadata
      responses:
        "200":
          content:
            application/json:
              examples:
                wellKnownSSFMetadataExample:
                  $ref: '#/components/examples/wellKnownSSFMetadataExample'
              schema:
                $ref: '#/components/schemas/WellKnownSSFMetadata'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security: []
      summary: Retrieve the SSF Transmitter metadata
      tags:
      - SSFTransmitter
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/agentPools:
    get:
      description: Lists all agent pools with pagination support
      operationId: listAgentPools
      parameters:
      - description: Maximum number of AgentPools being returned
        explode: true
        in: query
        name: limitPerPoolType
        required: false
        schema:
          default: 5
          type: integer
        style: form
      - description: Agent type to search for
        explode: true
        in: query
        name: poolType
        required: false
        schema:
          $ref: '#/components/schemas/AgentType'
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/AgentPool'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.read
      summary: List all Agent Pools
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/agentPools/{poolId}/updates:
    get:
      description: Lists all agent pool updates
      operationId: listAgentPoolsUpdates
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      - description: Scope the list only to scheduled or ad-hoc updates. If the parameter
          is not provided we will return the whole list of updates.
        explode: true
        in: query
        name: scheduled
        required: false
        schema:
          type: boolean
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/AgentPoolUpdate'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.read
      summary: List all Agent Pool updates
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Creates an Agent pool update \\n For user flow 2 manual update,\
        \ starts the update immediately. \\n For user flow 3, schedules the update\
        \ based on the configured update window and delay."
      operationId: createAgentPoolsUpdate
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AgentPoolUpdate'
        required: true
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdate'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.manage
      summary: Create an Agent Pool update
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/agentPools/{poolId}/updates/settings:
    get:
      description: Retrieves the current state of the agent pool update instance settings
      operationId: getAgentPoolsUpdateSettings
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdateSetting'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.read
      summary: Retrieve an Agent Pool update's settings
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Updates an agent pool update settings
      operationId: updateAgentPoolsUpdateSettings
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AgentPoolUpdateSetting'
        required: true
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdateSetting'
          description: Updated
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.manage
      summary: Update an Agent Pool update settings
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/agentPools/{poolId}/updates/{updateId}:
    delete:
      description: Deletes Agent pool update
      operationId: deleteAgentPoolsUpdate
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      - description: Id of the update
        explode: false
        in: path
        name: updateId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: Deleted
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.manage
      summary: Delete an Agent Pool update
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves Agent pool update from updateId
      operationId: getAgentPoolsUpdateInstance
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      - description: Id of the update
        explode: false
        in: path
        name: updateId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdate'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.read
      summary: Retrieve an Agent Pool update by id
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Updates Agent pool update and return latest agent pool update
      operationId: updateAgentPoolsUpdate
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      - description: Id of the update
        explode: false
        in: path
        name: updateId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AgentPoolUpdate'
        required: true
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdate'
          description: Updated
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.manage
      summary: Update an Agent Pool update by id
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/agentPools/{poolId}/updates/{updateId}/activate:
    post:
      description: Activates scheduled Agent pool update
      operationId: activateAgentPoolsUpdate
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      - description: Id of the update
        explode: false
        in: path
        name: updateId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdate'
          description: Activated
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.manage
      summary: Activate an Agent Pool update
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/agentPools/{poolId}/updates/{updateId}/deactivate:
    post:
      description: Deactivates scheduled Agent pool update
      operationId: deactivateAgentPoolsUpdate
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      - description: Id of the update
        explode: false
        in: path
        name: updateId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdate'
          description: Deactivated
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.manage
      summary: Deactivate an Agent Pool update
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/agentPools/{poolId}/updates/{updateId}/pause:
    post:
      description: Pauses running or queued Agent pool update
      operationId: pauseAgentPoolsUpdate
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      - description: Id of the update
        explode: false
        in: path
        name: updateId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdate'
          description: Paused
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.manage
      summary: Pause an Agent Pool update
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/agentPools/{poolId}/updates/{updateId}/resume:
    post:
      description: Resumes running or queued Agent pool update
      operationId: resumeAgentPoolsUpdate
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      - description: Id of the update
        explode: false
        in: path
        name: updateId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdate'
          description: Resumed
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.manage
      summary: Resume an Agent Pool update
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/agentPools/{poolId}/updates/{updateId}/retry:
    post:
      description: Retries Agent pool update
      operationId: retryAgentPoolsUpdate
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      - description: Id of the update
        explode: false
        in: path
        name: updateId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdate'
          description: Retried
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.manage
      summary: Retry an Agent Pool update
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/agentPools/{poolId}/updates/{updateId}/stop:
    post:
      description: Stops Agent pool update
      operationId: stopAgentPoolsUpdate
      parameters:
      - description: Id of the agent pool for which the settings will apply
        explode: false
        in: path
        name: poolId
        required: true
        schema:
          type: string
        style: simple
      - description: Id of the update
        explode: false
        in: path
        name: updateId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgentPoolUpdate'
          description: Stopped
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.agentPools.manage
      summary: Stop an Agent Pool update
      tags:
      - AgentPools
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/api-tokens:
    get:
      description: Lists all the metadata of the active API tokens
      operationId: listApiTokens
      responses:
        "200":
          content:
            application/json:
              examples:
                List Tokens:
                  $ref: '#/components/examples/ApiTokenListMetadataResponse'
              schema:
                items:
                  $ref: '#/components/schemas/ApiToken'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apiTokens.read
      summary: List all API Token Metadata
      tags:
      - ApiToken
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/api-tokens/current:
    delete:
      description: Revokes the API token provided in the Authorization header
      operationId: revokeCurrentApiToken
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      summary: Revoke the Current API Token
      tags:
      - ApiToken
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/api-tokens/{apiTokenId}:
    delete:
      description: Revokes an API token by `apiTokenId`
      operationId: revokeApiToken
      parameters:
      - description: id of the API Token
        explode: false
        in: path
        name: apiTokenId
        required: true
        schema:
          example: 00Tabcdefg1234567890
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apiTokens.manage
      summary: Revoke an API Token
      tags:
      - ApiToken
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves the metadata for an active API token by `apiTokenId`
      operationId: getApiToken
      parameters:
      - description: id of the API Token
        explode: false
        in: path
        name: apiTokenId
        required: true
        schema:
          example: 00Tabcdefg1234567890
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                HCaptcha:
                  $ref: '#/components/examples/ApiTokenMetadataResponse'
              schema:
                $ref: '#/components/schemas/ApiToken'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apiTokens.read
      summary: Retrieve an API Token's Metadata
      tags:
      - ApiToken
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Upserts an API Token Network Condition by `apiTokenId`
      operationId: upsertApiToken
      parameters:
      - description: id of the API Token
        explode: false
        in: path
        name: apiTokenId
        required: true
        schema:
          example: 00Tabcdefg1234567890
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            example:
              name: api_token_name
              clientName: client_name
              userId: 00uabcdefg1234567890
              network:
                connection: ANYWHERE
              created: 2021-11-09T20:38:10.000Z
            schema:
              $ref: '#/components/schemas/ApiTokenUpdate'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                HCaptcha:
                  $ref: '#/components/examples/ApiTokenMetadataResponse'
              schema:
                $ref: '#/components/schemas/ApiToken'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apiTokens.manage
      summary: Upsert an API Token Network Condition
      tags:
      - ApiToken
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps:
    get:
      description: "Lists all apps in the org with pagination. A subset of apps can\
        \ be returned that match a supported filter expression or query. The results\
        \ are [paginated](/#pagination) according to the `limit` parameter. If there\
        \ are multiple pages of results, the header contains a `next` link. Treat\
        \ the link as an opaque value (follow it, don't parse it)."
      operationId: listApplications
      parameters:
      - description: Searches for apps with `name` or `label` properties that starts
          with the `q` value using the `startsWith` operation
        explode: true
        in: query
        name: q
        required: false
        schema:
          example: Okta
          type: string
        style: form
      - description: "Specifies the [pagination](/#pagination) cursor for the next\
          \ page of results. Treat this as an opaque value obtained through the `next`\
          \ link relationship."
        explode: true
        in: query
        name: after
        required: false
        schema:
          example: "16278919418571"
          type: string
        style: form
      - description: "Specifies whether to use query optimization. If you specify\
          \ `useOptimization=true` in the request query, the response contains a subset\
          \ of app instance properties."
        explode: true
        in: query
        name: useOptimization
        required: false
        schema:
          default: false
          type: boolean
        style: form
      - description: Specifies the number of results per page
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: -1
          format: int32
          maximum: 200
          type: integer
        style: form
      - description: "Filters apps by `status`, `user.id`, `group.id`, `credentials.signing.kid`\
          \ or `name` expression that supports the `eq` operator"
        examples:
          ActiveStatusEx:
            summary: Filter for active apps
            value: status eq "ACTIVE"
          NameFilterEx:
            summary: Filter for apps with `okta_org2org` name
            value: name eq "okta_org2org"
          CredKidEx:
            summary: Filter for apps using a specific key
            value: credentials.signing.kid eq "SIMcCQNY3uwXoW3y0vf6VxiBb5n9pf8L2fK8d-F1bm4"
        explode: true
        in: query
        name: filter
        required: false
        schema:
          type: string
        style: form
      - description: |-
          An optional parameter used for link expansion to embed more resources in the response.
          Only supports `expand=user/{userId}` and must be used with the `user.id eq "{userId}"` filter query for the same user.
          Returns the assigned [Application User](/openapi/okta-management/management/tag/ApplicationUsers/) in the `_embedded` property.
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: user/0oa1gjh63g214q0Hq0g4
          type: string
        style: form
      - description: "Specifies whether to include non-active, but not deleted apps\
          \ in the results"
        explode: true
        in: query
        name: includeNonDeleted
        required: false
        schema:
          default: false
          type: boolean
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ResponseExample1:
                  $ref: '#/components/examples/GetApplicationsByUserResponseEx'
                ResponseExample2:
                  $ref: '#/components/examples/GetApplicationsByGroupResponseEx'
                ResponseExample3:
                  $ref: '#/components/examples/GetApplicationsByKeyResponseEx'
                ResponseExample4:
                  $ref: '#/components/examples/GetApplicationsByNameResponseEx'
              schema:
                items:
                  $ref: '#/components/schemas/Application'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: List all Applications
      tags:
      - Application
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |
        Creates an app instance in your Okta org.

        You can either create an OIN app instance or a custom app instance:
        * OIN app instances have prescribed `name` (key app definition) and `signOnMode` options. See the [OIN schemas](/openapi/okta-management/management/tag/Application/#tag/Application/schema/GoogleApplication) for the request body.
        * For custom app instances, select the [signOnMode](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=0/signOnMode&t=request) that pertains to your app and specify the required parameters in the request body.
      operationId: createApplication
      parameters:
      - description: Executes activation lifecycle operation when creating the app
        explode: true
        in: query
        name: activate
        required: false
        schema:
          default: true
          type: boolean
        style: form
      - explode: false
        in: header
        name: OktaAccessGateway-Agent
        required: false
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              BOOKMARK:
                $ref: '#/components/examples/BookmarkEx'
              AUTO_LOGIN:
                $ref: '#/components/examples/AutoLoginEx'
              BASIC_AUTH:
                $ref: '#/components/examples/BasicAuthEx'
              SECURE_PASSWORD_STORE:
                $ref: '#/components/examples/SecurePasswordStoreEx'
              WS_FEDERATION:
                $ref: '#/components/examples/WSFederationEx'
              BROWSER_PLUGIN:
                $ref: '#/components/examples/BrowserPluginEx'
              BROWSER_PLUGIN_SWA_3FIELD:
                $ref: '#/components/examples/BrowserPluginSwa3FieldEx'
              SAML_2_0:
                $ref: '#/components/examples/Saml2.0Ex'
              OPENID_CONNECT:
                $ref: '#/components/examples/OpenidConnectEx'
            schema:
              $ref: '#/components/schemas/Application'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                BOOKMARK:
                  $ref: '#/components/examples/BookmarkAppResponseEx'
                AUTO_LOGIN:
                  $ref: '#/components/examples/AutoLoginAppResponseEx'
                BASIC_AUTH:
                  $ref: '#/components/examples/BasicAuthResponseEx'
                SECURE_PASSWORD_STORE:
                  $ref: '#/components/examples/SecurePasswordStoreResponseEx'
                WS_FEDERATION:
                  $ref: '#/components/examples/WSFederationResponseEx'
                BROWSER_PLUGIN:
                  $ref: '#/components/examples/BrowserPluginResponseEx'
                BROWSER_PLUGIN_SWA_3FIELD:
                  $ref: '#/components/examples/BrowserPluginSwa3FieldResponseEx'
                SAML_2_0:
                  $ref: '#/components/examples/Saml2.0ResponseEx'
                OPENID_CONNECT:
                  $ref: '#/components/examples/OpenidConnectResponseEx'
              schema:
                $ref: '#/components/schemas/Application'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Create an Application
      tags:
      - Application
      x-codegen-request-body-name: application
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps/google/{appId}/oauth2/callback: {}
  /api/v1/apps/office365/{appId}/oauth2/callback: {}
  /api/v1/apps/{appId}:
    delete:
      description: Deletes an inactive application
      operationId: deleteApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Delete an Application
      tags:
      - Application
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves an application from your Okta organization by `id`
      operationId: getApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: |-
          An optional query parameter to return the specified [Application User](/openapi/okta-management/management/tag/ApplicationUsers/) in the `_embedded` property.
          Valid value: `expand=user/{userId}`
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: user/0oa1gjh63g214q0Hq0g4
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                RetrieveEx1:
                  $ref: '#/components/examples/GetApplicationsResponseEx'
              schema:
                $ref: '#/components/schemas/Application'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve an Application
      tags:
      - Application
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |
        Replaces properties for an application
        > **Notes:**
        > * All required properties must be specified in the request body
        > * You can't modify system-assigned properties, such as `id`, `name`, `status`, `created`, and `lastUpdated`. The values for these properties in the PUT request body are ignored.
      operationId: replaceApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              BOOKMARK:
                $ref: '#/components/examples/BookmarkPutEx'
              AUTO_LOGIN:
                $ref: '#/components/examples/AutoLoginPutEx'
              BASIC_AUTH:
                $ref: '#/components/examples/BasicAuthPutEx'
              SECURE_PASSWORD_STORE:
                $ref: '#/components/examples/SecurePasswordStorePutEx'
              WS_FEDERATION:
                $ref: '#/components/examples/WSFederationPutEx'
              BROWSER_PLUGIN:
                $ref: '#/components/examples/BrowserPluginPutEx'
              BROWSER_PLUGIN_SWA_3FIELD:
                $ref: '#/components/examples/BrowserPluginSwa3FieldPutEx'
              SAML_2_0:
                $ref: '#/components/examples/Saml2.0PutEx'
              OPENID_CONNECT:
                $ref: '#/components/examples/OpenidConnectPutEx'
            schema:
              $ref: '#/components/schemas/Application'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                BOOKMARK:
                  $ref: '#/components/examples/BookmarkPutResponseEx'
                AUTO_LOGIN:
                  $ref: '#/components/examples/AutoLoginPutResponseEx'
                BASIC_AUTH:
                  $ref: '#/components/examples/BasicAuthPutResponseEx'
                SECURE_PASSWORD_STORE:
                  $ref: '#/components/examples/SecurePasswordStorePutResponseEx'
                WS_FEDERATION:
                  $ref: '#/components/examples/WSFederationPutResponseEx'
                BROWSER_PLUGIN:
                  $ref: '#/components/examples/BrowserPluginPutResponseEx'
                BROWSER_PLUGIN_SWA_3FIELD:
                  $ref: '#/components/examples/BrowserPluginSwa3FieldPutResponseEx'
                SAML_2_0:
                  $ref: '#/components/examples/Saml2.0PutResponseEx'
                OPENID_CONNECT:
                  $ref: '#/components/examples/OpenidConnectPutResponseEx'
              schema:
                $ref: '#/components/schemas/Application'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Replace an Application
      tags:
      - Application
      x-codegen-request-body-name: application
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/connections/default:
    get:
      description: Retrieves the default Provisioning Connection for an app
      operationId: getDefaultProvisioningConnectionForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ProvisioningConnectionTokenZscalerEx:
                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseWithProfileZscalerEx'
                ProvisioningConnectionTokenOrg2OrgEx:
                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseWithProfileOrg2OrgEx'
                ProvisioningConnectionOauthO365Ex:
                  $ref: '#/components/examples/ProvisioningConnectionOauthResponseEx'
              schema:
                $ref: '#/components/schemas/ProvisioningConnectionResponse'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve the default Provisioning Connection
      tags:
      - ApplicationConnections
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Updates the default Provisioning Connection for an app
      operationId: updateDefaultProvisioningConnectionForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Activates the Provisioning Connection
        explode: true
        in: query
        name: activate
        required: false
        schema:
          type: boolean
        style: form
      requestBody:
        content:
          application/json:
            examples:
              ProvisioningConnectionTokenZscalerEx:
                $ref: '#/components/examples/ProvisioningConnectionTokenRequestEx'
              ProvisioningConnectionTokenOrg2OrgEx:
                $ref: '#/components/examples/ProvisioningConnectionTokenOrg2OrgRequestEx'
              ProvisioningConnectionOauthO365Ex:
                $ref: '#/components/examples/ProvisioningConnectionOauthO365RequestEx'
            schema:
              $ref: '#/components/schemas/updateDefaultProvisioningConnectionForApplication_request'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProvisioningConnectionResponse'
          description: OK
        "201":
          content:
            application/json:
              examples:
                ProvisioningConnectionTokenZscalerEx:
                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseWithProfileZscalerEx'
                ProvisioningConnectionTokenOrg2OrgEx:
                  $ref: '#/components/examples/ProvisioningConnectionTokenResponseWithProfileOrg2OrgEx'
                ProvisioningConnectionOauthO365Ex:
                  $ref: '#/components/examples/ProvisioningConnectionOauthResponseEx'
              schema:
                $ref: '#/components/schemas/ProvisioningConnectionResponse'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Update the default Provisioning Connection
      tags:
      - ApplicationConnections
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/connections/default/lifecycle/activate:
    post:
      description: Activates the default Provisioning Connection for an app
      operationId: activateDefaultProvisioningConnectionForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Activate the default Provisioning Connection
      tags:
      - ApplicationConnections
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/connections/default/lifecycle/deactivate:
    post:
      description: Deactivates the default Provisioning Connection for an app
      operationId: deactivateDefaultProvisioningConnectionForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Deactivate the default Provisioning Connection
      tags:
      - ApplicationConnections
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/csrs:
    get:
      description: Lists all Certificate Signing Requests for an application
      operationId: listCsrsForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/Csr'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: List all Certificate Signing Requests
      tags:
      - ApplicationSSOCredentialKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Generates a new key pair and returns the Certificate Signing Request(CSR) for it. The information in a CSR is used by the Certificate Authority (CA) to verify and create your certificate. It also contains the public key that is included in your certificate.

        Returns CSR in `pkcs#10` format if the `Accept` media type is `application/pkcs10` or a CSR object if the `Accept` media type is `application/json`.
        > **Note:** The key pair isn't listed in the Key Credentials for the app until it's published.
      operationId: generateCsrForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CsrMetadata'
        required: true
      responses:
        "201":
          content:
            application/pkcs10:
              examples:
                CsrPkcs10Response:
                  $ref: '#/components/examples/AppCsrPkcs10Response'
              schema:
                $ref: '#/components/schemas/AppCsrPkcs10'
            application/json:
              examples:
                CsrJsonResponse:
                  $ref: '#/components/examples/AppCsrJsonResponse'
              schema:
                $ref: '#/components/schemas/Csr'
          description: Created
          headers:
            Content-Type:
              description: The Content-Type of the response
              examples:
                pkcs10Header:
                  summary: application/pkcs10 Content-Type header
                  value: application/pkcs10; filename=okta.p10
                json:
                  summary: application/json Content-Type header
                  value: application/json
              explode: false
              schema:
                type: string
              style: simple
            Content-Transfer-Encoding:
              description: Encoding of the response
              example: base64
              explode: false
              schema:
                type: string
              style: simple
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Generate a Certificate Signing Request
      tags:
      - ApplicationSSOCredentialKey
      x-codegen-request-body-name: metadata
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
      - application/pkcs10
  /api/v1/apps/{appId}/credentials/csrs/{csrId}:
    delete:
      description: Revokes a Certificate Signing Request and deletes the key pair
        from the app
      operationId: revokeCsrFromApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: '`id` of the CSR'
        explode: false
        in: path
        name: csrId
        required: true
        schema:
          example: fd7x1h7uTcZFx22rU1f7
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Revoke a Certificate Signing Request
      tags:
      - ApplicationSSOCredentialKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: |-
        Retrieves a Certificate Signing Request (CSR) for the app by `csrId`.

        Returns a Base64-encoded CSR in DER format if the `Accept` media type is `application/pkcs10` or a CSR object if the `Accept` media type is `application/json`.
      operationId: getCsrForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: '`id` of the CSR'
        explode: false
        in: path
        name: csrId
        required: true
        schema:
          example: fd7x1h7uTcZFx22rU1f7
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                CsrJsonResponse:
                  $ref: '#/components/examples/AppCsrJsonResponse'
              schema:
                $ref: '#/components/schemas/Csr'
            application/pkcs10:
              examples:
                CsrPkcs10Response:
                  $ref: '#/components/examples/AppCsrPkcs10Response'
              schema:
                $ref: '#/components/schemas/AppCsrPkcs10'
          description: Success
          headers:
            Content-Type:
              description: The Content-Type of the response
              examples:
                pkcs10Header:
                  summary: application/pkcs10 Content-Type header
                  value: application/pkcs10; filename=okta.p10
                json:
                  summary: application/json Content-Type header
                  value: application/json
              explode: false
              schema:
                type: string
              style: simple
            Content-Transfer-Encoding:
              description: Encoding of the response
              example: base64
              explode: false
              schema:
                type: string
              style: simple
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve a Certificate Signing Request
      tags:
      - ApplicationSSOCredentialKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
      - application/pkcs10
  /api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish:
    post:
      description: |-
        Publishes a Certificate Signing Request (CSR) for the app with a signed X.509 certificate and adds it into the Application Key Credentials.
        > **Note:** Publishing a certificate completes the lifecycle of the CSR and it's no longer accessible.
      operationId: publishCsrFromApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: '`id` of the CSR'
        explode: false
        in: path
        name: csrId
        required: true
        schema:
          example: fd7x1h7uTcZFx22rU1f7
          type: string
        style: simple
      requestBody:
        content:
          application/x-x509-ca-cert:
            schema:
              description: |-
                X.509 certificate in `CER` format.
                The client can either post in binary or Base64URL-encoded. If the post is Base64URL-encoded, set the `Content-Transfer-Encoding` header to `base64`.
              example: !!binary |-
                QGNlcnRpZmljYXRlLnBlbQ==
              format: binary
              type: string
              x-okta-operationId: publishBinaryCerCert
          application/pkix-cert:
            schema:
              description: "X.509 certificate in `DER` format. \nThe client can either\
                \ post in binary or Base64URL-encoded. If the post is Base64URL-encoded,\
                \ set the `Content-Transfer-Encoding` header to `base64`."
              example: !!binary |-
                TUlJRmdqQ0NBMnFnQXdJQkFnSUNFQWN3RFFZSktvWklodmNOQVFFTEJRQXdYakVMTUFrR0ExVUVC
                aE1DVlZNeEN6QUpCZ05WQkFnTUFrTkJNUll3RkFZRFZRUUhEQTFUWVc0Z1JuSmhibU5wYzJOdk1R
                MHdDd1lEVlFRS0RBUlBhM1JoTVF3d0NnWURWUVFMREFORmJtY3hEVEFMQmdOVkJBTU1CRkp2YjNR
                d0hoY05NVGN3TXpJM01qRXlNRFEzV2hjTk1UZ3dOREEyTWpFeU1EUTNXakI0TVFzd0NRWURWUVFH
                RXdKVlV6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZ
                VzVqYVhOamJ6RVRNQkVHQTFVRUNnd0tUMnQwWVN3Z1NXNWpMakVRTUE0R0ExVUVDd3dIU21GdWEz
                bERiekVWTUJNR0ExVUVBd3dNU1dSUUlFbHpjM1ZsY2lBM01JSUJJakFOQmdrcWhraUc5dzBCQVFF
                RkFBT0NBUThBTUlJQkNnS0NBUUVBbWtDNnlBSlZ2RndVbG1NOWdLamIyZCtZSzVxSEZ0K21YU3Ni
                aldLS3M0RWZObStCb1FlZW92Qlp0U0FDeWFxTGM4SVlGVFBFVVJGY2JEUTlEa0FMMDR1VUlSRDJn
                YUhZWTd1SzBqc2x1RWFYR3EyUkFJc216QXdOVHpraUR3NHE5cERML3E3bjBmL1NEdDFUc01hTVFh
                eUI2YlU1aldzbXFjV0o4TUNSSjFhSk1qWjE2dW41VVZ4NTFJSWVDYmU0UVJEeEVYR0F2WU5jenNC
                b1p4c3BEdDI4ZXNTcHE1VzBkQkZ4Y3lHVnVkeWw1NEVyM0Z6QWd1aGdmTVZqSCtiVWVjOWoyVGw0
                MHFEVGt0cllnWWZ4ejlwZmptMDFIbDRXWVAxWVF4ZUVUcFNMN2NRNUloejRqR0R0SFVFT2NaNEdm
                SnJQenJHcFVyYWs4UXA1eGN3Q3FRSURBUUFCbzRJQkxqQ0NBU293Q1FZRFZSMFRCQUl3QURBUkJn
                bGdoa2dCaHZoQ0FRRUVCQU1DQmtBd013WUpZSVpJQVliNFFnRU5CQ1lXSkU5d1pXNVRVMHdnUjJW
                dVpYSmhkR1ZrSUZObGNuWmxjaUJEWlhKMGFXWnBZMkYwWlRBZEJnTlZIUTRFRmdRVVZxSnVrRG15
                RU53LzJwVEFwYnhjL0hSS2JuZ3dnWkFHQTFVZEl3U0JpRENCaFlBVUZ4MjQ1WlpYcVdUVGJBUmZN
                bEZXTjc3TDlFYWhZcVJnTUY0eEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUlEQUpEUVRFV01C
                UUdBMVVFQnd3TlUyRnVJRVp5WVc1amFYTmpiekVOTUFzR0ExVUVDZ3dFVDJ0MFlURU1NQW9HQTFV
                RUN3d0RSVzVuTVEwd0N3WURWUVFEREFSU2IyOTBnZ2tBbElmcHdaak81bzh3RGdZRFZSMFBBUUgv
                QkFRREFnV2dNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01CTUEwR0NTcUdTSWIzRFFFQkN3VUFB
                NElDQVFDY29CU1J0WSs5Y0pZMDBoTHZxNkFsb1laY2RuL2tVUXVwZm15ejRuM2xLRTN3VjJGQjBz
                d0tuSzBRRGk4aU51UUpGZGFnLzE5dkRIQzQvTGhvU3V2MVErS1hNNjFwUFpWUlhYUHlDMStlN1k2
                aGo5M3RFSTVIY3FMUGNEUkgxQUlHMmw4dEU3TEJuK01RQjVWaDZveGpHMklkb1d4ZzZhYk1mSVNV
                K01hdVBXcWw0dk1EVVdvOWlOU2hBbzQ0WjVmZCtudXoraGxBaW5VOVhuOUpmMlFzZkt2Y2JNUnE3
                aXVxZ2thYmdkbU9ibVdiOUtLMFZtN1REa3hDSDBwQjBvblByNmVwVlVQOE9iZy9wVDFPai8xaE9M
                YmZSOENISFdkQVd6VUJHR3ZwMlRJeTJBOExVYUVvRm53a3haZmRMN0JuZDBSSC9DbEJ0QWp6TE94
                bVVvN05iWm1FbllDY0Q1cFp6N0JkWkkwZGIvZUJYRnFmT2xBODhyRWUrOVN2K05uZElxMC9XTklJ
                c0ppMlJnakpueHN4dkI1TWpoaHptSXRwRklVbDV5cW9PM0M5amNDcDZIREJKeHRDR2J2QXI1QUxQ
                bjVSQ0plQklyNjdXcEFpVGQ3TDNFYnU5U1FabFhub0hYOGtQMDRFQTZ5bFIzVzBFRmJoN0tVdHE4
                TTJIMnZvMHdqTWo3eXNsLzN0VDdjRVo5N3MxeWdPNWlKeDNHZk1EeXJEaHRMWFNCSjIwdVN4VEpl
                cHRSdzhTRGl3VHF1bkloMVd5S2xjUXoxV0dhdVNiVzRlWGRqL3I5S1lNSjNxTU1rZFAvOVRIUVV0
                VGNPWXg1MXI4UlY5cGR6cUYySFBuWlpOemlCYSt3WEpaSEVXcDcwTnlvYWtOdGhnWXd0eXBxaURI
                czJmM1E9PQ==
              format: binary
              type: string
              x-okta-operationId: publishBinaryDerCert
          application/x-pem-file:
            schema:
              description: X.509 certificate in `PEM` format
              example: !!binary |-
                QGNlcnRpZmljYXRlLnBlbQ==
              format: binary
              type: string
              x-okta-operationId: publishBinaryPemCert
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                PublishCSR:
                  $ref: '#/components/examples/KeyCredentialExample'
              schema:
                $ref: '#/components/schemas/JsonWebKey'
          description: Created
        "400":
          content:
            application/json:
              examples:
                ErrorPublishCSRCertDoesNotMatchCSR:
                  $ref: '#/components/examples/ErrorPublishCSRCertDoesNotMatchCSR'
                ErrorPublishCSRCertValidityLessThan90Days:
                  $ref: '#/components/examples/ErrorPublishCSRCertValidityLessThan90Days'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Publish a Certificate Signing Request
      tags:
      - ApplicationSSOCredentialKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/x-x509-ca-cert
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/jwks:
    get:
      description: Lists all JSON Web Keys for an OAuth 2.0 client app
      operationId: listJwk
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                OAuthClientJsonWebKeyListResponseExample:
                  $ref: '#/components/examples/oAuthClientJsonWebKeyListResponse'
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2ClientJsonWebKey'
                type: array
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: List all the OAuth 2.0 Client JSON Web Keys
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Adds a new JSON Web Key to the client’s JSON Web Keys. \n> **Note:**\
        \ This API doesn't allow you to add a key if the existing key doesn't have\
        \ a `kid`. This is also consistent with how the [Dynamic Client Registration](/openapi/okta-oauth/oauth/tag/Client/)\
        \ or [Applications](/openapi/okta-management/management/tag/Application/)\
        \ APIs behave, as they don't allow the creation of multiple keys without `kids`.\
        \ Use the [Replace an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/replaceApplication)\
        \ or the [Replace a Client Application](/openapi/okta-oauth/oauth/tag/Client/#tag/Client/operation/replaceClient)\
        \ operation to update the JWKS or [Delete an OAuth 2.0 Client JSON Web Key](/openapi/okta-management/management/tag/ApplicationSSOCredentialOAuth2ClientAuth/#tag/ApplicationSSOCredentialOAuth2ClientAuth/operation/deletejwk)\
        \ and re-add the key with a `kid`."
      operationId: addJwk
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              createOAuth2ClientJsonWebKeyRequestBody:
                $ref: '#/components/examples/oAuthClientJsonWebKeyRequest'
            schema:
              $ref: '#/components/schemas/OAuth2ClientJsonWebKeyRequestBody'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                newOAuth2ClientSecretResponse:
                  $ref: '#/components/examples/oAuthClientJsonWebKey'
              schema:
                $ref: '#/components/schemas/OAuth2ClientJsonWebKey'
          description: Created
        "400":
          content:
            application/json:
              examples:
                ErrorClientJsonWebKeyNonUniqueKid:
                  $ref: '#/components/examples/ErrorClientJsonWebKeyNonUniqueKid'
                ErrorClientJsonWebKeyDuplicateKid:
                  $ref: '#/components/examples/ErrorClientJsonWebKeyDuplicateKid'
                ErrorClientJsonWebKeyKidLengthTooShort:
                  $ref: '#/components/examples/ErrorClientJsonWebKeyKidLengthTooShort'
                ErrorClientJsonWebKeyTooManyKids:
                  $ref: '#/components/examples/ErrorClientJsonWebKeyTooManyKids'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Add a JSON Web Key
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/jwks/{keyId}:
    delete:
      description: Deletes an OAuth 2.0 Client JSON Web Key by `keyId`. You can only
        delete an inactive key.
      operationId: deletejwk
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Unique `id` of the OAuth 2.0 Client JSON Web Key
        example: pks2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: keyId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "400":
          content:
            application/json:
              examples:
                ErrorDeleteActiveJsonWebKey:
                  $ref: '#/components/examples/ErrorDeleteActiveJsonWebKey'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Delete an OAuth 2.0 Client JSON Web Key
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves an OAuth 2.0 Client JSON Web Key by `keyId`.
      operationId: getJwk
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Unique `id` of the OAuth 2.0 Client JSON Web Key
        example: pks2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: keyId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                OAuthClientJsonWebKeyResponseExample:
                  $ref: '#/components/examples/oAuthClientJsonWebKey'
              schema:
                $ref: '#/components/schemas/OAuth2ClientJsonWebKey'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve an OAuth 2.0 Client JSON Web Key
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/jwks/{keyId}/lifecycle/activate:
    post:
      description: Activates an OAuth 2.0 Client JSON Web Key by `keyId`
      operationId: activateOAuth2ClientJsonWebKey
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Unique `id` of the OAuth 2.0 Client JSON Web Key
        example: pks2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: keyId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                activateOAuth2ClientJsonWebKeyResponse:
                  $ref: '#/components/examples/oAuthClientJsonWebKey'
              schema:
                $ref: '#/components/schemas/OAuth2ClientJsonWebKey'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Activate an OAuth 2.0 Client JSON Web Key
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/jwks/{keyId}/lifecycle/deactivate:
    post:
      description: Deactivates an OAuth 2.0 Client JSON Web Key by `keyId`.
      operationId: deactivateOAuth2ClientJsonWebKey
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Unique `id` of the OAuth 2.0 Client JSON Web Key
        example: pks2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: keyId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                deactivateOAuth2ClientJsonWebKeyResponse:
                  $ref: '#/components/examples/deactivateOAuth2ClientJsonWebKeyResponse'
              schema:
                $ref: '#/components/schemas/OAuth2ClientJsonWebKey'
          description: OK
        "400":
          content:
            application/json:
              examples:
                ErrorDeactivateTheOnlyKeyWithPrivateKeyJwtAuthMethod:
                  $ref: '#/components/examples/ErrorDeactivateTheOnlyKeyWithPrivateKeyJwtAuthMethod'
                ErrorDeactivateTheOnlyKeyWithRequestObjectSignAlgorithm:
                  $ref: '#/components/examples/ErrorDeactivateTheOnlyKeyWithRequestObjectSignAlgorithm'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Deactivate an OAuth 2.0 Client JSON Web Key
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/keys:
    get:
      description: Lists all key credentials for an app
      operationId: listApplicationKeys
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ListAllKeyCredentialsExample:
                  $ref: '#/components/examples/ListAllKeyCredentialsExample'
              schema:
                items:
                  $ref: '#/components/schemas/JsonWebKey'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: List all Key Credentials
      tags:
      - ApplicationSSOCredentialKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/keys/generate:
    post:
      description: |-
        Generates a new X.509 certificate for an app key credential
        > **Note:** To update an Application with the newly generated key credential, use the [Replace an Application](/openapi/okta-management/management/tag/Application/#tag/Application/operation/replaceApplication) request with the new [credentials.signing.kid](/openapi/okta-management/management/tag/Application/#tag/Application/operation/replaceApplication!path=4/credentials/signing/kid&t=request) value in the request body. You can provide just the [Signing Credential object](/openapi/okta-management/management/tag/Application/#tag/Application/operation/replaceApplication!path=4/credentials/signing&t=request) instead of the entire [Application Credential object](/openapi/okta-management/management/tag/Application/#tag/Application/operation/replaceApplication!path=4/credentials&t=request).
      operationId: generateApplicationKey
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Expiry years of the Application Key Credential
        explode: true
        in: query
        name: validityYears
        required: true
        schema:
          example: 5
          type: integer
        style: form
      responses:
        "201":
          content:
            application/json:
              examples:
                KeyCredentialExample:
                  $ref: '#/components/examples/KeyCredentialExample'
              schema:
                $ref: '#/components/schemas/JsonWebKey'
          description: Created
        "400":
          content:
            application/json:
              examples:
                ErrorKeyCredentialInvalidValidity:
                  $ref: '#/components/examples/ErrorKeyCredentialInvalidValidity'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Generate a Key Credential
      tags:
      - ApplicationSSOCredentialKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/keys/{keyId}:
    get:
      description: Retrieves a specific Application Key Credential by `kid`
      operationId: getApplicationKey
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: ID of the Key Credential for the application
        explode: false
        in: path
        name: keyId
        required: true
        schema:
          example: sjP9eiETijYz110VkhHN
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                KeyCredentialExample:
                  $ref: '#/components/examples/KeyCredentialExample'
              schema:
                $ref: '#/components/schemas/JsonWebKey'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve a Key Credential
      tags:
      - ApplicationSSOCredentialKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/keys/{keyId}/clone:
    post:
      description: |-
        Clones an X.509 certificate for an Application Key Credential from a source app to a target app.

        For step-by-step instructions to clone a credential, see [Share application key credentials for IdPs across apps](https://developer.okta.com/docs/guides/sharing-cert/main/).
        > **Note:** Sharing certificates isn't a recommended security practice.
      operationId: cloneApplicationKey
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: ID of the Key Credential for the application
        explode: false
        in: path
        name: keyId
        required: true
        schema:
          example: sjP9eiETijYz110VkhHN
          type: string
        style: simple
      - description: Unique key of the target Application
        explode: true
        in: query
        name: targetAid
        required: true
        schema:
          example: 0ouuytCAJSSDELFTUIDS
          type: string
        style: form
      responses:
        "201":
          content:
            application/json:
              examples:
                KeyCredentialExample:
                  $ref: '#/components/examples/KeyCredentialExample'
              schema:
                $ref: '#/components/schemas/JsonWebKey'
          description: Created
        "400":
          content:
            application/json:
              examples:
                ErrorKeyCredentialCloneDuplicateKey:
                  $ref: '#/components/examples/ErrorKeyCredentialCloneDuplicateKey'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Clone a Key Credential
      tags:
      - ApplicationSSOCredentialKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/secrets:
    get:
      description: Lists all client secrets for an OAuth 2.0 client app
      operationId: listOAuth2ClientSecrets
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                OAuthClientSecretListResponseExample:
                  $ref: '#/components/examples/oAuthClientSecretListResponse'
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2ClientSecret'
                type: array
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: List all OAuth 2.0 Client Secrets
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Creates an OAuth 2.0 Client Secret object with a new active client secret. You can create up to two Secret objects. An error is returned if you attempt to create more than two Secret objects.
        > **Note:** This API lets you bring your own secret. If [token_endpoint_auth_method](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=4/credentials/oauthClient/token_endpoint_auth_method&t=request) of the app is `client_secret_jwt`, then the minimum length of `client_secret` is 32 characters. If no secret is specified in the request, Okta adds a new system-generated secret.
      operationId: createOAuth2ClientSecret
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              createOAuth2ClientSecretSystemGeneratedRequestBody:
                $ref: '#/components/examples/createOAuth2ClientSecretSystemGeneratedRequestBody'
              createOAuth2ClientSecretCustomRequestBody:
                $ref: '#/components/examples/createOAuth2ClientSecretCustomRequestBody'
            schema:
              $ref: '#/components/schemas/OAuth2ClientSecretRequestBody'
      responses:
        "201":
          content:
            application/json:
              examples:
                newOAuth2ClientSecretResponse:
                  $ref: '#/components/examples/oAuth2ClientSecretResponse'
              schema:
                $ref: '#/components/schemas/OAuth2ClientSecret'
          description: Created
        "400":
          content:
            application/json:
              examples:
                ErrorClientSecretTooLong:
                  $ref: '#/components/examples/ErrorClientSecretTooLong'
                ErrorClientSecretTooShort:
                  $ref: '#/components/examples/ErrorClientSecretTooShort'
                ErrorClientSecretTooShortJWT:
                  $ref: '#/components/examples/ErrorClientSecretTooShortWithClientSecretJWT'
                ErrorClientSecretPrivateKeyJWT:
                  $ref: '#/components/examples/ErrorClientSecretWithPrivateKeyJWT'
                ErrorClientSecretNonAscii:
                  $ref: '#/components/examples/ErrorClientSecretNonAscii'
                ErrorMaxNumberOfSecrets:
                  $ref: '#/components/examples/ErrorMaxNumberOfSecrets'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Create an OAuth 2.0 Client Secret
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/secrets/{secretId}:
    delete:
      description: Deletes an OAuth 2.0 Client Secret by `secretId`. You can only
        delete an inactive Secret.
      operationId: deleteOAuth2ClientSecret
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Unique `id` of the OAuth 2.0 Client Secret
        example: ocs2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: secretId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "400":
          content:
            application/json:
              examples:
                ErrorDeleteActiveClientSecret:
                  $ref: '#/components/examples/ErrorDeleteActiveSecret'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Delete an OAuth 2.0 Client Secret
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves an OAuth 2.0 Client Secret by `secretId`
      operationId: getOAuth2ClientSecret
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Unique `id` of the OAuth 2.0 Client Secret
        example: ocs2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: secretId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                OAuthClientSecretResponseExample:
                  $ref: '#/components/examples/oAuth2ClientSecretResponse'
              schema:
                $ref: '#/components/schemas/OAuth2ClientSecret'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve an OAuth 2.0 Client Secret
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/activate:
    post:
      description: Activates an OAuth 2.0 Client Secret by `secretId`
      operationId: activateOAuth2ClientSecret
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Unique `id` of the OAuth 2.0 Client Secret
        example: ocs2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: secretId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                activateOAuth2ClientSecretResponse:
                  $ref: '#/components/examples/activateOAuth2ClientSecretResponse'
              schema:
                $ref: '#/components/schemas/OAuth2ClientSecret'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Activate an OAuth 2.0 Client Secret
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/credentials/secrets/{secretId}/lifecycle/deactivate:
    post:
      description: Deactivates an OAuth 2.0 Client Secret by `secretId`. You can't
        deactivate a secret if it's the only secret of the client.
      operationId: deactivateOAuth2ClientSecret
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Unique `id` of the OAuth 2.0 Client Secret
        example: ocs2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: secretId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                deactivateOAuth2ClientSecretResponse:
                  $ref: '#/components/examples/deactivateOAuth2ClientSecretResponse'
              schema:
                $ref: '#/components/schemas/OAuth2ClientSecret'
          description: OK
        "400":
          content:
            application/json:
              examples:
                ErrorDeactivateTheOnlyClientSecret:
                  $ref: '#/components/examples/ErrorDeactivateTheOnlyClientSecret'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Deactivate an OAuth 2.0 Client Secret
      tags:
      - ApplicationSSOCredentialOAuth2ClientAuth
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/features:
    get:
      description: |
        Lists all features for an app
        > **Note:** This request returns an error if provisioning isn't enabled for the app.
        > To set up provisioning, see [Update the default Provisioning Connection](/openapi/okta-management/management/tag/ApplicationConnections/#tag/ApplicationConnections/operation/updateDefaultProvisioningConnectionForApplication).
      operationId: listFeaturesForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ListAppFeatureResponse:
                  $ref: '#/components/examples/AppFeatureListResponseEx'
              schema:
                items:
                  $ref: '#/components/schemas/ApplicationFeature'
                type: array
          description: Success
        "400":
          content:
            application/json:
              examples:
                ListAppFeatureAPIValidationFailed:
                  $ref: '#/components/examples/ErrorAppFeatureAPIValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: List all Features
      tags:
      - ApplicationFeatures
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/features/{featureName}:
    get:
      description: Retrieves a Feature object for an app
      operationId: getFeatureForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Name of the Feature
        explode: false
        in: path
        name: featureName
        required: true
        schema:
          $ref: '#/components/schemas/ApplicationFeatureType'
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                AppFeatureResponse:
                  $ref: '#/components/examples/AppFeatureResponseEx'
              schema:
                $ref: '#/components/schemas/ApplicationFeature'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve a Feature
      tags:
      - ApplicationFeatures
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |
        Updates a Feature object for an app
        > **Note:** This endpoint supports partial updates.
      operationId: updateFeatureForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Name of the Feature
        explode: false
        in: path
        name: featureName
        required: true
        schema:
          $ref: '#/components/schemas/ApplicationFeatureType'
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              UpdateAppFeatureEx:
                $ref: '#/components/examples/UpdateAppFeatureRequestEx'
              UpdateInboundProvisioningFeatureEx:
                $ref: '#/components/examples/UpdateInboundProvisioningFeatureRequestEx'
            schema:
              $ref: '#/components/schemas/updateFeatureForApplication_request'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                UpdateAppFeatureEx:
                  $ref: '#/components/examples/UpdateAppFeatureResponseEx'
                UpdateInboundProvisioningFeatureEx:
                  $ref: '#/components/examples/UpdateInboundProvisioningFeatureResponseEx'
              schema:
                $ref: '#/components/schemas/ApplicationFeature'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Update a Feature
      tags:
      - ApplicationFeatures
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/grants:
    get:
      description: Lists all scope consent Grants for the app
      operationId: listScopeConsentGrants
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: "An optional parameter to return scope details in the `_embedded`\
          \ property. Valid value: `scope`"
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: scope
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListAppGrantsExample:
                  $ref: '#/components/examples/ListAppGrantsEx'
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.appGrants.read
      summary: List all app Grants
      tags:
      - ApplicationGrants
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Grants consent for the app to request an OAuth 2.0 Okta scope
      operationId: grantConsentToScope
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              AppGrantsExample:
                $ref: '#/components/examples/AppGrantsPostEx'
            schema:
              $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                AppGrantsExample:
                  $ref: '#/components/examples/AppGrantsEx'
              schema:
                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.appGrants.manage
      summary: Grant consent to scope
      tags:
      - ApplicationGrants
      x-codegen-request-body-name: oAuth2ScopeConsentGrant
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/grants/{grantId}:
    delete:
      description: Revokes permission for the app to grant the given scope
      operationId: revokeScopeConsentGrant
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Grant ID
        explode: false
        in: path
        name: grantId
        required: true
        schema:
          example: iJoqkwx50mrgX4T9LcaH
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.appGrants.manage
      summary: Revoke an app Grant
      tags:
      - ApplicationGrants
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a single scope consent Grant object for the app
      operationId: getScopeConsentGrant
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: Grant ID
        explode: false
        in: path
        name: grantId
        required: true
        schema:
          example: iJoqkwx50mrgX4T9LcaH
          type: string
        style: simple
      - description: "An optional parameter to return scope details in the `_embedded`\
          \ property. Valid value: `scope`"
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: scope
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                AppGrantsExample:
                  $ref: '#/components/examples/AppGrantsEx'
              schema:
                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.appGrants.read
      summary: Retrieve an app Grant
      tags:
      - ApplicationGrants
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/groups:
    get:
      description: Lists all app group assignments
      operationId: listApplicationGroupAssignments
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: "Specifies a filter for a list of assigned groups returned based\
          \ on their names. The value of `q` is matched against the group `name`.\
          \ \nThis filter only supports the `startsWith` operation that matches the\
          \ `q` string against the beginning of the [Group name](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroups!c=200&path=profile/name&t=response)."
        explode: true
        in: query
        name: q
        required: false
        schema:
          example: test
          type: string
        style: form
      - description: "Specifies the pagination cursor for the `next` page of results.\
          \ Treat this as an opaque value obtained through the next link relationship.\
          \ See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          example: "16275000448691"
          type: string
        style: form
      - description: |-
          Specifies the number of objects to return per page.
          If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it).
          See [Pagination](/#pagination).
        examples:
          min:
            summary: Minimum limit value
            value: 20
          hundred:
            summary: Sample limit value
            value: 100
          max:
            summary: Maximum limit value
            value: 200
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          maximum: 200
          minimum: 20
          type: integer
        style: form
      - description: "An optional query parameter to return the corresponding assigned\
          \ [Group](/openapi/okta-management/management/tag/Group/) or \nthe group\
          \ assignment metadata details in the `_embedded` property. "
        examples:
          group:
            summary: Embedded assigned Group
            value: group
          metadata:
            summary: Embedded group assignment metadata
            value: metadata
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: metadata
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                listGroupAssignmentsResponseExample:
                  $ref: '#/components/examples/GroupAssignmentExListResponse'
              schema:
                items:
                  $ref: '#/components/schemas/ApplicationGroupAssignment'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: List all Application Groups
      tags:
      - ApplicationGroups
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/groups/{groupId}:
    delete:
      description: Unassigns a Group from an app
      operationId: unassignApplicationFromGroup
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Unassign an Application Group
      tags:
      - ApplicationGroups
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves an app group assignment
      operationId: getApplicationGroupAssignment
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: "An optional query parameter to return the corresponding assigned\
          \ [Group](/openapi/okta-management/management/tag/Group/) or \nthe group\
          \ assignment metadata details in the `_embedded` property. "
        examples:
          group:
            summary: Embedded assigned Group
            value: group
          metadata:
            summary: Embedded group assignment metadata
            value: metadata
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: group
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                getGroupAssignmentResponseExample:
                  $ref: '#/components/examples/EmbeddedGroupAssignmentSampleResponse'
              schema:
                $ref: '#/components/schemas/ApplicationGroupAssignment'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve an Application Group
      tags:
      - ApplicationGroups
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    patch:
      description: Updates a group assignment to an app
      operationId: updateGroupAssignmentToApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              groupAssignmentPatchRequetExample:
                $ref: '#/components/examples/GroupAssignmentPatchRequestExample'
            schema:
              items:
                $ref: '#/components/schemas/JsonPatchOperation'
              type: array
        required: false
      responses:
        "200":
          content:
            application/json:
              examples:
                patchGroupAssignmentResponseExample:
                  $ref: '#/components/examples/GroupAssignmentPatchResponseExample'
              schema:
                $ref: '#/components/schemas/ApplicationGroupAssignment'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Update an Application Group
      tags:
      - ApplicationGroups
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
    put:
      description: "Assigns a [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/)\
        \ to an app, which in turn assigns the app to each [User](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/)\
        \ that belongs to the group. \nThe resulting Application User [scope](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/#tag/ApplicationUsers/operation/listApplicationUsers!c=200&path=scope&t=response)\
        \ is `GROUP` since the assignment was from the group membership."
      operationId: assignGroupToApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              putGroupAssignmentRequestExample:
                $ref: '#/components/examples/GroupAssignmentPutRequestExample'
            schema:
              $ref: '#/components/schemas/ApplicationGroupAssignment'
        required: false
      responses:
        "200":
          content:
            application/json:
              examples:
                putGroupAssignmentResponseExample:
                  $ref: '#/components/examples/GroupAssignmentPutResponseExample'
              schema:
                $ref: '#/components/schemas/ApplicationGroupAssignment'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Assign an Application Group
      tags:
      - ApplicationGroups
      x-codegen-request-body-name: applicationGroupAssignment
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/lifecycle/activate:
    post:
      description: Activates an inactive application
      operationId: activateApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "200":
          content: {}
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Activate an Application
      tags:
      - Application
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/lifecycle/deactivate:
    post:
      description: Deactivates an active application
      operationId: deactivateApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "200":
          content: {}
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Deactivate an Application
      tags:
      - Application
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/logo:
    post:
      description: |
        Uploads a logo for the app instance.
        If the app already has a logo, this operation replaces the previous logo.

        The logo is visible in the Admin Console as an icon for your app instance.
        If you have one `appLink` object configured, this logo also appears in the End-User Dashboard as an icon for your app.
        > **Note:** If you have multiple `appLink` objects, use the Admin Console to add logos for each app link.
        > You can't use the API to add logos for multiple app links.
      operationId: uploadApplicationLogo
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      requestBody:
        content:
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/uploadApplicationLogo_request'
      responses:
        "201":
          description: Content Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Upload an application Logo
      tags:
      - ApplicationLogos
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: multipart/form-data
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/policies/{policyId}:
    put:
      description: |-
        Assigns an app to an [authentication policy](/openapi/okta-management/management/tag/Policy/), identified by `policyId`.
        If the app was previously assigned to another policy, this operation replaces that assignment with the updated policy identified by `policyId`.

        > **Note:** When you [merge duplicate authentication policies](https://help.okta.com/okta_help.htm?type=oie&id=ext-merge-auth-policies),
        the policy and mapping CRUD operations may be unavailable during the consolidation. When the consolidation is complete, you receive an email with merged results.
      operationId: assignApplicationPolicy
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Assign an Authentication Policy
      tags:
      - ApplicationPolicies
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/sso/saml/metadata:
    get:
      description: Previews the SSO SAML metadata for an application
      operationId: previewSAMLmetadataForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - explode: true
        in: query
        name: kid
        required: true
        schema:
          type: integer
        style: form
      responses:
        "200":
          content:
            text/xml:
              examples:
                previewSAML:
                  summary: SAML metadata example
                  value: |
                    
                      
                        
                            
                                
                                    
                                        MIIDqDCCApCgAwIBAgIGAVGNO4qeMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEG
                    A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
                    MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJ
                    ARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODUwMDhaFw0xNzEyMTAxODUxMDdaMIGUMQswCQYD
                    VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
                    A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEc
                    MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
                    ggEBALAakG48bgcTWHdwmVLHig0mkiRejxIVm3wbzrNSJcBruTq2zCYZ1rGfVxTYON8kJqvkXPmv
                    kzWKhpEkvhubL+mx29XpXY0AsNIfgcm5xIV56yhXSvlMdqzGo3ciRwoACaF+ClNLxmXK9UTZD89B
                    bVVGCG5AEvja0eCQ0GYsO5i9aSI5aTroab8Aew31PuWl/RGQWmjVy8+7P4wwkKKJNKCpxMYDlhfa
                    WRp0zwUSbUCO0qEyeAYdZx6CLES4FGrDi/7D6G+ewWC+kbz1tL1XpF2Dcg3+IOlHrV6VWzz3rG39
                    v9zFIncjvoQJFDGWhpqGqcmXvgH0Ze3SVcVF01T+bK0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
                    AHmnSZ4imjNrIf9wxfQIcqHXEBoJ+oJtd59cw1Ur/YQY9pKXxoglqCQ54ZmlIf4GghlcZhslLO+m
                    NdkQVwSmWMh6KLxVM18/xAkq8zyKbMbvQnTjFB7x45bgokwbjhivWqrB5LYHHCVN7k/8mKlS4eCK
                    Ci6RGEmErjojr4QN2xV0qAqP6CcGANgpepsQJCzlWucMFKAh0x9Kl8fmiQodfyLXyrebYsVnLrMf
                    jxE1b6dg4jKvv975tf5wreQSYZ7m//g3/+NnuDKkN/03HqhV7hTNi1fyctXk8I5Nwgyr+pT5LT2k
                    YoEdncuy+GQGzE9yLOhC4HNfHQXpqp2tMPdRlw==
                                    
                                
                            
                            urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
                            urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
                            
                            
                        
                    
              schema:
                description: SAML metadata in XML
                type: string
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Preview the application SAML metadata
      tags:
      - ApplicationSSO
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
      - text/xml
  /api/v1/apps/{appId}/tokens:
    delete:
      description: "Revokes all OAuth 2.0 refresh tokens for the specified app. Any\
        \ access tokens issued with these refresh tokens are also revoked, but access\
        \ tokens issued without a refresh token aren't affected."
      operationId: revokeOAuth2TokensForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Revoke all Application Tokens
      tags:
      - ApplicationTokens
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: |
        Lists all refresh tokens for an app

        > **Note:** The results are [paginated](/#pagination) according to the `limit` parameter.
        > If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it).
      operationId: listOAuth2TokensForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: "An optional parameter to return scope details in the `_embedded`\
          \ property. Valid value: `scope`"
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: scope
          type: string
        style: form
      - description: "Specifies the pagination cursor for the next page of results.\
          \ Treat this as an opaque value obtained through the next link relationship.\
          \ See [Pagination](/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          example: "16275000448691"
          type: string
        style: form
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                getOAuth2TokenForApplicationListExample:
                  $ref: '#/components/examples/OAuth2RefreshTokenResponseListEx'
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2RefreshToken'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: List all Application Refresh Tokens
      tags:
      - ApplicationTokens
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/tokens/{tokenId}:
    delete:
      description: Revokes the specified token for the specified app
      operationId: revokeOAuth2TokenForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: '`id` of Token'
        explode: false
        in: path
        name: tokenId
        required: true
        schema:
          example: sHHSth53yJAyNSTQKDJZ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Revoke an Application Token
      tags:
      - ApplicationTokens
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a refresh token for the specified app
      operationId: getOAuth2TokenForApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: '`id` of Token'
        explode: false
        in: path
        name: tokenId
        required: true
        schema:
          example: sHHSth53yJAyNSTQKDJZ
          type: string
        style: simple
      - description: "An optional parameter to return scope details in the `_embedded`\
          \ property. Valid value: `scope`"
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: scope
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                getOAuth2TokenForApplicationExample:
                  $ref: '#/components/examples/OAuth2RefreshTokenResponseEx'
              schema:
                $ref: '#/components/schemas/OAuth2RefreshToken'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve an Application Token
      tags:
      - ApplicationTokens
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/users:
    get:
      description: Lists all assigned users for an app
      operationId: listApplicationUsers
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: "Specifies the pagination cursor for the next page of results.\
          \ Treat this as an opaque value obtained through the next link relationship.\
          \ See [Pagination](/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          example: "16275000448691"
          type: string
        style: form
      - description: |
          Specifies the number of objects to return per page.
          If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it).
          See [Pagination](/#pagination).
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 50
          format: int32
          maximum: 500
          minimum: 1
          type: integer
        style: form
      - description: |
          Specifies a filter for the list of Application Users returned based on their profile attributes.
          The value of `q` is matched against the beginning of the following profile attributes: `userName`, `firstName`, `lastName`, and `email`.
          This filter only supports the `startsWith` operation that matches the `q` string against the beginning of the attribute values.
          > **Note:** For OIDC apps, user profiles don't contain the `firstName` or `lastName` attributes. Therefore, the query only matches against the `userName` or `email` attributes.
        explode: true
        in: query
        name: q
        required: false
        schema:
          example: sam
          type: string
        style: form
      - description: |-
          An optional query parameter to return the corresponding [User](/openapi/okta-management/management/tag/User/) object in the `_embedded` property.
          Valid value: `user`
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: user
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListAppUsersExample:
                  $ref: '#/components/examples/AppUserListEx'
              schema:
                items:
                  $ref: '#/components/schemas/AppUser'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: List all Application Users
      tags:
      - ApplicationUsers
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Assigns a user to an app for:

          * SSO only

            Assignments to SSO apps typically don't include a user profile.
            However, if your SSO app requires a profile but doesn't have provisioning enabled, you can add profile attributes in the request body.

          * SSO and provisioning

            Assignments to SSO and provisioning apps typically include credentials and an app-specific profile.
            Profile mappings defined for the app are applied first before applying any profile properties that are specified in the request body.
            > **Notes:**
            > * When Universal Directory is enabled, you can only specify profile properties that aren't defined in profile mappings.
            > * Omit mapped properties during assignment to minimize assignment errors.
      operationId: assignUserToApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              AppUserSSOEx:
                $ref: '#/components/examples/AppUserAssignSSORequest'
              AppUserProvEx:
                $ref: '#/components/examples/AppUserAssignProvRequest'
            schema:
              $ref: '#/components/schemas/AppUserAssignRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                AppUserSSOEx:
                  $ref: '#/components/examples/AppUserSSOResponse'
                AppUserProvEx:
                  $ref: '#/components/examples/AppUserProvResponse'
              schema:
                $ref: '#/components/schemas/AppUser'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AppUserProvEx:
                  $ref: '#/components/examples/ErrorAppUserForbiddenAction'
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Assign an Application User
      tags:
      - ApplicationUsers
      x-codegen-request-body-name: appUser
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps/{appId}/users/{userId}:
    delete:
      description: |-
        Unassigns a user from an app

        For directories like Active Directory and LDAP, they act as the owner of the user's credential with Okta delegating authentication (DelAuth) to that directory.
        If this request is successful for a user when DelAuth is enabled, then the user is in a state with no password. You can then reset the user's password.

        > **Important:** This is a destructive operation. You can't recover the user's app profile. If the app is enabled for provisioning and configured to deactivate users, the user is also deactivated in the target app.
      operationId: unassignUserFromApplication
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00u13okQOVWZJGDOAUVR
          type: string
        style: simple
      - description: Sends a deactivation email to the administrator if `true`
        explode: true
        in: query
        name: sendEmail
        required: false
        schema:
          default: false
          type: boolean
        style: form
        x-okta-added-version: 1.5.0
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Unassign an Application User
      tags:
      - ApplicationUsers
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a specific user assignment for a specific app
      operationId: getApplicationUser
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00u13okQOVWZJGDOAUVR
          type: string
        style: simple
      - description: |-
          An optional query parameter to return the corresponding [User](/openapi/okta-management/management/tag/User/) object in the `_embedded` property.
          Valid value: `user`
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: user
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                GetAppUserExample:
                  $ref: '#/components/examples/AppUserProvExpandResponse'
              schema:
                $ref: '#/components/schemas/AppUser'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve an Application User
      tags:
      - ApplicationUsers
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Updates the profile or credentials of a user assigned to an app
      operationId: updateApplicationUser
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00u13okQOVWZJGDOAUVR
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              AppUserUpdateCredEx:
                $ref: '#/components/examples/AppUserUpdateCredRequest'
              AppUserUpdateProfileEx:
                $ref: '#/components/examples/AppUserUpdateProfileRequest'
            schema:
              $ref: '#/components/schemas/AppUserUpdateRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                AppUserUpdateCredEx:
                  $ref: '#/components/examples/AppUserCredUpdateResponse'
                AppUserUpdateProfileEx:
                  $ref: '#/components/examples/AppUserProfUpdateResponse'
              schema:
                $ref: '#/components/schemas/AppUser'
          description: Success
        "400":
          content:
            application/json:
              examples:
                AppUserUpdateCredEx:
                  $ref: '#/components/examples/ErrorAppUserUpdateBadRequest'
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AppUserProvEx:
                  $ref: '#/components/examples/ErrorAppUserForbiddenAction'
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Update an Application User
      tags:
      - ApplicationUsers
      x-codegen-request-body-name: appUser
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/apps/{appName}/{appId}/oauth2/callback:
    post:
      description: |
        Verifies the OAuth 2.0-based connection as part of the OAuth 2.0 consent flow. The validation of the consent flow is the last step of the provisioning setup for an OAuth 2.0-based connection.
        Currently, this operation only supports `office365`,`google`, `zoomus`, and `slack` apps.
      operationId: verifyProvisioningConnectionForApplication
      parameters:
      - explode: false
        in: path
        name: appName
        required: true
        schema:
          $ref: '#/components/schemas/OAuthProvisioningEnabledApp'
        style: simple
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      - explode: true
        in: query
        name: code
        required: false
        schema:
          description: Unique string associated with each authentication request
          type: string
        style: form
      - explode: true
        in: query
        name: state
        required: false
        schema:
          description: A temporary code string that the client exchanges for an access
            token
          type: string
        style: form
      responses:
        "204":
          description: No content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Verify the Provisioning Connection
      tags:
      - ApplicationConnections
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/authenticators:
    get:
      description: Lists all authenticators
      operationId: listAuthenticators
      responses:
        "200":
          content:
            application/json:
              examples:
                OrgAuthenticatorsEx:
                  $ref: '#/components/examples/AuthenticatorsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/AuthenticatorBase'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.read
      summary: List all Authenticators
      tags:
      - Authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    post:
      description: Creates an authenticator
      operationId: createAuthenticator
      parameters:
      - description: Whether to execute the activation lifecycle operation when Okta
          creates the authenticator
        explode: true
        in: query
        name: activate
        required: false
        schema:
          default: true
          type: boolean
        style: form
      requestBody:
        $ref: '#/components/requestBodies/AuthenticatorRequestBody'
      responses:
        "200":
          content:
            application/json:
              examples:
                Duo:
                  $ref: '#/components/examples/AuthenticatorResponseDuo'
                Email:
                  $ref: '#/components/examples/AuthenticatorResponseEmail'
                Password:
                  $ref: '#/components/examples/AuthenticatorResponsePassword'
                Phone:
                  $ref: '#/components/examples/AuthenticatorResponsePhone'
                WebAuthn:
                  $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
                SecurityQuestion:
                  $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
              schema:
                $ref: '#/components/schemas/AuthenticatorBase'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.manage
      summary: Create an Authenticator
      tags:
      - Authenticator
      x-codegen-request-body-name: authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authenticators/{authenticatorId}:
    get:
      description: Retrieves an authenticator from your Okta organization by `authenticatorId`
      operationId: getAuthenticator
      parameters:
      - description: '`id` of the Authenticator'
        explode: false
        in: path
        name: authenticatorId
        required: true
        schema:
          example: aut1nd8PQhGcQtSxB0g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Duo:
                  $ref: '#/components/examples/AuthenticatorResponseDuo'
                Email:
                  $ref: '#/components/examples/AuthenticatorResponseEmail'
                Password:
                  $ref: '#/components/examples/AuthenticatorResponsePassword'
                Phone:
                  $ref: '#/components/examples/AuthenticatorResponsePhone'
                WebAuthn:
                  $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
                SecurityQuestion:
                  $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
              schema:
                $ref: '#/components/schemas/AuthenticatorBase'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.read
      summary: Retrieve an Authenticator
      tags:
      - Authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    put:
      description: Replaces the properties for an Authenticator identified by `authenticatorId`
      operationId: replaceAuthenticator
      parameters:
      - description: '`id` of the Authenticator'
        explode: false
        in: path
        name: authenticatorId
        required: true
        schema:
          example: aut1nd8PQhGcQtSxB0g4
          type: string
        style: simple
      requestBody:
        $ref: '#/components/requestBodies/AuthenticatorRequestBody'
      responses:
        "200":
          content:
            application/json:
              examples:
                Duo:
                  $ref: '#/components/examples/AuthenticatorResponseDuo'
                Email:
                  $ref: '#/components/examples/AuthenticatorResponseEmail'
                Password:
                  $ref: '#/components/examples/AuthenticatorResponsePassword'
                Phone:
                  $ref: '#/components/examples/AuthenticatorResponsePhone'
                WebAuthn:
                  $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
                SecurityQuestion:
                  $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
              schema:
                $ref: '#/components/schemas/AuthenticatorBase'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.manage
      summary: Replace an Authenticator
      tags:
      - Authenticator
      x-codegen-request-body-name: authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authenticators/{authenticatorId}/lifecycle/activate:
    post:
      description: Activates an authenticator by `authenticatorId`
      operationId: activateAuthenticator
      parameters:
      - description: '`id` of the Authenticator'
        explode: false
        in: path
        name: authenticatorId
        required: true
        schema:
          example: aut1nd8PQhGcQtSxB0g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Duo:
                  $ref: '#/components/examples/AuthenticatorResponseDuo'
                Email:
                  $ref: '#/components/examples/AuthenticatorResponseEmail'
                Password:
                  $ref: '#/components/examples/AuthenticatorResponsePassword'
                Phone:
                  $ref: '#/components/examples/AuthenticatorResponsePhone'
                WebAuthn:
                  $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
                SecurityQuestion:
                  $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
              schema:
                $ref: '#/components/schemas/AuthenticatorBase'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.manage
      summary: Activate an Authenticator
      tags:
      - Authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/authenticators/{authenticatorId}/lifecycle/deactivate:
    post:
      description: Deactivates an authenticator by `authenticatorId`
      operationId: deactivateAuthenticator
      parameters:
      - description: '`id` of the Authenticator'
        explode: false
        in: path
        name: authenticatorId
        required: true
        schema:
          example: aut1nd8PQhGcQtSxB0g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                WebAuthn:
                  $ref: '#/components/examples/AuthenticatorResponseInactiveWebAuthn'
              schema:
                $ref: '#/components/schemas/AuthenticatorBase'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.manage
      summary: Deactivate an Authenticator
      tags:
      - Authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/authenticators/{authenticatorId}/methods:
    get:
      description: |-
        Lists all Methods of an Authenticator identified by `authenticatorId`
        > **Note:** 
        > The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
        > This feature has several limitations when enrolling a security key:
        > - Enrollment is currently unsupported on Firefox.
        > - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
        > - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
      operationId: listAuthenticatorMethods
      parameters:
      - description: '`id` of the Authenticator'
        explode: false
        in: path
        name: authenticatorId
        required: true
        schema:
          example: aut1nd8PQhGcQtSxB0g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Phone:
                  $ref: '#/components/examples/AuthenticatorMethodPhone'
                WebAuthn:
                  $ref: '#/components/examples/AuthenticatorMethodWebauth'
              schema:
                items:
                  $ref: '#/components/schemas/AuthenticatorMethodBase'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.read
      summary: List all Methods of an Authenticator
      tags:
      - Authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/authenticators/{authenticatorId}/methods/{methodType}:
    get:
      description: |-
        Retrieves a Method identified by `methodType` of an Authenticator identified by `authenticatorId`
        > **Note:** 
        > The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
        > This feature has several limitations when enrolling a security key:
        > - Enrollment is currently unsupported on Firefox.
        > - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
        > - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
      operationId: getAuthenticatorMethod
      parameters:
      - description: '`id` of the Authenticator'
        explode: false
        in: path
        name: authenticatorId
        required: true
        schema:
          example: aut1nd8PQhGcQtSxB0g4
          type: string
        style: simple
      - description: Type of authenticator method
        explode: false
        in: path
        name: methodType
        required: true
        schema:
          $ref: '#/components/schemas/AuthenticatorMethodType'
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                sms:
                  $ref: '#/components/examples/AuthenticatorMethodSms'
                voice:
                  $ref: '#/components/examples/AuthenticatorMethodInactiveVoice'
                webAuthn:
                  $ref: '#/components/examples/AuthenticatorMethodWebauth'
              schema:
                $ref: '#/components/schemas/AuthenticatorMethodBase'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.read
      summary: Retrieve an Authenticator Method
      tags:
      - Authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces a Method of `methodType` for an Authenticator identified by `authenticatorId`
        > **Note:** 
        > The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
        > This feature has several limitations when enrolling a security key:
        > - Enrollment is currently unsupported on Firefox.
        > - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
        > - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
      operationId: replaceAuthenticatorMethod
      parameters:
      - description: '`id` of the Authenticator'
        explode: false
        in: path
        name: authenticatorId
        required: true
        schema:
          example: aut1nd8PQhGcQtSxB0g4
          type: string
        style: simple
      - description: Type of authenticator method
        explode: false
        in: path
        name: methodType
        required: true
        schema:
          $ref: '#/components/schemas/AuthenticatorMethodType'
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuthenticatorMethodBase'
      responses:
        "200":
          content:
            application/json:
              examples:
                sms:
                  $ref: '#/components/examples/AuthenticatorMethodSms'
                voice:
                  $ref: '#/components/examples/AuthenticatorMethodInactiveVoice'
                webAuthn:
                  $ref: '#/components/examples/AuthenticatorMethodWebauth'
              schema:
                $ref: '#/components/schemas/AuthenticatorMethodBase'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.manage
      summary: Replace an Authenticator Method
      tags:
      - Authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/activate:
    post:
      description: |-
        Activates a Method for an Authenticator identified by `authenticatorId` and `methodType`
        > **Note:** 
        > The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
        > This feature has several limitations when enrolling a security key:
        > - Enrollment is currently unsupported on Firefox.
        > - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
        > - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
      operationId: activateAuthenticatorMethod
      parameters:
      - description: '`id` of the Authenticator'
        explode: false
        in: path
        name: authenticatorId
        required: true
        schema:
          example: aut1nd8PQhGcQtSxB0g4
          type: string
        style: simple
      - description: Type of authenticator method
        explode: false
        in: path
        name: methodType
        required: true
        schema:
          $ref: '#/components/schemas/AuthenticatorMethodType'
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                sms:
                  $ref: '#/components/examples/AuthenticatorMethodSms'
                webAuthn:
                  $ref: '#/components/examples/AuthenticatorMethodWebauth'
              schema:
                $ref: '#/components/schemas/AuthenticatorMethodBase'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.manage
      summary: Activate an Authenticator Method
      tags:
      - Authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/authenticators/{authenticatorId}/methods/{methodType}/lifecycle/deactivate:
    post:
      description: |-
        Deactivates a Method for an Authenticator identified by `authenticatorId` and `methodType`
        > **Note:** 
        > The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.
        > This feature has several limitations when enrolling a security key:
        > - Enrollment is currently unsupported on Firefox.
        > - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
        > - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
      operationId: deactivateAuthenticatorMethod
      parameters:
      - description: '`id` of the Authenticator'
        explode: false
        in: path
        name: authenticatorId
        required: true
        schema:
          example: aut1nd8PQhGcQtSxB0g4
          type: string
        style: simple
      - description: Type of authenticator method
        explode: false
        in: path
        name: methodType
        required: true
        schema:
          $ref: '#/components/schemas/AuthenticatorMethodType'
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                voice:
                  $ref: '#/components/examples/AuthenticatorMethodInactiveVoice'
              schema:
                $ref: '#/components/schemas/AuthenticatorMethodBase'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authenticators.manage
      summary: Deactivate an Authenticator Method
      tags:
      - Authenticator
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/authorizationServers:
    get:
      description: Lists all custom authorization servers in the org
      operationId: listAuthorizationServers
      parameters:
      - description: Searches the `name` and `audiences` of authorization servers
          for matching values
        example: customasone
        explode: true
        in: query
        name: q
        required: false
        schema:
          type: string
        style: form
      - description: "Specifies the number of authorization server results on a page.\
          \ Maximum value: 200"
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 200
          format: int32
          type: integer
        style: form
      - description: Specifies the pagination cursor for the next page of authorization
          servers. Treat as an opaque value and obtain through the next link relationship.
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListAuthServers:
                  $ref: '#/components/examples/ListAuthServersResponse'
              schema:
                items:
                  $ref: '#/components/schemas/AuthorizationServer'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: List all Authorization Servers
      tags:
      - AuthorizationServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    post:
      description: Creates an authorization server
      operationId: createAuthorizationServer
      requestBody:
        content:
          application/json:
            examples:
              CreateAuthServer:
                $ref: '#/components/examples/CreateAuthServerBody'
            schema:
              $ref: '#/components/schemas/AuthorizationServer'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                CreateAuthServer:
                  $ref: '#/components/examples/CreateAuthServerResponse'
              schema:
                $ref: '#/components/schemas/AuthorizationServer'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Create an Authorization Server
      tags:
      - AuthorizationServer
      x-codegen-request-body-name: authorizationServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}:
    delete:
      description: Deletes an authorization server
      operationId: deleteAuthorizationServer
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Delete an Authorization Server
      tags:
      - AuthorizationServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    get:
      description: Retrieves an authorization server
      operationId: getAuthorizationServer
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                RetrieveAuthServer:
                  $ref: '#/components/examples/RetrieveAuthServerResponse'
              schema:
                $ref: '#/components/schemas/AuthorizationServer'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: Retrieve an Authorization Server
      tags:
      - AuthorizationServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    put:
      description: Replaces an authorization server
      operationId: replaceAuthorizationServer
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              ReplaceAuthServer:
                $ref: '#/components/examples/ReplaceAuthServerBody'
            schema:
              $ref: '#/components/schemas/AuthorizationServer'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                ReplaceAuthServer:
                  $ref: '#/components/examples/ReplaceAuthServerResponse'
              schema:
                $ref: '#/components/schemas/AuthorizationServer'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Replace an Authorization Server
      tags:
      - AuthorizationServer
      x-codegen-request-body-name: authorizationServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/associatedServers:
    get:
      description: Lists all associated Authorization Servers by trusted type for
        the given `authServerId`
      operationId: listAssociatedServersByTrustedType
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: Searches trusted authorization servers when `true` or searches
          untrusted authorization servers when `false`
        explode: true
        in: query
        name: trusted
        required: false
        schema:
          type: boolean
        style: form
      - description: Searches for the name or audience of the associated authorization
          servers
        example: customasone
        explode: true
        in: query
        name: q
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of results for a page
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 200
          format: int32
          type: integer
        style: form
      - description: Specifies the pagination cursor for the next page of the associated
          authorization servers
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListAssocAuthServer:
                  $ref: '#/components/examples/ListAssocAuthServerResponse'
              schema:
                items:
                  $ref: '#/components/schemas/AuthorizationServer'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: List all associated Authorization Servers
      tags:
      - AuthorizationServerAssoc
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    post:
      description: Creates trusted relationships between the given authorization server
        and other authorization servers
      operationId: createAssociatedServers
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              CreateAssocAuthServer:
                $ref: '#/components/examples/CreateAssocAuthServerBody'
            schema:
              $ref: '#/components/schemas/AssociatedServerMediated'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                CreateAssocAuthServer:
                  $ref: '#/components/examples/CreateAssocAuthServerResponse'
              schema:
                items:
                  $ref: '#/components/schemas/AuthorizationServer'
                type: array
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Create an associated Authorization Server
      tags:
      - AuthorizationServerAssoc
      x-codegen-request-body-name: associatedServerMediated
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/associatedServers/{associatedServerId}:
    delete:
      description: Deletes an associated Authorization Server
      operationId: deleteAssociatedServer
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the associated Authorization Server'
        explode: false
        in: path
        name: associatedServerId
        required: true
        schema:
          example: aus6xt9jKPmCyn6kg0g4
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Delete an associated Authorization Server
      tags:
      - AuthorizationServerAssoc
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/claims:
    get:
      description: Lists all custom token Claims defined for a specified custom authorization
        server
      operationId: listOAuth2Claims
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ListCustomTokenClaims:
                  $ref: '#/components/examples/ListCustomTokenClaimsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2Claim'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: List all custom token Claims
      tags:
      - AuthorizationServerClaims
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    post:
      description: Creates a custom token Claim for a custom authorization server
      operationId: createOAuth2Claim
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              CreateCustomTokenClaim:
                $ref: '#/components/examples/CreateCustomTokenClaimBody'
            schema:
              $ref: '#/components/schemas/OAuth2Claim'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                CreateCustomTokenClaim:
                  $ref: '#/components/examples/CreateCustomTokenClaimResponse'
              schema:
                $ref: '#/components/schemas/OAuth2Claim'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Create a custom token Claim
      tags:
      - AuthorizationServerClaims
      x-codegen-request-body-name: oAuth2Claim
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/claims/{claimId}:
    delete:
      description: Deletes a custom token Claim specified by the `claimId`
      operationId: deleteOAuth2Claim
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of Claim'
        explode: false
        in: path
        name: claimId
        required: true
        schema:
          example: hNJ3Uk76xLagWkGx5W3N
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Delete a custom token Claim
      tags:
      - AuthorizationServerClaims
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    get:
      description: Retrieves a custom token Claim by the specified `claimId`
      operationId: getOAuth2Claim
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of Claim'
        explode: false
        in: path
        name: claimId
        required: true
        schema:
          example: hNJ3Uk76xLagWkGx5W3N
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                RetrieveCustomTokenClaim:
                  $ref: '#/components/examples/RetrieveCustomTokenClaimResponse'
              schema:
                $ref: '#/components/schemas/OAuth2Claim'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: Retrieve a custom token Claim
      tags:
      - AuthorizationServerClaims
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    put:
      description: Replaces a custom token Claim specified by the `claimId`
      operationId: replaceOAuth2Claim
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of Claim'
        explode: false
        in: path
        name: claimId
        required: true
        schema:
          example: hNJ3Uk76xLagWkGx5W3N
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              ReplaceCustomTokenClaim:
                $ref: '#/components/examples/ReplaceCustomTokenClaimBody'
            schema:
              $ref: '#/components/schemas/OAuth2Claim'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                ReplaceCustomTokenClaim:
                  $ref: '#/components/examples/ReplaceCustomTokenClaimResponse'
              schema:
                $ref: '#/components/schemas/OAuth2Claim'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Replace a custom token Claim
      tags:
      - AuthorizationServerClaims
      x-codegen-request-body-name: oAuth2Claim
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/clients:
    get:
      description: Lists all Client resources for which the specified authorization
        server has tokens
      operationId: listOAuth2ClientsForAuthorizationServer
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ListClients:
                  $ref: '#/components/examples/ListClientsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2Client'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: List all Client resources for an authorization server
      tags:
      - AuthorizationServerClients
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens:
    delete:
      description: Revokes all refresh tokens for a Client
      operationId: revokeRefreshTokensForAuthorizationServerAndClient
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Revoke all refresh tokens for a Client
      tags:
      - AuthorizationServerClients
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    get:
      description: Lists all refresh tokens issued by an authorization server for
        a specific Client
      operationId: listRefreshTokensForAuthorizationServerAndClient
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: "Valid value: `scope`. If specified, scope details are included\
          \ in the `_embedded` attribute."
        explode: true
        in: query
        name: expand
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the pagination cursor for the next page of tokens
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: The maximum number of tokens to return (maximum 200)
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: -1
          format: int32
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListRefreshTokenClients:
                  $ref: '#/components/examples/ListRefreshTokensClientsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2RefreshToken'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: List all refresh tokens for a Client
      tags:
      - AuthorizationServerClients
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/clients/{clientId}/tokens/{tokenId}:
    delete:
      description: Revokes a refresh token for a Client
      operationId: revokeRefreshTokenForAuthorizationServerAndClient
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: '`id` of Token'
        explode: false
        in: path
        name: tokenId
        required: true
        schema:
          example: sHHSth53yJAyNSTQKDJZ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Revoke a refresh token for a Client
      tags:
      - AuthorizationServerClients
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    get:
      description: Retrieves a refresh token for a Client
      operationId: getRefreshTokenForAuthorizationServerAndClient
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: '`id` of Token'
        explode: false
        in: path
        name: tokenId
        required: true
        schema:
          example: sHHSth53yJAyNSTQKDJZ
          type: string
        style: simple
      - description: "Valid value: `scope`. If specified, scope details are included\
          \ in the `_embedded` attribute."
        explode: true
        in: query
        name: expand
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                RetrieveRefreshTokenClient:
                  $ref: '#/components/examples/RetrieveRefreshTokenClientResponse'
              schema:
                $ref: '#/components/schemas/OAuth2RefreshToken'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: Retrieve a refresh token for a Client
      tags:
      - AuthorizationServerClients
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/credentials/keys:
    get:
      description: "Lists all of the current, future, and expired Keys used by the\
        \ Custom Authorization Server"
      operationId: listAuthorizationServerKeys
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ListAuthorizationServerKeys:
                  $ref: '#/components/examples/ListAuthorizationServerKeys'
              schema:
                items:
                  $ref: '#/components/schemas/AuthorizationServerJsonWebKey'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: List all Credential Keys
      tags:
      - AuthorizationServerKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/credentials/keys/{keyId}:
    get:
      description: Retrieves an Authorization Server Key specified by the `keyId`
      operationId: getAuthorizationServerKey
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the certificate key'
        explode: false
        in: path
        name: keyId
        required: true
        schema:
          example: P7jXpG-LG2ObNgY9C0Mn2uf4InCQTmRZMDCZoVNxdrk
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ActiveAuthorizationServerKey:
                  $ref: '#/components/examples/ActiveAuthorizationServerKey'
                NextAuthorizationServerKey:
                  $ref: '#/components/examples/NextAuthorizationServerKey'
                ExpiredAuthorizationServerKey:
                  $ref: '#/components/examples/ExpiredAuthorizationServerKey'
              schema:
                $ref: '#/components/schemas/AuthorizationServerJsonWebKey'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: Retrieve an Authorization Server Key
      tags:
      - AuthorizationServerKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/credentials/lifecycle/keyRotate:
    post:
      description: "Rotates the current Keys for a Custom Authorization Server. If\
        \ you rotate Keys, \nthe `ACTIVE` Key becomes the `EXPIRED` Key, the `NEXT`\
        \ Key becomes the `ACTIVE` Key, \nand the Custom Authorization Server immediately\
        \ begins using the new active \nKey to sign tokens.\n\n> **Note:** Okta rotates\
        \ your Keys automatically in `AUTO` mode. You can rotate Keys \nyourself in\
        \ either mode. If Keys are rotated manually, you should invalidate any intermediate\
        \ cache \nand fetch the Keys again using the Keys endpoint."
      operationId: rotateAuthorizationServerKeys
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/JwkUse'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                RotateAuthorizationServerKeys:
                  $ref: '#/components/examples/ListAuthorizationServerKeys'
              schema:
                items:
                  $ref: '#/components/schemas/AuthorizationServerJsonWebKey'
                type: array
          description: Success
        "400":
          content:
            application/json:
              examples:
                InvalidRotateUse:
                  $ref: '#/components/examples/InvalidRotateUse'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Rotate all Credential Keys
      tags:
      - AuthorizationServerKeys
      x-codegen-request-body-name: use
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/lifecycle/activate:
    post:
      description: Activates an authorization server
      operationId: activateAuthorizationServer
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Activate an Authorization Server
      tags:
      - AuthorizationServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/lifecycle/deactivate:
    post:
      description: Deactivates an authorization server
      operationId: deactivateAuthorizationServer
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Deactivate an Authorization Server
      tags:
      - AuthorizationServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/policies:
    get:
      description: Lists all policies
      operationId: listAuthorizationServerPolicies
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ListAuthorizationServerPolicies:
                  $ref: '#/components/examples/ListAuthorizationServerPolicies'
              schema:
                items:
                  $ref: '#/components/schemas/AuthorizationServerPolicy'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: List all Policies
      tags:
      - AuthorizationServerPolicies
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    post:
      description: Creates a policy
      operationId: createAuthorizationServerPolicy
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              CreateAuthorizationServerPolicyRule:
                $ref: '#/components/examples/CreateAuthorizationServerPolicyRequest'
            schema:
              $ref: '#/components/schemas/AuthorizationServerPolicy'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                AuthorizationServerPolicy:
                  $ref: '#/components/examples/AuthorizationServerPolicy'
              schema:
                $ref: '#/components/schemas/AuthorizationServerPolicy'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Create a Policy
      tags:
      - AuthorizationServerPolicies
      x-codegen-request-body-name: policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/policies/{policyId}:
    delete:
      description: Deletes a policy
      operationId: deleteAuthorizationServerPolicy
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Delete a Policy
      tags:
      - AuthorizationServerPolicies
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    get:
      description: Retrieves a policy
      operationId: getAuthorizationServerPolicy
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                AuthorizationServerPolicy:
                  $ref: '#/components/examples/AuthorizationServerPolicy'
              schema:
                $ref: '#/components/schemas/AuthorizationServerPolicy'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: Retrieve a Policy
      tags:
      - AuthorizationServerPolicies
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    put:
      description: Replaces a policy
      operationId: replaceAuthorizationServerPolicy
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              UpdateAuthorizationServerPolicyRule:
                $ref: '#/components/examples/UpdateAuthorizationServerPolicyRequest'
            schema:
              $ref: '#/components/schemas/AuthorizationServerPolicy'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                AuthorizationServerPolicy:
                  $ref: '#/components/examples/AuthorizationServerPolicy'
              schema:
                $ref: '#/components/schemas/AuthorizationServerPolicy'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Replace a Policy
      tags:
      - AuthorizationServerPolicies
      x-codegen-request-body-name: policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/activate:
    post:
      description: Activates an authorization server policy
      operationId: activateAuthorizationServerPolicy
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Activate a Policy
      tags:
      - AuthorizationServerPolicies
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/lifecycle/deactivate:
    post:
      description: Deactivates an authorization server policy
      operationId: deactivateAuthorizationServerPolicy
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Deactivate a Policy
      tags:
      - AuthorizationServerPolicies
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules:
    get:
      description: Lists all policy rules for the specified Custom Authorization Server
        and Policy
      operationId: listAuthorizationServerPolicyRules
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ListAuthorizationServerPolicyRules:
                  $ref: '#/components/examples/ListAuthorizationServerPolicyRules'
              schema:
                items:
                  $ref: '#/components/schemas/AuthorizationServerPolicyRule'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: List all Policy Rules
      tags:
      - AuthorizationServerRules
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    post:
      description: Creates a policy rule for the specified Custom Authorization Server
        and Policy
      operationId: createAuthorizationServerPolicyRule
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              CreateAuthorizationServerPolicyRule:
                $ref: '#/components/examples/CreateAuthorizationServerPolicyRuleRequest'
            schema:
              $ref: '#/components/schemas/AuthorizationServerPolicyRuleRequest'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                AuthorizationServerPolicyRule:
                  $ref: '#/components/examples/AuthorizationServerPolicyRule'
              schema:
                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Create a Policy Rule
      tags:
      - AuthorizationServerRules
      x-codegen-request-body-name: policyRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}:
    delete:
      description: Deletes a Policy Rule defined in the specified Custom Authorization
        Server and Policy
      operationId: deleteAuthorizationServerPolicyRule
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the Policy Rule'
        explode: false
        in: path
        name: ruleId
        required: true
        schema:
          example: ruld3hJ7jZh4fn0st0g3
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Delete a Policy Rule
      tags:
      - AuthorizationServerRules
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    get:
      description: Retrieves a policy rule by `ruleId`
      operationId: getAuthorizationServerPolicyRule
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the Policy Rule'
        explode: false
        in: path
        name: ruleId
        required: true
        schema:
          example: ruld3hJ7jZh4fn0st0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                AuthorizationServerPolicyRule:
                  $ref: '#/components/examples/AuthorizationServerPolicyRule'
              schema:
                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: Retrieve a Policy Rule
      tags:
      - AuthorizationServerRules
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    put:
      description: Replaces the configuration of the Policy Rule defined in the specified
        Custom Authorization Server and Policy
      operationId: replaceAuthorizationServerPolicyRule
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the Policy Rule'
        explode: false
        in: path
        name: ruleId
        required: true
        schema:
          example: ruld3hJ7jZh4fn0st0g3
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              UpdateAuthorizationServerPolicyRule:
                $ref: '#/components/examples/UpdateAuthorizationServerPolicyRuleRequest'
            schema:
              $ref: '#/components/schemas/AuthorizationServerPolicyRuleRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                AuthorizationServerPolicyRule:
                  $ref: '#/components/examples/AuthorizationServerPolicyRule'
              schema:
                $ref: '#/components/schemas/AuthorizationServerPolicyRule'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Replace a Policy Rule
      tags:
      - AuthorizationServerRules
      x-codegen-request-body-name: policyRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
    post:
      description: Activates an authorization server policy rule
      operationId: activateAuthorizationServerPolicyRule
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the Policy Rule'
        explode: false
        in: path
        name: ruleId
        required: true
        schema:
          example: ruld3hJ7jZh4fn0st0g3
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Activate a Policy Rule
      tags:
      - AuthorizationServerRules
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
    post:
      description: Deactivates an authorization server policy rule
      operationId: deactivateAuthorizationServerPolicyRule
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the Policy Rule'
        explode: false
        in: path
        name: ruleId
        required: true
        schema:
          example: ruld3hJ7jZh4fn0st0g3
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Deactivate a Policy Rule
      tags:
      - AuthorizationServerRules
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/scopes:
    get:
      description: Lists all custom token scopes
      operationId: listOAuth2Scopes
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: Searches the `name` of Custom Token Scopes for matching values
        explode: true
        in: query
        name: q
        required: false
        schema:
          type: string
        style: form
      - description: Filter expression for Custom Token Scopes
        explode: true
        in: query
        name: filter
        required: false
        schema:
          type: string
        style: form
      - description: |-
          Specifies the pagination cursor for the next page of scopes.
          Treat the after cursor as an opaque value and obtain it through the next link relationship. See [Pagination](https://developer.okta.com/docs/api/#pagination).
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: |-
          Specifies the number of objects to return per page.
          If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it). See [Pagination](https://developer.okta.com/docs/api/#pagination).
        explode: true
        in: query
        name: limit
        required: false
        schema:
          maximum: 200
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ExampleScopes:
                  $ref: '#/components/examples/ExampleOAuth2Scopes'
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2Scope'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: List all Custom Token Scopes
      tags:
      - AuthorizationServerScopes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    post:
      description: Creates a custom token scope
      operationId: createOAuth2Scope
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              CreateOAuth2ScopeRequest:
                $ref: '#/components/examples/CreateOAuth2ScopeRequest'
            schema:
              $ref: '#/components/schemas/OAuth2Scope'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                ExampleOAuth2Scope:
                  $ref: '#/components/examples/ExampleOAuth2Scope'
              schema:
                $ref: '#/components/schemas/OAuth2Scope'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Create a Custom Token Scope
      tags:
      - AuthorizationServerScopes
      x-codegen-request-body-name: oAuth2Scope
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/authorizationServers/{authServerId}/scopes/{scopeId}:
    delete:
      description: Deletes a custom token scope
      operationId: deleteOAuth2Scope
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of Scope'
        explode: false
        in: path
        name: scopeId
        required: true
        schema:
          example: 0TMRpCWXRKFjP7HiPFNM
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Delete a Custom Token Scope
      tags:
      - AuthorizationServerScopes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    get:
      description: Retrieves a custom token scope
      operationId: getOAuth2Scope
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of Scope'
        explode: false
        in: path
        name: scopeId
        required: true
        schema:
          example: 0TMRpCWXRKFjP7HiPFNM
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ExampleOAuth2Scope:
                  $ref: '#/components/examples/ExampleOAuth2Scope'
              schema:
                $ref: '#/components/schemas/OAuth2Scope'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.read
      summary: Retrieve a Custom Token Scope
      tags:
      - AuthorizationServerScopes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-accepts:
      - application/json
    put:
      description: Replaces a custom token scope
      operationId: replaceOAuth2Scope
      parameters:
      - description: '`id` of the Authorization Server'
        explode: false
        in: path
        name: authServerId
        required: true
        schema:
          example: GeGRTEr7f3yu2n7grw22
          type: string
        style: simple
      - description: '`id` of Scope'
        explode: false
        in: path
        name: scopeId
        required: true
        schema:
          example: 0TMRpCWXRKFjP7HiPFNM
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              UpdateOAuth2Scope:
                $ref: '#/components/examples/UpdateOAuth2ScopeRequest'
            schema:
              $ref: '#/components/schemas/OAuth2Scope'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                UpdatedOAuth2Scope:
                  $ref: '#/components/examples/UpdatedOAuth2ScopeResponse'
              schema:
                $ref: '#/components/schemas/OAuth2Scope'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.authorizationServers.manage
      summary: Replace a Custom Token Scope
      tags:
      - AuthorizationServerScopes
      x-codegen-request-body-name: oAuth2Scope
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - API Access Management
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/behaviors:
    get:
      description: Lists all behavior detection rules with pagination support
      operationId: listBehaviorDetectionRules
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/BehaviorRule'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.behaviors.read
      summary: List all Behavior Detection Rules
      tags:
      - Behavior
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates a new behavior detection rule
      operationId: createBehaviorDetectionRule
      requestBody:
        content:
          application/json:
            examples:
              BehaviorRuleRequest:
                $ref: '#/components/examples/BehaviorRuleRequest'
            schema:
              $ref: '#/components/schemas/BehaviorRule'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                BehaviorRuleReSponse:
                  $ref: '#/components/examples/BehaviorRuleResponse'
              schema:
                $ref: '#/components/schemas/BehaviorRule'
          description: Created
        "400":
          content:
            application/json:
              examples:
                API Validation Failed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.behaviors.manage
      summary: Create a Behavior Detection Rule
      tags:
      - Behavior
      x-codegen-request-body-name: rule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/behaviors/{behaviorId}:
    delete:
      description: Deletes a Behavior Detection Rule by `behaviorId`
      operationId: deleteBehaviorDetectionRule
      parameters:
      - description: id of the Behavior Detection Rule
        explode: false
        in: path
        name: behaviorId
        required: true
        schema:
          example: abcd1234
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                Resource Not Found:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.behaviors.manage
      summary: Delete a Behavior Detection Rule
      tags:
      - Behavior
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a Behavior Detection Rule by `behaviorId`
      operationId: getBehaviorDetectionRule
      parameters:
      - description: id of the Behavior Detection Rule
        explode: false
        in: path
        name: behaviorId
        required: true
        schema:
          example: abcd1234
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BehaviorRule'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                Resource Not Found:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.behaviors.read
      summary: Retrieve a Behavior Detection Rule
      tags:
      - Behavior
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces a Behavior Detection Rule by `behaviorId`
      operationId: replaceBehaviorDetectionRule
      parameters:
      - description: id of the Behavior Detection Rule
        explode: false
        in: path
        name: behaviorId
        required: true
        schema:
          example: abcd1234
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              BehaviorRuleRequest:
                $ref: '#/components/examples/BehaviorRuleRequest'
            schema:
              $ref: '#/components/schemas/BehaviorRule'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                BehaviorRuleReSponse:
                  $ref: '#/components/examples/BehaviorRuleResponse'
              schema:
                $ref: '#/components/schemas/BehaviorRule'
          description: Created
        "400":
          content:
            application/json:
              examples:
                API Validation Failed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                Resource Not Found:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.behaviors.manage
      summary: Replace a Behavior Detection Rule
      tags:
      - Behavior
      x-codegen-request-body-name: rule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/behaviors/{behaviorId}/lifecycle/activate:
    post:
      description: Activates a behavior detection rule
      operationId: activateBehaviorDetectionRule
      parameters:
      - description: id of the Behavior Detection Rule
        explode: false
        in: path
        name: behaviorId
        required: true
        schema:
          example: abcd1234
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                BehaviorRuleReSponse:
                  $ref: '#/components/examples/BehaviorRuleResponse'
              schema:
                $ref: '#/components/schemas/BehaviorRule'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.behaviors.manage
      summary: Activate a Behavior Detection Rule
      tags:
      - Behavior
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/behaviors/{behaviorId}/lifecycle/deactivate:
    post:
      description: Deactivates a behavior detection rule
      operationId: deactivateBehaviorDetectionRule
      parameters:
      - description: id of the Behavior Detection Rule
        explode: false
        in: path
        name: behaviorId
        required: true
        schema:
          example: abcd1234
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                BehaviorRuleReSponse:
                  $ref: '#/components/examples/BehaviorRuleResponse'
              schema:
                $ref: '#/components/schemas/BehaviorRule'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.behaviors.manage
      summary: Deactivate a Behavior Detection Rule
      tags:
      - Behavior
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands:
    get:
      description: Lists all the brands in your org
      operationId: listBrands
      parameters:
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - themes
            - domains
            - emailDomain
            type: string
          type: array
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      - description: Searches the records for matching value
        explode: true
        in: query
        name: q
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Get brands response:
                  $ref: '#/components/examples/ListBrandsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/BrandWithEmbedded'
                type: array
          description: Successfully returned the list of brands
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: List all Brands
      tags:
      - Brands
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates a new brand in your org
      operationId: createBrand
      requestBody:
        content:
          application/json:
            examples:
              Create brand request:
                $ref: '#/components/examples/CreateBrandRequest'
            schema:
              $ref: '#/components/schemas/CreateBrandRequest'
      responses:
        "201":
          content:
            application/json:
              examples:
                Create brand response:
                  $ref: '#/components/examples/CreateBrandResponse'
              schema:
                $ref: '#/components/schemas/Brand'
          description: Successfully created the brand
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "409":
          content:
            application/json:
              examples:
                Cannot create brand with the same name:
                  $ref: '#/components/examples/ErrorCreateBrandExists'
              schema:
                $ref: '#/components/schemas/Error'
          description: Could not create the new brand because same name already exist.
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Create a Brand
      tags:
      - Brands
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}:
    delete:
      description: Deletes a brand by `brandId`
      operationId: deleteBrand
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: Successfully deleted the brand.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "409":
          content:
            application/json:
              examples:
                Cannot delete default brand:
                  $ref: '#/components/examples/ErrorDeleteDefaultBrand'
                Cannot delete brand associated with a domain:
                  $ref: '#/components/examples/ErrorDeleteBrandAssociatedWithDomain'
              schema:
                $ref: '#/components/schemas/Error'
          description: Conflict
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Delete a brand
      tags:
      - Brands
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a brand by `brandId`
      operationId: getBrand
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - themes
            - domains
            - emailDomain
            type: string
          type: array
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Get brand response:
                  $ref: '#/components/examples/GetBrandResponse'
              schema:
                $ref: '#/components/schemas/BrandWithEmbedded'
          description: Successfully retrieved the brand
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve a Brand
      tags:
      - Brands
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |+
        Replaces a brand by `brandId`

        Passing an invalid `brandId` returns a `404 Not Found` status code with the error code `E0000007`.

        Not providing `agreeToCustomPrivacyPolicy` with `customPrivacyPolicyUrl` returns a `400 Bad Request` status code with the error code `E0000001`.

      operationId: replaceBrand
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Update brand request:
                $ref: '#/components/examples/UpdateBrandRequest'
            schema:
              $ref: '#/components/schemas/BrandRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Update brand response:
                  $ref: '#/components/examples/UpdateBrandResponse'
              schema:
                $ref: '#/components/schemas/Brand'
          description: Successfully replaced the brand
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Replace a Brand
      tags:
      - Brands
      x-codegen-request-body-name: brand
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/domains:
    get:
      description: Lists all domains associated with a brand by `brandId`
      operationId: listBrandDomains
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BrandDomains'
          description: Successfully returned the list of domains for the brand
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: List all Domains associated with a Brand
      tags:
      - Brands
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/pages/error:
    get:
      description: Retrieves the error page sub-resources. The `expand` query parameter
        specifies which sub-resources to include in the response.
      operationId: getErrorPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - default
            - customized
            - customizedUrl
            - preview
            - previewUrl
            type: string
          type: array
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PageRoot'
          description: Successfully retrieved the error page.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve the Error Page Sub-Resources
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/pages/error/customized:
    delete:
      description: "Deletes the customized error page. As a result, the default error\
        \ page appears in your live environment."
      operationId: deleteCustomizedErrorPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: Successfully deleted the customized error page.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Delete the Customized Error Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves the customized error page. The customized error page
        appears in your live environment.
      operationId: getCustomizedErrorPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorPage'
          description: Successfully retrieved the customized error page.
          headers:
            Location:
              explode: false
              schema:
                format: uri
                type: string
              style: simple
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve the Customized Error Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the customized error page. The customized error page appears
        in your live environment.
      operationId: replaceCustomizedErrorPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ErrorPage'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorPage'
          description: Successfully replaced the customized error page.
          headers:
            Location:
              explode: false
              schema:
                format: uri
                type: string
              style: simple
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Replace the Customized Error Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/pages/error/default:
    get:
      description: Retrieves the default error page. The default error page appears
        when no customized error page exists.
      operationId: getDefaultErrorPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorPage'
          description: Successfully retrieved the default error page.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve the Default Error Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/pages/error/preview:
    delete:
      description: "Deletes the preview error page. The preview error page contains\
        \ unpublished changes and isn't shown in your live environment. Preview it\
        \ at `${yourOktaDomain}/error/preview`."
      operationId: deletePreviewErrorPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: Successfully deleted the preview error page.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Delete the Preview Error Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: "Retrieves the preview error page. The preview error page contains\
        \ unpublished changes and isn't shown in your live environment. Preview it\
        \ at `${yourOktaDomain}/error/preview`."
      operationId: getPreviewErrorPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorPage'
          description: Successfully retrieved the preview error page.
          headers:
            Location:
              explode: false
              schema:
                format: uri
                type: string
              style: simple
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve the Preview Error Page Preview
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: "Replaces the preview error page. The preview error page contains\
        \ unpublished changes and isn't shown in your live environment. Preview it\
        \ at `${yourOktaDomain}/error/preview`."
      operationId: replacePreviewErrorPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ErrorPage'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorPage'
          description: Successfully replaced the preview error page.
          headers:
            Location:
              explode: false
              schema:
                format: uri
                type: string
              style: simple
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Replace the Preview Error Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/pages/sign-in:
    get:
      description: Retrieves the sign-in page sub-resources. The `expand` query parameter
        specifies which sub-resources to include in the response.
      operationId: getSignInPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - default
            - customized
            - customizedUrl
            - preview
            - previewUrl
            type: string
          type: array
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PageRoot'
          description: Successfully retrieved the sign-in page.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve the Sign-in Page Sub-Resources
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/pages/sign-in/customized:
    delete:
      description: "Deletes the customized sign-in page. As a result, the default\
        \ sign-in page appears in your live environment."
      operationId: deleteCustomizedSignInPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: Successfully deleted the sign-in page.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Delete the Customized Sign-in Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves the customized sign-in page. The customized sign-in page
        appears in your live environment.
      operationId: getCustomizedSignInPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignInPage'
          description: Successfully retrieved the customized sign-in page.
          headers:
            Location:
              explode: false
              schema:
                format: uri
                type: string
              style: simple
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve the Customized Sign-in Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the customized sign-in page. The customized sign-in page
        appears in your live environment.
      operationId: replaceCustomizedSignInPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignInPage'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignInPage'
          description: Successfully replaced the customized sign-in page.
          headers:
            Location:
              explode: false
              schema:
                format: uri
                type: string
              style: simple
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Replace the Customized Sign-in Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/pages/sign-in/default:
    get:
      description: Retrieves the default sign-in page. The default sign-in page appears
        when no customized sign-in page exists.
      operationId: getDefaultSignInPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignInPage'
          description: Successfully retrieved the default sign-in page.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve the Default Sign-in Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/pages/sign-in/preview:
    delete:
      description: "Deletes the preview sign-in page. The preview sign-in page contains\
        \ unpublished changes and isn't shown in your live environment. Preview it\
        \ at `${yourOktaDomain}/login/preview`."
      operationId: deletePreviewSignInPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: Successfully deleted the preview sign-in page.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Delete the Preview Sign-in Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: "Retrieves the preview sign-in page. The preview sign-in page contains\
        \ unpublished changes and isn't shown in your live environment. Preview it\
        \ at `${yourOktaDomain}/login/preview`."
      operationId: getPreviewSignInPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignInPage'
          description: Successfully retrieved the preview sign-in page.
          headers:
            Location:
              explode: false
              schema:
                format: uri
                type: string
              style: simple
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve the Preview Sign-in Page Preview
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: "Replaces the preview sign-in page. The preview sign-in page contains\
        \ unpublished changes and isn't shown in your live environment. Preview it\
        \ at `${yourOktaDomain}/login/preview`."
      operationId: replacePreviewSignInPage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignInPage'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignInPage'
          description: Successfully replaced the preview sign-in page.
          headers:
            Location:
              explode: false
              schema:
                format: uri
                type: string
              style: simple
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Replace the Preview Sign-in Page
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/pages/sign-in/widget-versions:
    get:
      description: Lists all sign-in widget versions supported by the current org
      operationId: listAllSignInWidgetVersions
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  pattern: ^\d+\.\d+$
                  type: string
                type: array
          description: Successfully listed the sign-in widget versions.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: List all Sign-in Widget Versions
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/pages/sign-out/customized:
    get:
      description: Retrieves the sign-out page settings
      operationId: getSignOutPageSettings
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HostedPage'
          description: Successfully retrieved the sign-out page settings.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve the Sign-out Page Settings
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the sign-out page settings
      operationId: replaceSignOutPageSettings
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/HostedPage'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HostedPage'
          description: Successfully replaced the sign-out page settings.
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Replace the Sign-out Page Settings
      tags:
      - CustomPages
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/templates/email:
    get:
      description: Lists all supported email templates
      operationId: listEmailTemplates
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - settings
            - customizationCount
            type: string
          type: array
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                List email templates response:
                  $ref: '#/components/examples/ListEmailTemplateResponse'
              schema:
                items:
                  $ref: '#/components/schemas/EmailTemplateResponse'
                type: array
          description: Successfully returned the list of email templates.
          headers:
            Link:
              description: "The pagination header containing links to the current\
                \ and next page of results. See [Pagination](/#pagination) for more\
                \ information."
              explode: false
              schema:
                type: string
              style: simple
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: List all Email Templates
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/templates/email/{templateName}:
    get:
      description: Retrieves the details of an email template by name
      operationId: getEmailTemplate
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - settings
            - customizationCount
            type: string
          type: array
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Get email template response:
                  $ref: '#/components/examples/GetEmailTemplateResponse'
              schema:
                $ref: '#/components/schemas/EmailTemplateResponse'
          description: Successfully retrieved the email template.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: Retrieve an Email Template
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations:
    delete:
      description: |
        Deletes all customizations for an email template

         If Custom languages for Okta Email Templates is enabled, all customizations are deleted, including customizations for additional languages. If disabled, only customizations in Okta-supported languages are deleted.
      operationId: deleteAllCustomizations
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: Successfully deleted all customizations for the email template.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.manage
      summary: Delete all Email Customizations
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: |
        Lists all customizations of an email template

         If Custom languages for Okta Email Templates is enabled, all existing customizations are retrieved, including customizations for additional languages. If disabled, only customizations for Okta-supported languages are returned.
      operationId: listEmailCustomizations
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                List Email customizations response:
                  $ref: '#/components/examples/ListEmailCustomizationResponse'
              schema:
                items:
                  $ref: '#/components/schemas/EmailCustomization'
                type: array
          description: Successfully retrieved all email customizations for the specified
            email template.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: List all Email Customizations
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |
        Creates a new Email Customization

         If Custom languages for Okta Email Templates is enabled, you can create a customization for any BCP47 language in addition to the Okta-supported languages.
      operationId: createEmailCustomization
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Create email customization request:
                $ref: '#/components/examples/CreateUpdateEmailCustomizationRequest'
            schema:
              $ref: '#/components/schemas/EmailCustomization'
      responses:
        "201":
          content:
            application/json:
              examples:
                Create email customization response:
                  $ref: '#/components/examples/CreateUpdateEmailCustomizationResponse'
              schema:
                $ref: '#/components/schemas/EmailCustomization'
          description: Successfully created the email customization.
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "409":
          content:
            application/json:
              examples:
                Default email customization already exists:
                  $ref: '#/components/examples/ErrorEmailCustomizationDefaultAlreadyExists'
                Email customization already exists for the specified language:
                  $ref: '#/components/examples/ErrorEmailCustomizationLanguageAlreadyExists'
              schema:
                $ref: '#/components/schemas/Error'
          description: Could not create the email customization because it conflicts
            with an existing email customization.
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.manage
      summary: Create an Email Customization
      tags:
      - CustomTemplates
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}:
    delete:
      description: |
        Deletes an Email Customization by its unique identifier

         If Custom languages for Okta Email Templates is disabled, deletion of an existing additional language customization by ID doesn't register.
      operationId: deleteEmailCustomization
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the email customization
        explode: false
        in: path
        name: customizationId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: Successfully deleted the email customization.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "409":
          content:
            application/json:
              examples:
                Cannot delete default email customization:
                  $ref: '#/components/examples/ErrorEmailCustomizationCannotDeleteDefault'
              schema:
                $ref: '#/components/schemas/Error'
          description: Could not delete the email customization deleted because it
            is the default email customization.
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.manage
      summary: Delete an Email Customization
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: |
        Retrieves an email customization by its unique identifier

         If Custom languages for Okta Email Templates is disabled, requests to retrieve an additional language customization by ID result in a `404 Not Found` error response.
      operationId: getEmailCustomization
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the email customization
        explode: false
        in: path
        name: customizationId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Get email customization response:
                  $ref: '#/components/examples/EmailCustomizationResponse'
              schema:
                $ref: '#/components/schemas/EmailCustomization'
          description: Successfully retrieved the email customization.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: Retrieve an Email Customization
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |
        Replaces an email customization using property values

         If Custom languages for Okta Email Templates is disabled, requests to update a customization for an additional language return a `404 Not Found` error response.
      operationId: replaceEmailCustomization
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the email customization
        explode: false
        in: path
        name: customizationId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Update email customization request:
                $ref: '#/components/examples/CreateUpdateEmailCustomizationRequest'
            schema:
              $ref: '#/components/schemas/EmailCustomization'
        description: Request
      responses:
        "200":
          content:
            application/json:
              examples:
                Update email customization response:
                  $ref: '#/components/examples/CreateUpdateEmailCustomizationResponse'
              schema:
                $ref: '#/components/schemas/EmailCustomization'
          description: Successfully updated the email customization.
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "409":
          content:
            application/json:
              examples:
                Default email customization already exists:
                  $ref: '#/components/examples/ErrorEmailCustomizationDefaultAlreadyExists'
                Email customization already exists for the specified language:
                  $ref: '#/components/examples/ErrorEmailCustomizationLanguageAlreadyExists'
                Cannot set the default email customization's isDefault to false:
                  $ref: '#/components/examples/ErrorEmailCustomizationCannotClearDefault'
              schema:
                $ref: '#/components/schemas/Error'
          description: Could not update the email customization because the update
            would cause a conflict with an existing email customization.
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.manage
      summary: Replace an Email Customization
      tags:
      - CustomTemplates
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/templates/email/{templateName}/customizations/{customizationId}/preview:
    get:
      description: |
        Retrieves a Preview of an Email Customization. All variable references are populated from the current user's context. For example, `${user.profile.firstName}`.

         If Custom languages for Okta Email Templates is disabled, requests for the preview of an additional language customization by ID return a `404 Not Found` error response.
      operationId: getCustomizationPreview
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the email customization
        explode: false
        in: path
        name: customizationId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Preview email customization response:
                  $ref: '#/components/examples/PreviewEmailCustomizationResponse'
              schema:
                $ref: '#/components/schemas/EmailPreview'
          description: Successfully generated a preview of the email customization.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: Retrieve a Preview of an Email Customization
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/templates/email/{templateName}/default-content:
    get:
      description: "Retrieves an email template's default content\n\n Defaults to the current user's language given\
        \ the following: \n- Custom languages for Okta Email Templates is enabled\n\
        - An additional language is specified for the `language` parameter\n"
      operationId: getEmailDefaultContent
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      - description: The language to use for the email. Defaults to the current user's
          language if unspecified.
        explode: true
        in: query
        name: language
        required: false
        schema:
          $ref: '#/components/schemas/Language'
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Get email template default content response:
                  $ref: '#/components/examples/EmailTemplateDefaultContentResponse'
              schema:
                $ref: '#/components/schemas/EmailDefaultContent'
          description: Successfully retrieved the email template's default content.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: Retrieve an Email Template Default Content
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/templates/email/{templateName}/default-content/preview:
    get:
      description: |
        Retrieves a preview of an Email Template's default content. All variable references are populated using the current user's context. For example, `${user.profile.firstName}`.

         Defaults to the current user's language given the following:
        - Custom languages for Okta Email Templates is enabled
        - An additional language is specified for the `language` parameter
      operationId: getEmailDefaultPreview
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      - description: The language to use for the email. Defaults to the current user's
          language if unspecified.
        explode: true
        in: query
        name: language
        required: false
        schema:
          $ref: '#/components/schemas/Language'
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Preview email template default content response:
                  $ref: '#/components/examples/PreviewEmailTemplateDefaultContentResponse'
              schema:
                $ref: '#/components/schemas/EmailPreview'
          description: Successfully generated a preview of the email template's default
            content.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: Retrieve a Preview of the Email Template default content
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/templates/email/{templateName}/settings:
    get:
      description: Retrieves an email template's settings
      operationId: getEmailSettings
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Get email template settings response:
                  $ref: '#/components/examples/EmailSettingsResponse'
              schema:
                $ref: '#/components/schemas/EmailSettingsResponse'
          description: Successfully retrieved the email template's settings.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: Retrieve the Email Template Settings
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces an email template's settings
      operationId: replaceEmailSettings
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmailSettings'
      responses:
        "200":
          content:
            application/json:
              examples:
                Update email template settings:
                  $ref: '#/components/examples/EmailSettingsResponse'
              schema:
                $ref: '#/components/schemas/EmailSettings'
          description: Successfully updated the email template's settings.
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "422":
          content:
            application/json:
              examples:
                Invalid email template recipients:
                  $ref: '#/components/examples/ErrorInvalidEmailTemplateRecipients'
              schema:
                $ref: '#/components/schemas/Error'
          description: Could not update the email template's settings due to an invalid
            setting value.
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.manage
      summary: Replace the Email Template Settings
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/templates/email/{templateName}/test:
    post:
      description: |-
        Sends a test email to the current user’s primary and secondary email addresses. The email content is selected based on the following priority:
        1. The email customization for the language specified in the `language` query parameter.
         If Custom languages for Okta Email Templates is enabled and the `language` parameter is an additional language, the test email uses the customization corresponding to the language.
        2. The email template's default customization.
        3. The email template’s default content, translated to the current user's language.
      operationId: sendTestEmail
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The name of the email template
        explode: false
        in: path
        name: templateName
        required: true
        schema:
          type: string
        style: simple
      - description: The language to use for the email. Defaults to the current user's
          language if unspecified.
        explode: true
        in: query
        name: language
        required: false
        schema:
          $ref: '#/components/schemas/Language'
        style: form
      responses:
        "204":
          content: {}
          description: Successfully sent a test email.
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: Send a Test Email
      tags:
      - CustomTemplates
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/themes:
    get:
      description: |-
        Lists all the themes in your brand.

        > **Important:** Currently each org supports only one Theme, therefore this contains a single object only.
      operationId: listBrandThemes
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Get themes response:
                  $ref: '#/components/examples/ListThemesResponse'
              schema:
                items:
                  $ref: '#/components/schemas/ThemeResponse'
                type: array
          description: Successfully returned the list of themes
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: List all Themes
      tags:
      - Themes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/themes/{themeId}:
    get:
      description: Retrieves a theme for a brand
      operationId: getBrandTheme
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the theme
        explode: false
        in: path
        name: themeId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Get theme response:
                  $ref: '#/components/examples/GetThemeResponse'
              schema:
                $ref: '#/components/schemas/ThemeResponse'
          description: Successfully retrieved the theme
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.read
      summary: Retrieve a Theme
      tags:
      - Themes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces a theme for a brand
      operationId: replaceBrandTheme
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the theme
        explode: false
        in: path
        name: themeId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Update theme request:
                $ref: '#/components/examples/UpdateThemeRequest'
            schema:
              $ref: '#/components/schemas/UpdateThemeRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Update theme response:
                  $ref: '#/components/examples/UpdateThemeResponse'
              schema:
                $ref: '#/components/schemas/ThemeResponse'
          description: Successfully replaced the theme
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Replace a Theme
      tags:
      - Themes
      x-codegen-request-body-name: theme
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/themes/{themeId}/background-image:
    delete:
      description: Deletes a Theme background image
      operationId: deleteBrandThemeBackgroundImage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the theme
        explode: false
        in: path
        name: themeId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Delete the Background Image
      tags:
      - Themes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Uploads and replaces the background image for the theme. The file\
        \ must be in PNG, JPG, or GIF format and less than 2 MB in size."
      operationId: uploadBrandThemeBackgroundImage
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the theme
        explode: false
        in: path
        name: themeId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/uploadBrandThemeBackgroundImage_request'
        description: background image file
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ImageUploadResponse'
          description: Content Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Upload the Background Image
      tags:
      - Themes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: multipart/form-data
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/themes/{themeId}/favicon:
    delete:
      description: Deletes a Theme favicon. The theme will use the default Okta favicon.
      operationId: deleteBrandThemeFavicon
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the theme
        explode: false
        in: path
        name: themeId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Delete the Favicon
      tags:
      - Themes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Uploads and replaces the favicon for the theme
      operationId: uploadBrandThemeFavicon
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the theme
        explode: false
        in: path
        name: themeId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/uploadBrandThemeFavicon_request'
        description: favicon file
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ImageUploadResponse'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Upload the Favicon
      tags:
      - Themes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: multipart/form-data
      x-accepts:
      - application/json
  /api/v1/brands/{brandId}/themes/{themeId}/logo:
    delete:
      description: Deletes a Theme logo. The theme will use the default Okta logo.
      operationId: deleteBrandThemeLogo
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the theme
        explode: false
        in: path
        name: themeId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Delete the Logo
      tags:
      - Themes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Uploads and replaces the logo for the theme. The file must be\
        \ in PNG, JPG, or GIF format and less than 100kB in size. For best results\
        \ use landscape orientation, a transparent background, and a minimum size\
        \ of 300px by 50px to prevent upscaling."
      operationId: uploadBrandThemeLogo
      parameters:
      - description: The ID of the brand
        explode: false
        in: path
        name: brandId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the theme
        explode: false
        in: path
        name: themeId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/uploadBrandThemeLogo_request'
        description: logo file
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ImageUploadResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.brands.manage
      summary: Upload the Logo
      tags:
      - Themes
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: multipart/form-data
      x-accepts:
      - application/json
  /api/v1/captchas:
    get:
      description: Lists all CAPTCHA instances with pagination support. A subset of
        CAPTCHA instances can be returned that match a supported filter expression
        or query.
      operationId: listCaptchaInstances
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/CAPTCHAInstance'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.captchas.read
      summary: List all CAPTCHA Instances
      tags:
      - CAPTCHA
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    post:
      description: "Creates a new CAPTCHA instance. Currently, an org can only configure\
        \ a single CAPTCHA instance."
      operationId: createCaptchaInstance
      requestBody:
        content:
          application/json:
            examples:
              HCaptcha:
                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
              ReCaptcha:
                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
            schema:
              $ref: '#/components/schemas/CAPTCHAInstance'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                HCaptcha:
                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
                ReCaptcha:
                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
              schema:
                $ref: '#/components/schemas/CAPTCHAInstance'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
                Error Limit of One CAPTCHA instance per org:
                  $ref: '#/components/examples/ErrorCAPTCHALimitOfOne'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.captchas.manage
      summary: Create a CAPTCHA instance
      tags:
      - CAPTCHA
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/captchas/{captchaId}:
    delete:
      description: |-
        Deletes a specified CAPTCHA instance
        > **Note:** If your CAPTCHA instance is still associated with your org, the request fails. You must first update your Org-wide CAPTCHA settings to remove the CAPTCHA instance.
      operationId: deleteCaptchaInstance
      parameters:
      - description: The unique key used to identify your CAPTCHA instance
        explode: false
        in: path
        name: captchaId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
                Cannot remove CAPTCHA in use:
                  $ref: '#/components/examples/ErrorCAPTCHAOrgWideSetting'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.captchas.manage
      summary: Delete a CAPTCHA Instance
      tags:
      - CAPTCHA
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    get:
      description: Retrieves the properties of a specified CAPTCHA instance
      operationId: getCaptchaInstance
      parameters:
      - description: The unique key used to identify your CAPTCHA instance
        explode: false
        in: path
        name: captchaId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                HCaptcha:
                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
                ReCaptcha:
                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
              schema:
                $ref: '#/components/schemas/CAPTCHAInstance'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.captchas.read
      summary: Retrieve a CAPTCHA Instance
      tags:
      - CAPTCHA
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    post:
      description: Partially updates the properties of a specified CAPTCHA instance
      operationId: updateCaptchaInstance
      parameters:
      - description: The unique key used to identify your CAPTCHA instance
        explode: false
        in: path
        name: captchaId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              HCaptcha:
                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
              ReCaptcha:
                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
            schema:
              $ref: '#/components/schemas/CAPTCHAInstance'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                HCaptcha:
                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
                ReCaptcha:
                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
              schema:
                $ref: '#/components/schemas/CAPTCHAInstance'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.captchas.manage
      summary: Update a CAPTCHA Instance
      tags:
      - CAPTCHA
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
    put:
      description: Replaces the properties for a specified CAPTCHA instance
      operationId: replaceCaptchaInstance
      parameters:
      - description: The unique key used to identify your CAPTCHA instance
        explode: false
        in: path
        name: captchaId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              HCaptcha:
                $ref: '#/components/examples/CAPTCHAInstanceRequestHCaptcha'
              ReCaptcha:
                $ref: '#/components/examples/CAPTCHAInstanceRequestReCaptcha'
            schema:
              $ref: '#/components/schemas/CAPTCHAInstance'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                HCaptcha:
                  $ref: '#/components/examples/CAPTCHAInstanceResponseHCaptcha'
                ReCaptcha:
                  $ref: '#/components/examples/CAPTCHAInstanceResponseReCaptcha'
              schema:
                $ref: '#/components/schemas/CAPTCHAInstance'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.captchas.manage
      summary: Replace a CAPTCHA Instance
      tags:
      - CAPTCHA
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/device-assurances:
    get:
      description: Lists all device assurance policies
      operationId: listDeviceAssurancePolicies
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/DeviceAssurance'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.deviceAssurance.read
      summary: List all Device Assurance Policies
      tags:
      - DeviceAssurance
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    post:
      description: Creates a new Device Assurance Policy
      operationId: createDeviceAssurancePolicy
      requestBody:
        content:
          application/json:
            examples:
              Android:
                $ref: '#/components/examples/DeviceAssuranceAndroidRequest'
              iOS:
                $ref: '#/components/examples/DeviceAssuranceIosRequest'
              MacOS:
                $ref: '#/components/examples/DeviceAssuranceMacOSRequest'
              Windows:
                $ref: '#/components/examples/DeviceAssuranceWindowsRequest'
              ChromeOSWithThirdPartySignalProviders:
                $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest'
              MacOSWithThirdPartySignalProviders:
                $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
              WindowsWithThirdPartySignalProviders:
                $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
              AndroidWithDynamicVersionRequirement:
                $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementRequest'
              iOSWithDynamicVersionRequirement:
                $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementRequest'
              MacOSWithDynamicVersionRequirement:
                $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementRequest'
              WindowsWithDynamicVersionRequirements:
                $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest'
              WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
                $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest'
              WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
                $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest'
            schema:
              $ref: '#/components/schemas/DeviceAssurance'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Android:
                  $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
                iOS:
                  $ref: '#/components/examples/DeviceAssuranceIosResponse'
                MacOS:
                  $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
                Windows:
                  $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
                ChromeOSWithThirdPartySignalProviders:
                  $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
                MacOSWithThirdPartySignalProviders:
                  $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
                WindowsWithThirdPartySignalProviders:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
                AndroidWithDynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
                iOSWithDynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
                MacOSWithDynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
                WindowsWithDynamicVersionRequirements:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
                WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
                WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
              schema:
                $ref: '#/components/schemas/DeviceAssurance'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.deviceAssurance.manage
      summary: Create a Device Assurance Policy
      tags:
      - DeviceAssurance
      x-codegen-request-body-name: deviceAssurance
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/device-assurances/{deviceAssuranceId}:
    delete:
      description: "Deletes a Device Assurance Policy by `deviceAssuranceId`. If the\
        \ Device Assurance Policy is currently being used in the org Authentication\
        \ Policies, the delete will not be allowed."
      operationId: deleteDeviceAssurancePolicy
      parameters:
      - description: Id of the Device Assurance Policy
        explode: false
        in: path
        name: deviceAssuranceId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "409":
          content:
            application/json:
              examples:
                ErrorDeviceAssuranceInUse:
                  $ref: '#/components/examples/ErrorDeviceAssuranceInUse'
              schema:
                $ref: '#/components/schemas/Error'
          description: Conflict
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.deviceAssurance.manage
      summary: Delete a Device Assurance Policy
      tags:
      - DeviceAssurance
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    get:
      description: Retrieves a Device Assurance Policy by `deviceAssuranceId`
      operationId: getDeviceAssurancePolicy
      parameters:
      - description: Id of the Device Assurance Policy
        explode: false
        in: path
        name: deviceAssuranceId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Android:
                  $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
                iOS:
                  $ref: '#/components/examples/DeviceAssuranceIosResponse'
                MacOS:
                  $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
                Windows:
                  $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
                ChromeOSWithThirdPartySignalProviders:
                  $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
                MacOSWithThirdPartySignalProviders:
                  $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
                WindowsWithThirdPartySignalProviders:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
                AndroidWithDynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
                iOSWithDynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
                MacOSWithDynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
                WindowsWithDynamicVersionRequirements:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
                WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
                WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
              schema:
                $ref: '#/components/schemas/DeviceAssurance'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.deviceAssurance.read
      summary: Retrieve a Device Assurance Policy
      tags:
      - DeviceAssurance
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    put:
      description: Replaces a Device Assurance Policy by `deviceAssuranceId`
      operationId: replaceDeviceAssurancePolicy
      parameters:
      - description: Id of the Device Assurance Policy
        explode: false
        in: path
        name: deviceAssuranceId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Android:
                $ref: '#/components/examples/DeviceAssuranceAndroidRequest'
              iOS:
                $ref: '#/components/examples/DeviceAssuranceIosRequest'
              MacOS:
                $ref: '#/components/examples/DeviceAssuranceMacOSRequest'
              Windows:
                $ref: '#/components/examples/DeviceAssuranceWindowsRequest'
              ChromeOSWithThirdPartySignalProviders:
                $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest'
              MacOSWithThirdPartySignalProviders:
                $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest'
              WindowsWithThirdPartySignalProviders:
                $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest'
              AndroidWithDynamicVersionRequirement:
                $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementRequest'
              iOSWithDynamicVersionRequirement:
                $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementRequest'
              MacOSWithDynamicVersionRequirement:
                $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementRequest'
              WindowsWithDynamicVersionRequirements:
                $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest'
              WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
                $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest'
              WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
                $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest'
            schema:
              $ref: '#/components/schemas/DeviceAssurance'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Android:
                  $ref: '#/components/examples/DeviceAssuranceAndroidResponse'
                iOS:
                  $ref: '#/components/examples/DeviceAssuranceIosResponse'
                MacOS:
                  $ref: '#/components/examples/DeviceAssuranceMacOSResponse'
                Windows:
                  $ref: '#/components/examples/DeviceAssuranceWindowsResponse'
                ChromeOSWithThirdPartySignalProviders:
                  $ref: '#/components/examples/DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse'
                MacOSWithThirdPartySignalProviders:
                  $ref: '#/components/examples/DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse'
                WindowsWithThirdPartySignalProviders:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse'
                AndroidWithDynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceAndroidWithDynamicVersionRequirementResponse'
                iOSWithDynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceIosWithDynamicVersionRequirementResponse'
                MacOSWithDynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceMacOSWithDynamicVersionRequirementResponse'
                WindowsWithDynamicVersionRequirements:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse'
                WindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionString:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse'
                WindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirement:
                  $ref: '#/components/examples/DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse'
              schema:
                $ref: '#/components/schemas/DeviceAssurance'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.deviceAssurance.manage
      summary: Replace a Device Assurance Policy
      tags:
      - DeviceAssurance
      x-codegen-request-body-name: deviceAssurance
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/device-checks/{deviceCheckId}: {}
  /api/v1/devices:
    get:
      description: |-
        Lists all devices with pagination support.
        You can return a subset of Devices that match a supported search criteria using the `search` query parameter.
        Searches for devices based on the properties specified in the `search` parameter conforming SCIM filter specifications (case-insensitive). This data is eventually consistent. The API returns different results depending on specified queries in the request. Empty list is returned if no objects match `search` request.
        > **Note:** Listing devices with `search` should not be used as a part of any critical flows—such as authentication or updates—to prevent potential data loss. `search` results may not reflect the latest information, as this endpoint uses a search index which may not be up-to-date with recent updates to the object. 
 Don't use search results directly for record updates, as the data might be stale and therefore overwrite newer data, resulting in data loss. 
 Use an `id` lookup for records that you update to ensure your results contain the latest data.
        This operation requires [URL encoding](https://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.1). For example, `search=profile.displayName eq "Bob"` is encoded as `search=profile.displayName%20eq%20%22Bob%22`.
      operationId: listDevices
      parameters:
      - explode: true
        in: query
        name: after
        required: false
        schema:
          description: "The cursor to use for pagination. It is an opaque string that\
            \ specifies your current location in the list and is obtained from the\
            \ `Link` response header. See [Pagination](/#pagination) for more information."
          example: 200u3des4afA47rYJu1d7
          type: string
        style: form
      - description: A limit on the number of objects to return (recommend `20`)
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 200
          example: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      - description: "A SCIM filter expression that filters the results. Searches\
          \ include all Device `profile` properties and the Device `id`, `status`,\
          \ and `lastUpdated` properties."
        examples:
          Devices that have a `status` of `ACTIVE`:
            value: status eq "ACTIVE"
          Devices last updated after a specific timestamp:
            value: lastUpdated gt "yyyy-MM-dd'T'HH:mm:ss.SSSZ"
          Devices with a specified `id`:
            value: id eq "guo4a5u7JHHhjXrMK0g4"
          Devices that have a `displayName` of `Bob`:
            value: profile.displayName eq "Bob"
          Devices that have an `platform` of `WINDOWS`:
            value: profile.platform eq "WINDOWS"
          Devices whose `sid` starts with `S-1`:
            value: profile.sid sw "S-1"
        explode: true
        in: query
        name: search
        required: false
        schema:
          example: lastUpdated gt "2019-06-01T09:00:00.000Z"
          type: string
        style: form
      - description: Includes associated user details and management status for the
          device in the `_embedded` attribute
        examples:
          UserFullDetails:
            summary: Get a detailed list of associated users
            value: user
          UserSummaries:
            summary: Get the list of associated user summaries
            value: userSummary
        explode: true
        in: query
        name: expand
        required: false
        schema:
          enum:
          - user
          - userSummary
          example: userSummary
          type: string
          x-enumDescriptions:
            user: Lists full details for associated users
            userSummary: Lists summaries for associated users
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                APIDevicesResponseUserSummaryExample:
                  $ref: '#/components/examples/APIDevicesListAllUserSummaryResponse'
                APIDevicesResponseExample:
                  $ref: '#/components/examples/APIDevicesListAllResponse'
              schema:
                items:
                  $ref: '#/components/schemas/DeviceList'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.devices.read
      summary: List all Devices
      tags:
      - Device
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/devices/{deviceId}:
    delete:
      description: |-
        Deletes (permanently) a device by `deviceId` if it has a status of `DEACTIVATED`. You can transition the device to `DEACTIVATED` status using the [Deactivate a Device](/openapi/okta-management/management/tag/Device/#tag/Device/operation/deactivateDevice) endpoint.
        This request is destructive and deletes all of the profile data related to the device. Once deleted, device data can't be recovered. However, reenrollment creates a new device record.
        > **Note:** Attempts to delete a device that isn't in a `DEACTIVATED` state raise an error.
      operationId: deleteDevice
      parameters:
      - description: '`id` of the device'
        explode: false
        in: path
        name: deviceId
        required: true
        schema:
          example: guo4a5u7JHHhjXrMK0g4
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.devices.manage
      summary: Delete a Device
      tags:
      - Device
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    get:
      description: Retrieves a device by `deviceId`
      operationId: getDevice
      parameters:
      - description: '`id` of the device'
        explode: false
        in: path
        name: deviceId
        required: true
        schema:
          example: guo4a5u7JHHhjXrMK0g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                APIDevicesResponseExample:
                  $ref: '#/components/examples/DeviceResponse'
              schema:
                $ref: '#/components/schemas/Device'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.devices.read
      summary: Retrieve a Device
      tags:
      - Device
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/devices/{deviceId}/lifecycle/activate:
    post:
      description: |-
        Activates a Device by setting its status to ACTIVE by `deviceId`.
        Activated devices are used to create and delete Device user links.
      operationId: activateDevice
      parameters:
      - description: '`id` of the device'
        explode: false
        in: path
        name: deviceId
        required: true
        schema:
          example: guo4a5u7JHHhjXrMK0g4
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.devices.manage
      summary: Activate a Device
      tags:
      - Device
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/devices/{deviceId}/lifecycle/deactivate:
    post:
      description: |-
        Deactivates a Device by setting its status to DEACTIVATED by `deviceId`.
        Deactivation causes a Device to lose all device user links.
        Set the Device status to DEACTIVATED before deleting it.
        > **Note:** When deactivating a Device, keep in mind the following:
          - Device deactivation is a destructive operation for device factors and client certificates. Device reenrollment using Okta Verify allows end users to set up new factors on the device.
          - Device deletion removes the device record from Okta. Reenrollment creates a new device record.
      operationId: deactivateDevice
      parameters:
      - description: '`id` of the device'
        explode: false
        in: path
        name: deviceId
        required: true
        schema:
          example: guo4a5u7JHHhjXrMK0g4
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.devices.manage
      summary: Deactivate a Device
      tags:
      - Device
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/devices/{deviceId}/lifecycle/suspend:
    post:
      description: |-
        Suspends a Device by setting its status to SUSPENDED.
        Use suspended devices to create and delete device user links.
        You can only unsuspend or deactivate suspended devices.
        > **Note:** SUSPENDED status is meant to be temporary, so it isn't destructive.
      operationId: suspendDevice
      parameters:
      - description: '`id` of the device'
        explode: false
        in: path
        name: deviceId
        required: true
        schema:
          example: guo4a5u7JHHhjXrMK0g4
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.devices.manage
      summary: Suspend a Device
      tags:
      - Device
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/devices/{deviceId}/lifecycle/unsuspend:
    post:
      description: |-
        Unsuspends a Device by returning its `status` to ACTIVE.
        >**Note:** Only devices with a SUSPENDED status can be unsuspended.
      operationId: unsuspendDevice
      parameters:
      - description: '`id` of the device'
        explode: false
        in: path
        name: deviceId
        required: true
        schema:
          example: guo4a5u7JHHhjXrMK0g4
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.devices.manage
      summary: Unsuspend a Device
      tags:
      - Device
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/devices/{deviceId}/users:
    get:
      description: Lists all Users for a Device by `deviceId`
      operationId: listDeviceUsers
      parameters:
      - description: '`id` of the device'
        explode: false
        in: path
        name: deviceId
        required: true
        schema:
          example: guo4a5u7JHHhjXrMK0g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                APIDevicesListAllUsersResponseExample:
                  $ref: '#/components/examples/APIDevicesListAllUsersResponse'
              schema:
                items:
                  $ref: '#/components/schemas/DeviceUser'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.devices.read
      summary: List all Users for a Device
      tags:
      - Device
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/directories/{appInstanceId}/groups/modify:
    post:
      description: Updates an AD Group membership directly in AD
      operationId: updateADGroupMembership
      parameters:
      - description: ID of the AD AppInstance in Okta
        explode: false
        in: path
        name: appInstanceId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AgentAction'
        required: true
      responses:
        "200":
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "502":
          content:
            application/json:
              examples:
                AgentTimeOut:
                  $ref: '#/components/examples/ErrorAgentTimeOut'
              schema:
                $ref: '#/components/schemas/Error'
          description: There are no connected agents.
        "504":
          content:
            application/json:
              examples:
                AgentTimeOut:
                  $ref: '#/components/examples/ErrorNoConnectedAgents'
              schema:
                $ref: '#/components/schemas/Error'
          description: Timed out waiting for agent.
      security:
      - oauth2:
        - okta.directories.groups.manage
      summary: Update an AD Group membership
      tags:
      - DirectoriesIntegration
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/domains:
    get:
      description: Lists all verified custom domains for the org
      operationId: listCustomDomains
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DomainListResponse'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.domains.read
      summary: List all Custom Domains
      tags:
      - CustomDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates your custom domain
      operationId: createCustomDomain
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DomainRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DomainResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.domains.manage
      summary: Create a Custom Domain
      tags:
      - CustomDomain
      x-codegen-request-body-name: domain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/domains/{domainId}:
    delete:
      description: Deletes a custom domain by `domainId`
      operationId: deleteCustomDomain
      parameters:
      - description: '`id` of the Domain'
        explode: false
        in: path
        name: domainId
        required: true
        schema:
          example: OmWNeywfTzElSLOBMZsL
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.domains.manage
      summary: Delete a Custom Domain
      tags:
      - CustomDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a custom domain by `domainId`
      operationId: getCustomDomain
      parameters:
      - description: '`id` of the Domain'
        explode: false
        in: path
        name: domainId
        required: true
        schema:
          example: OmWNeywfTzElSLOBMZsL
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DomainResponse'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.domains.read
      summary: Retrieve a Custom Domain
      tags:
      - CustomDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces a custom domain's brand
      operationId: replaceCustomDomain
      parameters:
      - description: '`id` of the Domain'
        explode: false
        in: path
        name: domainId
        required: true
        schema:
          example: OmWNeywfTzElSLOBMZsL
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateDomain'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DomainResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.domains.manage
      summary: Replace a Custom Domain's Brand
      tags:
      - CustomDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/domains/{domainId}/certificate:
    put:
      description: |-
        Upserts (creates or renews) the `MANUAL` certificate for the custom domain

        > **Notes:**
        > * If the existing `certificateSourceType` is `OKTA_MANAGED`, this operation changes the source type to `MANUAL`. Okta no longer manages and renews certificates for this domain after you provide a user-managed certificate.
        > * Okta supports TLS certificates and private keys that are PEM-encoded and 2048, 3072, or 4096 bits. See the [Custom domain guide](https://developer.okta.com/docs/guides/custom-url-domain/main/) for more details.
      operationId: upsertCertificate
      parameters:
      - description: '`id` of the Domain'
        explode: false
        in: path
        name: domainId
        required: true
        schema:
          example: OmWNeywfTzElSLOBMZsL
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DomainCertificate'
        required: true
      responses:
        "204":
          content: {}
          description: No Content
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.domains.manage
      summary: Upsert the Custom Domain's Certificate
      tags:
      - CustomDomain
      x-codegen-request-body-name: certificate
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/domains/{domainId}/verify:
    post:
      description: "Verifies the custom domain and validity of DNS records by `domainId`.\
        \ Furthermore, if the `certificateSourceType` in the domain is `OKTA_MANAGED`,\
        \ then an attempt is made to obtain and install a certificate. After a certificate\
        \ is obtained and installed by Okta, Okta manages the certificate including\
        \ certificate renewal."
      operationId: verifyDomain
      parameters:
      - description: '`id` of the Domain'
        explode: false
        in: path
        name: domainId
        required: true
        schema:
          example: OmWNeywfTzElSLOBMZsL
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DomainResponse'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.domains.manage
      summary: Verify a Custom Domain
      tags:
      - CustomDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/email-domains:
    get:
      description: Lists all the Email Domains in your org
      operationId: listEmailDomains
      parameters:
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - brands
            type: string
          type: array
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                List email domain response:
                  $ref: '#/components/examples/EmailDomainResponse'
              schema:
                items:
                  $ref: '#/components/schemas/EmailDomainResponseWithEmbedded'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailDomains.read
      summary: List all Email Domains
      tags:
      - EmailDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates an Email Domain in your org
      operationId: createEmailDomain
      parameters:
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - brands
            type: string
          type: array
        style: form
      requestBody:
        content:
          application/json:
            examples:
              Create email domain request:
                $ref: '#/components/examples/CreateEmailDomainRequest'
            schema:
              $ref: '#/components/schemas/EmailDomain'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Create email domain response:
                  $ref: '#/components/examples/EmailDomainResponse'
              schema:
                $ref: '#/components/schemas/EmailDomainResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "409":
          content:
            application/json:
              examples:
                Email domain already exists:
                  $ref: '#/components/examples/ErrorEmailDomainAlreadyExists'
              schema:
                $ref: '#/components/schemas/Error'
          description: Conflict
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailDomains.manage
      summary: Create an Email Domain
      tags:
      - EmailDomain
      x-codegen-request-body-name: emailDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/email-domains/{emailDomainId}:
    delete:
      description: Deletes an Email Domain by `emailDomainId`
      operationId: deleteEmailDomain
      parameters:
      - explode: false
        in: path
        name: emailDomainId
        required: true
        schema:
          description: The ID of the email domain.
          type: string
        style: simple
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - brands
            type: string
          type: array
        style: form
      responses:
        "204":
          content: {}
          description: No Content
        "400":
          content:
            application/json:
              examples:
                Email domain in use:
                  $ref: '#/components/examples/ErrorEmailDomainInUse'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unable to delete custom email domain due to mail provider specific
            restrictions
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailDomains.manage
      summary: Delete an Email Domain
      tags:
      - EmailDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves an Email Domain by `emailDomainId`
      operationId: getEmailDomain
      parameters:
      - explode: false
        in: path
        name: emailDomainId
        required: true
        schema:
          description: The ID of the email domain.
          type: string
        style: simple
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - brands
            type: string
          type: array
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Retrieve email domain response:
                  $ref: '#/components/examples/EmailDomainResponse'
              schema:
                $ref: '#/components/schemas/EmailDomainResponseWithEmbedded'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailDomains.read
      summary: Retrieve an Email Domain
      tags:
      - EmailDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces associated username and sender display name by `emailDomainId`
      operationId: replaceEmailDomain
      parameters:
      - explode: false
        in: path
        name: emailDomainId
        required: true
        schema:
          description: The ID of the email domain.
          type: string
        style: simple
      - description: Specifies additional metadata to be included in the response
        explode: false
        in: query
        name: expand
        required: false
        schema:
          items:
            enum:
            - brands
            type: string
          type: array
        style: form
      requestBody:
        content:
          application/json:
            examples:
              Update email domain request:
                $ref: '#/components/examples/UpdateEmailDomainRequest'
            schema:
              $ref: '#/components/schemas/UpdateEmailDomain'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Update email domain response:
                  $ref: '#/components/examples/UpdatedEmailDomainResponse'
              schema:
                $ref: '#/components/schemas/EmailDomainResponse'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailDomains.manage
      summary: Replace an Email Domain
      tags:
      - EmailDomain
      x-codegen-request-body-name: updateEmailDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/email-domains/{emailDomainId}/verify:
    post:
      description: Verifies an Email Domain by `emailDomainId`
      operationId: verifyEmailDomain
      parameters:
      - explode: false
        in: path
        name: emailDomainId
        required: true
        schema:
          description: The ID of the email domain.
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Verified email domain response:
                  $ref: '#/components/examples/VerifiedEmailDomainResponse'
              schema:
                $ref: '#/components/schemas/EmailDomainResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                Email domain could not be verified:
                  $ref: '#/components/examples/ErrorEmailDomainNotVerified'
                Email domain invalid status:
                  $ref: '#/components/examples/ErrorEmailDomainInvalidStatus'
              schema:
                $ref: '#/components/schemas/Error'
          description: Email domain could not be verified by mail provider
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailDomains.manage
      summary: Verify an Email Domain
      tags:
      - EmailDomain
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/email-servers:
    get:
      description: Lists all the enrolled custom SMTP server configurations
      operationId: listEmailServers
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailServerListResponse'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailServers.read
      summary: List all enrolled SMTP servers
      tags:
      - EmailServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    post:
      description: Creates a custom email SMTP server configuration for your org
      operationId: createEmailServer
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmailServerPost'
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailServerResponse'
          description: Successfully enrolled server credentials
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailServers.manage
      summary: Create a custom SMTP server
      tags:
      - EmailServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/email-servers/{emailServerId}:
    delete:
      description: Deletes the specified custom SMTP server configuration
      operationId: deleteEmailServer
      parameters:
      - explode: false
        in: path
        name: emailServerId
        required: true
        schema:
          description: ID of your SMTP Server configuration
          type: string
        style: simple
      responses:
        "204":
          description: No content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailServers.manage
      summary: Delete an SMTP Server configuration
      tags:
      - EmailServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    get:
      description: Retrieves the specified custom SMTP server configuration
      operationId: getEmailServer
      parameters:
      - explode: false
        in: path
        name: emailServerId
        required: true
        schema:
          description: ID of your SMTP Server configuration
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailServerListResponse'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailServers.read
      summary: Retrieve an SMTP Server configuration
      tags:
      - EmailServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    patch:
      description: Updates the specified custom SMTP server configuration
      operationId: updateEmailServer
      parameters:
      - explode: false
        in: path
        name: emailServerId
        required: true
        schema:
          description: ID of your SMTP Server configuration
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmailServerRequest'
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailServerResponse'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailServers.manage
      summary: Update an SMTP Server configuration
      tags:
      - EmailServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/email-servers/{emailServerId}/test:
    post:
      description: Tests the specified custom SMTP Server configuration
      operationId: testEmailServer
      parameters:
      - explode: false
        in: path
        name: emailServerId
        required: true
        schema:
          description: ID of your SMTP Server configuration
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmailTestAddresses'
      responses:
        "204":
          description: No content
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.emailServers.manage
      summary: Test an SMTP Server configuration
      tags:
      - EmailServer
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/eventHooks:
    get:
      description: Lists all event hooks
      operationId: listEventHooks
      responses:
        "200":
          content:
            application/json:
              examples:
                RetrieveAllEventHooks:
                  $ref: '#/components/examples/RetrieveAllEventHooks'
              schema:
                items:
                  $ref: '#/components/schemas/EventHook'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.eventHooks.read
      summary: List all Event Hooks
      tags:
      - EventHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Creates a new event hook for your organization in `ACTIVE` status. You pass an event hook object in the JSON payload
        of your request. That object represents the set of required information about the event hook you're registering, including:
          * The URI of your external service
          * The [events](https://developer.okta.com/docs/reference/api/event-types/) in Okta you want to subscribe to
          * An optional event hook filter that can reduce the number of event hook calls. This is a self-service Early Access (EA) feature.
            See [Create an event hook filter](https://developer.okta.com/docs/concepts/event-hooks/#create-an-event-hook-filter).

            Additionally, you can specify a secret API key for Okta to pass to your external service endpoint for security verification. Note that the API key you set here is unrelated to the Okta API token
        you must supply when making calls to Okta APIs. Optionally, you can specify extra headers that Okta passes to your external
        service with each call.
        Your external service must use a valid HTTPS endpoint.
      operationId: createEventHook
      requestBody:
        content:
          application/json:
            examples:
              CreateAnEventHook:
                $ref: '#/components/examples/CreateAnEventHook'
              CreateAnEventHookWithFilter:
                $ref: '#/components/examples/CreateAnEventHookWithFilter'
            schema:
              $ref: '#/components/schemas/EventHook'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                CreateAnEventHook:
                  $ref: '#/components/examples/RetrieveAnEventHook'
                CreateAnEventHookWithFilter:
                  $ref: '#/components/examples/RetrieveAnEventHookWithFilter'
              schema:
                $ref: '#/components/schemas/EventHook'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.eventHooks.manage
      summary: Create an Event Hook
      tags:
      - EventHook
      x-codegen-request-body-name: eventHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/eventHooks/{eventHookId}:
    delete:
      description: |-
        Deletes the event hook that matches the provided `id`. After deletion, the event hook is unrecoverable.
        As a safety precaution, you can only delete event hooks with a status of `INACTIVE`.
      operationId: deleteEventHook
      parameters:
      - description: '`id` of the Event Hook'
        explode: false
        in: path
        name: eventHookId
        required: true
        schema:
          example: who8vt36qfNpCGz9H1e6
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.eventHooks.manage
      summary: Delete an Event Hook
      tags:
      - EventHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves an event hook
      operationId: getEventHook
      parameters:
      - description: '`id` of the Event Hook'
        explode: false
        in: path
        name: eventHookId
        required: true
        schema:
          example: who8vt36qfNpCGz9H1e6
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                RetrieveAnEventHook:
                  $ref: '#/components/examples/RetrieveAnEventHook'
              schema:
                $ref: '#/components/schemas/EventHook'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.eventHooks.read
      summary: Retrieve an Event Hook
      tags:
      - EventHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces an event hook. Okta validates the new properties before replacing the existing values.
        Some event hook properties are immutable and can't be updated. Refer to the parameter description in the request body schema.

        >**Note:** Updating the `channel` property requires you to verify the hook again.
      operationId: replaceEventHook
      parameters:
      - description: '`id` of the Event Hook'
        explode: false
        in: path
        name: eventHookId
        required: true
        schema:
          example: who8vt36qfNpCGz9H1e6
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              ReplaceAnEventHook:
                $ref: '#/components/examples/ReplaceAnEventHookWithFilter'
            schema:
              $ref: '#/components/schemas/EventHook'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                ReplaceAnEventHook:
                  $ref: '#/components/examples/RetrieveAnEventHookWithFilter'
              schema:
                $ref: '#/components/schemas/EventHook'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.eventHooks.manage
      summary: Replace an Event Hook
      tags:
      - EventHook
      x-codegen-request-body-name: eventHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/eventHooks/{eventHookId}/lifecycle/activate:
    post:
      description: Activates the event hook that matches the provided `id`
      operationId: activateEventHook
      parameters:
      - description: '`id` of the Event Hook'
        explode: false
        in: path
        name: eventHookId
        required: true
        schema:
          example: who8vt36qfNpCGz9H1e6
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ActivateAnEventHook:
                  $ref: '#/components/examples/RetrieveAnEventHook'
              schema:
                $ref: '#/components/schemas/EventHook'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.eventHooks.manage
      summary: Activate an Event Hook
      tags:
      - EventHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/eventHooks/{eventHookId}/lifecycle/deactivate:
    post:
      description: Deactivates the event hook that matches the provided `id`
      operationId: deactivateEventHook
      parameters:
      - description: '`id` of the Event Hook'
        explode: false
        in: path
        name: eventHookId
        required: true
        schema:
          example: who8vt36qfNpCGz9H1e6
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                DeactivateAnEventHook:
                  $ref: '#/components/examples/RetrieveADeactivatedEventHook'
              schema:
                $ref: '#/components/schemas/EventHook'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.eventHooks.manage
      summary: Deactivate an Event Hook
      tags:
      - EventHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/eventHooks/{eventHookId}/lifecycle/verify:
    post:
      description: |-
        Verifies that the event hook matches the provided `eventHookId`. To verify ownership, your endpoint must send information back to Okta in JSON format. See [Event hooks](https://developer.okta.com/docs/concepts/event-hooks/#one-time-verification-request).

        Only `ACTIVE` and `VERIFIED` event hooks can receive events from Okta.

        If a response is not received within 3 seconds, the outbound request times out. One retry is attempted after a timeout or error response.
        If a successful response still isn't received, this operation returns a 400 error with more information about the failure.
      operationId: verifyEventHook
      parameters:
      - description: '`id` of the Event Hook'
        explode: false
        in: path
        name: eventHookId
        required: true
        schema:
          example: who8vt36qfNpCGz9H1e6
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                VerifyAnEventHook:
                  $ref: '#/components/examples/RetrieveAnEventHook'
              schema:
                $ref: '#/components/schemas/EventHook'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.eventHooks.manage
      summary: Verify an Event Hook
      tags:
      - EventHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/features:
    get:
      description: Lists all self-service features for your org
      operationId: listFeatures
      responses:
        "200":
          content:
            application/json:
              examples:
                FeaturesList:
                  $ref: '#/components/examples/ListFeaturesResponse'
              schema:
                items:
                  $ref: '#/components/schemas/Feature'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.features.read
      summary: List all Features
      tags:
      - Feature
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/features/{featureId}:
    get:
      description: Retrieves a feature by ID
      operationId: getFeature
      parameters:
      - description: '`id` of the feature'
        explode: false
        in: path
        name: featureId
        required: true
        schema:
          example: R5HjqNn1pEqWGy48E9jg
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                FeaturesRetrieve:
                  $ref: '#/components/examples/RetrieveFeaturesResponse'
              schema:
                $ref: '#/components/schemas/Feature'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.features.read
      summary: Retrieve a Feature
      tags:
      - Feature
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/features/{featureId}/dependencies:
    get:
      description: |-
        Lists all feature dependencies for a specified feature.

        A feature's dependencies are the features that it requires to be enabled in order for itself to be enabled.
      operationId: listFeatureDependencies
      parameters:
      - description: '`id` of the feature'
        explode: false
        in: path
        name: featureId
        required: true
        schema:
          example: R5HjqNn1pEqWGy48E9jg
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                FeaturesDependenciesList:
                  $ref: '#/components/examples/ListFeatureDependenciesResponse'
              schema:
                items:
                  $ref: '#/components/schemas/Feature'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.features.read
      summary: List all dependencies
      tags:
      - Feature
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/features/{featureId}/dependents:
    get:
      description: |-
        Lists all feature dependents for the specified feature.

        A feature's dependents are the features that need to be disabled in order for the feature itself to be disabled.
      operationId: listFeatureDependents
      parameters:
      - description: '`id` of the feature'
        explode: false
        in: path
        name: featureId
        required: true
        schema:
          example: R5HjqNn1pEqWGy48E9jg
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                FeaturesDependentsList:
                  $ref: '#/components/examples/ListFeatureDependentsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/Feature'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.features.read
      summary: List all dependents
      tags:
      - Feature
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/features/{featureId}/{lifecycle}:
    post:
      description: |-
        Updates a feature's lifecycle status. Use this endpoint to enable or disable a feature for your org.

        Use the `mode=force` parameter to override dependency restrictions for a particular feature. Normally, you can't enable a feature if it has one or more dependencies that aren't enabled.

        When you use the `mode=force` parameter while enabling a feature, Okta first tries to enable any disabled features that this feature may have as dependencies. If you don't pass the `mode=force` parameter and the feature has dependencies that need to be enabled before the feature is enabled, a 400 error is returned.

        When you use the `mode=force` parameter while disabling a feature, Okta first tries to disable any enabled features that this feature may have as dependents. If you don't pass the `mode=force` parameter and the feature has dependents that need to be disabled before the feature is disabled, a 400 error is returned.

        The following chart shows the different state transitions for a feature.

        ![State transitions of a feature](../../../../../images/features/update-ssfeat-flowchart.png '#width=500px;')
      operationId: updateFeatureLifecycle
      parameters:
      - description: '`id` of the feature'
        explode: false
        in: path
        name: featureId
        required: true
        schema:
          example: R5HjqNn1pEqWGy48E9jg
          type: string
        style: simple
      - description: Whether to `ENABLE` or `DISABLE` the feature
        explode: false
        in: path
        name: lifecycle
        required: true
        schema:
          $ref: '#/components/schemas/FeatureLifecycle'
        style: simple
      - description: Indicates if you want to force enable or disable a feature. Supported
          value is `force`.
        explode: true
        in: query
        name: mode
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                FeaturesUpdate:
                  $ref: '#/components/examples/UpdateFeatureLifecycleResponse'
              schema:
                $ref: '#/components/schemas/Feature'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.features.manage
      summary: Update a Feature lifecycle
      tags:
      - Feature
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/first-party-app-settings/{appName}:
    get:
      description: Retrieves the settings for an Okta app (also known as an Okta first-party
        app)
      operationId: getFirstPartyAppSettings
      parameters:
      - description: |
          The key name for the Okta app.

          Supported apps:
            * Okta Admin Console (`admin-console`)
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: admin-console
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                exampleSettings:
                  $ref: '#/components/examples/AdminConsoleSettingsExample'
              schema:
                $ref: '#/components/schemas/AdminConsoleSettings'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.read
      summary: Retrieve the Okta Application Settings
      tags:
      - OktaApplicationSettings
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the settings for an Okta app (also known as an Okta first-party
        app)
      operationId: replaceFirstPartyAppSettings
      parameters:
      - description: |
          The key name for the Okta app.

          Supported apps:
            * Okta Admin Console (`admin-console`)
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: admin-console
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              exampleSettings:
                $ref: '#/components/examples/AdminConsoleSettingsExample'
            schema:
              $ref: '#/components/schemas/AdminConsoleSettings'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                exampleSettings:
                  $ref: '#/components/examples/AdminConsoleSettingsExample'
              schema:
                $ref: '#/components/schemas/AdminConsoleSettings'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Replace the Okta Application Settings
      tags:
      - OktaApplicationSettings
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/groups:
    get:
      description: |-
        Lists all Groups with pagination support.

        The number of Groups returned depends on the specified [`limit`](/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroups!in=query&path=limit&t=request), if you have a search, filter, and/or query parameter set, and if that parameter is not null. We recommend using a limit less than or equal to 200.

        A subset of Groups can be returned that match a supported filter expression, query, or search criteria.

        > **Note:** Results from the filter or query parameter are driven from an eventually consistent datasource. The synchronization lag is typically less than one second.
        See [Filtering](https://developer.okta.com/docs/api/#filter) for more information on expressions.
      operationId: listGroups
      parameters:
      - description: |-
          Finds a Group that matches the `name` property
          > **Note:** Paging and searching are currently mutually exclusive. You can't page a query. The default limit for a query is 300 results. Query is intended for an auto-complete picker use case where users refine their search string to constrain the results.
        explode: true
        in: query
        name: q
        required: false
        schema:
          example: West&limit=10
          type: string
        style: form
      - description: |-
          [Filter expression](https://developer.okta.com/docs/reference/core-okta-api/#filter) for Groups
          > **Note:** All filters must be [URL encoded](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding). For example, `filter=lastUpdated gt "2013-06-01T00:00:00.000Z"` is encoded as `filter=lastUpdated%20gt%20%222013-06-01T00:00:00.000Z%22`.
        examples:
          filterById:
            summary: Filter group with a specific ID
            value: id eq "00g1emaKYZTWRYYRRTSK"
          filterByType:
            summary: Filter groups that are of the type `OKTA_GROUP`
            value: type eq "OKTA_GROUP"
          filterByTypeAndProfileLastUpdatedAfterDate:
            summary: Filter groups that are of the type `OKTA_GROUP` with Profile
              updated after 11/11/2015
            value: type eq "OKTA_GROUP" and lastUpdated gt "2016-11-11T00:00:00.000Z"
          filterByTypeAndProfileOrMembershipUpdatedBeforeDate:
            summary: Filter groups that are of the type `OKTA_GROUP` with Profile
              or memberships updated before 11/11/2015
            value: type eq "OKTA_GROUP" and (lastUpdated lt "2015-11-11T00:00:00.000Z"
              or lastMembershipUpdated lt "2015-11-11T00:00:00.000Z")
        explode: true
        in: query
        name: filter
        required: false
        schema:
          type: string
        style: form
      - description: "Specifies the pagination cursor for the next page of Groups.\
          \ The `after` cursor should be treated as an opaque value and obtained through\
          \ the next link relation. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: |-
          Specifies the number of Group results in a page.

          Don't write code that depends on the default or maximum value, as it might change. If you receive an `HTTP 500` status code, you likely exceeded the request timeout. Retry your request with a smaller `limit` and [page the results](https://developer.okta.com/docs/api/#pagination).

          The Okta default Everyone group isn't returned for users with a Group Admin role.

          >**Note:** We strongly encourage using a limit that's less than or equal to 200. Any number greater than 200 affects performance and accuracy.
        explode: true
        in: query
        name: limit
        required: false
        schema:
          format: int32
          maximum: 10000
          type: integer
        style: form
      - description: "If specified, additional metadata is included in the response.\
          \ Possible values are `stats` and `app`."
        explode: true
        in: query
        name: expand
        required: false
        schema:
          type: string
        style: form
      - description: |-
          Searches for groups with a supported [filtering](https://developer.okta.com/docs/reference/core-okta-api/#filter) expression for all attributes except for `_embedded`, `_links`, and `objectClass`.

          Search currently performs a `startsWith` match but it should be considered an implementation detail and might change without notice in the future. This operation supports [pagination](https://developer.okta.com/docs/api/#pagination).

          Using search requires [URL encoding](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding), for example, `search=type eq "OKTA_GROUP"` is encoded as `search=type+eq+%22OKTA_GROUP%22`.

          This operation searches many properties:
              * Any group profile property, including imported app group profile properties.
              * The top-level properties `id`, `created`, `lastMembershipUpdated`, `lastUpdated`, and `type`.
              * The [source](/openapi/okta-management/management/tag/Group/#tag/Group/operation/listGroups!c=200&path=_links/source&t=response) of groups with type of `APP_GROUP`, accessed as `source.id`.
           You can also use `sortBy` and `sortOrder` parameters.
        examples:
          searchByType:
            summary: Search for Groups that have a type of `APP_GROUP`
            value: type eq "APP_GROUP"
          searchByLastMembershipUpdatedAfterDate:
            summary: Search for Groups whose memberships were last updated after a
              specific timestamp
            value: lastMembershipUpdated gt "2014-01-01T00:00:00.000Z"
          searchById:
            summary: Search for Groups with the specified ID (`00gak46y5hydV6NdM0g4`)
            value: id eq "00gak46y5hydV6NdM0g4"
          searchByProfileName:
            summary: Search for Groups that have a `name` of `West Coast Users`
            value: profile.name eq "West Coast Users"
          searchBySamAccountName:
            summary: Search for Groups whose `samAccountName` starts with `West Coast`
            value: profile.samAccountName sw "West Coast"
          searchBySourceId:
            summary: Search for Groups that have the source app with a specified `source.id`
              (`0oa2v0el0gP90aqjJ0g7`)
            value: source.id eq "0oa2v0el0gP90aqjJ0g7"
          searchByIdTypeAndCreationDate:
            summary: List groups of type `APP_GROUP` that were created before 01/01/2014
              and whose source app has the ID 0oa2v0el0gP90aqjJ0g7
            value: type eq "APP_GROUP" and (created lt "2014-01-01T00:00:00.000Z"
              and source.id eq "0oa2v0el0gP90aqjJ0g7")
        explode: true
        in: query
        name: search
        required: false
        schema:
          type: string
        style: form
      - description: "Specifies field to sort by **(for search queries only)**. `sortBy`\
          \ can be any single property, for example `sortBy=profile.name`."
        explode: true
        in: query
        name: sortBy
        required: false
        schema:
          example: lastUpdated
          type: string
        style: form
      - description: "Specifies sort order: `asc` or `desc` (for search queries only).\
          \ This parameter is ignored if if `sortBy` is not present. Groups with the\
          \ same value for the `sortBy` property will be ordered by `id`"
        explode: true
        in: query
        name: sortOrder
        required: false
        schema:
          default: asc
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListGroupExample:
                  $ref: '#/components/examples/list-groups-examples'
              schema:
                items:
                  $ref: '#/components/schemas/Group'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.read
      summary: List all Groups
      tags:
      - Group
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Adds a new Group with the `OKTA_GROUP` type to your org
        > **Note:** App import operations are responsible for syncing Groups with `APP_GROUP` type such as Active Directory Groups. See
        [About groups](https://help.okta.com/okta_help.htm?id=Directory_Groups).
      operationId: addGroup
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/addGroup_request'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                GroupExample:
                  $ref: '#/components/examples/group-example'
              schema:
                $ref: '#/components/schemas/Group'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Add a Group
      tags:
      - Group
      x-codegen-request-body-name: group
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/groups/rules:
    get:
      description: Lists all Group rules for your org
      operationId: listGroupRules
      parameters:
      - description: Specifies the number of rule results in a page
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 50
          format: int32
          maximum: 200
          minimum: 1
          type: integer
        style: form
      - description: Specifies the pagination cursor for the next page of rules
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the keyword to search rules for
        explode: true
        in: query
        name: search
        required: false
        schema:
          type: string
        style: form
      - description: "If specified as `groupIdToGroupNameMap`, then displays group\
          \ names"
        explode: true
        in: query
        name: expand
        required: false
        schema:
          type: string
        style: form
        x-okta-added-version: 1.3.0
      responses:
        "200":
          content:
            application/json:
              examples:
                ListGroupRulesExample:
                  $ref: '#/components/examples/list-group-rules-example'
              schema:
                items:
                  $ref: '#/components/schemas/GroupRule'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.read
      summary: List all Group rules
      tags:
      - GroupRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Creates a Group rule to dynamically add Users to the specified Group if they match the condition
        > **Note:** Group rules are created with the status set to `'INACTIVE'`.
      operationId: createGroupRule
      requestBody:
        content:
          application/json:
            examples:
              GroupRuleExample:
                $ref: '#/components/examples/create-group-rule-request-example'
            schema:
              $ref: '#/components/schemas/CreateGroupRuleRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                GroupRuleExample:
                  $ref: '#/components/examples/group-rule-example'
              schema:
                $ref: '#/components/schemas/GroupRule'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Create a Group rule
      tags:
      - GroupRule
      x-codegen-request-body-name: groupRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/groups/rules/{groupRuleId}:
    delete:
      description: Deletes a specific group rule by `groupRuleId`
      operationId: deleteGroupRule
      parameters:
      - description: The `id` of the group rule
        explode: false
        in: path
        name: groupRuleId
        required: true
        schema:
          example: 0pr3f7zMZZHPgUoWO0g4
          type: string
        style: simple
      - description: "If set to `true`, removes Users from Groups assigned by this\
          \ rule"
        explode: true
        in: query
        name: removeUsers
        required: false
        schema:
          default: false
          type: boolean
        style: form
      responses:
        "202":
          content: {}
          description: Accepted
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Delete a Group Rule
      tags:
      - GroupRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a specific Group rule by ID from your org
      operationId: getGroupRule
      parameters:
      - description: The `id` of the group rule
        explode: false
        in: path
        name: groupRuleId
        required: true
        schema:
          example: 0pr3f7zMZZHPgUoWO0g4
          type: string
        style: simple
      - description: "If specified as `groupIdToGroupNameMap`, then show Group names"
        explode: true
        in: query
        name: expand
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                GroupRuleExample:
                  $ref: '#/components/examples/group-rule-example'
              schema:
                $ref: '#/components/schemas/GroupRule'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.read
      summary: Retrieve a Group rule
      tags:
      - GroupRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces a Group rule
        > **Notes:** You only can update rules with a Group whose status is set to `'INACTIVE'`.
        >
        > You currently can't update the `action` section.
      operationId: replaceGroupRule
      parameters:
      - description: The `id` of the group rule
        explode: false
        in: path
        name: groupRuleId
        required: true
        schema:
          example: 0pr3f7zMZZHPgUoWO0g4
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              GroupRuleExample:
                $ref: '#/components/examples/group-rule-example'
            schema:
              $ref: '#/components/schemas/GroupRule'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GroupRule'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Replace a Group rule
      tags:
      - GroupRule
      x-codegen-request-body-name: groupRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/groups/rules/{groupRuleId}/lifecycle/activate:
    post:
      description: Activates a specific Group rule by ID from your org
      operationId: activateGroupRule
      parameters:
      - description: The `id` of the group rule
        explode: false
        in: path
        name: groupRuleId
        required: true
        schema:
          example: 0pr3f7zMZZHPgUoWO0g4
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Activate a Group Rule
      tags:
      - GroupRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/rules/{groupRuleId}/lifecycle/deactivate:
    post:
      description: Deactivates a specific Group rule by ID from your org
      operationId: deactivateGroupRule
      parameters:
      - description: The `id` of the group rule
        explode: false
        in: path
        name: groupRuleId
        required: true
        schema:
          example: 0pr3f7zMZZHPgUoWO0g4
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Deactivate a Group Rule
      tags:
      - GroupRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}:
    delete:
      description: |-
        Deletes a Group of the `OKTA_GROUP` or `APP_GROUP` type from your org
        > **Note:** You can't remove Groups of type `APP_GROUP` if they are used in a group push mapping.
      operationId: deleteGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Delete a Group
      tags:
      - Group
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a specific Group by `id` from your org
      operationId: getGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                GroupExample:
                  $ref: '#/components/examples/group-example'
              schema:
                $ref: '#/components/schemas/Group'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.read
      summary: Retrieve a Group
      tags:
      - Group
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces the profile for a Group of `OKTA_GROUP` type from your org
        > **Note :** You only can modify profiles for groups of the `OKTA_GROUP` type.
        >
        > App imports are responsible for updating profiles for groups of the `APP_GROUP` type, such as Active Directory groups.
      operationId: replaceGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/addGroup_request'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                GroupExample:
                  $ref: '#/components/examples/group-example'
              schema:
                $ref: '#/components/schemas/Group'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Replace a Group
      tags:
      - Group
      x-codegen-request-body-name: group
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/apps:
    get:
      description: "Lists all apps that are assigned to a Group. See [Application\
        \ Groups API](/openapi/okta-management/management/tag/ApplicationGroups/)."
      operationId: listAssignedApplicationsForGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: Specifies the pagination cursor for the next page of apps
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of app results for a page
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListAppsExample:
                  $ref: '#/components/examples/list-apps-example'
              schema:
                items:
                  $ref: '#/components/schemas/Application'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.read
      summary: List all Assigned Applications
      tags:
      - Group
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/owners:
    get:
      description: Lists all owners for a specific group
      operationId: listGroupOwners
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: SCIM Filter expression for group owners. Allows to filter owners
          by type.
        explode: true
        in: query
        name: search
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the pagination cursor for the next page of owners
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of owner results in a page
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 1000
          format: int32
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListsOneOwnerOfaGroup:
                  $ref: '#/components/examples/ListsOwnerOneResponse'
                ListsMultipleOwnersOfaGroup:
                  $ref: '#/components/examples/ListsOwnersMultipleResponse'
              schema:
                items:
                  $ref: '#/components/schemas/GroupOwner'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.read
      summary: List all Group Owners
      tags:
      - GroupOwner
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Assigns a group owner
      operationId: assignGroupOwner
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              AssignAGroupOwner:
                $ref: '#/components/examples/AssignGroupOwnerRequest'
            schema:
              $ref: '#/components/schemas/AssignGroupOwnerRequestBody'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                AssignAGroupOwner:
                  $ref: '#/components/examples/AssignGroupOwnerResponse'
              schema:
                $ref: '#/components/schemas/GroupOwner'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Assign a Group Owner
      tags:
      - GroupOwner
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/owners/{ownerId}:
    delete:
      description: Deletes a group owner from a specific group
      operationId: deleteGroupOwner
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the group owner
        explode: false
        in: path
        name: ownerId
        required: true
        schema:
          example: 00u1emaK22TWRYd3TtG
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Delete a Group Owner
      tags:
      - GroupOwner
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/roles:
    get:
      description: Lists all assigned roles of a Group by `groupId`
      operationId: listGroupAssignedRoles
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: "An optional parameter used to return targets configured for\
          \ the standard Role Assignment in the `embedded` property. Supported values:\
          \ `targets/groups` or `targets/catalog/apps`"
        examples:
          groupTarget:
            summary: Return Group targets
            value: targets/groups
          appTarget:
            summary: Return App targets
            value: targets/catalog/apps
        explode: true
        in: query
        name: expand
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Standard Roles:
                  $ref: '#/components/examples/StandardRolesListResponseGroup'
                Custom Roles:
                  $ref: '#/components/examples/CustomRolesListResponseGroup'
                IAM-Based Standard Roles:
                  $ref: '#/components/examples/IAMStandardRolesListResponseGroup'
              schema:
                items:
                  $ref: '#/components/schemas/listGroupAssignedRoles_200_response_inner'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Group Role Assignments
      tags:
      - RoleAssignmentBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Assigns a [standard role](/openapi/okta-management/guides/roles/#standard-roles) to a Group.

        You can also assign a custom role to a Group, but the preferred method to assign a custom role to a Group is to create a binding between the Custom Role, the Resource Set, and the Group. See [Create a Role Resource Set Binding](/openapi/okta-management/management/tag/RoleDResourceSetBinding/#tag/RoleDResourceSetBinding/operation/createResourceSetBinding).

        > **Notes:**
        > * The request payload is different for standard and custom role assignments.
        > * For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response.
      operationId: assignRoleToGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: Grants the Group third-party admin status when set to `true`
        explode: true
        in: query
        name: disableNotifications
        required: false
        schema:
          default: false
          type: boolean
        style: form
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/assignRoleToGroup_request'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Standard Roles:
                  $ref: '#/components/examples/CreateStandardRoleAssignmentResponseGroup'
                Custom Roles:
                  $ref: '#/components/examples/CreateCustomRoleResponseGroup'
                IAM-based Standard Roles:
                  $ref: '#/components/examples/CreateIAMStandardRoleResponseGroup'
              schema:
                $ref: '#/components/schemas/listGroupAssignedRoles_200_response_inner'
          description: Success
        "201":
          content: {}
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign a Role to a Group
      tags:
      - RoleAssignmentBGroup
      x-codegen-request-body-name: assignRoleRequest
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/roles/{roleAssignmentId}:
    delete:
      description: Unassigns a Role Assignment (identified by `roleAssignmentId`)
        from a Group (identified by the `groupId`)
      operationId: unassignRoleFromGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign a Group Role
      tags:
      - RoleAssignmentBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a Role assigned to a Group (identified by the `groupId`).
        The `roleAssignmentId` is the unique identifier for either a standard role
        Group Assignment object or a custom role Resource Set Binding object.
      operationId: getGroupAssignedRole
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Standard Roles:
                  $ref: '#/components/examples/CreateStandardRoleAssignmentResponseGroup'
                Custom Roles:
                  $ref: '#/components/examples/CreateCustomRoleResponseGroup'
                IAM-based Standard Roles:
                  $ref: '#/components/examples/CreateIAMStandardRoleResponseGroup'
              schema:
                $ref: '#/components/schemas/listGroupAssignedRoles_200_response_inner'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: Retrieve a Group Role Assignment
      tags:
      - RoleAssignmentBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/roles/{roleAssignmentId}/targets/catalog/apps:
    get:
      description: "Lists all app targets for an `APP_ADMIN` Role Assignment to a\
        \ Group. The response includes a list of OIN-cataloged apps or app instances.\
        \ The response payload for an app instance contains the `id` property, but\
        \ an OIN-cataloged app doesn't."
      operationId: listApplicationTargetsForApplicationAdministratorRoleForGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/CatalogApplication'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Group Role Application Targets
      tags:
      - RoleBTargetBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/roles/{roleAssignmentId}/targets/catalog/apps/{appName}:
    delete:
      description: |
        Unassigns an OIN app target from an `APP_ADMIN` Role Assignment to a Group

        > **Note:** You can't remove the last app target from a Role Assignment, since this causes an exception.
        > If you need a Role Assignment that applies to all apps, delete the `APP_ADMIN` Role Assignment and recreate a new one. See [Unassign a Group Role](/openapi/okta-management/management/tag/RoleAssignmentBGroup/#tag/RoleAssignmentBGroup/operation/unassignRoleFromGroup).
      operationId: unassignAppTargetToAdminRoleForGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign a Group Role Application Target
      tags:
      - RoleBTargetBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: "Assigns an OIN app target to an `APP_ADMIN` Role Assignment to\
        \ a Group. When you assign the first OIN app target, you reduce the scope\
        \ of the Role Assignment. The Role no longer applies to all app targets but\
        \ applies only to the specified target. An OIN app target that's assigned\
        \ to the Role overrides any existing instance targets of the OIN app. For\
        \ example, if a user is assigned to administer a specific Facebook instance,\
        \ a successful request to add an OIN app with `facebook` for `appName` makes\
        \ that user the administrator for all Facebook instances."
      operationId: assignAppTargetToAdminRoleForGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      responses:
        "200":
          content: {}
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign an Group Role Application Target
      tags:
      - RoleBTargetBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/roles/{roleAssignmentId}/targets/catalog/apps/{appName}/{appId}:
    delete:
      description: |-
        Unassigns an app instance target from an `APP_ADMIN` Role Assignment to a Group
        > **Note:** You can't remove the last app instance target from a Role Assignment since this causes an exception. > If you need a Role Assignment that applies to all apps, delete the `APP_ADMIN` Role Assignment and recreate a new one. See [Unassign a Group Role](/openapi/okta-management/management/tag/RoleAssignmentBGroup/#tag/RoleAssignmentBGroup/operation/unassignRoleFromGroup).
      operationId: unassignAppInstanceTargetToAppAdminRoleForGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign an Group Role Application Instance Target
      tags:
      - RoleBTargetBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |-
        Assigns an app instance target to an `APP_ADMIN` Role Assignment to a Group. When you assign the first OIN app or app instance target, you reduce the scope of the Role Assignment. The Role no longer applies to all app targets, but applies only to the specified target.
        > **Note:** You can target a mixture of both OIN app and app instance targets, but you can't assign permissions to manage all instances of an OIN app and then assign a subset of permissions to the same app. For example, you can't specify that an admin has access to manage all instances of the Salesforce app and then also manage specific configurations of the Salesforce app.
      operationId: assignAppInstanceTargetToAppAdminRoleForGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign an Group Role Application Instance Target
      tags:
      - RoleBTargetBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/roles/{roleAssignmentId}/targets/groups:
    get:
      description: |
        Lists all Group targets for a `USER_ADMIN`, `HELP_DESK_ADMIN`, or `GROUP_MEMBERSHIP_ADMIN` Role Assignment to a Group.
          If the Role isn't scoped to specific Group targets, an empty array `[]` is returned.
      operationId: listGroupTargetsForGroupRole
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/Group'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Group Role Group Targets
      tags:
      - RoleBTargetBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/roles/{roleAssignmentId}/targets/groups/{targetGroupId}:
    delete:
      description: "Unassigns a Group target from a `USER_ADMIN`, `HELP_DESK_ADMIN`,\
        \ or `GROUP_MEMBERSHIP_ADMIN` Role Assignment to a Group."
      operationId: unassignGroupTargetFromGroupAdminRole
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - explode: false
        in: path
        name: targetGroupId
        required: true
        schema:
          example: 00g1e9dfjHeLAsdX983d
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign a Group Role Group Target
      tags:
      - RoleBTargetBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |
        Assigns a Group target to a `USER_ADMIN`, `HELP_DESK_ADMIN`, or `GROUP_MEMBERSHIP_ADMIN` Role Assignment to a Group.
          When you assign the first Group target, you reduce the scope of the Role Assignment. The Role no longer applies to all targets but applies only to the specified target.
      operationId: assignGroupTargetToGroupAdminRole
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - explode: false
        in: path
        name: targetGroupId
        required: true
        schema:
          example: 00g1e9dfjHeLAsdX983d
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign a Group Role Group Target
      tags:
      - RoleBTargetBGroup
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/users:
    get:
      description: |-
        Lists all users that are a member of a Group.

        The default user limit is set to a very high number due to historical reasons that are no longer valid for most orgs. This will change in a future version of this API. The recommended page limit is now `limit=200`.
      operationId: listGroupUsers
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of user results in a page
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 1000
          format: int32
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListMemberUserResponse:
                  $ref: '#/components/examples/ListUsersResponse'
              schema:
                items:
                  $ref: '#/components/schemas/User'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.read
      summary: List all Member Users
      tags:
      - Group
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/groups/{groupId}/users/{userId}:
    delete:
      description: |-
        Unassigns a User from a Group with the `OKTA_GROUP` type
        > **Note:** You only can modify memberships for groups of the `OKTA_GROUP` type.
        >
        > App imports are responsible for managing group memberships for groups of the `APP_GROUP` type, such as Active Directory groups.
      operationId: unassignUserFromGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Unassign a User from a Group
      tags:
      - Group
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |-
        Assigns a User to a Group with the `OKTA_GROUP` type
        > **Note:** You only can modify memberships for Groups of the `OKTA_GROUP` type. App imports are responsible for managing group memberships for Groups of the `APP_GROUP` type, such as Active Directory groups.
      operationId: assignUserToGroup
      parameters:
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.groups.manage
      summary: Assign a User to a Group
      tags:
      - Group
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/hook-keys:
    get:
      description: Lists all keys
      operationId: listHookKeys
      responses:
        "200":
          content:
            application/json:
              examples:
                ResponseExample:
                  $ref: '#/components/examples/ListAllKeysResponse'
              schema:
                items:
                  $ref: '#/components/schemas/HookKey'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.read
      summary: List all keys
      tags:
      - HookKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Creates a key for use with other parts of the application, such as inline hooks

        > **Note:**  Use the key name to access this key for inline hook operations.

        The total number of keys that you can create in an Okta org is limited to 50.
      operationId: createHookKey
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/KeyRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                ResponseExample:
                  $ref: '#/components/examples/CreateHookKeyResponse'
              schema:
                $ref: '#/components/schemas/DetailedHookKeyInstance'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.manage
      summary: Create a key
      tags:
      - HookKey
      x-codegen-request-body-name: keyRequest
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/hook-keys/public/{keyId}:
    get:
      description: |-
        Retrieves a public key by `keyId`

        >**Note:** keyId is the alias of the public key.
      operationId: getPublicKey
      parameters:
      - description: id" of the Public Key
        explode: false
        in: path
        name: keyId
        required: true
        schema:
          example: FcH2P9Eg7wr0o8N2FuV0
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ResponseExample:
                  $ref: '#/components/examples/RetrievePublicKeyResponse'
              schema:
                $ref: '#/components/schemas/_embedded'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.read
      summary: Retrieve a public key
      tags:
      - HookKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/hook-keys/{id}:
    delete:
      description: |
        Deletes a key by `id`. After being deleted, the key is unrecoverable.

        As a safety precaution, only keys that aren't being used are eligible for deletion.
      operationId: deleteHookKey
      parameters:
      - description: ID of the Hook Key
        explode: false
        in: path
        name: id
        required: true
        schema:
          example: XreKU5laGwBkjOTehusG
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.manage
      summary: Delete a key
      tags:
      - HookKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: |-
        Retrieves the public portion of the Key object using the `id` parameter

        >**Note:** The `?expand=publickey` query parameter optionally returns the full object including the details of the public key in the response body's `_embedded` property.
      operationId: getHookKey
      parameters:
      - description: ID of the Hook Key
        explode: false
        in: path
        name: id
        required: true
        schema:
          example: XreKU5laGwBkjOTehusG
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ResponseExample:
                  $ref: '#/components/examples/RetrieveKeyResponse'
              schema:
                $ref: '#/components/schemas/HookKey'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.read
      summary: Retrieve a key by ID
      tags:
      - HookKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces a key by `id`

        This request replaces existing properties after passing validation.

        > **Note:** The only parameter that you can update is the name of the key, which must be unique at all times.
      operationId: replaceHookKey
      parameters:
      - description: ID of the Hook Key
        explode: false
        in: path
        name: id
        required: true
        schema:
          example: XreKU5laGwBkjOTehusG
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/KeyRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                ResponseExample:
                  $ref: '#/components/examples/ReplaceKeyResponse'
              schema:
                $ref: '#/components/schemas/DetailedHookKeyInstance'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.manage
      summary: Replace a key
      tags:
      - HookKey
      x-codegen-request-body-name: keyRequest
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/iam/assignees/users:
    get:
      description: Lists all users with Role Assignments
      operationId: listUsersWithRoleAssignments
      parameters:
      - description: Specifies the pagination cursor for the next page of targets
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of results returned. Defaults to `100`.
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 100
          format: int32
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                User List:
                  $ref: '#/components/examples/RoleAssignedUsersResponseExample'
              schema:
                $ref: '#/components/schemas/RoleAssignedUsers'
          description: Success
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Users with Role Assignments
      tags:
      - RoleAssignmentAUser
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/iam/resource-sets:
    get:
      description: Lists all Resource Sets with pagination support
      operationId: listResourceSets
      parameters:
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetsResponse'
              schema:
                $ref: '#/components/schemas/ResourceSets'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Resource Sets
      tags:
      - RoleCResourceSet
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Creates a new Resource Set. See [Supported Resources](/openapi/okta-management/guides/roles/#supported-resources).

        > **Note:** The maximum number of `resources` allowed in a Resource Set object is 1000. Resources are identified by either an Okta Resource Name (ORN) or by a REST URL format. See [Okta Resource Name](/openapi/okta-management/guides/roles/#okta-resource-name-orn).
      operationId: createResourceSet
      requestBody:
        content:
          application/json:
            examples:
              Example Request:
                $ref: '#/components/examples/ResourceSetRequest'
            schema:
              $ref: '#/components/schemas/CreateResourceSetRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetResponse'
              schema:
                $ref: '#/components/schemas/ResourceSet'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Create a Resource Set
      tags:
      - RoleCResourceSet
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/iam/resource-sets/{resourceSetIdOrLabel}:
    delete:
      description: Deletes a Resource Set by `resourceSetIdOrLabel`
      operationId: deleteResourceSet
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Delete a Resource Set
      tags:
      - RoleCResourceSet
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a Resource Set by `resourceSetIdOrLabel`
      operationId: getResourceSet
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetResponse'
              schema:
                $ref: '#/components/schemas/ResourceSet'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: Retrieve a Resource Set
      tags:
      - RoleCResourceSet
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the label and description of a Resource Set
      operationId: replaceResourceSet
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Example Request:
                $ref: '#/components/examples/ReplaceResourceSetRequest'
            schema:
              $ref: '#/components/schemas/ResourceSet'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetResponse'
              schema:
                $ref: '#/components/schemas/ResourceSet'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Replace a Resource Set
      tags:
      - RoleCResourceSet
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/iam/resource-sets/{resourceSetIdOrLabel}/bindings:
    get:
      description: Lists all Bindings for a Resource Set with pagination support
      operationId: listBindings
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetBindingsResponse'
              schema:
                $ref: '#/components/schemas/ResourceSetBindings'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Role Resource Set Bindings
      tags:
      - RoleDResourceSetBinding
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Creates a Binding for the Resource Set, Custom Role, and members\
        \ (Users or Groups)"
      operationId: createResourceSetBinding
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Example Request:
                $ref: '#/components/examples/ResourceSetBindingCreateRequestExample'
            schema:
              $ref: '#/components/schemas/ResourceSetBindingCreateRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetBindingResponseExample'
              schema:
                $ref: '#/components/schemas/ResourceSetBindingResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Create a Role Resource Set Binding
      tags:
      - RoleDResourceSetBinding
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/iam/resource-sets/{resourceSetIdOrLabel}/bindings/{roleIdOrLabel}:
    delete:
      description: Deletes a Binding of a Role (identified by `roleIdOrLabel`) and
        a Resource Set (identified by `resourceSetIdOrLabel`)
      operationId: deleteBinding
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Delete a Role Resource Set Binding
      tags:
      - RoleDResourceSetBinding
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves the Binding of a Role (identified by `roleIdOrLabel`)
        in a Resource Set (identified by `resourceSetIdOrLabel`)
      operationId: getBinding
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetBindingResponseWithIdExample'
              schema:
                $ref: '#/components/schemas/ResourceSetBindingResponse'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: Retrieve a Role Resource Set Binding
      tags:
      - RoleDResourceSetBinding
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/iam/resource-sets/{resourceSetIdOrLabel}/bindings/{roleIdOrLabel}/members:
    get:
      description: Lists all members of a Role Resource Set Binding with pagination
        support
      operationId: listMembersOfBinding
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetBindingMembersResponse'
              schema:
                $ref: '#/components/schemas/ResourceSetBindingMembers'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Role Resource Set Binding Members
      tags:
      - RoleDResourceSetBindingMember
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    patch:
      description: Adds more members to a Role Resource Set Binding
      operationId: addMembersToBinding
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Example Request:
                $ref: '#/components/examples/ResourceSetBindingAddMembersRequestExample'
            schema:
              $ref: '#/components/schemas/ResourceSetBindingAddMembersRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetBindingResponseExample'
              schema:
                $ref: '#/components/schemas/ResourceSetBindingResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Add more Role Resource Set Binding Members
      tags:
      - RoleDResourceSetBindingMember
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/iam/resource-sets/{resourceSetIdOrLabel}/bindings/{roleIdOrLabel}/members/{memberId}:
    delete:
      description: Unassigns a Member (identified by `memberId`) from a Role Resource
        Set Binding
      operationId: unassignMemberFromBinding
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      - description: '`id` of the Member'
        explode: false
        in: path
        name: memberId
        required: true
        schema:
          example: irb1qe6PGuMc7Oh8N0g4
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign a Role Resource Set Bindiing Member
      tags:
      - RoleDResourceSetBindingMember
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a Member (identified by `memberId`) that belongs to a
        Role Resource Set Binding
      operationId: getMemberOfBinding
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      - description: '`id` of the Member'
        explode: false
        in: path
        name: memberId
        required: true
        schema:
          example: irb1qe6PGuMc7Oh8N0g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetBindingMemberResponse'
              schema:
                $ref: '#/components/schemas/ResourceSetBindingMember'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: Retrieve a Role Resource Set Binding Member
      tags:
      - RoleDResourceSetBindingMember
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/iam/resource-sets/{resourceSetIdOrLabel}/resources:
    get:
      description: Lists all Resources for the Resource Set
      operationId: listResourceSetResources
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetResourcesResponse'
              schema:
                $ref: '#/components/schemas/ResourceSetResources'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Resource Set Resources
      tags:
      - RoleCResourceSetResource
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    patch:
      description: Adds more Resources to a Resource Set
      operationId: addResourceSetResources
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Example Request:
                $ref: '#/components/examples/ResourceSetResourcePatchRequestExample'
            schema:
              $ref: '#/components/schemas/ResourceSetResourcePatchRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/ResourceSetResponse'
              schema:
                $ref: '#/components/schemas/ResourceSet'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Add more Resources to a Resource Set
      tags:
      - RoleCResourceSetResource
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/iam/resource-sets/{resourceSetIdOrLabel}/resources/{resourceId}:
    delete:
      description: Deletes a Resource (identified by `resourceId`) from a Resource
        Set
      operationId: deleteResourceSetResource
      parameters:
      - description: '`id` or `label` the Resource Set'
        explode: false
        in: path
        name: resourceSetIdOrLabel
        required: true
        schema:
          example: iamoJDFKaJxGIr0oamd9g
          type: string
        style: simple
      - description: '`id` of the Resource'
        explode: false
        in: path
        name: resourceId
        required: true
        schema:
          example: ire106sQKoHoXXsAe0g4
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Delete a Resource Set Resource
      tags:
      - RoleCResourceSetResource
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/iam/roles:
    get:
      description: Lists all Custom Roles with pagination support
      operationId: listRoles
      parameters:
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/RolesResponse'
              schema:
                $ref: '#/components/schemas/IamRoles'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Custom Roles
      tags:
      - RoleECustom
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates a Custom Role
      operationId: createRole
      requestBody:
        content:
          application/json:
            examples:
              Example Request:
                $ref: '#/components/examples/RoleRequest'
            schema:
              $ref: '#/components/schemas/CreateIamRoleRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/RoleResponse'
              schema:
                $ref: '#/components/schemas/IamRole'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Create a Custom Role
      tags:
      - RoleECustom
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/iam/roles/{roleIdOrLabel}:
    delete:
      description: Deletes a Custom Role by `roleIdOrLabel`
      operationId: deleteRole
      parameters:
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Delete a Custom Role
      tags:
      - RoleECustom
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a role by `roleIdOrLabel`
      operationId: getRole
      parameters:
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/RoleResponse'
              schema:
                $ref: '#/components/schemas/IamRole'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: Retrieve a Role
      tags:
      - RoleECustom
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the label and description for a Custom Role by `roleIdOrLabel`
      operationId: replaceRole
      parameters:
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Example Request:
                $ref: '#/components/examples/ReplaceRoleRequest'
            schema:
              $ref: '#/components/schemas/UpdateIamRoleRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/RoleResponse'
              schema:
                $ref: '#/components/schemas/IamRole'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Replace a Custom Role
      tags:
      - RoleECustom
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/iam/roles/{roleIdOrLabel}/permissions:
    get:
      description: Lists all permissions for a Custom Role by `roleIdOrLabel`
      operationId: listRolePermissions
      parameters:
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/PermissionsResponse'
              schema:
                $ref: '#/components/schemas/Permissions'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Custom Role Permissions
      tags:
      - RoleECustomPermission
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/iam/roles/{roleIdOrLabel}/permissions/{permissionType}:
    delete:
      description: Deletes a permission (identified by `permissionType`) from a Custom
        Role
      operationId: deleteRolePermission
      parameters:
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      - description: An okta permission type
        explode: false
        in: path
        name: permissionType
        required: true
        schema:
          example: okta.users.manage
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Delete a Custom Role Permission
      tags:
      - RoleECustomPermission
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a permission (identified by `permissionType`) for a Custom
        Role
      operationId: getRolePermission
      parameters:
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      - description: An okta permission type
        explode: false
        in: path
        name: permissionType
        required: true
        schema:
          example: okta.users.manage
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response without conditions:
                  $ref: '#/components/examples/PermissionResponse'
                Example Response with conditions:
                  $ref: '#/components/examples/PermissionResponseWithConditions'
              schema:
                $ref: '#/components/schemas/Permission'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: Retrieve a Custom Role Permission
      tags:
      - RoleECustomPermission
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates a permission (specified by `permissionType`) for a Custom
        Role
      operationId: createRolePermission
      parameters:
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      - description: An okta permission type
        explode: false
        in: path
        name: permissionType
        required: true
        schema:
          example: okta.users.manage
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Example Request with include:
                $ref: '#/components/examples/CreateUpdateIamRolePermissionRequestExampleWithInclude'
              Example Request with exclude:
                $ref: '#/components/examples/CreateUpdateIamRolePermissionRequestExampleWithExclude'
            schema:
              $ref: '#/components/schemas/CreateUpdateIamRolePermissionRequest'
        required: false
        x-okta-lifecycle:
          lifecycle: GA
          isGenerallyAvailable: true
      responses:
        "204":
          description: No Content
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Create a Custom Role Permission
      tags:
      - RoleECustomPermission
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
    put:
      description: Replaces a permission (specified by `permissionType`) for a Custom
        Role
      operationId: replaceRolePermission
      parameters:
      - description: '`id` or `label` of the Role'
        explode: false
        in: path
        name: roleIdOrLabel
        required: true
        schema:
          example: cr0Yq6IJxGIr0ouum0g3
          type: string
        style: simple
      - description: An okta permission type
        explode: false
        in: path
        name: permissionType
        required: true
        schema:
          example: okta.users.manage
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Example Request with include:
                $ref: '#/components/examples/CreateUpdateIamRolePermissionRequestExampleWithInclude'
              Example Request with exclude:
                $ref: '#/components/examples/CreateUpdateIamRolePermissionRequestExampleWithExclude'
            schema:
              $ref: '#/components/schemas/CreateUpdateIamRolePermissionRequest'
        required: false
      responses:
        "200":
          content:
            application/json:
              examples:
                Example Response:
                  $ref: '#/components/examples/PermissionResponseWithConditions'
              schema:
                $ref: '#/components/schemas/Permission'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Replace a Custom Role Permission
      tags:
      - RoleECustomPermission
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-codegen-request-body-name: instance
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/identity-sources/{identitySourceId}/sessions:
    get:
      description: Lists all Identity Source Sessions for the given Identity Source
        instance
      operationId: listIdentitySourceSessions
      parameters:
      - description: The ID of the Identity Source for which the session is created
        example: 0oa3l6l6WK6h0R0QW0g4
        explode: false
        in: path
        name: identitySourceId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                sessionsList:
                  $ref: '#/components/examples/ListSessionsResponseForGetSessions'
              schema:
                items:
                  $ref: '#/components/schemas/IdentitySourceSession'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.identitySources.read
      summary: List all Identity Source Sessions
      tags:
      - IdentitySource
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    post:
      description: Creates an Identity Source Session for the given Identity Source
        instance
      operationId: createIdentitySourceSession
      parameters:
      - description: The ID of the Identity Source for which the session is created
        example: 0oa3l6l6WK6h0R0QW0g4
        explode: false
        in: path
        name: identitySourceId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                session:
                  $ref: '#/components/examples/GetSessionResponse'
              schema:
                $ref: '#/components/schemas/IdentitySourceSession'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.identitySources.manage
      summary: Create an Identity Source Session
      tags:
      - IdentitySource
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}:
    delete:
      description: Deletes an Identity Source Session for a given `identitySourceId`
        and `sessionId`
      operationId: deleteIdentitySourceSession
      parameters:
      - description: The ID of the Identity Source for which the session is created
        example: 0oa3l6l6WK6h0R0QW0g4
        explode: false
        in: path
        name: identitySourceId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the Identity Source Session
        example: aps1qqonvr2SZv6o70h8
        explode: false
        in: path
        name: sessionId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.identitySources.manage
      summary: Delete an Identity Source Session
      tags:
      - IdentitySource
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    get:
      description: Retrieves an Identity Source Session for a given Identity Source
        ID and session ID
      operationId: getIdentitySourceSession
      parameters:
      - description: The ID of the Identity Source for which the session is created
        example: 0oa3l6l6WK6h0R0QW0g4
        explode: false
        in: path
        name: identitySourceId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the Identity Source Session
        example: aps1qqonvr2SZv6o70h8
        explode: false
        in: path
        name: sessionId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                session:
                  $ref: '#/components/examples/GetSessionResponse'
              schema:
                $ref: '#/components/schemas/IdentitySourceSession'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.identitySources.read
      summary: Retrieve an Identity Source Session
      tags:
      - IdentitySource
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-delete:
    post:
      description: Uploads external IDs of entities that need to be deleted in Okta
        from the Identity Source for the given session
      operationId: uploadIdentitySourceDataForDelete
      parameters:
      - description: The ID of the Identity Source for which the session is created
        example: 0oa3l6l6WK6h0R0QW0g4
        explode: false
        in: path
        name: identitySourceId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the Identity Source Session
        example: aps1qqonvr2SZv6o70h8
        explode: false
        in: path
        name: sessionId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              bulkDeletePayload:
                $ref: '#/components/examples/bulkDeletePayload'
            schema:
              $ref: '#/components/schemas/BulkDeleteRequestBody'
      responses:
        "202":
          description: Accepted
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.identitySources.manage
      summary: Upload the data to be deleted in Okta
      tags:
      - IdentitySource
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/bulk-upsert:
    post:
      description: Uploads entities that need to be inserted or updated in Okta from
        the Identity Source for the given session
      operationId: uploadIdentitySourceDataForUpsert
      parameters:
      - description: The ID of the Identity Source for which the session is created
        example: 0oa3l6l6WK6h0R0QW0g4
        explode: false
        in: path
        name: identitySourceId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the Identity Source Session
        example: aps1qqonvr2SZv6o70h8
        explode: false
        in: path
        name: sessionId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              bulkUpsertPayload:
                $ref: '#/components/examples/bulkUpsertPayload'
            schema:
              $ref: '#/components/schemas/BulkUpsertRequestBody'
      responses:
        "202":
          description: Accepted
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.identitySources.manage
      summary: Upload the data to be upserted in Okta
      tags:
      - IdentitySource
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/identity-sources/{identitySourceId}/sessions/{sessionId}/start-import:
    post:
      description: Starts the import from the Identity Source described by the uploaded
        bulk operations
      operationId: startImportFromIdentitySource
      parameters:
      - description: The ID of the Identity Source for which the session is created
        example: 0oa3l6l6WK6h0R0QW0g4
        explode: false
        in: path
        name: identitySourceId
        required: true
        schema:
          type: string
        style: simple
      - description: The ID of the Identity Source Session
        example: aps1qqonvr2SZv6o70h8
        explode: false
        in: path
        name: sessionId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                triggeredSession:
                  $ref: '#/components/examples/TriggerSessionResponse'
              schema:
                $ref: '#/components/schemas/IdentitySourceSession'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.identitySources.manage
      summary: Start the import from the Identity Source
      tags:
      - IdentitySource
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/idps:
    get:
      description: Lists all identity provider integrations with pagination. A subset
        of IdPs can be returned that match a supported filter expression or query.
      operationId: listIdentityProviders
      parameters:
      - description: Searches the `name` property of IdPs for matching value
        example: Example SAML
        explode: true
        in: query
        name: q
        required: false
        schema:
          type: string
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      - description: Filters IdPs by `type`
        explode: true
        in: query
        name: type
        required: false
        schema:
          $ref: '#/components/schemas/IdentityProviderType'
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                MultipleIdPsResponse:
                  $ref: '#/components/examples/MultipleIdPsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/IdentityProvider'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: List all Identity Providers
      tags:
      - IdentityProvider
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Creates a new Identity Provider integration.\n\n#### SAML 2.0\
        \ Identity Provider\n\nYou must first add the IdP's signature certificate\
        \ to the IdP key store before you can add a SAML 2.0 IdP with a `kid` credential\
        \ reference. \n\nDon't use `fromURI` to automatically redirect a user to a\
        \ particular app after successfully authenticating with a third-party IdP.\
        \ Instead, use SAML deep links. Using `fromURI` isn't tested or supported.\
        \ For more information about using deep links when signing users in using\
        \ an SP-initiated flow, see [Understanding SP-Initiated Login flow](https://developer.okta.com/docs/concepts/saml/#understanding-sp-initiated-login-flow).\n\
        \nUse SAML deep links to automatically redirect the user to an app after successfully\
        \ authenticating with a third-party IdP. To use deep links, assemble these\
        \ three parts into a URL:\n\n* SP ACS URL
\nFor example: `https://${yourOktaDomain}/sso/saml2/:idpId`\n\
        * The app to which the user is automatically redirected after successfully\
        \ authenticating with the IdP 
\nFor example: `/app/:app-location/:appId/sso/saml`\n\
        * Optionally, if the app is an outbound SAML app, you can specify the `relayState`\
        \ passed to it.
\nFor example: `?RelayState=:anyUrlEncodedValue`\n\nThe\
        \ deep link for the above three parts is:
\n`https://${yourOktaDomain}/sso/saml2/:idpId/app/:app-location/:appId/sso/saml?RelayState=:anyUrlEncodedValue`\n\
        \n#### Smart Card X509 Identity Provider\n\nYou must first add the IdP's server\
        \ certificate to the IdP key store before you can add a Smart Card `X509`\
        \ IdP with a `kid` credential reference. \nYou need to upload the whole trust\
        \ chain as a single key using the [Key Store API](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProviderKeys/#tag/IdentityProviderKeys/operation/createIdentityProviderKey).\n\
        Depending on the information stored in the smart card, select the proper [template](https://developer.okta.com/docs/reference/okta-expression-language/#idp-user-profile)\
        \ `idpuser.subjectAltNameEmail` or `idpuser.subjectAltNameUpn`."
      operationId: createIdentityProvider
      requestBody:
        content:
          application/json:
            examples:
              CreateGenericOidcIdPRequest:
                $ref: '#/components/examples/CreateGenericOidcIdPRequest'
              CreateSamlIdPRequest:
                $ref: '#/components/examples/CreateSamlIdPRequest'
              CreateAppleIdPRequest:
                $ref: '#/components/examples/CreateAppleIdPRequest'
              CreateFacebookIdPRequest:
                $ref: '#/components/examples/CreateFacebookIdPRequest'
              CreateGoogleIdPRequest:
                $ref: '#/components/examples/CreateGoogleIdPRequest'
              CreateMicrosoftIdPRequest:
                $ref: '#/components/examples/CreateMicrosoftIdPRequest'
              CreateSmartCardIdPRequest:
                $ref: '#/components/examples/CreateSmartCardIdPRequest'
            schema:
              $ref: '#/components/schemas/IdentityProvider'
        description: IdP settings
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                CreateGenericOidcIdpResponse:
                  $ref: '#/components/examples/GenericOidcIdpResponse'
                CreateSamlIdPResponse:
                  $ref: '#/components/examples/SamlIdPResponse'
                CreateAppleIdPResponse:
                  $ref: '#/components/examples/AppleIdPResponse'
                CreateFacebookIdPResponse:
                  $ref: '#/components/examples/FacebookIdPResponse'
                CreateGoogleIdPResponse:
                  $ref: '#/components/examples/GoogleIdPResponse'
                CreateMicrosoftIdPResponse:
                  $ref: '#/components/examples/MicrosoftIdPResponse'
                CreateSmartCardIdPResponse:
                  $ref: '#/components/examples/SmartCardIdPResponse'
              schema:
                $ref: '#/components/schemas/IdentityProvider'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Create an Identity Provider
      tags:
      - IdentityProvider
      x-codegen-request-body-name: identityProvider
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/idps/credentials/keys:
    get:
      description: Lists all IdP Key Credentials
      operationId: listIdentityProviderKeys
      parameters:
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListIdPKeyCredentialsResponse:
                  $ref: '#/components/examples/MultipleIdPKeyCredentialsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/IdPKeyCredential'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: List all IdP Key Credentials
      tags:
      - IdentityProviderKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Creates a new X.509 certificate credential in the IdP key store
        > **Note:** RSA-based certificates are supported for all IdP types. Okta currently supports EC-based certificates only for the `X509` IdP type. For EC-based certificates we support only P-256, P-384, and P-521 curves.
      operationId: createIdentityProviderKey
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/IdPCertificateCredential'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                IdPKeyCredentialResponse:
                  $ref: '#/components/examples/IdPKeyCredentialResponse'
              schema:
                $ref: '#/components/schemas/IdPKeyCredential'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Create an IdP Key Credential
      tags:
      - IdentityProviderKeys
      x-codegen-request-body-name: jsonWebKey
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/idps/credentials/keys/{kid}:
    delete:
      description: Deletes a specific IdP Key Credential by `kid` if it isn't currently
        being used by an active or inactive IdP
      operationId: deleteIdentityProviderKey
      parameters:
      - description: Unique `id` of the IdP Key Credential
        explode: false
        in: path
        name: kid
        required: true
        schema:
          example: KmMo85SSsU7TZzOShcGb
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Delete an IdP Key Credential
      tags:
      - IdentityProviderKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a specific IdP Key Credential by `kid`
      operationId: getIdentityProviderKey
      parameters:
      - description: Unique `id` of the IdP Key Credential
        explode: false
        in: path
        name: kid
        required: true
        schema:
          example: KmMo85SSsU7TZzOShcGb
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                IdPKeyCredentialResponse:
                  $ref: '#/components/examples/IdPKeyCredentialResponse'
              schema:
                $ref: '#/components/schemas/IdPKeyCredential'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: Retrieve an IdP Key Credential
      tags:
      - IdentityProviderKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces an IdP Key Credential by `kid`
      operationId: replaceIdentityProviderKey
      parameters:
      - description: Unique `id` of the IdP Key Credential
        explode: false
        in: path
        name: kid
        required: true
        schema:
          example: KmMo85SSsU7TZzOShcGb
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              IdPKeyCredentialRequest:
                $ref: '#/components/examples/IdPKeyCredentialRequest'
            schema:
              $ref: '#/components/schemas/IdPKeyCredential'
        description: Updated IdP Key Credential
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                IdPKeyCredentialResponse:
                  $ref: '#/components/examples/IdPKeyCredentialResponse'
              schema:
                $ref: '#/components/schemas/IdPKeyCredential'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Replace an IdP Key Credential
      tags:
      - IdentityProviderKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}:
    delete:
      description: |-
        Deletes an identity provider integration by `idpId`
        * All existing IdP users are unlinked with the highest order profile source taking precedence for each IdP user.
        * Unlinked users keep their existing authentication provider such as `FEDERATION` or `SOCIAL`.
      operationId: deleteIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Delete an Identity Provider
      tags:
      - IdentityProvider
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves an identity provider integration by `idpId`
      operationId: getIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                GenericOidcIdpResponse:
                  $ref: '#/components/examples/GenericOidcIdpResponse'
                SamlIdPResponse:
                  $ref: '#/components/examples/SamlIdPResponse'
              schema:
                $ref: '#/components/schemas/IdentityProvider'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: Retrieve an Identity Provider
      tags:
      - IdentityProvider
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces an identity provider integration by `idpId`
      operationId: replaceIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              ReplaceIdPRequest:
                $ref: '#/components/examples/ReplaceIdPRequestResponse'
            schema:
              $ref: '#/components/schemas/IdentityProvider'
        description: Updated configuration for the IdP
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                ReplaceIdPResponse:
                  $ref: '#/components/examples/ReplaceIdPRequestResponse'
              schema:
                $ref: '#/components/schemas/IdentityProvider'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Replace an Identity Provider
      tags:
      - IdentityProvider
      x-codegen-request-body-name: identityProvider
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}/credentials/csrs:
    get:
      description: Lists all Certificate Signing Requests for an IdP
      operationId: listCsrsForIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                MultipleIdPCsrsResponse:
                  $ref: '#/components/examples/MultipleIdPCsrsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/IdPCsr'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: List all Certificate Signing Requests
      tags:
      - IdentityProviderSigningKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Generates a new key pair and returns a Certificate Signing Request (CSR) for it
        > **Note:** The private key isn't listed in the [Signing Key Credentials for IdP](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProviderSigningKeys/#tag/IdentityProviderSigningKeys/operation/listIdentityProviderSigningKeys) until it's published.
      operationId: generateCsrForIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CsrMetadata'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                CsrJsonResponse:
                  $ref: '#/components/examples/CsrJsonResponse'
              schema:
                $ref: '#/components/schemas/IdPCsr'
            application/pkcs10:
              examples:
                CsrPkcs10Response:
                  $ref: '#/components/examples/CsrPkcs10Response'
              schema:
                $ref: '#/components/schemas/IdPCsrPkcs10'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Generate a Certificate Signing Request
      tags:
      - IdentityProviderSigningKeys
      x-codegen-request-body-name: metadata
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
      - application/pkcs10
  /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}:
    delete:
      description: Revokes a CSR and deletes the key pair from the IdP
      operationId: revokeCsrForIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: '`id` of the IdP CSR'
        explode: false
        in: path
        name: idpCsrId
        required: true
        schema:
          example: 1uEhyE65oV3H6KM9gYcN
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Revoke a Certificate Signing Request
      tags:
      - IdentityProviderSigningKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a specific Certificate Signing Request by `id`
      operationId: getCsrForIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: '`id` of the IdP CSR'
        explode: false
        in: path
        name: idpCsrId
        required: true
        schema:
          example: 1uEhyE65oV3H6KM9gYcN
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                CsrJsonResponse:
                  $ref: '#/components/examples/CsrJsonResponse'
              schema:
                $ref: '#/components/schemas/IdPCsr'
            application/pkcs10:
              examples:
                CsrPkcs10Response:
                  $ref: '#/components/examples/CsrPkcs10Response'
              schema:
                $ref: '#/components/schemas/IdPCsrPkcs10'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: Retrieve a Certificate Signing Request
      tags:
      - IdentityProviderSigningKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
      - application/pkcs10
  /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}/lifecycle/publish:
    post:
      description: |-
        Publishes the CSR with a signed X.509 certificate and adds it into the signing Key Credentials for the IdP
        > **Notes:**
        > * Publishing a certificate completes the lifecycle of the CSR, and it's no longer accessible.
        > * If the validity period of the certificate is less than 90 days, a 400 error response is returned.
      operationId: publishCsrForIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: '`id` of the IdP CSR'
        explode: false
        in: path
        name: idpCsrId
        required: true
        schema:
          example: 1uEhyE65oV3H6KM9gYcN
          type: string
        style: simple
      requestBody:
        content:
          application/pkix-cert:
            schema:
              description: "X.509 certificate in `DER` format. \nThe client can either\
                \ post in binary or Base64URL-encoded. If the post is Base64URL-encoded,\
                \ set the `Content-Transfer-Encoding` header to `base64`."
              example: !!binary |-
                TUlJRmdqQ0NBMnFnQXdJQkFnSUNFQWN3RFFZSktvWklodmNOQVFFTEJRQXdYakVMTUFrR0ExVUVC
                aE1DVlZNeEN6QUpCZ05WQkFnTUFrTkJNUll3RkFZRFZRUUhEQTFUWVc0Z1JuSmhibU5wYzJOdk1R
                MHdDd1lEVlFRS0RBUlBhM1JoTVF3d0NnWURWUVFMREFORmJtY3hEVEFMQmdOVkJBTU1CRkp2YjNR
                d0hoY05NVGN3TXpJM01qRXlNRFEzV2hjTk1UZ3dOREEyTWpFeU1EUTNXakI0TVFzd0NRWURWUVFH
                RXdKVlV6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZ
                VzVqYVhOamJ6RVRNQkVHQTFVRUNnd0tUMnQwWVN3Z1NXNWpMakVRTUE0R0ExVUVDd3dIU21GdWEz
                bERiekVWTUJNR0ExVUVBd3dNU1dSUUlFbHpjM1ZsY2lBM01JSUJJakFOQmdrcWhraUc5dzBCQVFF
                RkFBT0NBUThBTUlJQkNnS0NBUUVBbWtDNnlBSlZ2RndVbG1NOWdLamIyZCtZSzVxSEZ0K21YU3Ni
                aldLS3M0RWZObStCb1FlZW92Qlp0U0FDeWFxTGM4SVlGVFBFVVJGY2JEUTlEa0FMMDR1VUlSRDJn
                YUhZWTd1SzBqc2x1RWFYR3EyUkFJc216QXdOVHpraUR3NHE5cERML3E3bjBmL1NEdDFUc01hTVFh
                eUI2YlU1aldzbXFjV0o4TUNSSjFhSk1qWjE2dW41VVZ4NTFJSWVDYmU0UVJEeEVYR0F2WU5jenNC
                b1p4c3BEdDI4ZXNTcHE1VzBkQkZ4Y3lHVnVkeWw1NEVyM0Z6QWd1aGdmTVZqSCtiVWVjOWoyVGw0
                MHFEVGt0cllnWWZ4ejlwZmptMDFIbDRXWVAxWVF4ZUVUcFNMN2NRNUloejRqR0R0SFVFT2NaNEdm
                SnJQenJHcFVyYWs4UXA1eGN3Q3FRSURBUUFCbzRJQkxqQ0NBU293Q1FZRFZSMFRCQUl3QURBUkJn
                bGdoa2dCaHZoQ0FRRUVCQU1DQmtBd013WUpZSVpJQVliNFFnRU5CQ1lXSkU5d1pXNVRVMHdnUjJW
                dVpYSmhkR1ZrSUZObGNuWmxjaUJEWlhKMGFXWnBZMkYwWlRBZEJnTlZIUTRFRmdRVVZxSnVrRG15
                RU53LzJwVEFwYnhjL0hSS2JuZ3dnWkFHQTFVZEl3U0JpRENCaFlBVUZ4MjQ1WlpYcVdUVGJBUmZN
                bEZXTjc3TDlFYWhZcVJnTUY0eEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUlEQUpEUVRFV01C
                UUdBMVVFQnd3TlUyRnVJRVp5WVc1amFYTmpiekVOTUFzR0ExVUVDZ3dFVDJ0MFlURU1NQW9HQTFV
                RUN3d0RSVzVuTVEwd0N3WURWUVFEREFSU2IyOTBnZ2tBbElmcHdaak81bzh3RGdZRFZSMFBBUUgv
                QkFRREFnV2dNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01CTUEwR0NTcUdTSWIzRFFFQkN3VUFB
                NElDQVFDY29CU1J0WSs5Y0pZMDBoTHZxNkFsb1laY2RuL2tVUXVwZm15ejRuM2xLRTN3VjJGQjBz
                d0tuSzBRRGk4aU51UUpGZGFnLzE5dkRIQzQvTGhvU3V2MVErS1hNNjFwUFpWUlhYUHlDMStlN1k2
                aGo5M3RFSTVIY3FMUGNEUkgxQUlHMmw4dEU3TEJuK01RQjVWaDZveGpHMklkb1d4ZzZhYk1mSVNV
                K01hdVBXcWw0dk1EVVdvOWlOU2hBbzQ0WjVmZCtudXoraGxBaW5VOVhuOUpmMlFzZkt2Y2JNUnE3
                aXVxZ2thYmdkbU9ibVdiOUtLMFZtN1REa3hDSDBwQjBvblByNmVwVlVQOE9iZy9wVDFPai8xaE9M
                YmZSOENISFdkQVd6VUJHR3ZwMlRJeTJBOExVYUVvRm53a3haZmRMN0JuZDBSSC9DbEJ0QWp6TE94
                bVVvN05iWm1FbllDY0Q1cFp6N0JkWkkwZGIvZUJYRnFmT2xBODhyRWUrOVN2K05uZElxMC9XTklJ
                c0ppMlJnakpueHN4dkI1TWpoaHptSXRwRklVbDV5cW9PM0M5amNDcDZIREJKeHRDR2J2QXI1QUxQ
                bjVSQ0plQklyNjdXcEFpVGQ3TDNFYnU5U1FabFhub0hYOGtQMDRFQTZ5bFIzVzBFRmJoN0tVdHE4
                TTJIMnZvMHdqTWo3eXNsLzN0VDdjRVo5N3MxeWdPNWlKeDNHZk1EeXJEaHRMWFNCSjIwdVN4VEpl
                cHRSdzhTRGl3VHF1bkloMVd5S2xjUXoxV0dhdVNiVzRlWGRqL3I5S1lNSjNxTU1rZFAvOVRIUVV0
                VGNPWXg1MXI4UlY5cGR6cUYySFBuWlpOemlCYSt3WEpaSEVXcDcwTnlvYWtOdGhnWXd0eXBxaURI
                czJmM1E9PQ==
              format: binary
              type: string
              x-okta-operationId: publishBinaryDerCertForIdentityProvider
          application/x-x509-ca-cert:
            schema:
              description: |-
                X.509 certificate in `CER` format.
                The client can either post in binary or Base64URL-encoded. If the post is Base64URL-encoded, set the `Content-Transfer-Encoding` header to `base64`.
              example: !!binary |-
                QGNlcnRpZmljYXRlLmNlcg==
              format: binary
              type: string
              x-okta-operationId: publishBinaryCerCertForIdentityProvider
          application/x-pem-file:
            schema:
              description: X.509 certificate in `PEM` format
              example: !!binary |-
                QGNlcnRpZmljYXRlLnBlbQ==
              format: binary
              type: string
              x-okta-operationId: publishBinaryPemCertForIdentityProvider
        required: true
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdPKeyCredential'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Publish a Certificate Signing Request
      tags:
      - IdentityProviderSigningKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/pkix-cert
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}/credentials/keys:
    get:
      description: Lists all signing Key Credentials for an IdP
      operationId: listIdentityProviderSigningKeys
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                MultipleIdPSigningKeyCredentialsResponse:
                  $ref: '#/components/examples/MultipleIdPSigningKeyCredentialsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/IdPKeyCredential'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: List all signing Key Credentials for IdP
      tags:
      - IdentityProviderSigningKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}/credentials/keys/generate:
    post:
      description: |-
        Generates a new X.509 certificate for an IdP signing Key Credential to be used for signing assertions sent to the IdP. IdP signing keys are read-only.
        > **Note:** To update an IdP with the newly generated Key Credential, [update your IdP](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/replaceIdentityProvider) using the returned key's `kid` in the [signing credential](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/replaceIdentityProvider!path=protocol/0/credentials/signing/kid&t=request).
      operationId: generateIdentityProviderSigningKey
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: expiry of the IdP Key Credential
        explode: true
        in: query
        name: validityYears
        required: true
        schema:
          format: int32
          maximum: 10
          minimum: 2
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                IdPSigningKeyCredentialResponse:
                  $ref: '#/components/examples/IdPSigningKeyCredentialResponse'
              schema:
                $ref: '#/components/schemas/IdPKeyCredential'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Generate a new signing Key Credential for IdP
      tags:
      - IdentityProviderSigningKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}/credentials/keys/{kid}:
    get:
      description: Retrieves a specific IdP Key Credential by `kid`
      operationId: getIdentityProviderSigningKey
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: Unique `id` of the IdP Key Credential
        explode: false
        in: path
        name: kid
        required: true
        schema:
          example: KmMo85SSsU7TZzOShcGb
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                IdPSigningKeyCredentialResponse:
                  $ref: '#/components/examples/IdPSigningKeyCredentialResponse'
              schema:
                $ref: '#/components/schemas/IdPKeyCredential'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: Retrieve a signing Key Credential for IdP
      tags:
      - IdentityProviderSigningKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}/credentials/keys/{kid}/clone:
    post:
      description: |-
        Clones an X.509 certificate for an IdP signing Key Credential from a source IdP to target IdP
        > **Caution:** Sharing certificates isn't a recommended security practice.

        > **Note:** If the key is already present in the list of Key Credentials for the target IdP, you receive a 400 error response.
      operationId: cloneIdentityProviderKey
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: Unique `id` of the IdP Key Credential
        explode: false
        in: path
        name: kid
        required: true
        schema:
          example: KmMo85SSsU7TZzOShcGb
          type: string
        style: simple
      - description: '`id` of the target IdP'
        explode: true
        in: query
        name: targetIdpId
        required: true
        schema:
          type: string
        style: form
      responses:
        "201":
          content:
            application/json:
              examples:
                IdPSigningKeyCredentialResponse:
                  $ref: '#/components/examples/IdPSigningKeyCredentialResponse'
              schema:
                $ref: '#/components/schemas/IdPKeyCredential'
          description: Created
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Clone a signing Key Credential for IdP
      tags:
      - IdentityProviderSigningKeys
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}/lifecycle/activate:
    post:
      description: Activates an inactive IdP
      operationId: activateIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ActivateIdPResponse:
                  $ref: '#/components/examples/ActivateIdPResponse'
              schema:
                $ref: '#/components/schemas/IdentityProvider'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Activate an Identity Provider
      tags:
      - IdentityProvider
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}/lifecycle/deactivate:
    post:
      description: Deactivates an active IdP
      operationId: deactivateIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                DeactivateIdPResponse:
                  $ref: '#/components/examples/DeactivateIdPResponse'
              schema:
                $ref: '#/components/schemas/IdentityProvider'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Deactivate an Identity Provider
      tags:
      - IdentityProvider
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}/users:
    get:
      description: Lists all the Users linked to an Identity Provider
      operationId: listIdentityProviderApplicationUsers
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: Searches the records for matching value
        explode: true
        in: query
        name: q
        required: false
        schema:
          type: string
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      - description: Expand user data
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: user
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListIdPUsersResponse:
                  $ref: '#/components/examples/ListIdPUsersResponse'
              schema:
                items:
                  $ref: '#/components/schemas/IdentityProviderApplicationUser'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: List all Users for IdP
      tags:
      - IdentityProviderUsers
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}/users/{userId}:
    delete:
      description: "Unlinks the Okta User and the IdP User. The next time the User\
        \ federates into Okta through this IdP, they have to re-link their account\
        \ according to the account link policy."
      operationId: unlinkUserFromIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.manage
      summary: Unlink a User from IdP
      tags:
      - IdentityProviderUsers
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a linked IdP User by ID
      operationId: getIdentityProviderApplicationUser
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                IdPAppUserResponse:
                  $ref: '#/components/examples/IdPAppUserResponse'
              schema:
                $ref: '#/components/schemas/IdentityProviderApplicationUser'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: Retrieve a User for IdP
      tags:
      - IdentityProviderUsers
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Links an Okta User to an existing SAML or social Identity Provider.\
        \ \n\nThe SAML Identity Provider must have `honorPersistentNameId` set to\
        \ `true` to use this API. \nThe [Name Identifier Format](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/#tag/IdentityProvider/operation/replaceIdentityProvider!path=protocol/0/settings&t=request)\
        \ of the incoming assertion must be `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`."
      operationId: linkUserToIdentityProvider
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserIdentityProviderLinkRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                LinkIdPAppUserResponse:
                  $ref: '#/components/examples/LinkIdPAppUserResponse'
              schema:
                $ref: '#/components/schemas/IdentityProviderApplicationUser'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Link a User to IdP
      tags:
      - IdentityProviderUsers
      x-codegen-request-body-name: userIdentityProviderLinkRequest
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/idps/{idpId}/users/{userId}/credentials/tokens:
    get:
      description: |-
        Lists the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.

        Okta doesn't import all the User information from a social provider. If the app needs information that isn't imported, it can get the User token from this endpoint. Then the app can make an API call to the social provider with the token to request the additional information.
      operationId: listSocialAuthTokens
      parameters:
      - description: '`id` of IdP'
        explode: false
        in: path
        name: idpId
        required: true
        schema:
          example: 0oa62bfdjnK55Z5x80h7
          type: string
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                SocialAuthTokensResponse:
                  $ref: '#/components/examples/SocialAuthTokensResponse'
              schema:
                items:
                  $ref: '#/components/schemas/SocialAuthToken'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.idps.read
      summary: List all Tokens from OIDC IdP
      tags:
      - IdentityProviderUsers
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/inlineHooks:
    get:
      description: Lists all inline hooks
      operationId: listInlineHooks
      parameters:
      - explode: true
        in: query
        name: type
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                AuthenticatorConfiguration:
                  $ref: '#/components/examples/InlineHookTelephony'
              schema:
                items:
                  $ref: '#/components/schemas/InlineHook'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.read
      summary: List all Inline Hooks
      tags:
      - InlineHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates an inline hook
      operationId: createInlineHook
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/InlineHook'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InlineHook'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.manage
      summary: Create an Inline Hook
      tags:
      - InlineHook
      x-codegen-request-body-name: inlineHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/inlineHooks/{inlineHookId}:
    delete:
      description: "Deletes an inline hook by `inlineHookId`. Once deleted, the Inline\
        \ Hook is unrecoverable. As a safety precaution, only Inline Hooks with a\
        \ status of INACTIVE are eligible for deletion."
      operationId: deleteInlineHook
      parameters:
      - description: '`id` of the Inline Hook'
        explode: false
        in: path
        name: inlineHookId
        required: true
        schema:
          example: Y7Rzrd4g4xj6WdKzrBHH
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.manage
      summary: Delete an Inline Hook
      tags:
      - InlineHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves an inline hook by `inlineHookId`
      operationId: getInlineHook
      parameters:
      - description: '`id` of the Inline Hook'
        explode: false
        in: path
        name: inlineHookId
        required: true
        schema:
          example: Y7Rzrd4g4xj6WdKzrBHH
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                AuthenticatorConfiguration:
                  $ref: '#/components/examples/InlineHookTelephony'
              schema:
                $ref: '#/components/schemas/InlineHook'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.read
      summary: Retrieve an Inline Hook
      tags:
      - InlineHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Updates an inline hook by `inlineHookId`
      operationId: updateInlineHook
      parameters:
      - description: '`id` of the Inline Hook'
        explode: false
        in: path
        name: inlineHookId
        required: true
        schema:
          example: Y7Rzrd4g4xj6WdKzrBHH
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/InlineHook'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InlineHook'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.manage
      summary: Update an Inline Hook
      tags:
      - InlineHook
      x-codegen-request-body-name: inlineHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
    put:
      description: Replaces an inline hook by `inlineHookId`
      operationId: replaceInlineHook
      parameters:
      - description: '`id` of the Inline Hook'
        explode: false
        in: path
        name: inlineHookId
        required: true
        schema:
          example: Y7Rzrd4g4xj6WdKzrBHH
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/InlineHook'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InlineHook'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.manage
      summary: Replace an Inline Hook
      tags:
      - InlineHook
      x-codegen-request-body-name: inlineHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/inlineHooks/{inlineHookId}/execute:
    post:
      description: Executes the inline hook by `inlineHookId` using the request body
        as the input. This will send the provided data through the Channel and return
        a response if it matches the correct data contract. This execution endpoint
        should only be used for testing purposes.
      operationId: executeInlineHook
      parameters:
      - description: '`id` of the Inline Hook'
        explode: false
        in: path
        name: inlineHookId
        required: true
        schema:
          example: Y7Rzrd4g4xj6WdKzrBHH
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/InlineHookPayload'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InlineHookResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.manage
      summary: Execute an Inline Hook
      tags:
      - InlineHook
      x-codegen-request-body-name: payloadData
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/inlineHooks/{inlineHookId}/lifecycle/activate:
    post:
      description: Activates the inline hook by `inlineHookId`
      operationId: activateInlineHook
      parameters:
      - description: '`id` of the Inline Hook'
        explode: false
        in: path
        name: inlineHookId
        required: true
        schema:
          example: Y7Rzrd4g4xj6WdKzrBHH
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InlineHook'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.manage
      summary: Activate an Inline Hook
      tags:
      - InlineHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/inlineHooks/{inlineHookId}/lifecycle/deactivate:
    post:
      description: Deactivates the inline hook by `inlineHookId`
      operationId: deactivateInlineHook
      parameters:
      - description: '`id` of the Inline Hook'
        explode: false
        in: path
        name: inlineHookId
        required: true
        schema:
          example: Y7Rzrd4g4xj6WdKzrBHH
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InlineHook'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.inlineHooks.manage
      summary: Deactivate an Inline Hook
      tags:
      - InlineHook
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/logStreams:
    get:
      description: Lists all Log Stream objects in your org. You can request a paginated
        list or a subset of Log Streams that match a supported filter expression.
      operationId: listLogStreams
      parameters:
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      - description: "An expression that [filters](/#filter) the returned objects.\
          \ You can only use the `eq` operator on either the `status` or `type` properties\
          \ in the filter expression."
        explode: true
        in: query
        name: filter
        required: false
        schema:
          example: type eq "aws_eventbridge"
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ExampleGetAllResponse:
                  $ref: '#/components/examples/LogStreamGetAllResponse'
              schema:
                items:
                  $ref: '#/components/schemas/LogStream'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.logStreams.read
      summary: List all Log Streams
      tags:
      - LogStream
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    post:
      description: Creates a new Log Stream object
      operationId: createLogStream
      requestBody:
        content:
          application/json:
            examples:
              LogStreamPostRequestExample:
                $ref: '#/components/examples/LogStreamPostRequest'
            schema:
              $ref: '#/components/schemas/LogStream'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                LogStreamPostResponseExample:
                  $ref: '#/components/examples/LogStreamPostResponse'
              schema:
                $ref: '#/components/schemas/LogStream'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.logStreams.manage
      summary: Create a Log Stream
      tags:
      - LogStream
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/logStreams/{logStreamId}:
    delete:
      description: Deletes a Log Stream object from your org by ID
      operationId: deleteLogStream
      parameters:
      - description: Unique identifier for the Log Stream
        explode: false
        in: path
        name: logStreamId
        required: true
        schema:
          example: 0oa1orzg0CHSgPcjZ0g4
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.logStreams.manage
      summary: Delete a Log Stream
      tags:
      - LogStream
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    get:
      description: Retrieves a Log Stream object by ID
      operationId: getLogStream
      parameters:
      - description: Unique identifier for the Log Stream
        explode: false
        in: path
        name: logStreamId
        required: true
        schema:
          example: 0oa1orzg0CHSgPcjZ0g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                LogStreamGetRequestExample:
                  $ref: '#/components/examples/LogStreamPostResponse'
              schema:
                $ref: '#/components/schemas/LogStream'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.logStreams.read
      summary: Retrieve a Log Stream
      tags:
      - LogStream
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces the Log Stream object properties for a given ID.

        This operation is typically used to update the configuration of a Log Stream.
        Depending on the type of Log Stream you want to update, certain properties can't be modified after the Log Stream is initially created.
        Use the [Retrieve the Log Stream Schema for the schema type](/openapi/okta-management/management/tag/Schema/#tag/Schema/operation/getLogStreamSchema) request to determine which properties you can update for the specific Log Stream type.
        Log Stream properties with the `"writeOnce" : true` attribute can't be updated after creation.
        You must still specify these `writeOnce` properties in the request body with the original values in the PUT request.

        > **Note:** You don't have to specify properties that have both the `"writeOnce": true` and the `"writeOnly": true` attributes in the PUT request body. These property values are ignored even if you add them in the PUT request body.
      operationId: replaceLogStream
      parameters:
      - description: Unique identifier for the Log Stream
        explode: false
        in: path
        name: logStreamId
        required: true
        schema:
          example: 0oa1orzg0CHSgPcjZ0g4
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              LogStreamPutRequestExample:
                $ref: '#/components/examples/LogStreamPutRequest'
            schema:
              $ref: '#/components/schemas/LogStreamPutSchema'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                LogStreamPostResponseExample:
                  $ref: '#/components/examples/LogStreamPutResponse'
              schema:
                $ref: '#/components/schemas/LogStream'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.logStreams.manage
      summary: Replace a Log Stream
      tags:
      - LogStream
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/logStreams/{logStreamId}/lifecycle/activate:
    post:
      description: Activates a log stream by `logStreamId`
      operationId: activateLogStream
      parameters:
      - description: Unique identifier for the Log Stream
        explode: false
        in: path
        name: logStreamId
        required: true
        schema:
          example: 0oa1orzg0CHSgPcjZ0g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                LogStreamActivateResponseExample:
                  $ref: '#/components/examples/LogStreamActivateResponse'
              schema:
                $ref: '#/components/schemas/LogStream'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.logStreams.manage
      summary: Activate a Log Stream
      tags:
      - LogStream
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/logStreams/{logStreamId}/lifecycle/deactivate:
    post:
      description: Deactivates a log stream by `logStreamId`
      operationId: deactivateLogStream
      parameters:
      - description: Unique identifier for the Log Stream
        explode: false
        in: path
        name: logStreamId
        required: true
        schema:
          example: 0oa1orzg0CHSgPcjZ0g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                LogStreamDeactivateResponseExample:
                  $ref: '#/components/examples/LogStreamDeactivateResponse'
              schema:
                $ref: '#/components/schemas/LogStream'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.logStreams.manage
      summary: Deactivate a Log Stream
      tags:
      - LogStream
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/logs:
    get:
      description: Lists all System Log Events
      operationId: listLogEvents
      parameters:
      - description: Filters the lower time bound of the log events `published` property
          for bounded queries or persistence time for polling queries
        explode: true
        in: query
        name: since
        required: false
        schema:
          default: 7 days prior to until
          format: ISO 8601 compliant timestamp
          type: string
        style: form
      - description: Filters the upper time bound of the log events `published` property
          for bounded queries or persistence time for polling queries.
        explode: true
        in: query
        name: until
        required: false
        schema:
          default: current time
          format: ISO 8601 compliant timestamp
          type: string
        style: form
      - description: Retrieves the next page of results. Okta returns a link in the
          HTTP Header (`rel=next`) that includes the after query parameter
        explode: true
        in: query
        name: after
        required: false
        schema:
          format: Opaque token
          type: string
        style: form
      - description: "Filter expression that filters the results. All operators except\
          \ [ ] are supported. See [Filter](https://developer.okta.com/docs/api/#filter)."
        explode: true
        in: query
        name: filter
        required: false
        schema:
          format: SCIM Filter expression
          type: string
        style: form
      - description: Filters log events results by one or more case insensitive keywords.
        explode: true
        in: query
        name: q
        required: false
        schema:
          format: "URL encoded string. Max length is 40 characters per keyword, with\
            \ a maximum of 10 keyword filters per query (before encoding)"
          type: string
        style: form
      - description: Sets the number of results that are returned in the response
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 100
          format: Integer between 0 and 1000
          type: integer
        style: form
      - description: The order of the returned events that are sorted by the `published`
          property
        explode: true
        in: query
        name: sortOrder
        required: false
        schema:
          default: ASCENDING
          enum:
          - ASCENDING
          - DESCENDING
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListLogs:
                  $ref: '#/components/examples/ListLogs'
                LogTargetChangeDetails:
                  $ref: '#/components/examples/LogTargetChangeDetails'
              schema:
                items:
                  $ref: '#/components/schemas/LogEvent'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.logs.read
      summary: List all System Log Events
      tags:
      - SystemLog
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/mappings:
    get:
      description: |-
        Lists all profile mappings in your organization with [pagination](https://developer.okta.com/docs/api/#pagination). You can return a subset of profile mappings that match a supported `sourceId` and/or `targetId`.
        The results are [paginated](/#pagination) according to the limit parameter. If there are multiple pages of results, the Link header contains a `next` link that should be treated as an opaque value (follow it, don't parse it).

        The response is a collection of profile mappings that include a subset of the profile mapping object's parameters. The profile mapping object describes
        the properties mapping between an Okta User and an App User Profile using [JSON Schema Draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04).
      operationId: listProfileMappings
      parameters:
      - description: Mapping `id` that specifies the pagination cursor for the next
          page of mappings
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of results per page (maximum 200)
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          type: integer
        style: form
      - description: "The UserType or App Instance `id` that acts as the source of\
          \ expressions in a mapping. If this parameter is included, all returned\
          \ mappings have this as their `source.id`."
        explode: true
        in: query
        name: sourceId
        required: false
        schema:
          type: string
        style: form
      - description: "The UserType or App Instance `id` that acts as the target of\
          \ expressions in a mapping. If this parameter is included, all returned\
          \ mappings have this as their `target.id`."
        explode: true
        in: query
        name: targetId
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                MappingList:
                  $ref: '#/components/examples/ListMappingsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/ListProfileMappings'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.profileMappings.read
      summary: List all Profile Mappings
      tags:
      - ProfileMapping
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/mappings/{mappingId}:
    get:
      description: Retrieves a single Profile Mapping referenced by its ID
      operationId: getProfileMapping
      parameters:
      - description: '`id` of the Mapping'
        explode: false
        in: path
        name: mappingId
        required: true
        schema:
          example: cB6u7X8mptebWkffatKA
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                MappingRetrieve:
                  $ref: '#/components/examples/RetrieveMappingsResponse'
              schema:
                $ref: '#/components/schemas/ProfileMapping'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.profileMappings.read
      summary: Retrieve a Profile Mapping
      tags:
      - ProfileMapping
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    post:
      description: "Updates an existing profile mapping by adding, updating, or removing\
        \ one or many property mappings"
      operationId: updateProfileMapping
      parameters:
      - description: '`id` of the Mapping'
        explode: false
        in: path
        name: mappingId
        required: true
        schema:
          example: cB6u7X8mptebWkffatKA
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Addpropertymapping:
                $ref: '#/components/examples/AddMappingBody'
              Updatepropertymapping:
                $ref: '#/components/examples/UpdateMappingBody'
              Removepropertymapping:
                $ref: '#/components/examples/RemoveMappingBody'
            schema:
              $ref: '#/components/schemas/ProfileMappingRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Addpropertymapping:
                  $ref: '#/components/examples/AddMappingResponse'
                Updatepropertymapping:
                  $ref: '#/components/examples/UpdateMappingResponse'
                Removepropertymapping:
                  $ref: '#/components/examples/RemoveMappingResponse'
              schema:
                $ref: '#/components/schemas/ProfileMapping'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.profileMappings.manage
      summary: Update a Profile Mapping
      tags:
      - ProfileMapping
      x-codegen-request-body-name: profileMapping
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/meta/layouts/apps/{appName}: {}
  /api/v1/meta/layouts/apps/{appName}/sections/{section}/{operation}: {}
  /api/v1/meta/schemas/apps/{appId}/default:
    get:
      description: |-
        Retrieves the default Schema for an App User.

        The [User Types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/) feature does not extend to apps. All users assigned to a given app use the same App User Schema. Therefore, unlike the User Schema operations, the App User Schema operations all specify `default` and don't accept a Schema ID.
      operationId: getApplicationUserSchema
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserSchema'
          description: successful operation
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.schemas.read
      summary: Retrieve the default App User Schema for an App
      tags:
      - Schema
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Updates the App User Schema. This updates, adds, or removes one or more custom profile properties or the nullability of a base property in the App User Schema for an app. Changing a base property's nullability (for example, the value of its `required` field) is allowed only if it is nullable in the default predefined Schema for the App.

        The [User Types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/) feature does not extend to apps. All users assigned to a given app use the same App User Schema. Therefore, unlike the User Schema operations, the App User Schema operations all specify `default` and don't accept a Schema ID.
      operationId: updateApplicationUserProfile
      parameters:
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Add a custom property to the app user schema:
                $ref: '#/components/examples/AppUserSchemaAddRequest'
            schema:
              $ref: '#/components/schemas/UserSchema'
        required: false
      responses:
        "200":
          content:
            application/json:
              examples:
                Response with a subset of properties for brevity:
                  $ref: '#/components/examples/AppUserSchemaResponse'
              schema:
                $ref: '#/components/schemas/UserSchema'
          description: successful operation
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.schemas.manage
      summary: Update the App User Profile Schema for an App
      tags:
      - Schema
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/meta/schemas/group/default:
    get:
      description: |-
        Retrieves the Group Schema

        The [User Types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/) feature does not extend to groups. All groups use the same Group Schema. Unlike User Schema operations, Group Schema operations all specify `default` and don't accept a Schema ID.
      operationId: getGroupSchema
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                Response with a subset of properties for brevity:
                  $ref: '#/components/examples/GroupSchemaResponse'
              schema:
                $ref: '#/components/schemas/GroupSchema'
          description: successful operation
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.schemas.read
      summary: Retrieve the default Group Schema
      tags:
      - Schema
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Updates the Group Profile schema. This updates, adds, or removes one or more custom profile properties in a Group Schema. Currently Okta does not support changing base Group Profile properties.

        The [User Types](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserType/) feature does not extend to groups. All groups use the same Group Schema. Unlike User Schema operations, Group Schema operations all specify `default` and don't accept a Schema ID.

        **Note:** Since POST is interpreted as a partial update, you must set properties explicitly to null to remove them from the Schema.
      operationId: updateGroupSchema
      requestBody:
        content:
          application/json:
            examples:
              Add a custom property to the group schema:
                $ref: '#/components/examples/GroupSchemaAddRequest'
            schema:
              $ref: '#/components/schemas/GroupSchema'
      responses:
        "200":
          content:
            application/json:
              example:
                Response with a subset of properties for brevity:
                  $ref: '#/components/examples/GroupSchemaResponse'
              schema:
                $ref: '#/components/schemas/GroupSchema'
          description: successful operation
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.schemas.manage
      summary: Update the Group Profile Schema
      tags:
      - Schema
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/meta/schemas/logStream:
    get:
      description: Lists the Schema for all Log Stream types visible for this org
      operationId: listLogStreamSchemas
      responses:
        "200":
          content:
            application/json:
              examples:
                All log stream schemas for your org:
                  $ref: '#/components/examples/LogStreamSchemaList'
              schema:
                items:
                  $ref: '#/components/schemas/LogStreamSchema'
                type: array
          description: successful operation
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.logStreams.read
      summary: List the Log Stream Schemas
      tags:
      - Schema
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/meta/schemas/logStream/{logStreamType}:
    get:
      description: "Retrieves the Schema for a Log Stream type. The `logStreamType`\
        \ element in the URL specifies the Log Stream type, which is either `aws_eventbridge`\
        \ or `splunk_cloud_logstreaming`. Use the `aws_eventbridge` literal to retrieve\
        \ the AWS EventBridge type schema, and use the `splunk_cloud_logstreaming`\
        \ literal retrieve the Splunk Cloud type schema."
      operationId: getLogStreamSchema
      parameters:
      - explode: false
        in: path
        name: logStreamType
        required: true
        schema:
          $ref: '#/components/schemas/LogStreamType'
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Schema for type `aws_eventbridge`:
                  $ref: '#/components/examples/LogStreamSchemaAws'
                Schema for type `splunk_cloud_logstreaming`:
                  $ref: '#/components/examples/LogStreamSchemaSplunk'
              schema:
                $ref: '#/components/schemas/LogStreamSchema'
          description: successful operation
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.logStreams.read
      summary: Retrieve the Log Stream Schema for the schema type
      tags:
      - Schema
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/meta/schemas/user/linkedObjects:
    get:
      description: Lists all Linked Object definitions
      operationId: listLinkedObjectDefinitions
      responses:
        "200":
          content:
            application/json:
              examples:
                ListLinkedObjectsEx:
                  $ref: '#/components/examples/ListLinkedObjects'
              schema:
                items:
                  $ref: '#/components/schemas/LinkedObject'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.linkedObjects.read
      summary: List all Linked Object Definitions
      tags:
      - LinkedObject
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates a Linked Object definition
      operationId: createLinkedObjectDefinition
      requestBody:
        content:
          application/json:
            examples:
              CreateLinkedObjectRequestEx:
                $ref: '#/components/examples/CreateLinkedObjectRequest'
            schema:
              $ref: '#/components/schemas/LinkedObject'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                CreateLinkedObjectResponseEx:
                  $ref: '#/components/examples/CreateLinkedObjectResponse'
              schema:
                $ref: '#/components/schemas/LinkedObject'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "409":
          content:
            application/json:
              examples:
                ErrorInvalidLinkedObjectDefEx:
                  $ref: '#/components/examples/ErrorInvalidLinkedObjectDef'
              schema:
                $ref: '#/components/schemas/Error'
          description: Conflict
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.linkedObjects.manage
      summary: Create a Linked Object Definition
      tags:
      - LinkedObject
      x-codegen-request-body-name: linkedObject
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/meta/schemas/user/linkedObjects/{linkedObjectName}:
    delete:
      description: "Deletes the Linked Object definition specified by either the `primary`\
        \ or `associated` name. The entire definition is removed, regardless of which\
        \ name that you specify."
      operationId: deleteLinkedObjectDefinition
      parameters:
      - description: Primary or Associated name
        explode: false
        in: path
        name: linkedObjectName
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.linkedObjects.manage
      summary: Delete a Linked Object Definition
      tags:
      - LinkedObject
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a Linked Object definition
      operationId: getLinkedObjectDefinition
      parameters:
      - description: Primary or Associated name
        explode: false
        in: path
        name: linkedObjectName
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                CreateLinkedObjectResponseEx:
                  $ref: '#/components/examples/CreateLinkedObjectResponse'
              schema:
                $ref: '#/components/schemas/LinkedObject'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.linkedObjects.read
      summary: Retrieve a Linked Object Definition
      tags:
      - LinkedObject
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/meta/schemas/user/{schemaId}:
    get:
      description: Retrieves the Schema for a User Type
      operationId: getUserSchema
      parameters:
      - explode: false
        in: path
        name: schemaId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Response with a subset of properties for brevity:
                  $ref: '#/components/examples/UserSchemaResponse'
              schema:
                $ref: '#/components/schemas/UserSchema'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.schemas.read
      summary: Retrieve a User Schema
      tags:
      - Schema
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Updates a User Schema. This updates, adds, or removes one or more\
        \ profile properties in a User Schema. \n\nUnlike custom User Profile properties,\
        \ limited changes are allowed to base User Profile properties (permissions,\
        \ nullability of the `firstName` and `lastName` properties, or pattern for\
        \ `login`). A property cannot be removed from the default Schema if it is\
        \ being referenced as a [matchAttribute](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/IdentityProvider/)\
        \ in SAML2 IdPs. Currently, all validation of SAML assertions is only performed\
        \ against the default user type."
      operationId: updateUserProfile
      parameters:
      - explode: false
        in: path
        name: schemaId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Add a custom property to the user schema:
                $ref: '#/components/examples/UserSchemaAddRequest'
            schema:
              $ref: '#/components/schemas/UserSchema'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Response with a subset of properties for brevity:
                  $ref: '#/components/examples/UserSchemaResponse'
              schema:
                $ref: '#/components/schemas/UserSchema'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.schemas.manage
      summary: Update a User Schema
      tags:
      - Schema
      x-codegen-request-body-name: userSchema
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/meta/types/user:
    get:
      description: Lists all User Types in your org
      operationId: listUserTypes
      responses:
        "200":
          content:
            application/json:
              examples:
                ListsAllUserTypes:
                  $ref: '#/components/examples/ListsAllUserTypes'
              schema:
                items:
                  $ref: '#/components/schemas/UserType'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.userTypes.read
      summary: List all User Types
      tags:
      - UserType
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Creates a new User Type. Okta automatically creates a `default` User Type for your org. You may add up to nine additional User Types.
        > **Note**: New User Types are based on the current default schema template. Modifications to this schema do not automatically propagate to previously created User Types.
      operationId: createUserType
      requestBody:
        content:
          application/json:
            examples:
              CreateUserRequest:
                $ref: '#/components/examples/CreateUserRequest'
            schema:
              $ref: '#/components/schemas/CreateUserTypeRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                CreateUserResponse:
                  $ref: '#/components/examples/CreateUserResponse'
              schema:
                $ref: '#/components/schemas/UserType'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.userTypes.manage
      summary: Create a User Type
      tags:
      - UserType
      x-codegen-request-body-name: userType
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/meta/types/user/{typeId}:
    delete:
      description: |-
        Deletes a User Type permanently.
        > **Note**: You can't delete the default User Type or a User Type that is currently assigned to users.
      operationId: deleteUserType
      parameters:
      - explode: false
        in: path
        name: typeId
        required: true
        schema:
          description: The unique key for the User Type
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.userTypes.manage
      summary: Delete a User Type
      tags:
      - UserType
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a User Type by ID. Use `default` to fetch the default
        User Type.
      operationId: getUserType
      parameters:
      - explode: false
        in: path
        name: typeId
        required: true
        schema:
          description: The unique key for the User Type
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                GetUserResponse:
                  $ref: '#/components/examples/GetUserResponse'
              schema:
                $ref: '#/components/schemas/UserType'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.userTypes.read
      summary: Retrieve a User Type
      tags:
      - UserType
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Updates an existing User Type. This operation is a partial update.
        > **Note**: You can only update the `displayName` and `description` elements. The `name` of an existing User Type can't be changed.
      operationId: updateUserType
      parameters:
      - explode: false
        in: path
        name: typeId
        required: true
        schema:
          description: The unique key for the User Type
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              UpdateUserTypePostRequest:
                $ref: '#/components/examples/UpdateUserTypePostRequest'
            schema:
              $ref: '#/components/schemas/UserTypePostRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                UpdateUserTypePutRequest:
                  $ref: '#/components/examples/UpdateUserTypePostResponse'
              schema:
                $ref: '#/components/schemas/UserType'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.userTypes.manage
      summary: Update a User Type
      tags:
      - UserType
      x-codegen-request-body-name: userType
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces an existing User Type. This operation is a full update.
        > **Note**: The `name` of an existing User Type can't be changed, but must be part of the request body. You can only replace the `displayName` and `description` elements.
      operationId: replaceUserType
      parameters:
      - explode: false
        in: path
        name: typeId
        required: true
        schema:
          description: The unique key for the User Type
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              ReplaceUserTypePutRequest:
                $ref: '#/components/examples/ReplaceUserTypePutRequest'
            schema:
              $ref: '#/components/schemas/UserTypePutRequest'
      responses:
        "200":
          content:
            application/json:
              examples:
                ReplaceUserTypePutResponse:
                  $ref: '#/components/examples/ReplaceUserTypePutResponse'
              schema:
                $ref: '#/components/schemas/UserType'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.userTypes.manage
      summary: Replace a User Type
      tags:
      - UserType
      x-codegen-request-body-name: userType
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/meta/uischemas:
    get:
      description: Lists all UI Schemas in your org
      operationId: listUISchemas
      responses:
        "200":
          content:
            application/json:
              examples:
                UIISchemaList:
                  $ref: '#/components/examples/ListUISchemaResponse'
              schema:
                items:
                  $ref: '#/components/schemas/UISchemasResponseObject'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.uischemas.read
      summary: List all UI Schemas
      tags:
      - UISchema
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    post:
      description: Creates an input for an enrollment form
      operationId: createUISchema
      requestBody:
        content:
          application/json:
            examples:
              UISchemaCreate:
                $ref: '#/components/examples/CreateUISchemaBody'
            schema:
              $ref: '#/components/schemas/CreateUISchema'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                UISchemaCreate:
                  $ref: '#/components/examples/CreateUISchemaResponse'
              schema:
                $ref: '#/components/schemas/UISchemasResponseObject'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.uischemas.manage
      summary: Create a UI Schema
      tags:
      - UISchema
      x-codegen-request-body-name: uischemabody
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/meta/uischemas/{id}:
    delete:
      description: Deletes a UI Schema by `id`
      operationId: deleteUISchemas
      parameters:
      - description: The unique ID of the UI Schema
        explode: false
        in: path
        name: id
        required: true
        schema:
          example: uis4a7liocgcRgcxZ0g7
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.uischemas.manage
      summary: Delete a UI Schema
      tags:
      - UISchema
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    get:
      description: Retrieves a UI Schema by `id`
      operationId: getUISchema
      parameters:
      - description: The unique ID of the UI Schema
        explode: false
        in: path
        name: id
        required: true
        schema:
          example: uis4a7liocgcRgcxZ0g7
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                UISchemaRetrieve:
                  $ref: '#/components/examples/RetrieveUISchemaResponse'
              schema:
                $ref: '#/components/schemas/UISchemasResponseObject'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.uischemas.read
      summary: Retrieve a UI Schema
      tags:
      - UISchema
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    put:
      description: Replaces a UI Schema by `id`
      operationId: replaceUISchemas
      parameters:
      - description: The unique ID of the UI Schema
        explode: false
        in: path
        name: id
        required: true
        schema:
          example: uis4a7liocgcRgcxZ0g7
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              UISchemaPUT:
                $ref: '#/components/examples/CreateUISchemaBody'
            schema:
              $ref: '#/components/schemas/UpdateUISchema'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                UISchemaUpdate:
                  $ref: '#/components/examples/CreateUISchemaResponse'
              schema:
                $ref: '#/components/schemas/UISchemasResponseObject'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.uischemas.manage
      summary: Replace a UI Schema
      tags:
      - UISchema
      x-codegen-request-body-name: updateUISchemaBody
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/org:
    get:
      description: Retrieves the Org General Settings
      operationId: getOrgSettings
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                example-1:
                  $ref: '#/components/examples/OrgSettingResponse'
              schema:
                $ref: '#/components/schemas/OrgSetting'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: Retrieve the Org General Settings
      tags:
      - OrgSettingGeneral
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Updates partial Org General Settings
      operationId: updateOrgSettings
      requestBody:
        content:
          application/json:
            examples:
              example-1:
                $ref: '#/components/examples/UpdateOrgSettingEx'
            schema:
              $ref: '#/components/schemas/OrgSetting'
      responses:
        "200":
          content:
            application/json:
              examples:
                example-1:
                  $ref: '#/components/examples/OrgSettingResponse'
              schema:
                $ref: '#/components/schemas/OrgSetting'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Update the Org General Settings
      tags:
      - OrgSettingGeneral
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
    put:
      description: Replaces the Org General Settings for your Okta org
      operationId: replaceOrgSettings
      requestBody:
        content:
          application/json:
            examples:
              example-1:
                $ref: '#/components/examples/UpdateOrgSettingEx'
            schema:
              $ref: '#/components/schemas/OrgSetting'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                example-1:
                  $ref: '#/components/examples/OrgSettingResponse'
              schema:
                $ref: '#/components/schemas/OrgSetting'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Replace the Org General Settings
      tags:
      - OrgSettingGeneral
      x-codegen-request-body-name: orgSetting
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/org/captcha:
    delete:
      description: Deletes the CAPTCHA settings object for your organization
      operationId: deleteOrgCaptchaSettings
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.captchas.manage
      summary: Delete the Org-wide CAPTCHA Settings
      tags:
      - CAPTCHA
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    get:
      description: |-
        Retrieves the CAPTCHA settings object for your organization
        > **Note**: If the current organization hasn't configured CAPTCHA Settings, the request returns an empty object.
      operationId: getOrgCaptchaSettings
      responses:
        "200":
          content:
            application/json:
              examples:
                configured:
                  $ref: '#/components/examples/OrgCAPTCHASettingsConfigured'
                empty:
                  $ref: '#/components/examples/OrgCAPTCHASettingsEmpty'
              schema:
                $ref: '#/components/schemas/OrgCAPTCHASettings'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.captchas.read
      summary: Retrieve the Org-wide CAPTCHA Settings
      tags:
      - CAPTCHA
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces the CAPTCHA settings object for your organization
        > **Note**: You can disable CAPTCHA for your organization by setting `captchaId` and `enabledPages` to `null`.
      operationId: replacesOrgCaptchaSettings
      requestBody:
        content:
          application/json:
            examples:
              Update:
                $ref: '#/components/examples/OrgCAPTCHASettingsUpdate'
              Disable:
                $ref: '#/components/examples/OrgCAPTCHASettingsDisable'
            schema:
              $ref: '#/components/schemas/OrgCAPTCHASettings'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Update:
                  $ref: '#/components/examples/OrgCAPTCHASettingsUpdated'
                Disable:
                  $ref: '#/components/examples/OrgCAPTCHASettingsDisabled'
              schema:
                $ref: '#/components/schemas/OrgCAPTCHASettings'
          description: Success
        "400":
          content:
            application/json:
              examples:
                NoDisable:
                  $ref: '#/components/examples/ErrorCAPTCHAOrgWideSettingNull'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.captchas.manage
      summary: Replace the Org-wide CAPTCHA Settings
      tags:
      - CAPTCHA
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/org/contacts:
    get:
      description: Lists all Org Contact Types for your Okta org
      operationId: listOrgContactTypes
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                orgContactTypeEx:
                  $ref: '#/components/examples/orgContactTypeResponse'
              schema:
                items:
                  $ref: '#/components/schemas/OrgContactTypeObj'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: List all Org Contact Types
      tags:
      - OrgSettingContact
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/contacts/{contactType}:
    get:
      description: Retrieves the ID and the User resource associated with the specified
        Contact Type
      operationId: getOrgContactUser
      parameters:
      - explode: false
        in: path
        name: contactType
        required: true
        schema:
          description: Type of contact
          enum:
          - BILLING
          - TECHNICAL
          example: BILLING
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                contactTypeUserEx:
                  $ref: '#/components/examples/orgContactUserResponse'
              schema:
                $ref: '#/components/schemas/OrgContactUser'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: Retrieve the Contact Type User
      tags:
      - OrgSettingContact
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the User associated with the specified Contact Type
      operationId: replaceOrgContactUser
      parameters:
      - explode: false
        in: path
        name: contactType
        required: true
        schema:
          description: Type of contact
          enum:
          - BILLING
          - TECHNICAL
          example: BILLING
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              contactTypeUserEx:
                summary: Contact User
                value:
                  userId: 00ux3u0ujW1r5AfZC1d7
            schema:
              $ref: '#/components/schemas/OrgContactUser'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                contactTypeUserEx:
                  $ref: '#/components/examples/orgContactUserResponse'
              schema:
                $ref: '#/components/schemas/OrgContactUser'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Replace the Contact Type User
      tags:
      - OrgSettingContact
      x-codegen-request-body-name: orgContactUser
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/org/email/bounces/remove-list:
    post:
      description: |
        Removes emails from an email service bounce list.

        The emails submitted in this operation are removed from the bounce list by an asynchronous job.
        Any email address that passes validation is accepted for the removal process, even if there are other email addresses in the request that failed validation.

        > **Note:** If there are validation errors for all email addresses, a `200 OK` HTTP status is still returned.
      operationId: bulkRemoveEmailAddressBounces
      requestBody:
        content:
          application/json:
            examples:
              example-1:
                summary: Request example
                value:
                  emailAddresses:
                  - [email protected]
                  - [email protected]
                  - name@okta@com
            schema:
              $ref: '#/components/schemas/BouncesRemoveListObj'
      responses:
        "200":
          content:
            application/json:
              examples:
                example-1:
                  summary: Response example
                  value:
                    errors:
                    - emailAddress: [email protected]
                      reason: This email address does not belong to any user in your
                        organization.
                    - emailAddress: name@okta@com
                      reason: Invalid email address. The provided email address failed
                        validation against RFC 3696.
              schema:
                $ref: '#/components/schemas/BouncesRemoveListResult'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Remove Bounced Emails
      tags:
      - EmailCustomization
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/org/factors/yubikey_token/tokens:
    get:
      description: Lists all YubiKey OTP Tokens
      operationId: listYubikeyOtpTokens
      parameters:
      - description: Specifies the pagination cursor for the next page of tokens
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: "Embeds the [User](/openapi/okta-management/management/tag/User/)\
          \ resource if the YubiKey Token is assigned to a user and `expand` is set\
          \ to `user`"
        explode: true
        in: query
        name: expand
        required: false
        schema:
          type: string
        style: form
      - description: The expression used to filter tokens
        explode: true
        in: query
        name: filter
        required: false
        schema:
          enum:
          - profile.email
          - profile.serial
          - activated
          - user.id
          - created
          - status
          - lastVerified
          type: string
        style: form
      - description: "Returns tokens in a CSV to download instead of in the response.\
          \ When you use this query parameter, the `limit` default changes to 1000."
        explode: true
        in: query
        name: forDownload
        required: false
        schema:
          default: false
          type: boolean
        style: form
      - description: Specifies the number of results per page
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          type: integer
        style: form
      - description: The value of how the tokens are sorted
        explode: true
        in: query
        name: sortBy
        required: false
        schema:
          enum:
          - profile.email
          - profile.serial
          - activated
          - user.id
          - created
          - status
          - lastVerified
          type: string
        style: form
      - description: "Specifies the sort order, either `ASC` or `DESC`"
        explode: true
        in: query
        name: sortOrder
        required: false
        schema:
          enum:
          - ASC
          - DESC
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                ListYubikeyOptTokensResponse:
                  $ref: '#/components/examples/ListYubikeyOptTokensResponse'
              schema:
                items:
                  $ref: '#/components/schemas/UserFactorYubikeyOtpToken'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all YubiKey OTP Tokens
      tags:
      - UserFactor
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Uploads a seed for a user to enroll a YubiKey OTP
      operationId: uploadYubikeyOtpTokenSeed
      parameters:
      - description: Specifies the pagination cursor for the next page of tokens
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: "Embeds the [User](/openapi/okta-management/management/tag/User/)\
          \ resource if the YubiKey Token is assigned to a user and `expand` is set\
          \ to `user`"
        explode: true
        in: query
        name: expand
        required: false
        schema:
          type: string
        style: form
      - description: The expression used to filter tokens
        explode: true
        in: query
        name: filter
        required: false
        schema:
          enum:
          - profile.email
          - profile.serial
          - activated
          - user.id
          - created
          - status
          - lastVerified
          type: string
        style: form
      - description: "Returns tokens in a CSV to download instead of in the response.\
          \ When you use this query parameter, the `limit` default changes to 1000."
        explode: true
        in: query
        name: forDownload
        required: false
        schema:
          default: false
          type: boolean
        style: form
      - description: Specifies the number of results per page
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          type: integer
        style: form
      - description: The value of how the tokens are sorted
        explode: true
        in: query
        name: sortBy
        required: false
        schema:
          enum:
          - profile.email
          - profile.serial
          - activated
          - user.id
          - created
          - status
          - lastVerified
          type: string
        style: form
      - description: "Specifies the sort order, either `ASC` or `DESC`"
        explode: true
        in: query
        name: sortOrder
        required: false
        schema:
          enum:
          - ASC
          - DESC
          type: string
        style: form
      requestBody:
        content:
          application/json:
            examples:
              uploadYubikeyOtpSeedRequest:
                $ref: '#/components/examples/UploadYubikeyTokenSeedRequest'
            schema:
              $ref: '#/components/schemas/uploadYubikeyOtpTokenSeed_request'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                yubikeyToken:
                  $ref: '#/components/examples/UploadYubikeyTokenSeedResponse'
              schema:
                $ref: '#/components/schemas/UserFactorYubikeyOtpToken'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Upload a YubiKey OTP Seed
      tags:
      - UserFactor
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/org/factors/yubikey_token/tokens/{tokenId}:
    get:
      description: Retrieves the specified YubiKey OTP Token by `id`
      operationId: getYubikeyOtpTokenById
      parameters:
      - description: ID of a Yubikey token
        explode: false
        in: path
        name: tokenId
        required: true
        schema:
          example: ykkxdtCA1fKVxyu6R0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Token:
                  $ref: '#/components/examples/GetYubikeyOptTokenResponse'
              schema:
                $ref: '#/components/schemas/UserFactorYubikeyOtpToken'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: Retrieve a YubiKey OTP Token
      tags:
      - UserFactor
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/logo:
    post:
      description: Uploads and replaces the logo for your organization
      operationId: uploadOrgLogo
      requestBody:
        content:
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/uploadOrgLogo_request'
        description: logo file
      responses:
        "201":
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.apps.manage
      summary: Upload the Org Logo
      tags:
      - OrgSettingCustomization
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: multipart/form-data
      x-accepts:
      - application/json
  /api/v1/org/orgSettings/thirdPartyAdminSetting:
    get:
      description: "Retrieves the Third-Party Admin Setting. See [Configure third-party\
        \ administrators](https://help.okta.com/okta_help.htm?type=oie&id=csh_admin-third)\
        \ in the Okta product documentation."
      operationId: getThirdPartyAdminSetting
      parameters: []
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ThirdPartyAdminSetting'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: Retrieve the Org Third-Party Admin Setting
      tags:
      - OrgSettingAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |
        Updates the Third-Party Admin Setting.
        This setting allows third-party admins to perform administrative actions in the Admin Console, but they can't do any of the following:
          * Receive Okta admin email notifications
          * Contact Okta support
          * Sign in to the Okta Help Center

        See [Configure third-party administrators](https://help.okta.com/okta_help.htm?type=oie&id=csh_admin-third) in the Okta product documentation.
      operationId: updateThirdPartyAdminSetting
      parameters: []
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ThirdPartyAdminSetting'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ThirdPartyAdminSetting'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Update the Org Third-Party Admin Setting
      tags:
      - OrgSettingAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/org/preferences:
    get:
      description: Retrieves preferences of your Okta org
      operationId: getOrgPreferences
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                retrieveOrgPrefEx:
                  $ref: '#/components/examples/orgShowFooterPrefResponse'
              schema:
                $ref: '#/components/schemas/OrgPreferences'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: Retrieve the Org Preferences
      tags:
      - OrgSettingCustomization
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/preferences/hideEndUserFooter:
    post:
      description: Sets the preference to hide the Okta UI footer for all end users
        of your org
      operationId: setOrgHideOktaUIFooter
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                hideOrgPrefEx:
                  $ref: '#/components/examples/orgHideFooterPrefResponse'
              schema:
                $ref: '#/components/schemas/OrgPreferences'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Set the Hide Dashboard Footer Preference
      tags:
      - OrgSettingCustomization
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/preferences/showEndUserFooter:
    post:
      description: Sets the preference to show the Okta UI footer for all end users
        of your org
      operationId: setOrgShowOktaUIFooter
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                showOrgPrefEx:
                  $ref: '#/components/examples/orgShowFooterPrefResponse'
              schema:
                $ref: '#/components/schemas/OrgPreferences'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Set the Show Dashboard Footer Preference
      tags:
      - OrgSettingCustomization
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/privacy/aerial:
    get:
      description: Retrieves the Okta Aerial consent grant details for your Org. Returns
        a 404 Not Found error if no consent has been granted.
      operationId: getAerialConsent
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                example-read-grant-response:
                  $ref: '#/components/examples/AerialConsentDetails'
              schema:
                $ref: '#/components/schemas/OrgAerialConsentDetails'
          description: Success
        "400":
          content:
            application/json:
              examples:
                example-no-already-present-response:
                  $ref: '#/components/examples/AerialGrantAlreadyPresentErrorResponse'
              schema:
                $ref: '#/components/schemas/Error'
          description: Can't complete request due to errors
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                example-no-grant-found-response:
                  $ref: '#/components/examples/AerialGrantNotFoundResponse'
              schema:
                $ref: '#/components/schemas/Error'
          description: Consent hasn't been given and there are no grants to any Aerial
            Accounts
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Retrieve Okta Aerial consent for your Org
      tags:
      - OrgSettingSupport
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/org/privacy/aerial/grant:
    post:
      description: "Grants an Okta Aerial account access to your Org. If the org is\
        \ a child org, consent is taken from the parent org.  Grant calls directly\
        \ to the child are not allowed."
      operationId: grantAerialConsent
      parameters: []
      requestBody:
        content:
          application/json:
            examples:
              example-grant-call:
                description: Request body to grant an Okta Aerial account access to
                  your Org
                value:
                  accountId: 0200bs0617vvhv2v675mch1cukp
            schema:
              $ref: '#/components/schemas/OrgAerialConsent'
      responses:
        "200":
          content:
            application/json:
              examples:
                example-grant-success-response:
                  $ref: '#/components/examples/AerialConsentDetails'
              schema:
                $ref: '#/components/schemas/OrgAerialConsentDetails'
          description: Success
        "400":
          content:
            application/json:
              examples:
                example-invalid-account-id:
                  $ref: '#/components/examples/AerialConsentInvalidAccountIdResponse'
              schema:
                $ref: '#/components/schemas/Error'
          description: Can't complete request due to errors
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Grant Okta Aerial access to your Org
      tags:
      - OrgSettingSupport
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/org/privacy/aerial/revoke:
    post:
      description: Revokes access of an Okta Aerial account to your Org. The revoke
        operation will fail if the org has already been added to an Aerial account.
      operationId: revokeAerialConsent
      parameters: []
      requestBody:
        content:
          application/json:
            examples:
              example-revoke-request:
                description: Request body for revoking an Okta Aerial account
                value:
                  accountId: 0200bs0617vvhv2v675mch1cukp
            schema:
              $ref: '#/components/schemas/OrgAerialConsent'
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OrgAerialConsentRevoked'
          description: Success
        "400":
          content:
            application/json:
              examples:
                example-org-is-linked:
                  $ref: '#/components/examples/AerialConsentOrgAlreadyLinkedResponse'
              schema:
                $ref: '#/components/schemas/Error'
          description: Can't complete request due to errors
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Revoke Okta Aerial access to your Org
      tags:
      - OrgSettingSupport
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/org/privacy/oktaCommunication:
    get:
      description: Retrieves Okta Communication Settings of your org
      operationId: getOktaCommunicationSettings
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                retrieveOktaCommSettingsEx:
                  $ref: '#/components/examples/orgCommunicationOptOutResponse'
              schema:
                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: Retrieve the Okta Communication Settings
      tags:
      - OrgSettingCommunication
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/privacy/oktaCommunication/optIn:
    post:
      description: Opts in all users of this org to Okta communication emails
      operationId: optInUsersToOktaCommunicationEmails
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                optInOktaCommSettingsEx:
                  $ref: '#/components/examples/orgCommunicationOptInResponse'
              schema:
                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Opt in to Okta User Communication Emails
      tags:
      - OrgSettingCommunication
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/privacy/oktaCommunication/optOut:
    post:
      description: Opts out all users of this org from Okta communication emails
      operationId: optOutUsersFromOktaCommunicationEmails
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                optOutOktaCommSettingsEx:
                  $ref: '#/components/examples/orgCommunicationOptOutResponse'
              schema:
                $ref: '#/components/schemas/OrgOktaCommunicationSetting'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Opt out of Okta User Communication Emails
      tags:
      - OrgSettingCommunication
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/privacy/oktaSupport:
    get:
      description: Retrieves Okta Support Settings for your org
      operationId: getOrgOktaSupportSettings
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                RetrieveOktaSupportEx:
                  $ref: '#/components/examples/orgSupportSettingsResponse'
              schema:
                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: Retrieve the Okta Support Settings
      tags:
      - OrgSettingSupport
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/privacy/oktaSupport/extend:
    post:
      description: Extends the length of time that Okta Support can access your org
        by 24 hours. This means that 24 hours are added to the remaining access time.
      operationId: extendOktaSupport
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                ExtendOktaSupportEx:
                  $ref: '#/components/examples/orgSupportSettingsResponse'
              schema:
                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Extend Okta Support Access
      tags:
      - OrgSettingSupport
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/privacy/oktaSupport/grant:
    post:
      description: Grants Okta Support temporary access your org as an administrator
        for eight hours
      operationId: grantOktaSupport
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                GrantOktaSupportEx:
                  $ref: '#/components/examples/orgSupportSettingsResponse'
              schema:
                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Grant Okta Support Access
      tags:
      - OrgSettingSupport
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/privacy/oktaSupport/revoke:
    post:
      description: Revokes Okta Support access to your org
      operationId: revokeOktaSupport
      parameters: []
      responses:
        "200":
          content:
            application/json:
              examples:
                RevokeOktaSupportEx:
                  $ref: '#/components/examples/orgSupportSettingsRevokeResponse'
              schema:
                $ref: '#/components/schemas/OrgOktaSupportSettingsObj'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Revoke Okta Support Access
      tags:
      - OrgSettingSupport
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/org/settings/clientPrivilegesSetting:
    get:
      description: "Retrieves the org setting to assign the [Super Admin role](https://help.okta.com/okta_help.htm?type=oie&id=ext_superadmin)\
        \ to new public client apps"
      operationId: getClientPrivilegesSetting
      parameters: []
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ClientPrivilegesSetting'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: Retrieve the Default Public Client App Role Setting
      tags:
      - OrgSettingAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: "Assigns the [Super Admin role](https://help.okta.com/okta_help.htm?type=oie&id=ext_superadmin)\
        \ as the default role for new public client apps"
      operationId: assignClientPrivilegesSetting
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ClientPrivilegesSetting'
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ClientPrivilegesSetting'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Assign the Default Public Client App Role Setting
      tags:
      - OrgSettingAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/orgs:
    post:
      description: |-
        Creates an Org (child org) that has the same features as the current requesting org (parent org).
        A child org inherits any new features added to the parent org, but new features added to the child org aren't propagated back to the parent org.
        > **Notes:**
        > * Some features associated with products, such as Atspoke, Workflows, and Okta Identity Governance, aren't propagated to the child Org.
        > * Wait at least 30 seconds after a 201-Created response before you make API requests to the new child Org.
        > * For rate limits, see [Org creation rate limits](https://developer.okta.com/docs/reference/rl-additional-limits/#org-creation-rate-limits).
      operationId: createChildOrg
      requestBody:
        content:
          application/json:
            examples:
              CreateChildOrg:
                $ref: '#/components/examples/CreateChildOrgRequestEx'
            schema:
              $ref: '#/components/schemas/ChildOrg'
      responses:
        "201":
          content:
            application/json:
              examples:
                CreateChildOrg:
                  $ref: '#/components/examples/CreateChildOrgResponseEx'
              schema:
                $ref: '#/components/schemas/ChildOrg'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
        "500":
          content:
            application/json:
              examples:
                InternalServerError:
                  $ref: '#/components/examples/ErrorInternalServer'
              schema:
                $ref: '#/components/schemas/Error'
          description: Internal Server Error
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Create an Org
      tags:
      - OrgCreator
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/policies:
    get:
      description: Lists all policies with the specified type
      operationId: listPolicies
      parameters:
      - description: |-
          Specifies the type of policy to return. The following policy types are available only with the Okta Identity Engine - `ACCESS_POLICY`, `PROFILE_ENROLLMENT`, `POST_AUTH_SESSION`, and `ENTITY_RISK`.
          The `POST_AUTH_SESSION` and `ENTITY_RISK` policy types are in . Contact your Okta account team to enable these features.
        explode: true
        in: query
        name: type
        required: true
        schema:
          enum:
          - OKTA_SIGN_ON
          - PASSWORD
          - MFA_ENROLL
          - IDP_DISCOVERY
          - ACCESS_POLICY
          - PROFILE_ENROLLMENT
          - POST_AUTH_SESSION
          - ENTITY_RISK
          type: string
        style: form
      - description: Refines the query by the `status` of the policy - `ACTIVE` or
          `INACTIVE`
        explode: true
        in: query
        name: status
        required: false
        schema:
          type: string
        style: form
      - description: Refines the query by policy name prefix (startWith method) passed
          in as `q=string`
        explode: true
        in: query
        name: q
        required: false
        schema:
          type: string
        style: form
      - explode: true
        in: query
        name: expand
        required: false
        schema:
          default: ""
          type: string
        style: form
      - description: Refines the query by sorting on the policy `name` in ascending
          order
        explode: true
        in: query
        name: sortBy
        required: false
        schema:
          type: string
        style: form
      - description: "Defines the number of policies returned, see [Pagination](https://developer.okta.com/docs/api/#pagination)"
        explode: true
        in: query
        name: limit
        required: false
        schema:
          type: string
        style: form
      - description: Reference to the associated authorization server
        explode: true
        in: query
        name: resourceId
        required: false
        schema:
          type: string
        style: form
      - description: "End page cursor for pagination, see [Pagination](https://developer.okta.com/docs/api/#pagination)"
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                password:
                  $ref: '#/components/examples/password-policy-response'
                mfa-enroll:
                  $ref: '#/components/examples/mfa-enroll-policy-response'
                idp-discovery:
                  $ref: '#/components/examples/idp-discovery-policy-response'
                profile-enrollment:
                  $ref: '#/components/examples/profile-enrollment-policy-response'
              schema:
                items:
                  $ref: '#/components/schemas/Policy'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.read
      summary: List all Policies
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Creates a policy. There are many types of policies that you can\
        \ create. See [Policies](https://developer.okta.com/docs/concepts/policies/)\
        \ for an overview of the types of policies available and then links to more\
        \ indepth information."
      operationId: createPolicy
      parameters:
      - description: This query parameter is only valid for Classic Engine orgs.
        explode: true
        in: query
        name: activate
        required: false
        schema:
          default: true
          type: boolean
        style: form
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Policy'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                password:
                  $ref: '#/components/examples/password-policy-response'
                mfa-enroll:
                  $ref: '#/components/examples/mfa-enroll-policy-response'
                idp-discovery:
                  $ref: '#/components/examples/idp-discovery-policy-response'
                profile-enrollment:
                  $ref: '#/components/examples/profile-enrollment-policy-response'
              schema:
                $ref: '#/components/schemas/Policy'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Create a Policy
      tags:
      - Policy
      x-codegen-request-body-name: policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/policies/simulate:
    post:
      description: |-
        Creates a policy or policy rule simulation. The access simulation evaluates policy and policy rules based on the existing policy rule configuration.
        The evaluation result simulates what the real-world authentication flow is and what policy rules have been applied or matched to the authentication flow.
      operationId: createPolicySimulation
      parameters:
      - description: Use `expand=EVALUATED` to include a list of evaluated but not
          matched policies and policy rules. Use `expand=RULE` to include details
          about why a rule condition wasn't matched.
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: EVALUATED
          type: string
        style: form
      requestBody:
        content:
          application/json:
            examples:
              SimulatePolicy:
                $ref: '#/components/examples/SimulatePolicyBody'
            schema:
              items:
                $ref: '#/components/schemas/SimulatePolicyBody'
              type: array
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                SimulatePolicy:
                  $ref: '#/components/examples/SimulatePolicyResponse'
              schema:
                $ref: '#/components/schemas/SimulatePolicyResponse'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.read
      summary: Create a Policy Simulation
      tags:
      - Policy
      x-codegen-request-body-name: simulatePolicy
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}:
    delete:
      description: Deletes a policy
      operationId: deletePolicy
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Delete a Policy
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a policy
      operationId: getPolicy
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - explode: true
        in: query
        name: expand
        required: false
        schema:
          default: ""
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                password:
                  $ref: '#/components/examples/password-policy-response'
                mfa-enroll:
                  $ref: '#/components/examples/mfa-enroll-policy-response'
                idp-discovery:
                  $ref: '#/components/examples/idp-discovery-policy-response'
                profile-enrollment:
                  $ref: '#/components/examples/profile-enrollment-policy-response'
              schema:
                $ref: '#/components/schemas/Policy'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.read
      summary: Retrieve a Policy
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the properties of a Policy identified by `policyId`
      operationId: replacePolicy
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Policy'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                password:
                  $ref: '#/components/examples/password-policy-response'
                mfa-enroll:
                  $ref: '#/components/examples/mfa-enroll-policy-response'
                idp-discovery:
                  $ref: '#/components/examples/idp-discovery-policy-response'
                profile-enrollment:
                  $ref: '#/components/examples/profile-enrollment-policy-response'
              schema:
                $ref: '#/components/schemas/Policy'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Replace a Policy
      tags:
      - Policy
      x-codegen-request-body-name: policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}/app:
    get:
      deprecated: true
      description: |-
        Lists all applications mapped to a policy identified by `policyId`

        > **Note:** Use [List all resources mapped to a Policy](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/listPolicyMappings) to list all applications mapped to a policy.
      operationId: listPolicyApps
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/Application'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.read
      summary: List all Applications mapped to a Policy
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}/clone:
    post:
      description: Clones an existing policy
      operationId: clonePolicy
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                password:
                  $ref: '#/components/examples/password-policy-response'
                mfa-enroll:
                  $ref: '#/components/examples/mfa-enroll-policy-response'
                idp-discovery:
                  $ref: '#/components/examples/idp-discovery-policy-response'
                profile-enrollment:
                  $ref: '#/components/examples/profile-enrollment-policy-response'
              schema:
                $ref: '#/components/schemas/Policy'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Clone an existing Policy
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}/lifecycle/activate:
    post:
      description: Activates a policy
      operationId: activatePolicy
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Activate a Policy
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}/lifecycle/deactivate:
    post:
      description: Deactivates a policy
      operationId: deactivatePolicy
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Deactivate a Policy
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}/mappings:
    get:
      description: Lists all resources mapped to a Policy identified by `policyId`
      operationId: listPolicyMappings
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                policy-mapping-response:
                  $ref: '#/components/examples/policy-mapping-list-response'
              schema:
                items:
                  $ref: '#/components/schemas/PolicyMapping'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.read
      summary: List all resources mapped to a Policy
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Maps a resource to a Policy identified by `policyId`
      operationId: mapResourceToPolicy
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PolicyMappingRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                policy-mapping-response:
                  $ref: '#/components/examples/policy-mapping-response'
              schema:
                $ref: '#/components/schemas/PolicyMapping'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Map a resource to a Policy
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}/mappings/{mappingId}:
    delete:
      description: Deletes the resource Mapping for a Policy identified by  `policyId`
        and `mappingId`
      operationId: deletePolicyResourceMapping
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the policy resource Mapping'
        explode: false
        in: path
        name: mappingId
        required: true
        schema:
          example: maplr2rLjZ6NsGn1P0g3
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Delete a policy resource Mapping
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a resource Mapping for a Policy identified by `policyId`
        and `mappingId`
      operationId: getPolicyMapping
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the policy resource Mapping'
        explode: false
        in: path
        name: mappingId
        required: true
        schema:
          example: maplr2rLjZ6NsGn1P0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                policy-mapping-response:
                  $ref: '#/components/examples/policy-mapping-response'
              schema:
                $ref: '#/components/schemas/PolicyMapping'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.read
      summary: Retrieve a policy resource Mapping
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}/rules:
    get:
      description: Lists all policy rules
      operationId: listPolicyRules
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: "Defines the number of policy rules returned. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: limit
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                SignOnPolicy:
                  $ref: '#/components/examples/list-all-policy-rule-response-array'
              schema:
                items:
                  $ref: '#/components/schemas/PolicyRule'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.read
      summary: List all Policy Rules
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Creates a policy rule

        > **Note:** You can't create additional rules for the `PROFILE_ENROLLMENT` or `POST_AUTH_SESSION` policies.
      operationId: createPolicyRule
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: "Defines the number of policy rules returned. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: limit
        required: false
        schema:
          type: string
        style: form
      - description: Set this parameter to `false` to create an `INACTIVE` rule.
        explode: true
        in: query
        name: activate
        required: false
        schema:
          default: true
          type: boolean
        style: form
      requestBody:
        content:
          application/json:
            examples:
              EnableSsprSecurityQuestionStepUp:
                $ref: '#/components/examples/sspr-enabled-sq-step-up'
              EnableSsprSSOStepUp:
                $ref: '#/components/examples/sspr-enabled-sso-step-up'
              EnableSsprNoStepUp:
                $ref: '#/components/examples/sspr-enabled-no-step-up'
              EnableSsprOAMP:
                $ref: '#/components/examples/sspr-enabled-OAMP'
              Enable2FAPreciseAuth:
                $ref: '#/components/examples/twofa-enabled-disallow-password-allow-phishing'
              EnableSpecificRoutingRule:
                $ref: '#/components/examples/idp-discovery-specific-routing-rule'
              EnableDynamicRoutingRule:
                $ref: '#/components/examples/idp-discovery-dynamic-routing-rule'
              CreateAuthPolicyRuleDevicePlatformCondition:
                $ref: '#/components/examples/create-auth-policy-rule-condition'
              SignOnPolicy:
                $ref: '#/components/examples/sign-on-policy-rule'
              SkipFactorChallengeOnPremRule:
                $ref: '#/components/examples/skip-factor-challenge-on-prem-rule'
              RadiusRule:
                $ref: '#/components/examples/radius-rule'
              CloudRule:
                $ref: '#/components/examples/cloud-rule'
              DenyRule:
                $ref: '#/components/examples/deny-rule'
              EnableSsprWithConstraints:
                $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints'
            schema:
              $ref: '#/components/schemas/PolicyRule'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                EnableSsprSecurityQuestionStepUp:
                  $ref: '#/components/examples/sspr-enabled-sq-step-up-response'
                EnableSsprSSOStepUp:
                  $ref: '#/components/examples/sspr-enabled-sso-step-up-response'
                EnableSsprNoStepUp:
                  $ref: '#/components/examples/sspr-enabled-no-step-up-response'
                EnableSsprWithOAMP:
                  $ref: '#/components/examples/sspr-enabled-OAMP-response'
                Enable2FAPreciseAuth:
                  $ref: '#/components/examples/twofa-enabled-disallow-password-allow-phishing-response'
                EnableSpecificRoutingRule:
                  $ref: '#/components/examples/idp-discovery-specific-routing-rule-response'
                EnableDynamicRoutingRule:
                  $ref: '#/components/examples/idp-discovery-dynamic-routing-rule-response'
                CreateAuthPolicyRuleDevicePlatformCondition:
                  $ref: '#/components/examples/create-auth-policy-rule-condition-response'
                SignOnPolicy:
                  $ref: '#/components/examples/sign-on-policy-rule-response'
                SkipFactorChallengeOnPremRule:
                  $ref: '#/components/examples/skip-factor-challenge-on-prem-rule-response'
                RadiusRule:
                  $ref: '#/components/examples/radius-rule-response'
                CloudRule:
                  $ref: '#/components/examples/cloud-rule-response'
                DenyRule:
                  $ref: '#/components/examples/deny-rule-response'
                EnableSsprWithConstraints:
                  $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
              schema:
                $ref: '#/components/schemas/PolicyRule'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Create a Policy Rule
      tags:
      - Policy
      x-codegen-request-body-name: policyRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}/rules/{ruleId}:
    delete:
      description: Deletes a Policy Rule identified by `policyId` and `ruleId`
      operationId: deletePolicyRule
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the Policy Rule'
        explode: false
        in: path
        name: ruleId
        required: true
        schema:
          example: ruld3hJ7jZh4fn0st0g3
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Delete a Policy Rule
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a policy rule
      operationId: getPolicyRule
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the Policy Rule'
        explode: false
        in: path
        name: ruleId
        required: true
        schema:
          example: ruld3hJ7jZh4fn0st0g3
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                EnableSsprSecurityQuestionStepUp:
                  $ref: '#/components/examples/sspr-enabled-sq-step-up-update'
                EnableSsprSSOStepUp:
                  $ref: '#/components/examples/sspr-enabled-sso-step-up-update'
                EnableSsprNoStepUp:
                  $ref: '#/components/examples/sspr-enabled-no-step-up-update'
                EnableSsprWithOAMP:
                  $ref: '#/components/examples/sspr-enabled-OAMP-update'
                EnableSpecificRoutingRule:
                  $ref: '#/components/examples/idp-discovery-specific-routing-rule-response'
                EnableDynamicRoutingRule:
                  $ref: '#/components/examples/idp-discovery-dynamic-routing-rule-response'
                SignOnPolicy:
                  $ref: '#/components/examples/sign-on-policy-rule-response'
                SkipFactorChallengeOnPremRule:
                  $ref: '#/components/examples/skip-factor-challenge-on-prem-rule-response'
                RadiusRule:
                  $ref: '#/components/examples/radius-rule-response'
                CloudRule:
                  $ref: '#/components/examples/cloud-rule-response'
                DenyRule:
                  $ref: '#/components/examples/deny-rule-response'
                EnableSsprWithConstraints:
                  $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
              schema:
                $ref: '#/components/schemas/PolicyRule'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.read
      summary: Retrieve a Policy Rule
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the properties for a Policy Rule identified by `policyId`
        and `ruleId`
      operationId: replacePolicyRule
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the Policy Rule'
        explode: false
        in: path
        name: ruleId
        required: true
        schema:
          example: ruld3hJ7jZh4fn0st0g3
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              EnableSsprSecurityQuestionStepUp:
                $ref: '#/components/examples/sspr-enabled-sq-step-up-update'
              EnableSsprSSOStepUp:
                $ref: '#/components/examples/sspr-enabled-sso-step-up-update'
              EnableSsprNoStepUp:
                $ref: '#/components/examples/sspr-enabled-no-step-up-update'
              UpdateAuthenticationPolicyRuleWithPlatformDeviceConstraints:
                $ref: '#/components/examples/update-auth-policy-rule-condition'
              EnableSpecificRoutingRule:
                $ref: '#/components/examples/idp-discovery-specific-routing-rule'
              EnableDynamicRoutingRule:
                $ref: '#/components/examples/idp-discovery-dynamic-routing-rule'
              SignOnPolicy:
                $ref: '#/components/examples/sign-on-policy-rule'
              SkipFactorChallengeOnPremRule:
                $ref: '#/components/examples/skip-factor-challenge-on-prem-rule'
              RadiusRule:
                $ref: '#/components/examples/radius-rule'
              CloudRule:
                $ref: '#/components/examples/cloud-rule'
              DenyRule:
                $ref: '#/components/examples/deny-rule'
              EnableSsprWithConstraints:
                $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-update'
            schema:
              $ref: '#/components/schemas/PolicyRule'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                EnableSsprSecurityQuestionStepUp:
                  $ref: '#/components/examples/sspr-enabled-sq-step-up-response'
                EnableSsprSSOStepUp:
                  $ref: '#/components/examples/sspr-enabled-sso-step-up-response'
                EnableSsprNoStepUp:
                  $ref: '#/components/examples/sspr-enabled-no-step-up-response'
                UpdateAuthenticationPolicyRuleWithPlatformDeviceConstraints:
                  $ref: '#/components/examples/update-auth-policy-rule-condition-response'
                EnableSpecificRoutingRule:
                  $ref: '#/components/examples/idp-discovery-specific-routing-rule-response'
                EnableDynamicRoutingRule:
                  $ref: '#/components/examples/idp-discovery-dynamic-routing-rule-response'
                SignOnPolicy:
                  $ref: '#/components/examples/sign-on-policy-rule-response'
                SkipFactorChallengeOnPremRule:
                  $ref: '#/components/examples/skip-factor-challenge-on-prem-rule-response'
                RadiusRule:
                  $ref: '#/components/examples/radius-rule-response'
                CloudRule:
                  $ref: '#/components/examples/cloud-rule-response'
                DenyRule:
                  $ref: '#/components/examples/deny-rule-response'
                EnableSsprWithConstraints:
                  $ref: '#/components/examples/sspr-enabled-sso-step-up-with-constraints-response'
              schema:
                $ref: '#/components/schemas/PolicyRule'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Replace a Policy Rule
      tags:
      - Policy
      x-codegen-request-body-name: policyRule
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate:
    post:
      description: Activates a Policy Rule identified by `policyId` and `ruleId`
      operationId: activatePolicyRule
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the Policy Rule'
        explode: false
        in: path
        name: ruleId
        required: true
        schema:
          example: ruld3hJ7jZh4fn0st0g3
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Activate a Policy Rule
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate:
    post:
      description: Deactivates a Policy Rule identified by `policyId` and `ruleId`
      operationId: deactivatePolicyRule
      parameters:
      - description: '`id` of the Policy'
        explode: false
        in: path
        name: policyId
        required: true
        schema:
          example: 00plrilJ7jZ66Gn0X0g3
          type: string
        style: simple
      - description: '`id` of the Policy Rule'
        explode: false
        in: path
        name: ruleId
        required: true
        schema:
          example: ruld3hJ7jZh4fn0st0g3
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.policies.manage
      summary: Deactivate a Policy Rule
      tags:
      - Policy
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/principal-rate-limits:
    get:
      description: Lists all Principal Rate Limit entities considering the provided
        parameters
      operationId: listPrincipalRateLimitEntities
      parameters:
      - explode: true
        in: query
        name: filter
        required: false
        schema:
          type: string
        style: form
      - explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          maximum: 50
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/PrincipalRateLimitEntity'
                type: array
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.principalRateLimits.read
      summary: List all Principal Rate Limits
      tags:
      - PrincipalRateLimit
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Creates a new Principal Rate Limit entity. In the current release,\
        \ we only allow one Principal Rate Limit entity per org and principal."
      operationId: createPrincipalRateLimitEntity
      requestBody:
        content:
          application/json:
            examples:
              SSWSToken:
                $ref: '#/components/examples/PrincipalRateLimitEntityRequestSSWSToken'
              EmptyPercentages:
                $ref: '#/components/examples/PrincipalRateLimitEntityRequestEmptyPercentages'
            schema:
              $ref: '#/components/schemas/PrincipalRateLimitEntity'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                SSWSToken:
                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
              schema:
                $ref: '#/components/schemas/PrincipalRateLimitEntity'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.principalRateLimits.manage
      summary: Create a Principal Rate Limit
      tags:
      - PrincipalRateLimit
      x-codegen-request-body-name: entity
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/principal-rate-limits/{principalRateLimitId}:
    get:
      description: Retrieves a Principal Rate Limit entity by `principalRateLimitId`
      operationId: getPrincipalRateLimitEntity
      parameters:
      - description: id of the Principal Rate Limit
        explode: false
        in: path
        name: principalRateLimitId
        required: true
        schema:
          example: abcd1234
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                SSWSToken:
                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
              schema:
                $ref: '#/components/schemas/PrincipalRateLimitEntity'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.principalRateLimits.read
      summary: Retrieve a Principal Rate Limit
      tags:
      - PrincipalRateLimit
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces a principal rate limit entity by `principalRateLimitId`
      operationId: replacePrincipalRateLimitEntity
      parameters:
      - description: id of the Principal Rate Limit
        explode: false
        in: path
        name: principalRateLimitId
        required: true
        schema:
          example: abcd1234
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              SSWSToken:
                $ref: '#/components/examples/PrincipalRateLimitEntityRequestSSWSToken'
              EmptyPercentages:
                $ref: '#/components/examples/PrincipalRateLimitEntityRequestEmptyPercentages'
            schema:
              $ref: '#/components/schemas/PrincipalRateLimitEntity'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                SSWSToken:
                  $ref: '#/components/examples/PrincipalRateLimitEntityResponseSSWSToken'
              schema:
                $ref: '#/components/schemas/PrincipalRateLimitEntity'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.principalRateLimits.manage
      summary: Replace a Principal Rate Limit
      tags:
      - PrincipalRateLimit
      x-codegen-request-body-name: entity
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/push-providers:
    get:
      description: Lists all push providers
      operationId: listPushProviders
      parameters:
      - description: Filters push providers by `providerType`
        explode: true
        in: query
        name: type
        required: false
        schema:
          $ref: '#/components/schemas/ProviderType'
        style: form
      responses:
        "200":
          content:
            application/json:
              example:
                value:
                - id: ppchvbeucdTgqeiGxR0g4
                  providerType: APNS
                  name: Example Push Provider 1
                  lastUpdatedDate: 2022-01-00T00:00:00.000Z
                  configuration:
                    keyId: ABC123DEFG
                    teamId: DEF123GHIJ
                    fileName: fileName.p8
                  _links:
                    self:
                      href: "https://your-subdomain.okta.com/api/v1/push-providers/{pushProviderId}"
                      hints:
                        allow:
                        - DELETE
                        - GET
                        - PUT
                - id: ppctekcmngGaqeiBxB0g4
                  providerType: FCM
                  name: Example Push Provider 2
                  lastUpdatedDate: 2022-01-00T00:00:00.000Z
                  configuration:
                    projectId: PROJECT_ID
                    fileName: fileName.json
                  _links:
                    self:
                      href: "https://your-subdomain.okta.com/api/v1/push-providers/{pushProviderId}"
                      hints:
                        allow:
                        - DELETE
                        - GET
                        - PUT
              schema:
                items:
                  $ref: '#/components/schemas/PushProvider'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.pushProviders.read
      summary: List all Push Providers
      tags:
      - PushProvider
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    post:
      description: Creates a new push provider. Each Push Provider must have a unique
        `name`.
      operationId: createPushProvider
      requestBody:
        content:
          application/json:
            examples:
              APNs:
                $ref: '#/components/examples/PushProviderAPNsRequest'
              FCM:
                $ref: '#/components/examples/PushProviderFCMRequest'
            schema:
              $ref: '#/components/schemas/PushProvider'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                APNs:
                  $ref: '#/components/examples/PushProviderAPNsResponse'
                FCM:
                  $ref: '#/components/examples/PushProviderFCMResponse'
              schema:
                $ref: '#/components/schemas/PushProvider'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.pushProviders.manage
      summary: Create a Push Provider
      tags:
      - PushProvider
      x-codegen-request-body-name: pushProvider
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/push-providers/{pushProviderId}:
    delete:
      description: "Deletes a push provider by `pushProviderId`. If the push provider\
        \ is currently being used in the org by a custom authenticator, the delete\
        \ will not be allowed."
      operationId: deletePushProvider
      parameters:
      - description: Id of the push provider
        explode: false
        in: path
        name: pushProviderId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "409":
          content:
            application/json:
              examples:
                Cannot remove push provider in use by a custom app authenticator:
                  $ref: '#/components/examples/ErrorPushProviderUsedByCustomAppAuthenticator'
              schema:
                $ref: '#/components/schemas/Error'
          description: Conflict
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.pushProviders.manage
      summary: Delete a Push Provider
      tags:
      - PushProvider
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    get:
      description: Retrieves a push provider by `pushProviderId`
      operationId: getPushProvider
      parameters:
      - description: Id of the push provider
        explode: false
        in: path
        name: pushProviderId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                APNs:
                  $ref: '#/components/examples/PushProviderAPNsResponse'
                FCM:
                  $ref: '#/components/examples/PushProviderFCMResponse'
              schema:
                $ref: '#/components/schemas/PushProvider'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.pushProviders.read
      summary: Retrieve a Push Provider
      tags:
      - PushProvider
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    put:
      description: Replaces a push provider by `pushProviderId`
      operationId: replacePushProvider
      parameters:
      - description: Id of the push provider
        explode: false
        in: path
        name: pushProviderId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              APNs:
                $ref: '#/components/examples/PushProviderAPNsRequest'
              FCM:
                $ref: '#/components/examples/PushProviderFCMRequest'
            schema:
              $ref: '#/components/schemas/PushProvider'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                APNs:
                  $ref: '#/components/examples/PushProviderAPNsResponse'
                FCM:
                  $ref: '#/components/examples/PushProviderFCMResponse'
              schema:
                $ref: '#/components/schemas/PushProvider'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.pushProviders.manage
      summary: Replace a Push Provider
      tags:
      - PushProvider
      x-codegen-request-body-name: pushProvider
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/rate-limit-settings/admin-notifications:
    get:
      description: Retrieves the currently configured Rate Limit Admin Notification
        Settings
      operationId: getRateLimitSettingsAdminNotifications
      responses:
        "200":
          content:
            application/json:
              examples:
                Enabled:
                  $ref: '#/components/examples/RateLimitAdminNotificationsEnabled'
                Disabled:
                  $ref: '#/components/examples/RateLimitAdminNotificationsDisabled'
              schema:
                $ref: '#/components/schemas/RateLimitAdminNotifications'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.rateLimits.read
      summary: Retrieve the Rate Limit Admin Notification Settings
      tags:
      - RateLimitSettings
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the Rate Limit Admin Notification Settings and returns
        the configured properties
      operationId: replaceRateLimitSettingsAdminNotifications
      requestBody:
        content:
          application/json:
            examples:
              Enabled:
                $ref: '#/components/examples/RateLimitAdminNotificationsEnabled'
              Disabled:
                $ref: '#/components/examples/RateLimitAdminNotificationsDisabled'
            schema:
              $ref: '#/components/schemas/RateLimitAdminNotifications'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Enabled:
                  $ref: '#/components/examples/RateLimitAdminNotificationsEnabled'
                Disabled:
                  $ref: '#/components/examples/RateLimitAdminNotificationsDisabled'
              schema:
                $ref: '#/components/schemas/RateLimitAdminNotifications'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.rateLimits.manage
      summary: Replace the Rate Limit Admin Notification Settings
      tags:
      - RateLimitSettings
      x-codegen-request-body-name: RateLimitAdminNotifications
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/rate-limit-settings/per-client:
    get:
      description: Retrieves the currently configured Per-Client Rate Limit Settings
      operationId: getRateLimitSettingsPerClient
      responses:
        "200":
          content:
            application/json:
              examples:
                EnforceDefault:
                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefault'
                EnforceDefaultWithOverrides:
                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefaultWithOverrides'
                PreviewDefaultWithOverrides:
                  $ref: '#/components/examples/PerClientRateLimitSettingsPreviewDefaultWithOverrides'
              schema:
                $ref: '#/components/schemas/PerClientRateLimitSettings'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.rateLimits.read
      summary: Retrieve the Per-Client Rate Limit Settings
      tags:
      - RateLimitSettings
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the Per-Client Rate Limit Settings and returns the configured
        properties
      operationId: replaceRateLimitSettingsPerClient
      requestBody:
        content:
          application/json:
            examples:
              EnforceDefault:
                $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefault'
              EnforceDefaultWithOverrides:
                $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefaultWithOverrides'
              PreviewDefaultWithOverrides:
                $ref: '#/components/examples/PerClientRateLimitSettingsPreviewDefaultWithOverrides'
            schema:
              $ref: '#/components/schemas/PerClientRateLimitSettings'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                EnforceDefault:
                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefault'
                EnforceDefaultWithOverrides:
                  $ref: '#/components/examples/PerClientRateLimitSettingsEnforceDefaultWithOverrides'
                PreviewDefaultWithOverrides:
                  $ref: '#/components/examples/PerClientRateLimitSettingsPreviewDefaultWithOverrides'
              schema:
                $ref: '#/components/schemas/PerClientRateLimitSettings'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.rateLimits.manage
      summary: Replace the Per-Client Rate Limit Settings
      tags:
      - RateLimitSettings
      x-codegen-request-body-name: perClientRateLimitSettings
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/rate-limit-settings/warning-threshold:
    get:
      description: Retrieves the currently configured threshold for warning notifications
        when the API's rate limit is exceeded
      operationId: getRateLimitSettingsWarningThreshold
      responses:
        "200":
          content:
            application/json:
              examples:
                ExampleThreshold:
                  $ref: '#/components/examples/RateLimitWarningThresholdValidExample'
              schema:
                $ref: '#/components/schemas/RateLimitWarningThresholdResponse'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.rateLimits.read
      summary: Retrieve the Rate Limit Warning Threshold Percentage
      tags:
      - RateLimitSettings
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the Rate Limit Warning Threshold Percentage and returns
        the configured property
      operationId: replaceRateLimitSettingsWarningThreshold
      requestBody:
        content:
          application/json:
            examples:
              ExampleThreshold:
                $ref: '#/components/examples/RateLimitWarningThresholdValidExample'
            schema:
              $ref: '#/components/schemas/RateLimitWarningThresholdRequest'
      responses:
        "200":
          content:
            application/json:
              examples:
                ExampleThreshold:
                  $ref: '#/components/examples/RateLimitWarningThresholdValidExample'
              schema:
                $ref: '#/components/schemas/RateLimitWarningThresholdResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.rateLimits.manage
      summary: Replace the Rate Limit Warning Threshold Percentage
      tags:
      - RateLimitSettings
      x-codegen-request-body-name: RateLimitWarningThreshold
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/realm-assignments:
    get:
      description: Lists all Realm Assignments
      operationId: listRealmAssignments
      parameters:
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                AssignmentLists:
                  $ref: '#/components/examples/ListRealmAssignmentsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/RealmAssignment'
                type: array
          description: OK
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realmAssignments.read
      summary: List all Realm Assignments
      tags:
      - RealmAssignment
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    post:
      description: Creates a new Realm Assignment
      operationId: createRealmAssignment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateRealmAssignmentRequest'
        required: true
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RealmAssignment'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realmAssignments.manage
      summary: Create a Realm Assignment
      tags:
      - RealmAssignment
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/realm-assignments/operations:
    get:
      description: Lists all Realm Assignment operations. The upper limit is 200 and
        operations are sorted in descending order from most recent to oldest by id
      operationId: listRealmAssignmentOperations
      parameters:
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Executions:
                  value:
                  - id: rre4mje4ez6B2a7B60g7
                    type: realm:assignment
                    status: COMPLETED
                    created: 2023-10-25T21:02:54.000Z
                    started: 2023-10-25T21:02:54.000Z
                    completed: 2023-10-25T21:02:54.000Z
                    realmId: 00g1b7rvh0xPLKXFf0g5
                    realmName: Realm Name
                    assignmentOperation:
                      configuration:
                        id: 0pr1b7rxZj2ibQzfP0g5
                        name: Realm Assignment 1
                        conditions:
                          profileSourceId: 0oa4enoRyjwSCy5hx0g4
                          expression:
                            value: string
                        actions:
                          assignUserToRealm:
                            realmId: 00g1b7rvh0xPLKXFf0g5
                    numUserMoved: 50
                    _links:
                      self:
                        rel: self
                        href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez6B2a7B60g7
                        method: GET
                  - id: rre4mje4ez7B2a7B60g7
                    type: realm:assignment
                    status: COMPLETED
                    created: 2023-10-25T21:02:54.000Z
                    started: 2023-10-25T21:02:54.000Z
                    completed: 2023-10-25T21:02:54.000Z
                    assignmentOperation:
                      configuration:
                        id: ALL
                        name: All Assignments
                    numUserMoved: 50
                    _links:
                      self:
                        rel: self
                        href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez7B2a7B60g7
                        method: GET
              schema:
                items:
                  $ref: '#/components/schemas/OperationResponse'
                type: array
          description: OK
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realmAssignments.read
      summary: List all Realm Assignment operations
      tags:
      - RealmAssignment
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    post:
      description: Executes a Realm Assignment
      operationId: executeRealmAssignment
      requestBody:
        content:
          application/json:
            examples:
              ExecuteSpecificAssignment:
                value:
                  assignmentId: 0pr1b7rxZj2ibQzfP0g5
              ExecuteAllAssignments:
                value:
                  assignmentId: ALL
            schema:
              $ref: '#/components/schemas/OperationRequest'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                Execution:
                  $ref: '#/components/examples/OperationResponse'
              schema:
                $ref: '#/components/schemas/OperationResponse'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realmAssignments.manage
      summary: Execute a Realm Assignment
      tags:
      - RealmAssignment
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/realm-assignments/{assignmentId}:
    delete:
      description: Deletes a Realm Assignment
      operationId: deleteRealmAssignment
      parameters:
      - description: '`id` of the Realm Assignment'
        explode: false
        in: path
        name: assignmentId
        required: true
        schema:
          example: rul2jy7jLUlnO3ng00g4
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "400":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realmAssignments.manage
      summary: Delete a Realm Assignment
      tags:
      - RealmAssignment
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    get:
      description: Retrieves a Realm Assignment
      operationId: getRealmAssignment
      parameters:
      - description: '`id` of the Realm Assignment'
        explode: false
        in: path
        name: assignmentId
        required: true
        schema:
          example: rul2jy7jLUlnO3ng00g4
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                RealmAssignment:
                  $ref: '#/components/examples/GetRealmAssignmentResponse'
                CatchAllRealmAssignment:
                  $ref: '#/components/examples/DefaultRealmAssignment'
              schema:
                $ref: '#/components/schemas/RealmAssignment'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realmAssignments.read
      summary: Retrieve a Realm Assignment
      tags:
      - RealmAssignment
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    put:
      description: Replaces a Realm Assignment
      operationId: replaceRealmAssignment
      parameters:
      - description: '`id` of the Realm Assignment'
        explode: false
        in: path
        name: assignmentId
        required: true
        schema:
          example: rul2jy7jLUlnO3ng00g4
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateRealmAssignmentRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RealmAssignment'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realmAssignments.manage
      summary: Replace a Realm Assignment
      tags:
      - RealmAssignment
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/realm-assignments/{assignmentId}/lifecycle/activate:
    post:
      description: Activates a Realm Assignment
      operationId: activateRealmAssignment
      parameters:
      - description: '`id` of the Realm Assignment'
        explode: false
        in: path
        name: assignmentId
        required: true
        schema:
          example: rul2jy7jLUlnO3ng00g4
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realmAssignments.manage
      summary: Activate a Realm Assignment
      tags:
      - RealmAssignment
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/realm-assignments/{assignmentId}/lifecycle/deactivate:
    post:
      description: Deactivates a Realm Assignment
      operationId: deactivateRealmAssignment
      parameters:
      - description: '`id` of the Realm Assignment'
        explode: false
        in: path
        name: assignmentId
        required: true
        schema:
          example: rul2jy7jLUlnO3ng00g4
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realmAssignments.manage
      summary: Deactivate a Realm Assignment
      tags:
      - RealmAssignment
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
  /api/v1/realms:
    get:
      description: Lists all Realms
      operationId: listRealms
      parameters:
      - description: Specifies the number of results returned. Defaults to 10 if `search`
          is provided.
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 200
          format: int32
          type: integer
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Searches for Realms with a supported filtering expression for
          most properties
        explode: true
        in: query
        name: search
        required: false
        schema:
          type: string
        style: form
      - description: Specifies field to sort by and can be any single property (for
          search queries only).
        explode: true
        in: query
        name: sortBy
        required: false
        schema:
          example: profile.name
          type: string
        style: form
      - description: Specifies sort order `asc` or `desc` (for search queries only).
          This parameter is ignored if `sortBy` isn't present.
        explode: true
        in: query
        name: sortOrder
        required: false
        schema:
          default: asc
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Realm Lists:
                  $ref: '#/components/examples/ListRealmsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/Realm'
                type: array
          description: OK
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realms.read
      summary: List all Realms
      tags:
      - Realm
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    post:
      description: Creates a new Realm
      operationId: createRealm
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateRealmRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Realm'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realms.manage
      summary: Create a Realm
      tags:
      - Realm
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/realms/{realmId}:
    delete:
      description: Deletes a Realm permanently. This operation can only be performed
        after disassociating other entities like Users and Identity Providers from
        a Realm.
      operationId: deleteRealm
      parameters:
      - description: '`id` of the Realm'
        explode: false
        in: path
        name: realmId
        required: true
        schema:
          example: vvrcFogtKCrK9aYq3fgV
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "400":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realms.manage
      summary: Delete a Realm
      tags:
      - Realm
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    get:
      description: Retrieves a Realm
      operationId: getRealm
      parameters:
      - description: '`id` of the Realm'
        explode: false
        in: path
        name: realmId
        required: true
        schema:
          example: vvrcFogtKCrK9aYq3fgV
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                DefaultRealm:
                  $ref: '#/components/examples/DefaultRealmResponse'
                NonDefaultRealm:
                  $ref: '#/components/examples/RealmResponse'
              schema:
                $ref: '#/components/schemas/Realm'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realms.read
      summary: Retrieve a Realm
      tags:
      - Realm
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    put:
      description: Replaces the realm profile
      operationId: replaceRealm
      parameters:
      - description: '`id` of the Realm'
        explode: false
        in: path
        name: realmId
        required: true
        schema:
          example: vvrcFogtKCrK9aYq3fgV
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateRealmRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Realm'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.realms.manage
      summary: Replace the realm profile
      tags:
      - Realm
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/resource-selectors/{resourceSelectorId}: {}
  /api/v1/risk/events/ip:
    post:
      description: |-
        Sends multiple IP risk events to Okta.
        This request is used by a third-party risk provider to send IP risk events to Okta. The third-party risk provider needs to be registered with Okta before they can send events to Okta. See [Risk Providers](/openapi/okta-management/management/tag/RiskProvider/).
        This API has a rate limit of 30 requests per minute. You can include multiple risk events (up to a maximum of 20 events) in a single payload to reduce the number of API calls. Prioritize sending high risk signals if you have a burst of signals to send that would exceed the maximum request limits.
      operationId: sendRiskEvents
      requestBody:
        content:
          application/json:
            examples:
              RiskEventsRequestExample:
                $ref: '#/components/examples/RiskEventsRequestExample'
            schema:
              items:
                $ref: '#/components/schemas/RiskEvent'
              type: array
        required: true
      responses:
        "202":
          description: Accepted
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.riskEvents.manage
      summary: Send multiple Risk Events
      tags:
      - RiskEvent
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/risk/providers:
    get:
      description: Lists all Risk Provider objects
      operationId: listRiskProviders
      responses:
        "200":
          content:
            application/json:
              examples:
                RiskProviderList:
                  $ref: '#/components/examples/ListRiskProviderResponse'
              schema:
                items:
                  $ref: '#/components/schemas/RiskProvider'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.riskProviders.read
      summary: List all Risk Providers
      tags:
      - RiskProvider
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    post:
      description: Creates a Risk Provider object. A maximum of three Risk Provider
        objects can be created.
      operationId: createRiskProvider
      requestBody:
        content:
          application/json:
            examples:
              RiskProviderRequestExample:
                $ref: '#/components/examples/RiskProviderRequest'
            schema:
              $ref: '#/components/schemas/RiskProvider'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                RiskProviderPostResponseExample:
                  $ref: '#/components/examples/RiskProviderResponse'
              schema:
                $ref: '#/components/schemas/RiskProvider'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.riskProviders.manage
      summary: Create a Risk Provider
      tags:
      - RiskProvider
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/risk/providers/{riskProviderId}:
    delete:
      description: Deletes a Risk Provider object by its ID
      operationId: deleteRiskProvider
      parameters:
      - description: '`id` of the Risk Provider object'
        explode: false
        in: path
        name: riskProviderId
        required: true
        schema:
          example: 00rp12r4skkjkjgsn
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.riskProviders.manage
      summary: Delete a Risk Provider
      tags:
      - RiskProvider
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    get:
      description: Retrieves a Risk Provider object by ID
      operationId: getRiskProvider
      parameters:
      - description: '`id` of the Risk Provider object'
        explode: false
        in: path
        name: riskProviderId
        required: true
        schema:
          example: 00rp12r4skkjkjgsn
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                RiskProviderGetResponseExample:
                  $ref: '#/components/examples/RiskProviderResponse'
              schema:
                $ref: '#/components/schemas/RiskProvider'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.riskProviders.read
      summary: Retrieve a Risk Provider
      tags:
      - RiskProvider
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-accepts:
      - application/json
    put:
      description: Replaces the properties for a given Risk Provider object ID
      operationId: replaceRiskProvider
      parameters:
      - description: '`id` of the Risk Provider object'
        explode: false
        in: path
        name: riskProviderId
        required: true
        schema:
          example: 00rp12r4skkjkjgsn
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              RiskProviderPutRequestExample:
                $ref: '#/components/examples/RiskProviderPutRequest'
            schema:
              $ref: '#/components/schemas/RiskProvider'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                RiskProviderPutResponseExample:
                  $ref: '#/components/examples/RiskProviderPutResponse'
              schema:
                $ref: '#/components/schemas/RiskProvider'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.riskProviders.manage
      summary: Replace a Risk Provider
      tags:
      - RiskProvider
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/roles/{roleRef}/subscriptions:
    get:
      description: Lists all subscriptions available to a specified Role
      operationId: listSubscriptionsRole
      parameters:
      - description: "A reference to an existing role. Standard roles require a `roleType`,\
          \ while Custom Roles require a `roleId`. See [Standard Roles](/openapi/okta-management/guides/roles/#standard-roles)."
        explode: false
        in: path
        name: roleRef
        required: true
        schema:
          $ref: '#/components/schemas/listSubscriptionsRole_roleRef_parameter'
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/Subscription'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Subscriptions for a Role
      tags:
      - Subscription
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/roles/{roleRef}/subscriptions/{notificationType}:
    get:
      description: Retrieves a subscription by `notificationType` for a specified
        Role
      operationId: getSubscriptionsNotificationTypeRole
      parameters:
      - description: "A reference to an existing role. Standard roles require a `roleType`,\
          \ while Custom Roles require a `roleId`. See [Standard Roles](/openapi/okta-management/guides/roles/#standard-roles)."
        explode: false
        in: path
        name: roleRef
        required: true
        schema:
          $ref: '#/components/schemas/listSubscriptionsRole_roleRef_parameter'
        style: simple
      - explode: false
        in: path
        name: notificationType
        required: true
        schema:
          $ref: '#/components/schemas/NotificationType'
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Subscription'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: Retrieve a Subscription for a Role
      tags:
      - Subscription
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/roles/{roleRef}/subscriptions/{notificationType}/subscribe:
    post:
      description: Subscribes a Role to a specified notification type. Changes to
        Role subscriptions override the subscription status of any individual users
        with the Role.
      operationId: subscribeByNotificationTypeRole
      parameters:
      - description: "A reference to an existing role. Standard roles require a `roleType`,\
          \ while Custom Roles require a `roleId`. See [Standard Roles](/openapi/okta-management/guides/roles/#standard-roles)."
        explode: false
        in: path
        name: roleRef
        required: true
        schema:
          $ref: '#/components/schemas/listSubscriptionsRole_roleRef_parameter'
        style: simple
      - explode: false
        in: path
        name: notificationType
        required: true
        schema:
          $ref: '#/components/schemas/NotificationType'
        style: simple
      responses:
        "200":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Subscribe a Role to a Specific Notification Type
      tags:
      - Subscription
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/roles/{roleRef}/subscriptions/{notificationType}/unsubscribe:
    post:
      description: Unsubscribes a Role from a specified notification type. Changes
        to Role subscriptions override the subscription status of any individual users
        with the Role.
      operationId: unsubscribeByNotificationTypeRole
      parameters:
      - description: "A reference to an existing role. Standard roles require a `roleType`,\
          \ while Custom Roles require a `roleId`. See [Standard Roles](/openapi/okta-management/guides/roles/#standard-roles)."
        explode: false
        in: path
        name: roleRef
        required: true
        schema:
          $ref: '#/components/schemas/listSubscriptionsRole_roleRef_parameter'
        style: simple
      - explode: false
        in: path
        name: notificationType
        required: true
        schema:
          $ref: '#/components/schemas/NotificationType'
        style: simple
      responses:
        "200":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unsubscribe a Role from a Specific Notification Type
      tags:
      - Subscription
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/security-events-providers:
    get:
      description: Lists all Security Events Provider instances
      operationId: listSecurityEventsProviderInstances
      responses:
        "200":
          content:
            application/json:
              examples:
                list:
                  $ref: '#/components/examples/ListOfSecurityEventsProviderInstances'
              schema:
                items:
                  $ref: '#/components/schemas/SecurityEventsProviderResponse'
                type: array
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.securityEventsProviders.read
      summary: List all Security Events Providers
      tags:
      - SSFReceiver
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    post:
      description: Creates a Security Events Provider instance
      operationId: createSecurityEventsProviderInstance
      requestBody:
        content:
          application/json:
            examples:
              well-known-URL-provided:
                $ref: '#/components/examples/SecurityEventsProviderRequestWellKnownUrl'
              issuer-and-JWKS-URL-provided:
                $ref: '#/components/examples/SecurityEventsProviderRequestIssuerAndJwksUrl'
            schema:
              $ref: '#/components/schemas/SecurityEventsProviderRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                well-known-URL-provided:
                  $ref: '#/components/examples/SecurityEventsProviderResponseWellKnownUrl'
                issuer-and-JWKS-URL-provided:
                  $ref: '#/components/examples/SecurityEventsProviderResponseIssuerAndJwksUrl'
              schema:
                $ref: '#/components/schemas/SecurityEventsProviderResponse'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.securityEventsProviders.manage
      summary: Create a Security Events Provider
      tags:
      - SSFReceiver
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/security-events-providers/{securityEventProviderId}:
    delete:
      description: Deletes a Security Events Provider instance specified by `id`
      operationId: deleteSecurityEventsProviderInstance
      parameters:
      - description: '`id` of the Security Events Provider instance'
        explode: false
        in: path
        name: securityEventProviderId
        required: true
        schema:
          example: sse1qg25RpusjUP6m0g5
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.securityEventsProviders.manage
      summary: Delete a Security Events Provider
      tags:
      - SSFReceiver
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    get:
      description: Retrieves the Security Events Provider instance specified by `id`
      operationId: getSecurityEventsProviderInstance
      parameters:
      - description: '`id` of the Security Events Provider instance'
        explode: false
        in: path
        name: securityEventProviderId
        required: true
        schema:
          example: sse1qg25RpusjUP6m0g5
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                get:
                  $ref: '#/components/examples/SecurityEventsProviderResponseWellKnownUrl'
              schema:
                $ref: '#/components/schemas/SecurityEventsProviderResponse'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.securityEventsProviders.read
      summary: Retrieve the Security Events Provider
      tags:
      - SSFReceiver
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    put:
      description: Replaces a Security Events Provider instance specified by `id`
      operationId: replaceSecurityEventsProviderInstance
      parameters:
      - description: '`id` of the Security Events Provider instance'
        explode: false
        in: path
        name: securityEventProviderId
        required: true
        schema:
          example: sse1qg25RpusjUP6m0g5
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              well-known-URL-provided:
                $ref: '#/components/examples/SecurityEventsProviderRequestWellKnownUrl'
              issuer-and-JWKS-URL-provided:
                $ref: '#/components/examples/SecurityEventsProviderRequestIssuerAndJwksUrl'
            schema:
              $ref: '#/components/schemas/SecurityEventsProviderRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                well-known-URL-provided:
                  $ref: '#/components/examples/SecurityEventsProviderResponseWellKnownUrl'
                issuer-and-JWKS-URL-provided:
                  $ref: '#/components/examples/SecurityEventsProviderResponseIssuerAndJwksUrl'
              schema:
                $ref: '#/components/schemas/SecurityEventsProviderResponse'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.securityEventsProviders.manage
      summary: Replace a Security Events Provider
      tags:
      - SSFReceiver
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/security-events-providers/{securityEventProviderId}/lifecycle/activate:
    post:
      description: |-
        Activates a Security Events Provider instance by setting its status to `ACTIVE`.
        This operation resumes the flow of events from the Security Events Provider to Okta.
      operationId: activateSecurityEventsProviderInstance
      parameters:
      - description: '`id` of the Security Events Provider instance'
        explode: false
        in: path
        name: securityEventProviderId
        required: true
        schema:
          example: sse1qg25RpusjUP6m0g5
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                activatedInstance:
                  $ref: '#/components/examples/SecurityEventsProviderResponseWellKnownUrl'
              schema:
                $ref: '#/components/schemas/SecurityEventsProviderResponse'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.securityEventsProviders.manage
      summary: Activate a Security Events Provider
      tags:
      - SSFReceiver
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/security-events-providers/{securityEventProviderId}/lifecycle/deactivate:
    post:
      description: |-
        Deactivates a Security Events Provider instance by setting its status to `INACTIVE`.
        This operation stops the flow of events from the Security Events Provider to Okta.
      operationId: deactivateSecurityEventsProviderInstance
      parameters:
      - description: '`id` of the Security Events Provider instance'
        explode: false
        in: path
        name: securityEventProviderId
        required: true
        schema:
          example: sse1qg25RpusjUP6m0g5
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                deactivatedInstance:
                  $ref: '#/components/examples/DeactivatedSecurityEventsProviderResponse'
              schema:
                $ref: '#/components/schemas/SecurityEventsProviderResponse'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.securityEventsProviders.manage
      summary: Deactivate a Security Events Provider
      tags:
      - SSFReceiver
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /api/v1/sessions:
    post:
      description: "Creates a new Session for a user with a valid session token. Use\
        \ this API if, for example, you want to set the session cookie yourself instead\
        \ of allowing Okta to set it, or want to hold the session ID to delete a session\
        \ through the API instead of visiting the logout URL."
      operationId: createSession
      requestBody:
        content:
          application/json:
            examples:
              SessionsCreate:
                $ref: '#/components/examples/CreateSessionBody'
            schema:
              $ref: '#/components/schemas/CreateSessionRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                SessionsCreate:
                  $ref: '#/components/examples/CreateSessionResponse'
              schema:
                $ref: '#/components/schemas/Session'
          description: Success
        "400":
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      summary: Create a Session with session token
      tags:
      - Session
      x-codegen-request-body-name: createSessionRequest
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/sessions/me:
    delete:
      description: |-
        Closes the Session for the user who is currently signed in. Use this method in a browser-based application to sign out a user.

        > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation.
      operationId: closeCurrentSession
      parameters:
      - example: sid=abcde-123 or idx=abcde-123
        explode: false
        in: header
        name: Cookie
        required: false
        schema:
          description: Session ID (`sid`) or Identity Engine (`idx`) cookie
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
      security: []
      summary: Close the current Session
      tags:
      - Session
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: "Retrieves Session information for the current user. Use this method\
        \ in a browser-based application to determine if the user is signed in. \n\
        \n> **Note:** This operation requires a session cookie for the user. An API\
        \ token isn't allowed for this operation. "
      operationId: getCurrentSession
      parameters:
      - example: sid=abcde-123 or idx=abcde-123
        explode: false
        in: header
        name: Cookie
        required: false
        schema:
          description: Session ID (`sid`) or Identity Engine (`idx`) cookie
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                CurrentSessionsRetrieve:
                  $ref: '#/components/examples/RetrieveCurrentSessionResponse'
              schema:
                $ref: '#/components/schemas/Session'
          description: Success
        "404":
          description: Not Found
      security: []
      summary: Retrieve the current Session
      tags:
      - Session
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/sessions/me/lifecycle/refresh:
    post:
      description: |-
        Refreshes the Session for the current user

        > **Note:** This operation requires a session cookie for the user. An API token isn't allowed for this operation.
      operationId: refreshCurrentSession
      parameters:
      - example: sid=abcde-123 or idx=abcde-123
        explode: false
        in: header
        name: Cookie
        required: false
        schema:
          description: Session ID (`sid`) or Identity Engine (`idx`) cookie
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                CurrentSessionsRefresh:
                  $ref: '#/components/examples/RefreshCurrentSessionResponse'
              schema:
                $ref: '#/components/schemas/Session'
          description: Success
        "404":
          description: Not Found
      security: []
      summary: Refresh the current Session
      tags:
      - Session
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/sessions/{sessionId}:
    delete:
      description: Revokes the specified Session
      operationId: revokeSession
      parameters:
      - description: '`id` of the Session'
        explode: false
        in: path
        name: sessionId
        required: true
        schema:
          example: l7FbDVqS8zHSy65uJD85
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.sessions.manage
      summary: Revoke a Session
      tags:
      - Session
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves information about the Session specified by the given
        session ID
      operationId: getSession
      parameters:
      - description: '`id` of the Session'
        explode: false
        in: path
        name: sessionId
        required: true
        schema:
          example: l7FbDVqS8zHSy65uJD85
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                SessionsRetrieve:
                  $ref: '#/components/examples/RetrieveSessionResponse'
              schema:
                $ref: '#/components/schemas/Session'
          description: Success
        "400":
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.sessions.read
      summary: Retrieve a Session
      tags:
      - Session
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/sessions/{sessionId}/lifecycle/refresh:
    post:
      description: Refreshes an existing Session using the `id` for that Session.
        A successful response contains the refreshed Session with an updated `expiresAt`
        timestamp.
      operationId: refreshSession
      parameters:
      - description: '`id` of the Session'
        explode: false
        in: path
        name: sessionId
        required: true
        schema:
          example: l7FbDVqS8zHSy65uJD85
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                SessionsRefresh:
                  $ref: '#/components/examples/RefreshSessionResponse'
              schema:
                $ref: '#/components/schemas/Session'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.sessions.manage
      summary: Refresh a Session
      tags:
      - Session
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/ssf/stream:
    delete:
      description: |-
        Deletes the specified SSF Stream.

        If the `stream_id` is not provided in the query string, the associated stream with the Client ID (through the request OAuth 2.0 access token) is deleted. Otherwise, the SSF Stream with the `stream_id` is deleted, if found.
      operationId: deleteSsfStream
      parameters:
      - description: The ID of the specified SSF Stream configuration
        example: esc1k235GIIztAuGK0g5
        explode: true
        in: query
        name: stream_id
        required: false
        schema:
          type: string
        style: form
      responses:
        "204":
          content: {}
          description: No Content
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - oauth2:
        - ssf.manage
      summary: Delete an SSF Stream
      tags:
      - SSFTransmitter
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    get:
      description: |-
        Retrieves either a list of all known SSF Stream configurations or the individual configuration if specified by ID.

        As Stream configurations are tied to a Client ID, only the Stream associated with the Client ID of the request OAuth 2.0 access token can be viewed.
      operationId: getSsfStreams
      parameters:
      - description: The ID of the specified SSF Stream configuration
        example: esc1k235GIIztAuGK0g5
        explode: true
        in: query
        name: stream_id
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                listResponse:
                  $ref: '#/components/examples/listStreamConfigurationExample'
                individualStreamResponse:
                  $ref: '#/components/examples/streamConfigurationExample'
              schema:
                $ref: '#/components/schemas/getSsfStreams_200_response'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - oauth2:
        - ssf.read
      summary: Retrieve the SSF Stream configuration(s)
      tags:
      - SSFTransmitter
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    patch:
      description: |-
        Updates properties for an existing SSF Stream configuration.

        If the `stream_id` isn't provided in the request body, the associated stream with the Client ID (through the request OAuth 2.0 access token) is updated.
      operationId: updateSsfStream
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/StreamConfiguration'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StreamConfiguration'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - oauth2:
        - ssf.manage
      summary: Update an SSF Stream
      tags:
      - SSFTransmitter
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
    post:
      description: |-
        Creates an SSF Stream for an event receiver to start receiving security events in the form of Security Event Tokens (SETs) from Okta.

        An SSF Stream is associated with the Client ID of the OAuth 2.0 access token used to create the stream. The Client ID is provided by Okta for an [OAuth 2.0 app integration](https://help.okta.com/okta_help.htm?id=ext_Apps_App_Integration_Wizard-oidc). One SSF Stream is allowed for each Client ID, hence, one SSF Stream is allowed for each app integration in Okta.

        A maximum of 10 SSF Stream configurations can be created for one org.
      operationId: createSsfStream
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/StreamConfigurationCreateRequest'
        required: true
      responses:
        "201":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StreamConfiguration'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - oauth2:
        - ssf.manage
      summary: Create an SSF Stream
      tags:
      - SSFTransmitter
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces all properties for an existing SSF Stream configuration.

        If the `stream_id` isn't provided in the request body, the associated stream with the Client ID (through the request OAuth 2.0 access token) is replaced.
      operationId: replaceSsfStream
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/StreamConfiguration'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StreamConfiguration'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - oauth2:
        - ssf.manage
      summary: Replace an SSF Stream
      tags:
      - SSFTransmitter
      x-codegen-request-body-name: instance
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/templates/sms:
    get:
      description: Lists all custom SMS templates. A subset of templates can be returned
        that match a template type.
      operationId: listSmsTemplates
      parameters:
      - explode: true
        in: query
        name: templateType
        required: false
        schema:
          $ref: '#/components/schemas/SmsTemplateType'
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                SMS Template List response:
                  $ref: '#/components/examples/SMSTemplateListResponse'
              schema:
                items:
                  $ref: '#/components/schemas/SmsTemplate'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: List all SMS Templates
      tags:
      - Template
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates a new custom SMS template
      operationId: createSmsTemplate
      requestBody:
        content:
          application/json:
            examples:
              Create an SMS Template request:
                $ref: '#/components/examples/CreateOrReplaceSMSTemplateRequest'
            schema:
              $ref: '#/components/schemas/SmsTemplate'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Create an SMS Template response:
                  $ref: '#/components/examples/CreateOrReplaceSMSTemplateResponse'
              schema:
                $ref: '#/components/schemas/SmsTemplate'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.manage
      summary: Create an SMS Template
      tags:
      - Template
      x-codegen-request-body-name: smsTemplate
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/templates/sms/{templateId}:
    delete:
      description: Deletes an SMS template
      operationId: deleteSmsTemplate
      parameters:
      - description: '`id` of the Template'
        explode: false
        in: path
        name: templateId
        required: true
        schema:
          example: 6NQUJ5yR3bpgEiYmq8IC
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.manage
      summary: Delete an SMS Template
      tags:
      - Template
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a specific template by `id`
      operationId: getSmsTemplate
      parameters:
      - description: '`id` of the Template'
        explode: false
        in: path
        name: templateId
        required: true
        schema:
          example: 6NQUJ5yR3bpgEiYmq8IC
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Get an SMS template response:
                  $ref: '#/components/examples/CreateOrReplaceSMSTemplateResponse'
              schema:
                $ref: '#/components/schemas/SmsTemplate'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.read
      summary: Retrieve an SMS Template
      tags:
      - Template
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |
        Updates only some of the SMS Template properties:
          * All properties within the custom SMS Template that have values are updated.
          * Any translation that doesn't exist is added.
          * Any translation with a null or empty value is removed.
          * Any translation with non-empty/null value is updated.
      operationId: updateSmsTemplate
      parameters:
      - description: '`id` of the Template'
        explode: false
        in: path
        name: templateId
        required: true
        schema:
          example: 6NQUJ5yR3bpgEiYmq8IC
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Update an SMS Template request:
                $ref: '#/components/examples/UpdateSMSTemplateRequest'
            schema:
              $ref: '#/components/schemas/SmsTemplate'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Update an SMS Template response:
                  $ref: '#/components/examples/UpdateSMSTemplateResponse'
              schema:
                $ref: '#/components/schemas/SmsTemplate'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.manage
      summary: Update an SMS Template
      tags:
      - Template
      x-codegen-request-body-name: smsTemplate
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
    put:
      description: |
        Replaces the SMS Template
        > **Notes:** You can't update the default SMS Template.
      operationId: replaceSmsTemplate
      parameters:
      - description: '`id` of the Template'
        explode: false
        in: path
        name: templateId
        required: true
        schema:
          example: 6NQUJ5yR3bpgEiYmq8IC
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Replace an SMS Template request:
                $ref: '#/components/examples/CreateOrReplaceSMSTemplateRequest'
            schema:
              $ref: '#/components/schemas/SmsTemplate'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Replace an SMS Template response:
                  $ref: '#/components/examples/CreateOrReplaceSMSTemplateResponse'
              schema:
                $ref: '#/components/schemas/SmsTemplate'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.templates.manage
      summary: Replace an SMS Template
      tags:
      - Template
      x-codegen-request-body-name: smsTemplate
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/threats/configuration:
    get:
      description: Retrieves the ThreatInsight configuration for the org
      operationId: getCurrentConfiguration
      responses:
        "200":
          content:
            application/json:
              examples:
                ThreatInsightResponseEx:
                  $ref: '#/components/examples/ThreatInsightResponseExample'
              schema:
                $ref: '#/components/schemas/ThreatInsightConfiguration'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.threatInsights.read
      summary: Retrieve the ThreatInsight Configuration
      tags:
      - ThreatInsight
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Updates the ThreatInsight configuration for the org
      operationId: updateConfiguration
      requestBody:
        content:
          application/json:
            examples:
              ThreatInsightUpdateEx:
                $ref: '#/components/examples/ThreatInsightUpdateRequestExample'
            schema:
              $ref: '#/components/schemas/ThreatInsightConfiguration'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                ThreatInsightUpdateEx:
                  $ref: '#/components/examples/ThreatInsightUpdateResponseExample'
              schema:
                $ref: '#/components/schemas/ThreatInsightConfiguration'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.threatInsights.manage
      summary: Update the ThreatInsight Configuration
      tags:
      - ThreatInsight
      x-codegen-request-body-name: threatInsightConfiguration
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/trustedOrigins:
    get:
      description: Lists all trusted origins
      operationId: listTrustedOrigins
      parameters:
      - description: A search string that will prefix match against the `name` and
          `origin`
        explode: true
        in: query
        name: q
        required: false
        schema:
          type: string
        style: form
      - description: |
          [Filter](/#filter) Trusted Origins with a supported expression for a subset of properties. You can filter on the following properties: `name`, `origin`, `status`, and `type` (type of scopes).
        examples:
          By name:
            value: name eq "Example Trusted Origin"
        explode: true
        in: query
        name: filter
        required: false
        schema:
          type: string
        style: form
      - description: The after cursor provided by a prior request.
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of results.
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          maximum: 200
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                TrustedOriginsResponse:
                  $ref: '#/components/examples/TrustedOriginsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/TrustedOrigin'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.trustedOrigins.read
      summary: List all Trusted Origins
      tags:
      - TrustedOrigin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates a trusted origin
      operationId: createTrustedOrigin
      requestBody:
        content:
          application/json:
            examples:
              TrustedOriginBody:
                $ref: '#/components/examples/TrustedOriginBody'
              TrustedOriginBodyWithIframeEmbedding:
                $ref: '#/components/examples/TrustedOriginBodyWithIframeEmbedding'
              TrustedOriginBodyWithIframeEmbeddingSignIn:
                $ref: '#/components/examples/TrustedOriginBodyWithIframeEmbeddingSignIn'
            schema:
              $ref: '#/components/schemas/TrustedOriginWrite'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                TrustedOriginResponse:
                  $ref: '#/components/examples/TrustedOriginResponse'
                TrustedOriginResponseWithIframeEmbedding:
                  $ref: '#/components/examples/TrustedOriginResponseWithIframeEmbedding'
                TrustedOriginResponseWithIframeEmbeddingSignIn:
                  $ref: '#/components/examples/TrustedOriginResponseWithIframeEmbeddingSignIn'
              schema:
                $ref: '#/components/schemas/TrustedOrigin'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.trustedOrigins.manage
      summary: Create a Trusted Origin
      tags:
      - TrustedOrigin
      x-codegen-request-body-name: trustedOrigin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/trustedOrigins/{trustedOriginId}:
    delete:
      description: Deletes a trusted origin
      operationId: deleteTrustedOrigin
      parameters:
      - description: '`id` of the Trusted Origin'
        explode: false
        in: path
        name: trustedOriginId
        required: true
        schema:
          example: 7j2PkU1nyNIDe26ZNufR
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.trustedOrigins.manage
      summary: Delete a Trusted Origin
      tags:
      - TrustedOrigin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a trusted origin
      operationId: getTrustedOrigin
      parameters:
      - description: '`id` of the Trusted Origin'
        explode: false
        in: path
        name: trustedOriginId
        required: true
        schema:
          example: 7j2PkU1nyNIDe26ZNufR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                TrustedOriginResponse:
                  $ref: '#/components/examples/TrustedOriginResponse'
                TrustedOriginResponseWithIframeEmbedding:
                  $ref: '#/components/examples/TrustedOriginResponseWithIframeEmbedding'
                TrustedOriginResponseWithIframeEmbeddingSignIn:
                  $ref: '#/components/examples/TrustedOriginResponseWithIframeEmbeddingSignIn'
              schema:
                $ref: '#/components/schemas/TrustedOrigin'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.trustedOrigins.read
      summary: Retrieve a Trusted Origin
      tags:
      - TrustedOrigin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces a trusted origin
      operationId: replaceTrustedOrigin
      parameters:
      - description: '`id` of the Trusted Origin'
        explode: false
        in: path
        name: trustedOriginId
        required: true
        schema:
          example: 7j2PkU1nyNIDe26ZNufR
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              TrustedOriginPutBody:
                $ref: '#/components/examples/TrustedOriginPutBody'
              TrustedOriginPutBodyWithIframeEmbedding:
                $ref: '#/components/examples/TrustedOriginPutBodyWithIframeEmbedding'
            schema:
              $ref: '#/components/schemas/TrustedOrigin'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                TrustedOriginPutResponse:
                  $ref: '#/components/examples/TrustedOriginPutResponse'
                TrustedOriginPutResponseWithIFrameEmbedding:
                  $ref: '#/components/examples/TrustedOriginPutResponseWithIframeEmbedding'
              schema:
                $ref: '#/components/schemas/TrustedOrigin'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.trustedOrigins.manage
      summary: Replace a Trusted Origin
      tags:
      - TrustedOrigin
      x-codegen-request-body-name: trustedOrigin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/activate:
    post:
      description: Activates a Trusted Origin. Sets the `status` to `ACTIVE`.
      operationId: activateTrustedOrigin
      parameters:
      - description: '`id` of the Trusted Origin'
        explode: false
        in: path
        name: trustedOriginId
        required: true
        schema:
          example: 7j2PkU1nyNIDe26ZNufR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                TrustedOriginResponse:
                  $ref: '#/components/examples/TrustedOriginResponse'
              schema:
                $ref: '#/components/schemas/TrustedOrigin'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.trustedOrigins.manage
      summary: Activate a Trusted Origin
      tags:
      - TrustedOrigin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/trustedOrigins/{trustedOriginId}/lifecycle/deactivate:
    post:
      description: Deactivates a Trusted Origin. Sets the `status` to `INACTIVE`.
      operationId: deactivateTrustedOrigin
      parameters:
      - description: '`id` of the Trusted Origin'
        explode: false
        in: path
        name: trustedOriginId
        required: true
        schema:
          example: 7j2PkU1nyNIDe26ZNufR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                TrustedOriginInactiveResponse:
                  $ref: '#/components/examples/TrustedOriginInactiveResponse'
              schema:
                $ref: '#/components/schemas/TrustedOrigin'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.trustedOrigins.manage
      summary: Deactivate a Trusted Origin
      tags:
      - TrustedOrigin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users:
    get:
      description: |-
        Lists Users in your org, with pagination in most cases.

        A subset of Users can be returned that match a supported filter expression or search criteria.
      operationId: listUsers
      parameters:
      - description: |-
          Specifies the media type of the resource. Optional `okta-response` value can be included for performance optimization.

          Complex DelAuth configurations may degrade performance when fetching specific parts of the response, and passing this parameter can omit these parts, bypassing the bottleneck.

          Enum values for `okta-response`:
            * `omitCredentials`: Omits the credentials subobject from the response.
            * `omitCredentialsLinks`: Omits the following HAL links from the response: Change Password, Change Recovery Question, Forgot Password, Reset Password, Reset Factors, Unlock.
            * `omitTransitioningToStatus`: Omits the `transitioningToStatus` field from the response.
        examples:
          Omit credentials subobject and credentials links:
            summary: Omits the credentials subobject and credentials links from the
              response. Does not apply performance optimization.
            value: "application/json; okta-response=omitCredentials,omitCredentialsLinks"
          Omit credentials, credentials links, and `transitioningToStatus` field:
            summary: "Omits the credentials, credentials links, and `transitioningToStatus`\
              \ field from the response. Applies performance optimization."
            value: "application/json; okta-response=\"omitCredentials,omitCredentialsLinks,\
              \ omitTransitioningToStatus\""
        explode: false
        in: header
        name: Content-Type
        required: false
        schema:
          type: string
        style: simple
      - description: |-
          Finds users who match the specified query. This doesn't support pagination.

          This might not deliver optimal performance for large orgs, and is deprecated for such use cases. To ensure optimal performance, use a [`search` parameter](/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=search&t=request) instead.

          Use the `q` parameter for a simple lookup of users by name, for example when creating a people picker. The value of `q` is matched against `firstName`, `lastName`, or `email`. This performs a `startsWith` match, but this is an implementation detail and can change without notice. You don't need to specify `firstName`, `lastName`, or `email`.
        explode: true
        in: query
        name: q
        required: false
        schema:
          type: string
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of results returned. Defaults to 10 if `q`
          is provided.
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 200
          format: int32
          type: integer
        style: form
      - description: |-
          Filters users with a supported expression for a subset of properties.

          This requires [URL encoding](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding). For example, `filter=lastUpdated gt "2013-06-01T00:00:00.000Z"` is encoded as `filter=lastUpdated%20gt%20%222013-06-01T00:00:00.000Z%22`. Filtering is case-sensitive for attribute names and query values, while attribute operators are case-insensitive.

          Filtering supports the following limited number of properties: `status`, `lastUpdated`, `id`, `profile.login`, `profile.email`, `profile.firstName`, and `profile.lastName`. Additionally, filtering supports only the equal `eq` operator from the standard Okta API filtering semantics, except in the case of the `lastUpdated` property. This property can also use the inequality operators (`gt`, `ge`, `lt`, and `le`). For logical operators, only the logical operators `and` and `or` are supported. The `not` operator isn't supported.
        examples:
          filterByStatus:
            summary: Filter users with status of `LOCKED_OUT`
            value: status eq "LOCKED_OUT"
          filterByLogin:
            summary: Filter Users with a specified `login`
            value: profile.login eq "[email protected]"
          filterByDateRange:
            summary: Filter users updated after 06/01/2013 but before 01/01/2014
            value: filter=lastUpdated gt "2013-06-01T00:00:00.000Z" and lastUpdated
              lt "2014-01-01T00:00:00.000Z"
          filterByTypeAndProfileLastUpdatedAfterDate:
            summary: Filter users updated after 06/01/2013 but with a status of `LOCKED_OUT`
              or `RECOVERY`
            value: lastUpdated gt "2013-06-01T00:00:00.000Z" and (status eq "LOCKED_OUT"
              or status eq "RECOVERY")
        explode: true
        in: query
        name: filter
        required: false
        schema:
          type: string
        style: form
      - description: |-
          Searches for users with a supported filtering expression for most properties. Okta recommends using this parameter for search for best performance. This operation supports [pagination](https://developer.okta.com/docs/api/#pagination). Use an ID lookup for records that you update to ensure your results contain the latest data.

          Property names in the search parameter are case sensitive, whereas operators (`eq`, `sw`, and so on) and string values are case insensitive. Unlike with user logins, diacritical marks are significant in search string values: a search for `isaac.brock` finds `Isaac.Brock`, but doesn't find a property whose value is `isáàc.bröck`. This operation requires [URL encoding](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding). For example, `search=profile.department eq "Engineering"` is encoded as `search=profile.department%20eq%20%22Engineering%22`.

          > **Note:** If you use the special character `"` within a quoted string, it must also be escaped `\` and encoded. For example, `search=profile.lastName eq "bob"smith"` is encoded as `search=profile.lastName%20eq%20%22bob%5C%22smith%22`.

          This operation searches many properties:
            * Any user profile property, including custom-defined properties
            * The top-level properties `id`, `status`, `created`, `activated`, `statusChanged`, and `lastUpdated`
            * The [User Type](https://developer.okta.com/docs/reference/api/user-types/) accessed as `type.id`

          You can also use `sortBy` and `sortOrder` parameters. The `ne` (not equal) operator isn't supported, but you can obtain the same result by using `lt ... or ... gt`. For example, to see all users except those that have a status of `STAGED`, use `(status lt "STAGED" or status gt "STAGED")`.

          You can search properties that are arrays. If any element matches the search term, the entire array (object) is returned. Okta follows the [SCIM Protocol Specification](https://tools.ietf.org/html/rfc7644#section-3.4.2.2) for searching arrays. You can search multiple arrays, multiple values in an array, as well as using the standard logical and filtering operators. See [Filter](https://developer.okta.com/docs/reference/core-okta-api/#filter).
        examples:
          searchByStatus:
            summary: Search for Users that have a status of `STAGED`
            value: status eq "STAGED"
          searchByLastUpdatedAfterDate:
            summary: Search for Users that have last updated after a specific timestamp
            value: lastUpdated gt "2014-01-01T00:00:00.000Z"
          searchById:
            summary: Search for Groups with the specified ID (`00gak46y5hydV6NdM0g4`)
            value: id eq "00u1ero7vZFVEIYLWPBN"
          searchByProfileDepartmentCreatedAndStatus:
            summary: Search for users in the department of `Engineering` who were
              created before `01/01/2014` or have a status of `ACTIVE`
            value: profile.department eq "Engineering" and (created lt "2014-01-01T00:00:00.000Z"
              or status eq "ACTIVE")
          searchArrayAttributes:
            summary: "Searches for properties that are arrays. Custom User attribute\
              \ `arrayAttr` that contains values [\"arrayAttrVal1\", \"arrayAttrVal2\"\
              ...]"
            value: profile.arrayAttr eq "arrayAttrVal1"
        explode: true
        in: query
        name: search
        required: false
        schema:
          type: string
        style: form
      - description: "Specifies field to sort by (for search queries only). This can\
          \ be any single property, for example `sortBy=profile.lastName`. Users with\
          \ the same value for the `sortBy` property will be ordered by `id`."
        explode: true
        in: query
        name: sortBy
        required: false
        schema:
          type: string
        style: form
      - description: "Specifies sort order asc or desc (for search queries only).\
          \ Sorting is done in ASCII sort order (that is, by ASCII character value),\
          \ but isn't case sensitive. `sortOrder` is ignored if `sortBy` is not present."
        explode: true
        in: query
        name: sortOrder
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                UserList:
                  $ref: '#/components/examples/ListRealmAwareUsersResponse'
              schema:
                items:
                  $ref: '#/components/schemas/User'
                type: array
          description: Success
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all Users
      tags:
      - User
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: "Creates a new User in your Okta org with or without credentials.
\n\
        > **Legal Disclaimer**\n> \n> After a User is added to the Okta directory,\
        \ they receive an activation email. As part of signing up for this service,\n\
        > you agreed not to use Okta's service/product to spam and/or send unsolicited\
        \ messages.\n> Please refrain from adding unrelated accounts to the directory\
        \ as Okta is not responsible for, and disclaims any and all\n> liability associated\
        \ with, the activation email's content. You, and you alone, bear responsibility\
        \ for the emails sent to any recipients.\n\nAll responses return the created\
        \ User. Activation of a User is an asynchronous operation. The system performs\
        \ group reconciliation during activation and assigns the User to all apps\
        \ via direct or indirect relationships (group memberships).\n* The user's\
        \ `transitioningToStatus` property is `ACTIVE` during activation to indicate\
        \ that the User hasn't completed the asynchronous operation.\n* The user's\
        \ `status` is `ACTIVE` when the activation process is complete.\n\nThe User\
        \ is emailed a one-time activation token if activated without a password.\n\
        \n> **Note:** If the User is assigned to an app that is configured for provisioning,\
        \ the activation process triggers downstream provisioning to the app.  It\
        \ is possible for a User to sign in before these apps have been successfully\
        \ provisioned for the User.\n\n> **Important:** Do not generate or send a\
        \ one-time activation token when activating Users with an assigned password.\
        \ Users should sign in with their assigned password.\n\nFor more information\
        \ about the various scenarios of creating a user listed in the examples, see\
        \ User Scenario Creations section in the [Users API](/openapi/okta-management/management/tag/User)\
        \ description."
      operationId: createUser
      parameters:
      - description: "Executes an [activation lifecycle](/openapi/okta-management/management/tag/UserLifecycle/#tag/UserLifecycle/operation/activateUser)\
          \ operation when creating the User"
        explode: true
        in: query
        name: activate
        required: false
        schema:
          default: true
          type: boolean
        style: form
      - description: Indicates whether to create a User with a specified authentication
          provider
        explode: true
        in: query
        name: provider
        required: false
        schema:
          default: false
          type: boolean
        style: form
      - description: "With `activate=true`, if `nextLogin=changePassword`, a User\
          \ is created, activated, and the password is set to `EXPIRED`. The User\
          \ must change it the next time they sign in."
        explode: true
        in: query
        name: nextLogin
        required: false
        schema:
          $ref: '#/components/schemas/UserNextLogin'
        style: form
        x-okta-added-version: 0.14.0
      requestBody:
        content:
          application/json:
            examples:
              Create User without credentials:
                $ref: '#/components/examples/create-user-without-credentials-request'
              Create User with recovery question:
                $ref: '#/components/examples/create-user-with-recovery-question-request'
              Create User with Password:
                $ref: '#/components/examples/create-user-with-password-request'
              Create User with imported hashed password:
                $ref: '#/components/examples/create-user-with-imported-hashed-password-request'
              Create User with password import inline hook:
                $ref: '#/components/examples/create-user-with-password-import-inline-hook-request'
              Create User with Password and Recovery Question:
                $ref: '#/components/examples/create-user-with-password-and-recovery-question-request'
              Create User with Authentication Provider:
                $ref: '#/components/examples/create-user-with-authentication-provider-request'
              Create User in Group:
                $ref: '#/components/examples/create-user-in-group-request'
              Create User with non-default User Type:
                $ref: '#/components/examples/create-user-with-non-default-user-type-request'
            schema:
              $ref: '#/components/schemas/CreateUserRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Create User without credentials:
                  $ref: '#/components/examples/create-user-without-credentials-response'
                Create User with recovery question:
                  $ref: '#/components/examples/create-user-with-recovery-question-response'
                Create User with Password:
                  $ref: '#/components/examples/create-user-with-password-response'
                Create User with imported hashed password:
                  $ref: '#/components/examples/create-user-with-imported-hashed-password-response'
                Create User with password import inline hook:
                  $ref: '#/components/examples/create-user-with-password-import-inline-hook-response'
                Create User with Password and Recovery Question:
                  $ref: '#/components/examples/create-user-with-password-and-recovery-question-response'
                Create User with Authentication Provider:
                  $ref: '#/components/examples/create-user-with-authentication-provider-response'
                Create User in Group:
                  $ref: '#/components/examples/create-user-in-group-response'
                Create User with non-default User Type:
                  $ref: '#/components/examples/create-user-with-non-default-user-type-response'
              schema:
                $ref: '#/components/schemas/User'
          description: Success
        "400":
          content:
            application/json:
              examples:
                Create User with too many groups specified:
                  $ref: '#/components/examples/ErrorCreateUserWithTooManyManyGroupsResponse'
                Create User with expired password and activate set to `false`:
                  $ref: '#/components/examples/ErrorCreateUserWithExpiredPasswordWithoutActivation'
                Create User with expired password and `null` password:
                  $ref: '#/components/examples/ErrorCreateUserWithExpiredPasswordWithNullPassword'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Create a User
      tags:
      - User
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/me/lifecycle/delete_sessions:
    post:
      description: |-
        Ends Okta sessions for the currently signed in User. By default, the current session remains active. Use this method in a browser-based app.
        > **Note:** This operation requires a session cookie for the User. The API token isn't allowed for this operation.
      operationId: endUserSessions
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/KeepCurrent'
      responses:
        "200":
          content: {}
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2: []
      summary: End a current User session
      tags:
      - UserSessions
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/{id}:
    delete:
      description: "Deletes a User permanently. This operation can only be performed\
        \ on Users that have a `DEPROVISIONED` status. **This action can't be recovered!**\n\
        \nThis operation on a User that hasn't been deactivated causes that User to\
        \ be deactivated. A second delete operation is required to delete the User.\n\
        \n> **Note:** You can also perform user deletion asynchronously. To invoke\
        \ asynchronous user deletion, pass an HTTP header `Prefer: respond-async`\
        \ with the request. \nThis header is also supported by user deactivation,\
        \ which is performed if the delete endpoint is invoked on a User that hasn't\
        \ been deactivated."
      operationId: deleteUser
      parameters:
      - description: "`id`, `login`, or `login shortname` (as long as it is unambiguous)\
          \ of user"
        explode: false
        in: path
        name: id
        required: true
        schema:
          type: string
        style: simple
      - description: Sends a deactivation email to the admin if `true`
        explode: true
        in: query
        name: sendEmail
        required: false
        schema:
          default: false
          type: boolean
        style: form
        x-okta-added-version: 1.5.0
      - explode: false
        in: header
        name: Prefer
        required: false
        schema:
          enum:
          - respond-async
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "400":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Delete a User
      tags:
      - User
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: |-
        Retrieves a User from your Okta org.

        > **Note:** You can substitute `me` for the `id` to fetch the current User linked to an API token or session cookie.
        > * The request returns the User linked to the API token that is specified in the Authorization header, not the User linked to the active session. Details of the Admin User who granted the API token is returned.
        > * When the end User has an active Okta session, it is typically a CORS request from the browser. Therefore, it's possible to retrieve the current User without the Authorization header.

        > **Note:** Some browsers block third-party cookies by default, which disrupts Okta functionality in certain flows. See [Mitigate the impact of third-party cookie deprecation](https://help.okta.com/okta_help.htm?type=oie&id=ext-third-party-cookies).

        > **Note:** When fetching a User by `login` or `login shortname`, [URL encode](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding) the request parameter to ensure that special characters are escaped properly. Logins with a `/` character can only be fetched by `id` due to URL issues with escaping the `/` character.
      operationId: getUser
      parameters:
      - description: "`id`, `login`, or `login shortname` (as long as it is unambiguous)\
          \ of user"
        explode: false
        in: path
        name: id
        required: true
        schema:
          type: string
        style: simple
      - description: |-
          Specifies the media type of the resource. Optional `okta-response` value can be included for performance optimization.

          Complex DelAuth configurations may degrade performance when fetching specific parts of the response, and passing this parameter can omit these parts, bypassing the bottleneck.

          Enum values for `okta-response`:
            * `omitCredentials`: Omits the credentials subobject from the response.
            * `omitCredentialsLinks`: Omits the following HAL links from the response: Change Password, Change Recovery Question, Forgot Password, Reset Password, Reset Factors, Unlock.
            * `omitTransitioningToStatus`: Omits the `transitioningToStatus` field from the response.
        examples:
          Omit credentials subobject and credentials links:
            summary: Omits the credentials subobject and credentials links from the
              response. Does not apply performance optimization.
            value: "application/json; okta-response=omitCredentials,omitCredentialsLinks"
          Omit credentials, credentials links, and `transitioningToStatus` field:
            summary: "Omits the credentials, credentials links, and `transitioningToStatus`\
              \ field from the response. Applies performance optimization."
            value: "application/json; okta-response=\"omitCredentials,omitCredentialsLinks,\
              \ omitTransitioningToStatus\""
        explode: false
        in: header
        name: Content-Type
        required: false
        schema:
          type: string
        style: simple
      - description: "An optional parameter to include metadata in the `_embedded`\
          \ attribute. Valid value: `blocks`"
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: blocks
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                GetUserExample:
                  $ref: '#/components/examples/user-example'
              schema:
                $ref: '#/components/schemas/UserGetSingleton'
          description: Success
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: Retrieve a User
      tags:
      - User
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Updates a user's profile or credentials with partial update semantics.

        > **Important:** Use the `POST` method for partial updates. Unspecified properties are set to null with `PUT`.

        `profile` and `credentials` can be updated independently or together with a single request.
        > **Note**: Currently, the User Type of a User can only be changed via a full replacement PUT operation. If the request parameters of a partial update include the type element from the User object,
        the value must match the existing type of the User. Only admins are permitted to change the User type of a User; end users are not allowed to change their own User type.

        > **Note**: To update a current user's profile with partial semantics, the `/api/v1/users/me` endpoint can be invoked.
        >
        > A User can only update profile properties for which the User has write access. Within the profile, if the User tries to update the primary or the secondary email IDs, verification emails are sent to those email IDs, and the fields are updated only upon verification.

        If you are using this endpoint to set a password, it sets a password without validating existing user credentials. This is an administrative operation. For operations that validate credentials, refer to the `Reset Password`, `Forgot Password`, and `Change Password` endpoints.
      operationId: updateUser
      parameters:
      - description: "`id`, `login`, or `login shortname` (as long as it is unambiguous)\
          \ of user"
        explode: false
        in: path
        name: id
        required: true
        schema:
          type: string
        style: simple
      - description: "If true, validates against minimum age and history password\
          \ policy"
        explode: true
        in: query
        name: strict
        required: false
        schema:
          type: boolean
        style: form
      requestBody:
        content:
          application/json:
            examples:
              Update User Profile:
                $ref: '#/components/examples/update-user-profile-request'
              Update User Password:
                $ref: '#/components/examples/update-user-set-password-request'
              Set Recovery Question and Answer:
                $ref: '#/components/examples/update-user-set-recovery-question-and-answer'
            schema:
              $ref: '#/components/schemas/UpdateUserRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Update User Response:
                  $ref: '#/components/examples/user-example'
              schema:
                $ref: '#/components/schemas/User'
          description: Success
        "400":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Update a User
      tags:
      - User
      x-codegen-request-body-name: user
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces a User's profile, credentials, or both using strict-update semantics.

        All profile properties must be specified when updating a User's profile with a `PUT` method. Any property not specified in the request is deleted.
        > **Important:** Don't use a `PUT` method for partial updates.
      operationId: replaceUser
      parameters:
      - description: "`id`, `login`, or `login shortname` (as long as it is unambiguous)\
          \ of user"
        explode: false
        in: path
        name: id
        required: true
        schema:
          type: string
        style: simple
      - description: "If `true`, validates against minimum age and history password\
          \ policy"
        explode: true
        in: query
        name: strict
        required: false
        schema:
          type: boolean
        style: form
        x-okta-added-version: 1.10.0
      requestBody:
        content:
          application/json:
            examples:
              Replace User Request:
                $ref: '#/components/examples/replace-user-request'
            schema:
              $ref: '#/components/schemas/UpdateUserRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Replace User Response:
                  $ref: '#/components/examples/user-example'
              schema:
                $ref: '#/components/schemas/User'
          description: Success
        "400":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Replace a User
      tags:
      - User
      x-codegen-request-body-name: user
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/{id}/lifecycle/reactivate:
    post:
      description: |-
        Reactivates a user.

        This operation can only be performed on Users with a `PROVISIONED` or `RECOVERY` [status](/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!c=200&path=status&t=response).
        This operation restarts the activation workflow if for some reason the user activation wasn't completed when using the `activationToken` from [Activate User](/openapi/okta-management/management/tag/UserLifecycle/#tag/UserLifecycle/operation/activateUser).

        Users that don't have a password must complete the flow by completing [Reset Password](/openapi/okta-management/management/tag/UserCred/#tag/UserCred/operation/resetPassword) and MFA enrollment steps to transition the user to `ACTIVE` status.

        If `sendEmail` is `false`, returns an activation link for the user to set up their account. The activation token can be used to create a custom activation link.
      operationId: reactivateUser
      parameters:
      - description: "`id`, `login`, or `login shortname` (as long as it is unambiguous)\
          \ of user"
        explode: false
        in: path
        name: id
        required: true
        schema:
          type: string
        style: simple
      - description: Sends an activation email to the user if `true`
        explode: true
        in: query
        name: sendEmail
        required: false
        schema:
          default: false
          type: boolean
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserActivationToken'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Reactivate a User
      tags:
      - UserLifecycle
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userIdOrLogin}/linkedObjects/{primaryRelationshipName}/{primaryUserId}:
    put:
      description: |-
        Assigns the first User as the `associated` and the second User as the `primary` for the specified relationship.

        If the first User is already associated with a different `primary` for this relationship, the previous link is removed. A Linked Object relationship can specify only one primary User for an associated User.
      operationId: assignLinkedObjectValueForPrimary
      parameters:
      - description: |-
          If for the `self` link, the ID of the User for whom you want to get the primary User ID. If for the `associated` relation, the User ID or login value of the User assigned the associated relationship.

          This can be `me` to represent the current session User.
        examples:
          manager:
            summary: Example ID of `primary`
            value: 00u5zex6ztMbOZhF50h7
          subordinate:
            summary: Example ID of `associated`
            value: 00u5zex6ztMbOZhF50h7
        explode: false
        in: path
        name: userIdOrLogin
        required: true
        schema:
          type: string
        style: simple
      - description: Name of the `primary` relationship being assigned
        explode: false
        in: path
        name: primaryRelationshipName
        required: true
        schema:
          example: manager
          type: string
        style: simple
      - description: User ID to be assigned to the `primary` relationship for the
          `associated` user
        explode: false
        in: path
        name: primaryUserId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - oauth2:
        - okta.users.manage
      summary: Assign a Linked Object value for primary
      tags:
      - UserLinkedObject
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userIdOrLogin}/linkedObjects/{relationshipName}:
    delete:
      description: |-
        Deletes any existing relationship between the `associated` and `primary` user. For the `associated` User, this is specified by the ID. The `primary` name specifies the relationship.

        The operation is successful if the relationship is deleted or if the specified User isn't in the `associated` relationship for any instance of the specified `primary` and thus, no relationship is found.
      operationId: deleteLinkedObjectForUser
      parameters:
      - description: |-
          If for the `self` link, the ID of the User for whom you want to get the primary User ID. If for the `associated` relation, the User ID or login value of the User assigned the associated relationship.

          This can be `me` to represent the current session User.
        examples:
          manager:
            summary: Example ID of `primary`
            value: 00u5zex6ztMbOZhF50h7
          subordinate:
            summary: Example ID of `associated`
            value: 00u5zex6ztMbOZhF50h7
        explode: false
        in: path
        name: userIdOrLogin
        required: true
        schema:
          type: string
        style: simple
      - description: Name of the `primary` or `associated` relationship being queried
        examples:
          manager:
            summary: Example of a `primary` name
            value: manager
          subordinate:
            summary: Example of an `associated` name
            value: subordinate
        explode: false
        in: path
        name: relationshipName
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Delete a Linked Object value
      tags:
      - UserLinkedObject
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: |-
        Lists either the `self` link for the primary User or all associated Users in the relationship specified by `relationshipName`. If the specified User isn't associated in any relationship, an empty array is returned.

        Use `me` instead of `id` to specify the current session User.
      operationId: listLinkedObjectsForUser
      parameters:
      - description: |-
          If for the `self` link, the ID of the User for whom you want to get the primary User ID. If for the `associated` relation, the User ID or login value of the User assigned the associated relationship.

          This can be `me` to represent the current session User.
        examples:
          manager:
            summary: Example ID of `primary`
            value: 00u5zex6ztMbOZhF50h7
          subordinate:
            summary: Example ID of `associated`
            value: 00u5zex6ztMbOZhF50h7
        explode: false
        in: path
        name: userIdOrLogin
        required: true
        schema:
          type: string
        style: simple
      - description: Name of the `primary` or `associated` relationship being queried
        examples:
          manager:
            summary: Example of a `primary` name
            value: manager
          subordinate:
            summary: Example of an `associated` name
            value: subordinate
        explode: false
        in: path
        name: relationshipName
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                GetPrimaryLinkedObjectResponse:
                  $ref: '#/components/examples/GetPrimaryLinkedObjectResponse'
                GetAssociatedLinkedObjectResponse:
                  $ref: '#/components/examples/GetAssociatedLinkedObjectsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/ResponseLinks'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List the primary or all of the associated Linked Object values
      tags:
      - UserLinkedObject
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/appLinks:
    get:
      description: Lists all App Links for all direct or indirect (via group membership)
        assigned apps
      operationId: listAppLinks
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                List App Links:
                  $ref: '#/components/examples/ListAppLinks'
              schema:
                items:
                  $ref: '#/components/schemas/AppLink'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all Assigned App Links
      tags:
      - UserResources
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/blocks:
    get:
      description: Lists information about how the User is blocked from accessing
        their account
      operationId: listUserBlocks
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                BlocksUnknownDevices:
                  $ref: '#/components/examples/ListUserBlocksUnknownDevicesResponse'
                BlocksAnyDevices:
                  $ref: '#/components/examples/ListUserBlocksAnyDevicesResponse'
              schema:
                items:
                  $ref: '#/components/schemas/UserBlock'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all User Blocks
      tags:
      - User
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/clients:
    get:
      description: Lists all Client resources for which the specified User has grants
        or tokens
      operationId: listUserClients
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                List User Clients:
                  $ref: '#/components/examples/ListUserClients'
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2Client'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all Clients
      tags:
      - UserResources
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/clients/{clientId}/grants:
    delete:
      description: Revokes all Grants for the specified User and client
      operationId: revokeGrantsForUserAndClient
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Revoke all Grants for a Client
      tags:
      - UserGrant
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Lists all Grants for a specified User and client
      operationId: listGrantsForUserAndClient
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: "Valid value: `scope`. If specified, scope details are included\
          \ in the `_embedded` attribute."
        explode: true
        in: query
        name: expand
        required: false
        schema:
          type: string
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of tokens to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          maximum: 200
          minimum: 1
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all Grants for a Client
      tags:
      - UserGrant
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/clients/{clientId}/tokens:
    delete:
      description: Revokes all refresh Tokens issued for the specified User and client
      operationId: revokeTokensForUserAndClient
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Revoke all Refresh Tokens for a Client
      tags:
      - UserOAuth
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Lists all refresh Tokens issued for the specified User and client
      operationId: listRefreshTokensForUserAndClient
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: "Valid value: `scope`. If specified, scope details are included\
          \ in the `_embedded` attribute."
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: scope
          type: string
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of tokens to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          maximum: 200
          minimum: 1
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2RefreshToken'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all Refresh Tokens for a Client
      tags:
      - UserOAuth
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/clients/{clientId}/tokens/{tokenId}:
    delete:
      description: Revokes the specified refresh Token
      operationId: revokeTokenForUserAndClient
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: '`id` of Token'
        explode: false
        in: path
        name: tokenId
        required: true
        schema:
          example: sHHSth53yJAyNSTQKDJZ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Revoke a Token for a Client
      tags:
      - UserOAuth
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a refresh Token issued for the specified User and client
      operationId: getRefreshTokenForUserAndClient
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: '`id` of Token'
        explode: false
        in: path
        name: tokenId
        required: true
        schema:
          example: sHHSth53yJAyNSTQKDJZ
          type: string
        style: simple
      - description: "Valid value: `scope`. If specified, scope details are included\
          \ in the `_embedded` attribute."
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: scope
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OAuth2RefreshToken'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: Retrieve a Refresh Token for a Client
      tags:
      - UserOAuth
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/credentials/change_password:
    post:
      description: |-
        Updates a User's password by validating the User's current Password.

        This operation provides an option to delete all the sessions of the specified User. However, if the request is made in the context of a session owned by the specified User, that session isn't cleared.

        You can only perform this operation on Users in `STAGED`, `ACTIVE`, `PASSWORD_EXPIRED`, or `RECOVERY` status that have a valid [Password credential](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/createUser!path=credentials/password&t=request).

        The User transitions to `ACTIVE` status when successfully invoked in `RECOVERY` status.
      operationId: changePassword
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: "If true, validates against password minimum age policy"
        explode: true
        in: query
        name: strict
        required: false
        schema:
          default: false
          type: boolean
        style: form
        x-okta-added-version: 1.10.0
      requestBody:
        content:
          application/json:
            examples:
              Change Password Request:
                $ref: '#/components/examples/ChangePwdRequest'
            schema:
              $ref: '#/components/schemas/ChangePasswordRequest'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Change Password Response:
                  $ref: '#/components/examples/ChangePwdResponse'
              schema:
                $ref: '#/components/schemas/UserCredentials'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Update Password
      tags:
      - UserCred
      x-codegen-request-body-name: changePasswordRequest
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/{userId}/credentials/change_recovery_question:
    post:
      description: |-
        Updates a User's Recovery Question and answer credential by validating the User's current Password.
        You can only perform this operation on Users in `STAGED`, `ACTIVE`, or `RECOVERY` status that have a valid [Password credential](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/createUser!path=credentials/password&t=request).
      operationId: changeRecoveryQuestion
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Update Recovery Question Request:
                $ref: '#/components/examples/UpdateRecQuestionRequest'
            schema:
              $ref: '#/components/schemas/UserCredentials'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Update Recovery Question Response:
                  $ref: '#/components/examples/UpdateRecQuestionResponse'
              schema:
                $ref: '#/components/schemas/UserCredentials'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Update Recovery Question
      tags:
      - UserCred
      x-codegen-request-body-name: userCredentials
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/{userId}/credentials/forgot_password:
    post:
      description: |-
        Starts the forgot password flow.

        Generates a one-time token (OTT) that you can use to reset a User's Password.

        The User must validate their security question's answer when visiting the reset link. This operation can only be performed on Users with an ACTIVE status and
        a valid [Recovery Question credential](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/createUser!path=credentials/recovery_question&t=request).

        > **Note:** If you have migrated to Identity Engine, you can allow Users to recover passwords with any enrolled MFA authenticator. See [Self-service account recovery](https://help.okta.com/oie/en-us/content/topics/identity-engine/authenticators/configure-sspr.htm?cshid=ext-config-sspr)

        If an email address is associated with multiple Users, keep in mind the following to ensure a successful password recovery lookup:
          * Okta no longer includes deactivated Users in the lookup.
          * The lookup searches sign-in IDs first, then primary email addresses, and then secondary email addresses.

        If `sendEmail` is `false`, returns a link for the User to reset their Password. This operation doesn't affect the status of the User.
      operationId: forgotPassword
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: Sends a forgot password email to the User if `true`
        explode: true
        in: query
        name: sendEmail
        required: false
        schema:
          default: true
          type: boolean
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Forgot Password Response:
                  $ref: '#/components/examples/ForgotPwdResponse'
              schema:
                $ref: '#/components/schemas/ForgotPasswordResponse'
          description: Reset URL
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Start forgot password flow
      tags:
      - UserCred
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/credentials/forgot_password_recovery_question:
    post:
      description: |-
        Resets the User's password to the specified password if the provided answer to the recovery question is correct.
        You must include the Recovery Question answer with the submission.
      operationId: forgotPasswordSetNewPassword
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - explode: true
        in: query
        name: sendEmail
        required: false
        schema:
          default: true
          type: boolean
        style: form
      requestBody:
        content:
          application/json:
            examples:
              Forgot Password Recovery Question Request:
                $ref: '#/components/examples/ForgotPwdRecoveryQuestionRequest'
            schema:
              $ref: '#/components/schemas/UserCredentials'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Forgot Password Recovery Question Response:
                  $ref: '#/components/examples/ForgotPwdRecoveryQuestionResponse'
              schema:
                $ref: '#/components/schemas/UserCredentials'
          description: Credentials
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Reset Password with Recovery Question
      tags:
      - UserCred
      x-codegen-request-body-name: userCredentials
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/{userId}/factors:
    get:
      description: Lists all enrolled Factors for the specified user
      operationId: listFactors
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ListFactorsResponse:
                  $ref: '#/components/examples/ListFactorsResults'
              schema:
                items:
                  $ref: '#/components/schemas/UserFactor'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all enrolled Factors
      tags:
      - UserFactor
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Enrolls a supported Factor for the specified user

        > **Note:** All responses return the enrolled Factor with a status of either `PENDING_ACTIVATION`` or `ACTIVE`.

        #### Additional SMS/Call Factor information
        * **Rate limits**: Okta may return a `429 Too Many Requests` status code if you attempt to resend an SMS or a voice call challenge (OTP) within the same time window. The current [rate limit](https://developer.okta.com/docs/reference/rate-limits/) is one SMS/CALL challenge per phone number every 30 seconds.
        * **Existing phone numbers**: Okta may return a `400 Bad Request` status code if a user attempts to enroll with a different phone number when the user has an existing mobile phone or has an existing phone with voice call capability. A user can enroll only one mobile phone for `sms` and enroll only one voice call capable phone for `call` factor.

        #### Additional WebAuthn Factor information
        **Enroll WebAuthn response parameters**
        * For detailed information on the Webauthn standard, including an up-to-date list of supported browsers, see [webauthn.me](https://a0.to/webauthnme-okta-docs).

        * In the enroll API response, the `response._embedded.activation` object contains properties used to help the client to create a new WebAuthn credential for use with Okta. See the [WebAuthn spec for PublicKeyCredentialCreationOptions](https://www.w3.org/TR/webauthn/#dictionary-makecredentialoptions).

        #### Additional Custom TOTP Factor information

        **Enroll Custom TOTP Factor**
        * The enrollment process involves passing both the `factorProfileId` and `sharedSecret` properties for a token.

        * A Factor Profile represents a particular configuration of the Custom TOTP factor. It includes certain properties that match the hardware token that end users possess, such as the HMAC algorithm, passcode length, and time interval. There can be multiple Custom TOTP factor profiles per org, but users can only enroll in one Custom TOTP factor. Admins can [create Custom TOTP factor profiles](https://help.okta.com/okta_help.htm?id=ext-mfa-totp) in the Admin Console. Then, copy the `factorProfileId` from the Admin Console into the API request.

        * 
        For Custom TOTP enrollment, Okta automaticaly enrolls a user with a `token:software:totp` factor and the `push` factor if the user isn't currently enrolled with these factors.
      operationId: enrollFactor
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: "If `true`, indicates that you are replacing the currently registered\
          \ phone number for the specified user. This parameter is ignored if the\
          \ existing phone number is used by an activated Factor."
        explode: true
        in: query
        name: updatePhone
        required: false
        schema:
          default: false
          type: boolean
        style: form
      - description: "ID of an existing custom SMS template. See the [SMS Templates\
          \ API](../Template). This parameter is only used by `sms` Factors. If the\
          \ provided ID doesn't exist, the default template is used instead."
        explode: true
        in: query
        name: templateId
        required: false
        schema:
          example: cstk2flOtuCMDJK4b0g3
          type: string
        style: form
      - description: Defines how long the token remains valid
        explode: true
        in: query
        name: tokenLifetimeSeconds
        required: false
        schema:
          default: 300
          format: int32
          maximum: 86400
          minimum: 1
          type: integer
        style: form
        x-okta-added-version: 1.3.0
      - description: "If `true`, the factor is immediately activated as part of the\
          \ enrollment. An activation process isn't required. Currently auto-activation\
          \ is supported by `sms`, `call`, `email` and `token:hotp` (Custom TOTP)\
          \ Factor."
        explode: true
        in: query
        name: activate
        required: false
        schema:
          default: false
          type: boolean
        style: form
        x-okta-added-version: 1.3.0
      - description: "An ISO 639-1 two-letter language code that defines a localized\
          \ message to send. This parameter is only used by `sms` Factors. If a localized\
          \ message doesn't exist or the `templateId` is incorrect, the default template\
          \ is used instead."
        explode: false
        in: header
        name: Accept-Language
        required: false
        schema:
          example: fr
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              question:
                $ref: '#/components/examples/EnrollFactorQuestionRequest'
              sms:
                $ref: '#/components/examples/EnrollFactorSmsRequest'
              call:
                $ref: '#/components/examples/EnrollFactorCallRequest'
              token:software:totp:
                $ref: '#/components/examples/EnrollFactorOVTotpRequest'
              push:
                $ref: '#/components/examples/EnrollFactorOVPushRequest'
              google:
                $ref: '#/components/examples/EnrollFactorGoogleRequest'
              rsa_securId:
                $ref: '#/components/examples/EnrollFactorRsaSecurIdRequest'
              symantec_vip:
                $ref: '#/components/examples/EnrollFactorSymantecVipRequest'
              yubikey:
                $ref: '#/components/examples/EnrollFactorYubikeyRequest'
              email:
                $ref: '#/components/examples/EnrollFactorEmailRequest'
              u2f:
                $ref: '#/components/examples/EnrollFactorU2fRequest'
              webAuthn:
                $ref: '#/components/examples/EnrollFactorWebauthnRequest'
              customTotp:
                $ref: '#/components/examples/EnrollFactorCustomTotpRequest'
            schema:
              $ref: '#/components/schemas/UserFactor'
        description: Factor
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                question:
                  $ref: '#/components/examples/EnrollFactorQuestionResponse'
                sms:
                  $ref: '#/components/examples/EnrollFactorSmsResponse'
                call:
                  $ref: '#/components/examples/EnrollFactorCallResponse'
                token:software:totp:
                  $ref: '#/components/examples/EnrollFactorOVTotpResponse'
                push:
                  $ref: '#/components/examples/EnrollFactorOVPushResponse'
                google:
                  $ref: '#/components/examples/EnrollFactorGoogleResponse'
                rsa_securId:
                  $ref: '#/components/examples/EnrollFactorRsaSecurIdResponse'
                symantec_vip:
                  $ref: '#/components/examples/EnrollFactorSymantecVipResponse'
                yubikey:
                  $ref: '#/components/examples/EnrollFactorYubikeyResponse'
                email:
                  $ref: '#/components/examples/EnrollFactorEmailResponse'
                u2f:
                  $ref: '#/components/examples/EnrollFactorU2fResponse'
                webAuthn:
                  $ref: '#/components/examples/EnrollFactorWebauthnResponse'
                customTotp:
                  $ref: '#/components/examples/EnrollFactorCustomTotpResponse'
              schema:
                $ref: '#/components/schemas/UserFactor'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Enroll a Factor
      tags:
      - UserFactor
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/{userId}/factors/catalog:
    get:
      description: Lists all the supported Factors that can be enrolled for the specified
        user
      operationId: listSupportedFactors
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                SupportedFactorResponse:
                  $ref: '#/components/examples/SupportedFactorResults'
              schema:
                items:
                  $ref: '#/components/schemas/UserFactorSupported'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all supported Factors
      tags:
      - UserFactor
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/factors/questions:
    get:
      description: Lists all available Security Questions for the specified user
      operationId: listSupportedSecurityQuestions
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              example:
              - question: disliked_food
                questionText: What is the food you least liked as a child?
              - question: name_of_first_plush_toy
                questionText: What is the name of your first stuffed animal?
              - question: first_award
                questionText: What did you earn your first medal or award for?
              schema:
                items:
                  $ref: '#/components/schemas/UserFactorSecurityQuestionProfile'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      summary: List all supported Security Questions
      tags:
      - UserFactor
      x-okta-no-scope-required: true
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/factors/{factorId}:
    delete:
      description: |-
        Unenrolls an existing Factor for the specified user. This allows the user to enroll a new Factor.

        > **Note**: If you unenroll the `push` or the `signed_nonce` Factors, Okta also unenrolls any other `totp`, `signed_nonce`, or Okta Verify `push` Factors associated with the user.
      operationId: unenrollFactor
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: ID of an existing user Factor
        explode: false
        in: path
        name: factorId
        required: true
        schema:
          example: zAgrsaBe0wVGRugDYtdv
          type: string
        style: simple
      - description: "If `true`, removes the phone number as both a recovery method\
          \ and a Factor. This parameter is only used for the `sms` and `call` Factors."
        explode: true
        in: query
        name: removeRecoveryEnrollment
        required: false
        schema:
          default: false
          type: boolean
        style: form
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Unenroll a Factor
      tags:
      - UserFactor
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves an existing Factor for the specified user
      operationId: getFactor
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: ID of an existing user Factor
        explode: false
        in: path
        name: factorId
        required: true
        schema:
          example: zAgrsaBe0wVGRugDYtdv
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                SMS:
                  $ref: '#/components/examples/FactorResponseSms'
                Email:
                  $ref: '#/components/examples/FactorEmail'
              schema:
                $ref: '#/components/schemas/UserFactor'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: Retrieve a Factor
      tags:
      - UserFactor
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/factors/{factorId}/lifecycle/activate:
    post:
      description: |-
        Activates a Factor. Some Factors (`call`, `email`, `push`, `sms`, `token:software:totp`, `u2f`, and `webauthn`) require activation to complete the enrollment process.

        Okta enforces a rate limit of five activation attempts within five minutes. After a user exceeds the rate limit, Okta returns an error message.

        > **Note**: If the user exceeds their SMS, call, or email factor activate rate limit, then an OTP resend request (`/api/v1/users/${userId}}/factors/${factorId}/resend`) isn't allowed for the same Factor.
      operationId: activateFactor
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: ID of an existing user Factor
        explode: false
        in: path
        name: factorId
        required: true
        schema:
          example: zAgrsaBe0wVGRugDYtdv
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              token:software:totp:
                $ref: '#/components/examples/FactorPasscodeRequest'
              sms:
                $ref: '#/components/examples/FactorPasscodeRequest'
              call:
                $ref: '#/components/examples/FactorPasscodeRequest'
              email:
                $ref: '#/components/examples/FactorPasscodeRequest'
              u2f:
                $ref: '#/components/examples/ActivateFactorU2fRequest'
              webauthn:
                $ref: '#/components/examples/ActivateFactorWebauthnRequest'
            schema:
              $ref: '#/components/schemas/UserFactorActivateRequest'
        required: false
      responses:
        "200":
          content:
            application/json:
              examples:
                token:software:totp:
                  $ref: '#/components/examples/ActivateFactorTotpResponse'
                sms:
                  $ref: '#/components/examples/ActivateFactorSmsResponse'
                call:
                  $ref: '#/components/examples/ActivateFactorCallResponse'
                push:
                  $ref: '#/components/examples/ActivateFactorPushResponse'
                email:
                  $ref: '#/components/examples/ActivateFactorEmailResponse'
                u2f:
                  $ref: '#/components/examples/ActivateFactorU2fResponse'
                webauthn:
                  $ref: '#/components/examples/ActivateFactorWebauthnResponse'
              schema:
                $ref: '#/components/schemas/UserFactorActivateResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Activate a Factor
      tags:
      - UserFactor
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/{userId}/factors/{factorId}/resend:
    post:
      description: |-
        Resends an `sms`, `call`, or `email` factor challenge as part of an enrollment flow

        For `call` and `sms` factors, Okta enforces a rate limit of one OTP challenge per device every 30 seconds. You can configure your `sms` and `call` factors to use a third-party telephony provider. See the [Telephony inline hook reference](https://developer.okta.com/docs/reference/telephony-hook/). Okta round-robins between SMS providers with every resend request to help ensure delivery of an SMS and Call OTPs across different carriers.

        > **Note**: Resend operations aren't allowed after a factor exceeds the activation rate limit. See [Activate a Factor](./#tag/UserFactor/operation/activateFactor).
      operationId: resendEnrollFactor
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: ID of an existing user Factor
        explode: false
        in: path
        name: factorId
        required: true
        schema:
          example: zAgrsaBe0wVGRugDYtdv
          type: string
        style: simple
      - description: "ID of an existing custom SMS template. See the [SMS Templates\
          \ API](../Template). This parameter is only used by `sms` Factors."
        explode: true
        in: query
        name: templateId
        required: false
        schema:
          example: cstk2flOtuCMDJK4b0g3
          type: string
        style: form
      requestBody:
        content:
          application/json:
            examples:
              sms:
                value:
                  factorType: sms
                  provider: OKTA
                  profile:
                    phoneNumber: +1-555-415-1337
            schema:
              $ref: '#/components/schemas/ResendUserFactor'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                sms:
                  $ref: '#/components/examples/EnrollFactorSmsResponse'
              schema:
                $ref: '#/components/schemas/ResendUserFactor'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Resend a Factor enrollment
      tags:
      - UserFactor
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/{userId}/factors/{factorId}/transactions/{transactionId}:
    get:
      description: Retrieves the status of a `push` Factor verification transaction
      operationId: getFactorTransactionStatus
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: ID of an existing user Factor
        explode: false
        in: path
        name: factorId
        required: true
        schema:
          example: zAgrsaBe0wVGRugDYtdv
          type: string
        style: simple
      - description: ID of an existing Factor verification transaction
        explode: false
        in: path
        name: transactionId
        required: true
        schema:
          example: gPAQcN3NDjSGOCAeG2Jv
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                WAITING:
                  $ref: '#/components/examples/UserFactorVerifyPushTransactionWaiting'
                SUCCESS:
                  $ref: '#/components/examples/UserFactorVerifyPushTransactionApproved'
                REJECTED:
                  $ref: '#/components/examples/UserFactorVerifyPushTransactionRejected'
                TIMEOUT:
                  $ref: '#/components/examples/UserFactorVerifyPushTransactionTimeout'
              schema:
                $ref: '#/components/schemas/UserFactorPushTransaction'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: Retrieve a Factor transaction status
      tags:
      - UserFactor
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/factors/{factorId}/verify:
    post:
      description: |-
        Verifies an OTP for a Factor. Some Factors (`call`, `email`, `push`, `sms`, `u2f`, and `webauthn`) must first issue a challenge before you can verify the Factor. Do this by making a request without a body. After a challenge is issued, make another request to verify the Factor.

        **Note**: To verify a `push` factor, use the **poll** link returned when you issue the challenge. See [Retrieve a Factor Transaction Status](/openapi/okta-management/management/tag/UserFactor/#tag/UserFactor/operation/getFactorTransactionStatus).
      operationId: verifyFactor
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: ID of an existing user Factor
        explode: false
        in: path
        name: factorId
        required: true
        schema:
          example: zAgrsaBe0wVGRugDYtdv
          type: string
        style: simple
      - description: "ID of an existing custom SMS template. See the [SMS Templates\
          \ API](../Template). This parameter is only used by `sms` Factors."
        explode: true
        in: query
        name: templateId
        required: false
        schema:
          example: cstk2flOtuCMDJK4b0g3
          type: string
        style: form
      - description: Defines how long the token remains valid
        explode: true
        in: query
        name: tokenLifetimeSeconds
        required: false
        schema:
          default: 300
          format: int32
          maximum: 86400
          minimum: 1
          type: integer
        style: form
        x-okta-added-version: 1.3.0
      - description: Public IP address for the user agent
        explode: false
        in: header
        name: X-Forwarded-For
        required: false
        schema:
          type: string
        style: simple
        x-okta-added-version: 1.11.0
      - description: Type of user agent detected when the request is made. Required
          to verify `push` Factors.
        explode: false
        in: header
        name: User-Agent
        required: false
        schema:
          type: string
        style: simple
        x-okta-added-version: 1.11.0
      - description: "An ISO 639-1 two-letter language code that defines a localized\
          \ message to send. This parameter is only used by `sms` Factors. If a localized\
          \ message doesn't exist or the `templateId` is incorrect, the default template\
          \ is used instead."
        explode: false
        in: header
        name: Accept-Language
        required: false
        schema:
          example: fr
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              sms verify:
                $ref: '#/components/examples/FactorPasscodeRequest'
              call verify:
                $ref: '#/components/examples/FactorPasscodeRequest'
              email verify:
                $ref: '#/components/examples/FactorPasscodeRequest'
              u2f verify:
                $ref: '#/components/examples/UserFactorVerifyU2fRequest'
              webAuthn verify:
                $ref: '#/components/examples/UserFactorVerifyWebauthnRequest'
              security question verify:
                $ref: '#/components/examples/UserFactorVerifySecurityQuestionRequest'
              totp verify:
                $ref: '#/components/examples/FactorPasscodeRequest'
              token verify:
                $ref: '#/components/examples/FactorPasscodeRequest'
              yubikey verify:
                $ref: '#/components/examples/FactorPasscodeRequest'
            schema:
              $ref: '#/components/schemas/UserFactorVerifyRequest'
        description: "Some Factors (`call`, `email`, `push`, `sms`, `u2f`, and `webauthn`)\
          \ must first issue a challenge before you can verify the Factor. Do this\
          \ by making a request without a body. After a challenge is issued, make\
          \ another request to verify the Factor."
        required: false
      responses:
        "200":
          content:
            application/json:
              examples:
                sms challenge:
                  $ref: '#/components/examples/UserFactorChallengeSmsResponse'
                sms verify:
                  $ref: '#/components/examples/UserFactorVerifySuccessSmsResponse'
                call challenge:
                  $ref: '#/components/examples/UserFactorChallengeCallResponse'
                call verify:
                  $ref: '#/components/examples/UserFactorVerifyCallSuccessResponse'
                push challenge:
                  $ref: '#/components/examples/UserFactorChallengePushResponse'
                email challenge:
                  $ref: '#/components/examples/UserFactorChallengeEmailResponse'
                email verify:
                  $ref: '#/components/examples/UserFactorVerifyEmailSuccessResponse'
                u2f challenge:
                  $ref: '#/components/examples/UserFactorChallengeU2fResponse'
                u2f verify:
                  $ref: '#/components/examples/UserFactorVerifyU2fResponse'
                webAuthn challenge:
                  $ref: '#/components/examples/UserFactorChallengeWebauthnResponse'
                webAuthn verify:
                  $ref: '#/components/examples/UserFactorVerifyWebauthnResponse'
                security question verify:
                  $ref: '#/components/examples/UserFactorVerifySuccessSqResponse'
                totp verify:
                  $ref: '#/components/examples/UserFactorVerifySuccessTotpResponse'
                token verify:
                  $ref: '#/components/examples/UserFactorVerifySuccessTokenResponse'
                yubikey verify:
                  $ref: '#/components/examples/UserFactorVerifySuccessYubikeyResponse'
              schema:
                $ref: '#/components/schemas/UserFactorVerifyResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Verify a Factor
      tags:
      - UserFactor
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/{userId}/grants:
    delete:
      description: Revokes all Grants for a specified User
      operationId: revokeUserGrants
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Revoke all User Grants
      tags:
      - UserGrant
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Lists all Grants for the specified user
      operationId: listUserGrants
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The scope ID to filter on
        explode: true
        in: query
        name: scopeId
        required: false
        schema:
          type: string
        style: form
      - description: "Valid value: `scope`. If specified, scope details are included\
          \ in the `_embedded` attribute."
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: scope
          type: string
        style: form
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: Specifies the number of grants to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          maximum: 200
          minimum: 1
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all User Grants
      tags:
      - UserGrant
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/grants/{grantId}:
    delete:
      description: Revokes one Grant for a specified User
      operationId: revokeUserGrant
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: Grant ID
        explode: false
        in: path
        name: grantId
        required: true
        schema:
          example: iJoqkwx50mrgX4T9LcaH
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Revoke a User Grant
      tags:
      - UserGrant
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a Grant for the specified User
      operationId: getUserGrant
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: Grant ID
        explode: false
        in: path
        name: grantId
        required: true
        schema:
          example: iJoqkwx50mrgX4T9LcaH
          type: string
        style: simple
      - description: "Valid value: `scope`. If specified, scope details are included\
          \ in the `_embedded` attribute."
        explode: true
        in: query
        name: expand
        required: false
        schema:
          example: scope
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OAuth2ScopeConsentGrant'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: Retrieve a User Grant
      tags:
      - UserGrant
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/groups:
    get:
      description: Lists all Groups of which the User is a member
      operationId: listUserGroups
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                List User Groups:
                  $ref: '#/components/examples/ListUserGroups'
              schema:
                items:
                  $ref: '#/components/schemas/Group'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all Groups
      tags:
      - UserResources
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/idps:
    get:
      description: Lists the IdPs associated with the User
      operationId: listUserIdentityProviders
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                MultipleIdPsResponse:
                  $ref: '#/components/examples/MultipleIdPsResponse'
              schema:
                items:
                  $ref: '#/components/schemas/IdentityProvider'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all Identity Providers for User
      tags:
      - IdentityProviderUsers
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/lifecycle/activate:
    post:
      description: |-
        Activates a User.

        This operation can only be performed on Users with a `STAGED` or `DEPROVISIONED` status. Activation of a User is an asynchronous operation.
        * The User will have the `transitioningToStatus` property with an `ACTIVE` value during activation to indicate that the user hasn't completed the asynchronous operation.
        * The User will have an `ACTIVE` status when the activation process completes.

        Users who don't have a password must complete the welcome flow by visiting the activation link to complete the transition to `ACTIVE` status.

        > **Note:** If you want to send a branded User Activation email, change the subdomain of your request to the custom domain that's associated with the brand.
        > For example, change `subdomain.okta.com` to `custom.domain.one`. See [Multibrand and custom domains](https://developer.okta.com/docs/concepts/brands/#multibrand-and-custom-domains).

        > **Note:** If you have Optional Password enabled, visiting the activation link is optional for users who aren't required to enroll a password.
        > See [Create user with Optional Password enabled](https://developer.okta.com/docs/reference/api/users/#create-user-with-optional-password-enabled).

        > **Legal disclaimer**
        > After a user is added to the Okta directory, they receive an activation email. As part of signing up for this service,
        > you agreed not to use Okta's service/product to spam and/or send unsolicited messages.
        > Please refrain from adding unrelated accounts to the directory as Okta is not responsible for, and disclaims any and all
        > liability associated with, the activation email's content. You, and you alone, bear responsibility for the emails sent to any recipients.
      operationId: activateUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: Sends an activation email to the user if `true`
        explode: true
        in: query
        name: sendEmail
        required: false
        schema:
          default: true
          type: boolean
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserActivationToken'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Activate a User
      tags:
      - UserLifecycle
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/lifecycle/deactivate:
    post:
      description: |-
        Deactivates a User.

        This operation can only be performed on Users that do not have a `DEPROVISIONED` status.
        * The User's `transitioningToStatus` property is `DEPROVISIONED` during deactivation to indicate that the user hasn't completed the asynchronous operation.
        * The User's status is `DEPROVISIONED` when the deactivation process is complete.

        > **Important:** Deactivating a User is a **destructive** operation. The User is deprovisioned from all assigned apps, which might destroy their data such as email or files.
        **This action cannot be recovered!**

        You can also perform user deactivation asynchronously. To invoke asynchronous user deactivation, pass an HTTP header `Prefer: respond-async` with the request.
      operationId: deactivateUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: Sends a deactivation email to the admin if `true`
        explode: true
        in: query
        name: sendEmail
        required: false
        schema:
          default: false
          type: boolean
        style: form
        x-okta-added-version: 1.5.0
      - description: Request asynchronous processing
        explode: false
        in: header
        name: Prefer
        required: false
        schema:
          enum:
          - respond-async
          type: string
        style: simple
      responses:
        "200":
          content: {}
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Deactivate a User
      tags:
      - UserLifecycle
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/lifecycle/expire_password:
    post:
      description: |-
        Expires the password. This operation transitions the User status to `PASSWORD_EXPIRED` so that the User must change their password the next time that they sign in.
        

        If you have integrated Okta with your on-premises Active Directory (AD), then setting a User's Password as expired in Okta also expires the Password in AD.
        When the User tries to sign in to Okta, delegated authentication finds the password-expired status in AD,
        and the User is presented with the password-expired page where they can change their Password.
      operationId: expirePassword
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Expire Password Response:
                  $ref: '#/components/examples/ExpirePwdResponse'
              schema:
                $ref: '#/components/schemas/User'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Expire Password
      tags:
      - UserCred
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/lifecycle/expire_password_with_temp_password:
    post:
      description: |-
        Expires the password and resets the User's Password to a temporary password. This operation transitions the User status to `PASSWORD_EXPIRED` so that the User must change their password the next time that they sign in.
        User's Password is reset to a temporary password that is returned, and then the User's Password is expired.
        If `revokeSessions` is included in the request with a value of `true`, the User's current outstanding sessions are revoked and require re-authentication.
        

        If you have integrated Okta with your on-premises Active Directory (AD), then setting a User's Password as expired in Okta also expires the Password in AD.
        When the User tries to sign in to Okta, delegated authentication finds the password-expired status in AD,
        and the User is presented with the password-expired page where they can change their Password.
      operationId: expirePasswordWithTempPassword
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: Revokes the User's existing sessions if `true`
        explode: true
        in: query
        name: revokeSessions
        required: false
        schema:
          default: false
          type: boolean
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Expire Password with Temp Password Response:
                  $ref: '#/components/examples/ExpirePwdWithTempPwdResponse'
              schema:
                $ref: '#/components/schemas/User'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Expire Password with temporary password
      tags:
      - UserCred
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/lifecycle/reset_factors:
    post:
      description: Resets all factors for the specified User. All MFA factor enrollments
        return to the unenrolled state. The User's status remains `ACTIVE`. This link
        is present only if the User is currently enrolled in one or more MFA factors.
      operationId: resetFactors
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content: {}
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Reset Factors
      tags:
      - UserLifecycle
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/lifecycle/reset_password:
    post:
      description: |-
        Resets password. Generates a one-time token (OTT) that you can use to reset a User's password. You can automatically email the OTT link to the User or return the OTT to the API caller and distribute using a custom flow.

        This operation transitions the User to the `RECOVERY` status. The User is then not able to sign in or initiate a forgot password flow until they complete the reset flow.

        This operation provides an option to delete all the User's sessions. However, if the request is made in the context of a session owned by the specified User, that session isn't cleared.
        > **Note:** You can also use this API to convert a User with the Okta Credential Provider to use a Federated Provider. After this conversion, the User can't directly sign in with a password.
        > To convert a federated User back to an Okta User, use the default API call.

        If an email address is associated with multiple Users, keep in mind the following to ensure a successful password recovery lookup:
          * Okta no longer includes deactivated Users in the lookup.
          * The lookup searches sign-in IDs first, then primary email addresses, and then secondary email addresses.
          If `sendEmail` is `false`, returns a link for the User to reset their password.
      operationId: resetPassword
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - explode: true
        in: query
        name: sendEmail
        required: true
        schema:
          type: boolean
        style: form
      - description: "Revokes all User sessions, except for the current session, if\
          \ set to `true`"
        explode: true
        in: query
        name: revokeSessions
        required: false
        schema:
          default: false
          type: boolean
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Reset Password without Sending Email Response:
                  $ref: '#/components/examples/ResetPwdWithoutSendingEmailResponse'
              schema:
                $ref: '#/components/schemas/ResetPasswordToken'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Reset password
      tags:
      - UserCred
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/lifecycle/suspend:
    post:
      description: |-
        Suspends a user. This operation can only be performed on Users with an `ACTIVE` status.  The User has a  `SUSPENDED` status when the process completes.

        Suspended users can't sign in to Okta. They can only be unsuspended or deactivated. Their group and app assignments are retained.
      operationId: suspendUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content: {}
          description: OK
        "400":
          content:
            application/json:
              examples:
                MissingRequiredParameter:
                  $ref: '#/components/examples/ErrorMissingRequiredParameter'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Suspend a User
      tags:
      - UserLifecycle
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/lifecycle/unlock:
    post:
      description: |-
        Unlocks a User with a `LOCKED_OUT` status or unlocks a User with an `ACTIVE` status that is blocked from unknown devices. Unlocked Users have an `ACTIVE` status and can sign in with their current password.
        > **Note:** This operation works with Okta-sourced users. It doesn't support directory-sourced accounts such as Active Directory.
      operationId: unlockUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content: {}
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Unlock a User
      tags:
      - UserLifecycle
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/lifecycle/unsuspend:
    post:
      description: Unsuspends a user and returns them to the `ACTIVE` state. This
        operation can only be performed on users that have a `SUSPENDED` status.
      operationId: unsuspendUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content: {}
          description: Success
        "400":
          content:
            application/json:
              examples:
                MissingRequiredParameter:
                  $ref: '#/components/examples/ErrorMissingRequiredParameter'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Unsuspend a User
      tags:
      - UserLifecycle
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/roles:
    get:
      description: Lists all roles assigned to a User (identified by `userId`)
      operationId: listAssignedRolesForUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: "An optional parameter used to return targets configured for\
          \ the standard Role Assignment in the `embedded` property. Supported values:\
          \ `targets/groups` or `targets/catalog/apps`"
        examples:
          groupTarget:
            summary: Return Group targets
            value: targets/groups
          appTarget:
            summary: Return App targets
            value: targets/catalog/apps
        explode: true
        in: query
        name: expand
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                Standard Roles:
                  $ref: '#/components/examples/StandardRolesListResponse'
                Custom Roles:
                  $ref: '#/components/examples/StandardAndCustomRolesListResponse'
                IAM-based Standard Roles:
                  $ref: '#/components/examples/IAMStandardRolesListResponse'
              schema:
                items:
                  $ref: '#/components/schemas/listGroupAssignedRoles_200_response_inner'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all User Role Assignments
      tags:
      - RoleAssignmentAUser
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Assigns a [standard role](/openapi/okta-management/guides/roles/#standard-roles) to a User.

        You can also assign a custom role to a User, but the preferred method to assign a custom role to a User is to create a binding between the Custom Role, the Resource Set, and the User. See [Create a Role Resource Set Binding](/openapi/okta-management/management/tag/RoleDResourceSetBinding/#tag/RoleDResourceSetBinding/operation/createResourceSetBinding).

        > **Notes:**
        > * The request payload is different for standard and custom role assignments.
        > * For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response.
      operationId: assignRoleToUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: Setting this to `true` grants the User third-party admin status
        explode: true
        in: query
        name: disableNotifications
        required: false
        schema:
          default: false
          type: boolean
        style: form
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/assignRoleToUser_request'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                Standard Roles:
                  $ref: '#/components/examples/StandardRoleResponseUser'
                Custom Roles:
                  $ref: '#/components/examples/CustomRoleResponseUser'
                IAM-based Standard Roles:
                  $ref: '#/components/examples/IAMStandardRoleResponseUser'
              schema:
                $ref: '#/components/schemas/assignRoleToUser_201_response'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign a User Role
      tags:
      - RoleAssignmentAUser
      x-codegen-request-body-name: assignRoleRequest
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/users/{userId}/roles/{roleAssignmentId}:
    delete:
      description: Unassigns a Role Assignment (identified by `roleAssignmentId`)
        from a User (identified by `userId`)
      operationId: unassignRoleFromUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign a User Role
      tags:
      - RoleAssignmentAUser
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a Role assigned to a User (identified by `userId`). The
        `roleAssignmentId` parameter is the unique identifier for either a standard
        Role Assignment object or a custom role Resource Set Binding object.
      operationId: getUserAssignedRole
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Standard Roles:
                  $ref: '#/components/examples/StandardRoleResponseUser'
                Custom Roles:
                  $ref: '#/components/examples/CustomRoleResponseUser'
                IAM-based Standard Roles:
                  $ref: '#/components/examples/IAMStandardRoleResponseUser'
              schema:
                $ref: '#/components/schemas/listGroupAssignedRoles_200_response_inner'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: Retrieve a User Role Assignment
      tags:
      - RoleAssignmentAUser
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/roles/{roleAssignmentId}/governance: {}
  /api/v1/users/{userId}/roles/{roleAssignmentId}/governance/{grantId}: {}
  /api/v1/users/{userId}/roles/{roleAssignmentId}/governance/{grantId}/resources: {}
  /api/v1/users/{userId}/roles/{roleAssignmentId}/targets/catalog/apps:
    get:
      description: "Lists all app targets for an `APP_ADMIN` Role Assigned to a User.\
        \ The response is a list that includes OIN-cataloged apps or app instances.\
        \ The response payload for an app instance contains the `id` property, but\
        \ an OIN-cataloged app payload doesn't."
      operationId: listApplicationTargetsForApplicationAdministratorRoleForUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/CatalogApplication'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Admin Role Application Targets
      tags:
      - RoleBTargetAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Assigns all Apps as Target to Role
      operationId: assignAllAppsAsTargetToRoleForUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      responses:
        "200":
          content: {}
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign all Apps as Target to Role
      tags:
      - RoleBTargetAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/roles/{roleAssignmentId}/targets/catalog/apps/{appName}:
    delete:
      description: |
        Unassigns an OIN app target from an `APP_ADMIN` Role Assignment to an admin User.

        > **Note:** You can't remove the last OIN app target from a Role Assignment since this causes an exception.
        > If you need a Role Assignment that applies to all apps, delete the `APP_ADMIN` Role Assignment to the User and recreate a new one.
      operationId: unassignAppTargetFromAppAdminRoleForUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign an Admin Role Application Target
      tags:
      - RoleBTargetAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |
        Assigns an OIN app target for an `APP_ADMIN` Role Assignment to an admin User. When you assign the first app target, you reduce the scope of the Role Assignment.
        The Role no longer applies to all app targets, but applies only to the specified target. Assigning an OIN app target overrides any existing app instance targets of the OIN app.
        For example, if a user was assigned to administer a specific Facebook instance, a successful request to add an OIN app target with `facebook` for `appName` makes that user the administrator for all Facebook instances.
      operationId: assignAppTargetToAdminRoleForUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign an Admin Role Application Target
      tags:
      - RoleBTargetAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/roles/{roleAssignmentId}/targets/catalog/apps/{appName}/{appId}:
    delete:
      description: |-
        Unassigns an app instance target from an `APP_ADMIN` Role Assignment to an admin User.

        > **Note:** You can't remove the last app instance target from a Role Assignment since this causes an exception.
        > If you need a Role Assignment that applies to all apps, delete the `APP_ADMIN` Role Assignment and recreate a new one.
      operationId: unassignAppInstanceTargetFromAdminRoleForUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign an Admin Role Application Instance Target
      tags:
      - RoleBTargetAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: "Assigns an app instance target to an `APP_ADMIN` Role Assignment\
        \ to an admin User. When you assign the first OIN app or app instance target,\
        \ you reduce the scope of the Role Assignment.\nThe Role no longer applies\
        \ to all app targets, but applies only to the specified target.\n        \
        \     \n> **Note:** You can target a mixture of both OIN app and app instance\
        \ targets, but can't assign permissions to manage all instances of an OIN\
        \ app and then assign a subset of permission to the same OIN app.\n> For example,\
        \ you can't specify that an admin has access to manage all instances of the\
        \ Salesforce app and then also manage specific configurations of the Salesforce\
        \ app.\n"
      operationId: assignAppInstanceTargetToAppAdminRoleForUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign an Admin Role Application Instance Target
      tags:
      - RoleBTargetAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/roles/{roleAssignmentId}/targets/groups:
    get:
      description: |
        Lists all Group targets for a `USER_ADMIN`, `HELP_DESK_ADMIN`, or `GROUP_MEMBERSHIP_ADMIN` Role Assignment to an admin User.
        If the Role isn't scoped to specific Group targets, an empty array `[]` is returned.
      operationId: listGroupTargetsForRole
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          format: int32
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/Group'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Admin Role Group Targets
      tags:
      - RoleBTargetAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/roles/{roleAssignmentId}/targets/groups/{groupId}:
    delete:
      description: |
        Unassigns a Group target from a `USER_ADMIN`, `HELP_DESK_ADMIN`, or `GROUP_MEMBERSHIP_ADMIN` Role Assignment to an admin User.

        > **Note:** You can't remove the last Group target from a Role Assignment since this causes an exception.
        > If you need a Role Assignment that applies to all Groups, delete the Role Assignment to the User and recreate a new one.
      operationId: unassignGroupTargetFromUserAdminRole
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign an Admin Role Group Target
      tags:
      - RoleBTargetAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |
        Assigns a Group target for a `USER_ADMIN`, `HELP_DESK_ADMIN`, or `GROUP_MEMBERSHIP_ADMIN` Role Assignment to an admin User.
        When you assign the first Group target, you reduce the scope of the Role Assignment. The Role no longer applies to all targets but applies only to the specified target.
      operationId: assignGroupTargetToUserRole
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign an Admin Role Group Target
      tags:
      - RoleBTargetAdmin
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/sessions:
    delete:
      description: |-
        Revokes all active Identity Provider sessions of the User. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the User.
        > **Note:** This operation doesn't clear the sessions created for web or native apps.
      operationId: revokeUserSessions
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: Revoke issued OpenID Connect and OAuth refresh and access tokens
        explode: true
        in: query
        name: oauthTokens
        required: false
        schema:
          default: false
          type: boolean
        style: form
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Revoke all User sessions
      tags:
      - UserSessions
      x-okta-lifecycle:
        isCorsEnabled: true
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/subscriptions:
    get:
      description: Lists all subscriptions available to a specified User. Returns
        an `AccessDeniedException` message if requests are made for another user.
      operationId: listSubscriptionsUser
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/Subscription'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all Subscriptions for a User
      tags:
      - Subscription
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/subscriptions/{notificationType}:
    get:
      description: Retrieves a subscription by `notificationType` for a specified
        User. Returns an `AccessDeniedException` message if requests are made for
        another user.
      operationId: getSubscriptionsNotificationTypeUser
      parameters:
      - explode: false
        in: path
        name: notificationType
        required: true
        schema:
          $ref: '#/components/schemas/NotificationType'
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Subscription'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: Retrieve a Subscription for a User
      tags:
      - Subscription
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/subscriptions/{notificationType}/subscribe:
    post:
      description: Subscribes the current User to a specified notification type. Returns
        an `AccessDeniedException` message if requests are made for another user.
      operationId: subscribeByNotificationTypeUser
      parameters:
      - explode: false
        in: path
        name: notificationType
        required: true
        schema:
          $ref: '#/components/schemas/NotificationType'
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Subscribe a User to a Specific Notification Type
      tags:
      - Subscription
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/users/{userId}/subscriptions/{notificationType}/unsubscribe:
    post:
      description: Unsubscribes the current User from a specified notification type.
        Returns an `AccessDeniedException` message if requests are made for another
        user.
      operationId: unsubscribeByNotificationTypeUser
      parameters:
      - explode: false
        in: path
        name: notificationType
        required: true
        schema:
          $ref: '#/components/schemas/NotificationType'
        style: simple
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Unsubscribe a User from a Specific Notification Type
      tags:
      - Subscription
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/zones:
    get:
      description: |-
        Lists all Network Zones with pagination. A subset of zones can be returned that match a supported filter expression or query.

        This operation requires URL encoding. For example, `filter=(id eq "nzoul0wf9jyb8xwZm0g3" or id eq "nzoul1MxmGN18NDQT0g3")` is encoded as `filter=%28id+eq+%22nzoul0wf9jyb8xwZm0g3%22+or+id+eq+%22nzoul1MxmGN18NDQT0g3%22%29`.

        Okta supports filtering on the `id` and `usage` properties. See [Filtering](https://developer.okta.com/docs/reference/core-okta-api/#filter) for more information on the expressions that are used in filtering.
      operationId: listNetworkZones
      parameters:
      - explode: true
        in: query
        name: after
        required: false
        schema:
          description: Specifies the pagination cursor for the next page of Network
            Zones
          example: BlockedIpZones
          type: string
        style: form
      - explode: true
        in: query
        name: limit
        required: false
        schema:
          default: -1
          description: Specifies the number of results for a page
          example: 5
          format: int32
          type: integer
        style: form
      - explode: true
        in: query
        name: filter
        required: false
        schema:
          description: Filters zones by usage or ID expression
          example: id eq "nzowc1U5Jh5xuAK0o0g3"
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                RetrieveAllZonesWithFilter:
                  $ref: '#/components/examples/RetrieveAllZonesWithFilter'
                RetrieveAllZones:
                  $ref: '#/components/examples/RetrieveAllZones'
              schema:
                items:
                  $ref: '#/components/schemas/NetworkZone'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.networkZones.read
      summary: List all Network Zones
      tags:
      - NetworkZone
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Creates a Network Zone
        * For an IP Network Zone, you must define either `gateways` or `proxies`.
        * For a Dynamic Network Zone, you must define at least one of the following: `asns`, `locations`, or `proxyType`.
        * For an Enhanced Dynamic Network Zone, you must define at least one of the following: `asns`, `locations`, or `ipServiceCategories`.
      operationId: createNetworkZone
      requestBody:
        content:
          application/json:
            examples:
              CreateIPPolicyNetworkZone:
                $ref: '#/components/examples/CreateIPPolicyNetworkZone'
              CreateIPPolicyBlocklistNetworkZone:
                $ref: '#/components/examples/CreateIPPolicyBlockListNetworkZone'
              CreateEDNetworkZone:
                $ref: '#/components/examples/CreateEDNZRequest'
            schema:
              $ref: '#/components/schemas/NetworkZone'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                CreateIPPolicyNetworkZone:
                  $ref: '#/components/examples/CreateIPPolicyNetworkZoneResponse'
                CreateIPPolicyBlocklistNetworkZone:
                  $ref: '#/components/examples/CreateIPPolicyBlockListNetworkZoneResponse'
                CreateEDNetworkZone:
                  $ref: '#/components/examples/CreateEDNZResponse'
              schema:
                $ref: '#/components/schemas/NetworkZone'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/NzErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.networkZones.manage
      summary: Create a Network Zone
      tags:
      - NetworkZone
      x-codegen-request-body-name: zone
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/zones/{zoneId}:
    delete:
      description: |-
        Deletes a Network Zone by `zoneId`
        > **Notes:**
        > * You can't delete a Network Zone that's used by a [Policy](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/) or [Rule](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Policy/#tag/Policy/operation/listPolicyRules).
        > * For Okta Identity Engine orgs, you can't delete a Network Zone with an ACTIVE `status`. 
      operationId: deleteNetworkZone
      parameters:
      - description: '`id` of the Network Zone'
        example: nzowc1U5Jh5xuAK0o0g3
        explode: false
        in: path
        name: zoneId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/NzErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.networkZones.manage
      summary: Delete a Network Zone
      tags:
      - NetworkZone
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a Network Zone by `zoneId`
      operationId: getNetworkZone
      parameters:
      - description: '`id` of the Network Zone'
        example: nzowc1U5Jh5xuAK0o0g3
        explode: false
        in: path
        name: zoneId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                RetrieveNetworkZoneIP:
                  $ref: '#/components/examples/RetrieveNetworkZoneIP'
                RetrieveNetworkZoneDynamic:
                  $ref: '#/components/examples/RetrieveNetworkZoneDynamic'
                RetrieveNetworkZoneEnhancedDynamic:
                  $ref: '#/components/examples/CreateEDNZResponse'
              schema:
                $ref: '#/components/schemas/NetworkZone'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/NzErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.networkZones.read
      summary: Retrieve a Network Zone
      tags:
      - NetworkZone
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |-
        Replaces a Network Zone by `zoneId`. The replaced Network Zone type must be the same as the existing type.
        You can replace the usage (`POLICY`, `BLOCKLIST`) of a Network Zone by updating the `usage` attribute.
      operationId: replaceNetworkZone
      parameters:
      - description: '`id` of the Network Zone'
        example: nzowc1U5Jh5xuAK0o0g3
        explode: false
        in: path
        name: zoneId
        required: true
        schema:
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              ReplaceNetworkZone:
                $ref: '#/components/examples/ReplaceNetworkZone'
            schema:
              $ref: '#/components/schemas/NetworkZone'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                ReplaceNetworkZone:
                  $ref: '#/components/examples/ReplaceNetworkZoneResponse'
              schema:
                $ref: '#/components/schemas/NetworkZone'
          description: Success
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/NzErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/NzErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.networkZones.manage
      summary: Replace a Network Zone
      tags:
      - NetworkZone
      x-codegen-request-body-name: zone
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /api/v1/zones/{zoneId}/lifecycle/activate:
    post:
      description: Activates a Network Zone by `zoneId`
      operationId: activateNetworkZone
      parameters:
      - description: '`id` of the Network Zone'
        example: nzowc1U5Jh5xuAK0o0g3
        explode: false
        in: path
        name: zoneId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                ActivateNetworkZone:
                  $ref: '#/components/examples/ActivateNetworkZone'
              schema:
                $ref: '#/components/schemas/NetworkZone'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/NzErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.networkZones.manage
      summary: Activate a Network Zone
      tags:
      - NetworkZone
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /api/v1/zones/{zoneId}/lifecycle/deactivate:
    post:
      description: Deactivates a Network Zone by `zoneId`
      operationId: deactivateNetworkZone
      parameters:
      - description: '`id` of the Network Zone'
        example: nzowc1U5Jh5xuAK0o0g3
        explode: false
        in: path
        name: zoneId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                DeactivateNetworkZone:
                  $ref: '#/components/examples/DeactivateNetworkZone'
              schema:
                $ref: '#/components/schemas/NetworkZone'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/NzErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.networkZones.manage
      summary: Deactivate a Network Zone
      tags:
      - NetworkZone
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /attack-protection/api/v1/authenticator-settings:
    get:
      description: Retrieves the Authenticator Settings for an org
      operationId: getAuthenticatorSettings
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/AttackProtectionAuthenticatorSettings'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: Retrieve the Authenticator Settings
      tags:
      - AttackProtection
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    put:
      description: Replaces the Authenticator Settings for an org
      operationId: replaceAuthenticatorSettings
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AttackProtectionAuthenticatorSettings'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AttackProtectionAuthenticatorSettings'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Replace the Authenticator Settings
      tags:
      - AttackProtection
      x-codegen-request-body-name: authenticatorSettings
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /attack-protection/api/v1/user-lockout-settings:
    get:
      description: Retrieves the User Lockout Settings for an org
      operationId: getUserLockoutSettings
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/UserLockoutSettings'
                type: array
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: Retrieve the User Lockout Settings
      tags:
      - AttackProtection
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: Replaces the User Lockout Settings for an org
      operationId: replaceUserLockoutSettings
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserLockoutSettings'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserLockoutSettings'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Replace the User Lockout Settings
      tags:
      - AttackProtection
      x-codegen-request-body-name: lockoutSettings
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /device-access/api/v1/desktop-mfa/recovery-pin-settings:
    get:
      description: "Retrieves the status of the Desktop MFA Recovery PIN feature.\
        \ That is, whether or not the feature is enabled for your org."
      operationId: getDesktopMFARecoveryPinOrgSetting
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DesktopMFARecoveryPinOrgSetting'
          description: OK
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.read
      summary: Retrieve the Desktop MFA Recovery PIN Org setting
      tags:
      - DeviceAccess
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
    put:
      description: Replaces the Desktop MFA Recovery PIN feature for your org
      operationId: replaceDesktopMFARecoveryPinOrgSetting
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DesktopMFARecoveryPinOrgSetting'
        required: true
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DesktopMFARecoveryPinOrgSetting'
          description: OK
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "403":
          content:
            application/json:
              examples:
                Access Denied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.orgs.manage
      summary: Replace the Desktop MFA Recovery PIN Org Setting
      tags:
      - DeviceAccess
      x-codegen-request-body-name: DesktopMFARecoveryPinOrgSetting
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /integrations/api/v1/api-services:
    get:
      description: Lists all API Service Integration instances with a pagination option
      operationId: listApiServiceIntegrationInstances
      parameters:
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      responses:
        "200":
          content:
            application/json:
              examples:
                APIServiceIntegrationResponseExample:
                  $ref: '#/components/examples/APIServiceIntegrationListResponse'
              schema:
                items:
                  $ref: '#/components/schemas/APIServiceIntegrationInstance'
                type: array
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.oauthIntegrations.read
      summary: List all API Service Integration instances
      tags:
      - ApiServiceIntegrations
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates and authorizes an API Service Integration instance
      operationId: createApiServiceIntegrationInstance
      requestBody:
        content:
          application/json:
            examples:
              postAPIServiceIntegrationRequestExample:
                $ref: '#/components/examples/postAPIServiceIntegrationRequest'
            schema:
              $ref: '#/components/schemas/postAPIServiceIntegrationInstanceRequest'
        required: true
      responses:
        "201":
          content:
            application/json:
              examples:
                APIServiceIntegrationResponseExample:
                  $ref: '#/components/examples/postAPIServiceIntegrationResponse'
              schema:
                $ref: '#/components/schemas/postAPIServiceIntegrationInstance'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      summary: Create an API Service Integration instance
      tags:
      - ApiServiceIntegrations
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /integrations/api/v1/api-services/{apiServiceId}:
    delete:
      description: Deletes an API Service Integration instance by `id`. This operation
        also revokes access to scopes that were previously granted to this API Service
        Integration instance.
      operationId: deleteApiServiceIntegrationInstance
      parameters:
      - description: '`id` of the API Service Integration instance'
        example: 000lr2rLjZ6NsGn1P0g3
        explode: false
        in: path
        name: apiServiceId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.oauthIntegrations.manage
      summary: Delete an API Service Integration instance
      tags:
      - ApiServiceIntegrations
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves an API Service Integration instance by `id`
      operationId: getApiServiceIntegrationInstance
      parameters:
      - description: '`id` of the API Service Integration instance'
        example: 000lr2rLjZ6NsGn1P0g3
        explode: false
        in: path
        name: apiServiceId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                APIServiceIntegrationResponseExample:
                  $ref: '#/components/examples/APIServiceIntegrationResponse'
              schema:
                $ref: '#/components/schemas/APIServiceIntegrationInstance'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.oauthIntegrations.read
      summary: Retrieve an API Service Integration instance
      tags:
      - ApiServiceIntegrations
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets:
    get:
      description: Lists all client secrets for an API Service Integration instance
        by `apiServiceId`
      operationId: listApiServiceIntegrationInstanceSecrets
      parameters:
      - description: '`id` of the API Service Integration instance'
        example: 000lr2rLjZ6NsGn1P0g3
        explode: false
        in: path
        name: apiServiceId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                APIServiceIntegrationResponseExample:
                  $ref: '#/components/examples/APIServiceIntegrationInstanceSecretListResponse'
              schema:
                items:
                  $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
                type: array
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.oauthIntegrations.read
      summary: List all API Service Integration instance Secrets
      tags:
      - ApiServiceIntegrations
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: Creates an API Service Integration instance Secret object with
        a new active client secret. You can create up to two Secret objects. An error
        is returned if you attempt to create more than two Secret objects.
      operationId: createApiServiceIntegrationInstanceSecret
      parameters:
      - description: '`id` of the API Service Integration instance'
        example: 000lr2rLjZ6NsGn1P0g3
        explode: false
        in: path
        name: apiServiceId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "201":
          content:
            application/json:
              examples:
                newAPIServiceIntegrationInstanceSecretResponse:
                  $ref: '#/components/examples/newAPIServiceIntegrationInstanceSecretResponse'
              schema:
                $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
          description: Created
        "400":
          content:
            application/json:
              examples:
                APIValidationFailed:
                  $ref: '#/components/examples/ErrorApiValidationFailed'
              schema:
                $ref: '#/components/schemas/Error'
          description: Bad Request
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.oauthIntegrations.manage
      summary: Create an API Service Integration instance Secret
      tags:
      - ApiServiceIntegrations
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}:
    delete:
      description: Deletes an API Service Integration instance Secret by `secretId`.
        You can only delete an inactive Secret.
      operationId: deleteApiServiceIntegrationInstanceSecret
      parameters:
      - description: '`id` of the API Service Integration instance'
        example: 000lr2rLjZ6NsGn1P0g3
        explode: false
        in: path
        name: apiServiceId
        required: true
        schema:
          type: string
        style: simple
      - description: '`id` of the API Service Integration instance Secret'
        example: ocs2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: secretId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.oauthIntegrations.manage
      summary: Delete an API Service Integration instance Secret
      tags:
      - ApiServiceIntegrations
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}/lifecycle/activate:
    post:
      description: Activates an API Service Integration instance Secret by `secretId`
      operationId: activateApiServiceIntegrationInstanceSecret
      parameters:
      - description: '`id` of the API Service Integration instance'
        example: 000lr2rLjZ6NsGn1P0g3
        explode: false
        in: path
        name: apiServiceId
        required: true
        schema:
          type: string
        style: simple
      - description: '`id` of the API Service Integration instance Secret'
        example: ocs2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: secretId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                activeAPIServiceIntegrationInstanceSecretResponse:
                  $ref: '#/components/examples/activeAPIServiceIntegrationInstanceSecretResponse'
              schema:
                $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.oauthIntegrations.manage
      summary: Activate an API Service Integration instance Secret
      tags:
      - ApiServiceIntegrations
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /integrations/api/v1/api-services/{apiServiceId}/credentials/secrets/{secretId}/lifecycle/deactivate:
    post:
      description: Deactivates an API Service Integration instance Secret by `secretId`
      operationId: deactivateApiServiceIntegrationInstanceSecret
      parameters:
      - description: '`id` of the API Service Integration instance'
        example: 000lr2rLjZ6NsGn1P0g3
        explode: false
        in: path
        name: apiServiceId
        required: true
        schema:
          type: string
        style: simple
      - description: '`id` of the API Service Integration instance Secret'
        example: ocs2f4zrZbs8nUa7p0g4
        explode: false
        in: path
        name: secretId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                inactiveAPIServiceIntegrationInstanceSecretResponse:
                  $ref: '#/components/examples/inactiveAPIServiceIntegrationInstanceSecretResponse'
              schema:
                $ref: '#/components/schemas/APIServiceIntegrationInstanceSecret'
          description: OK
        "401":
          content:
            application/json:
              examples:
                InvalidTokenProvided:
                  $ref: '#/components/examples/ErrorInvalidTokenProvided'
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.oauthIntegrations.manage
      summary: Deactivate an API Service Integration instance Secret
      tags:
      - ApiServiceIntegrations
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /integrations/api/v1/submissions/{submissionId}: {}
  /integrations/api/v1/submissions/{submissionId}/submit: {}
  /integrations/api/v1/submissions/{submissionId}/testing: {}
  /oauth2/v1/clients/{clientId}/roles:
    get:
      description: Lists all roles assigned to a Client Application identified  by
        `clientId`
      operationId: listRolesForClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Standard Roles:
                  $ref: '#/components/examples/StandardRolesListResponseClient'
                Custom Roles:
                  $ref: '#/components/examples/CustomRolesListResponseClient'
                IAM-based Standard Roles:
                  $ref: '#/components/examples/IAMStandardRolesListResponseClient'
              schema:
                $ref: '#/components/schemas/listGroupAssignedRoles_200_response_inner'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Client Role Assignments
      tags:
      - RoleAssignmentClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    post:
      description: |-
        Assigns a [standard role](/openapi/okta-management/guides/roles/#standard-roles) to a Client Application.

        You can also assign a custom role to a Client Application, but the preferred method to assign a custom role to a client is to create a binding between the Custom Role, the Resource Set, and the Client Application. See [Create a Role Resource Set Binding](/openapi/okta-management/management/tag/RoleDResourceSetBinding/#tag/RoleDResourceSetBinding/operation/createResourceSetBinding).

        > **Notes:**
        > * The request payload is different for standard and custom role assignments.
        > * For IAM-based standard role assignments, use the request payload for standard roles. However, the response payload for IAM-based role assignments is similar to the custom role's assignment response.
      operationId: assignRoleToClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      requestBody:
        content:
          application/json:
            examples:
              Standard Role:
                $ref: '#/components/examples/StandardRoleAssignmentRequest'
              Custom Role Assignment:
                $ref: '#/components/examples/CustomRoleAssignmentRequest'
            schema:
              $ref: '#/components/schemas/assignRoleToGroup_request'
        required: true
      responses:
        "200":
          content:
            application/json:
              examples:
                Standard Role:
                  $ref: '#/components/examples/StandardRoleResponseClient'
                Custom Role Assignment:
                  $ref: '#/components/examples/CustomRoleResponseClient'
                IAM-based Role Assignment:
                  $ref: '#/components/examples/IAMStandardRolesListResponseClient'
              schema:
                $ref: '#/components/schemas/listGroupAssignedRoles_200_response_inner'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign a Client Role
      tags:
      - RoleAssignmentClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-content-type: application/json
      x-accepts:
      - application/json
  /oauth2/v1/clients/{clientId}/roles/{roleAssignmentId}:
    delete:
      description: Unassigns a Role Assignment (identified by `roleAssignmentId`)
        from a Client Application (identified by `clientId`)
      operationId: deleteRoleFromClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign a Client Role
      tags:
      - RoleAssignmentClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    get:
      description: Retrieves a Role Assignment (identified by `roleAssignmentId`)
        for a Client Application (identified by `clientId`)
      operationId: retrieveClientRole
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              examples:
                Standard Role:
                  $ref: '#/components/examples/StandardRoleResponseClient'
                Custom Role Assignment:
                  $ref: '#/components/examples/CustomRoleResponseClient'
                IAM-based Standard Role Assignment:
                  $ref: '#/components/examples/IAMStandardRoleResponseClient'
              schema:
                $ref: '#/components/schemas/listGroupAssignedRoles_200_response_inner'
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: Retrieve a Client Role
      tags:
      - RoleAssignmentClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /oauth2/v1/clients/{clientId}/roles/{roleAssignmentId}/targets/catalog/apps:
    get:
      description: Lists all OIN app targets for an `APP_ADMIN`  Role that's assigned
        to a client Application (by `clientId`).
      operationId: listAppTargetRoleToClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/CatalogApplication'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Client Role Application Targets
      tags:
      - RoleBTargetClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /oauth2/v1/clients/{clientId}/roles/{roleAssignmentId}/targets/catalog/apps/{appName}:
    delete:
      description: |-
        Unassigns an OIN app target for a Role Assignment to a client Application

        > **Note:** You can't remove the last OIN app target from a Role Assignment since operation causes an exception.
        > If you need a Role assignment that applies to all apps, delete the Role Assignment and recreate a new one. See [Unassign a Client Role](/openapi/okta-management/management/tag/RoleAssignmentClient/#tag/RoleAssignmentClient/operation/deleteRoleFromClient).
      operationId: removeAppTargetRoleFromClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign a Client Role Application Target
      tags:
      - RoleBTargetClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |-
        Assigns an OIN app target for an `APP_ADMIN` Role Assignment to a client Application. When you assign an app target from the OIN catalog, you reduce the scope of the Role Assignment.
        The Role applies to only app instances that are included in the specified OIN app target.

        An assigned OIN app target overrides any existing app instance targets.
        For example, if a user is assigned to administer a specific Facebook instance, a successful request to add an OIN app target with `facebook` for `appName` makes that user the administrator for all Facebook instances.
      operationId: assignAppTargetRoleToClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign a Client Role Application Target
      tags:
      - RoleBTargetClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /oauth2/v1/clients/{clientId}/roles/{roleAssignmentId}/targets/catalog/apps/{appName}/{appId}:
    delete:
      description: |-
        Unassigns an OIN app instance target from a Role Assignment to a client Application

        > **Note:** You can't remove the last app instance target from a Role Assignment since this causes an exception.
        > If you need a Role Assignment that applies to all the apps, delete the Role Assignment and recreate a new one.  See [Unassign a Client Role](/openapi/okta-management/management/tag/RoleAssignmentClient/#tag/RoleAssignmentClient/operation/deleteRoleFromClient).
      operationId: removeAppTargetInstanceRoleForClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign a Client Role Application Instance Target
      tags:
      - RoleBTargetClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: |-
        Assigns an app instance target to an `APP_ADMIN` Role Assignment to a client Application. When you assign the first OIN app or app instance target, you reduce the scope of the Role Assignment.
        The Role no longer applies to all app targets, but applies only to the specified target.

        > **Note:** You can target a mixture of both OIN app and app instance targets, but you can't assign permissions to manage all instances of an OIN app and then assign a subset of permissions to the same app.
        For example, you can't specify that an admin has access to manage all instances of the Salesforce app and then also manage only specific configurations of the Salesforce app.
      operationId: assignAppTargetInstanceRoleForClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: Application name for the app type
        explode: false
        in: path
        name: appName
        required: true
        schema:
          example: oidc_client
          type: string
        style: simple
      - description: Application ID
        explode: false
        in: path
        name: appId
        required: true
        schema:
          example: 0oafxqCAJWWGELFTYASJ
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign a Client Role Application Instance Target
      tags:
      - RoleBTargetClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /oauth2/v1/clients/{clientId}/roles/{roleAssignmentId}/targets/groups:
    get:
      description: "Lists all Group targets for a `USER_ADMIN`, `HELP_DESK_ADMIN`,\
        \ or `GROUP_MEMBERSHIP_ADMIN` Role Assignment to a client. If the Role isn't\
        \ scoped to specific Group targets, an empty array `[]` is returned."
      operationId: listGroupTargetRoleForClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: "The cursor to use for pagination. It is an opaque string that\
          \ specifies your current location in the list and is obtained from the `Link`\
          \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
        explode: true
        in: query
        name: after
        required: false
        schema:
          type: string
        style: form
      - description: A limit on the number of objects to return
        explode: true
        in: query
        name: limit
        required: false
        schema:
          default: 20
          maximum: 200
          minimum: 1
          type: integer
        style: form
      responses:
        "200":
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/Group'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.read
      summary: List all Client Role Group Targets
      tags:
      - RoleBTargetClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /oauth2/v1/clients/{clientId}/roles/{roleAssignmentId}/targets/groups/{groupId}:
    delete:
      description: |-
        Unassigns a Group target from a `USER_ADMIN`, `HELP_DESK_ADMIN`, or `GROUP_MEMBERSHIP_ADMIN` Role Assignment to a client Application.

        > **Note:** You can't remove the last Group target from a Role Assignment, as it causes an exception. If you need a Role Assignment that applies to all Groups, delete the Role Assignment and recreate a new one. See [Unassign a Client Role](/openapi/okta-management/management/tag/RoleAssignmentClient/#tag/RoleAssignmentClient/operation/deleteRoleFromClient).
      operationId: removeGroupTargetRoleFromClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Unassign a Client Role Group Target
      tags:
      - RoleBTargetClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
    put:
      description: "Assigns a Group target to a `USER_ADMIN`, `HELP_DESK_ADMIN`, or\
        \ `GROUP_MEMBERSHIP_ADMIN` Role Assignment to a client Application. When you\
        \ assign the first Group target, you reduce the scope of the Role Assignment.\
        \ The Role no longer applies to all targets, but applies only to the specified\
        \ target."
      operationId: assignGroupTargetRoleForClient
      parameters:
      - description: '`client_id` of the app'
        explode: false
        in: path
        name: clientId
        required: true
        schema:
          example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
          type: string
        style: simple
      - description: The `id` of the Role Assignment
        explode: false
        in: path
        name: roleAssignmentId
        required: true
        schema:
          example: JBCUYUC7IRCVGS27IFCE2SKO
          type: string
        style: simple
      - description: The `id` of the group
        explode: false
        in: path
        name: groupId
        required: true
        schema:
          example: 00g1emaKYZTWRYYRRTSK
          type: string
        style: simple
      responses:
        "204":
          content: {}
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.roles.manage
      summary: Assign a Client Role Group Target
      tags:
      - RoleBTargetClient
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
      x-accepts:
      - application/json
  /privileged-access/api/v1/accounts/{id}: {}
  /privileged-access/api/v1/resources/{id}: {}
  /privileged-access/api/v1/resources/{id}/claim: {}
  /privileged-access/api/v1/resources/{id}/rotate-password: {}
  /security/api/v1/security-events:
    post:
      description: "Publishes a Security Event Token (SET) sent by a Security Events\
        \ Provider. After the token is verified, Okta ingests the event and performs\
        \ any appropriate action."
      operationId: publishSecurityEventTokens
      requestBody:
        content:
          application/secevent+jwt:
            examples:
              SET:
                value: eyJraWQiOiJzYW1wbGVfa2lkIiwidHlwIjoic2ZXZlbnQra ... mrtmw
            schema:
              type: string
        description: |
          The request body is a signed [SET](https://datatracker.ietf.org/doc/html/rfc8417), which is a type of JSON Web Token (JWT).

          For SET JWT header and body descriptions, see [SET JWT header](/openapi/okta-management/management/tag/SSFSecurityEventToken/#tag/SSFSecurityEventToken/schema/SecurityEventTokenRequestJwtHeader) and [SET JWT body payload](/openapi/okta-management/management/tag/SSFSecurityEventToken/#tag/SSFSecurityEventToken/schema/SecurityEventTokenRequestJwtBody).
        required: true
      responses:
        "202":
          description: Accepted
        "400":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecurityEventTokenError'
          description: Bad Request
      security: []
      summary: Publish a Security Event Token
      tags:
      - SSFSecurityEventToken
      x-codegen-request-body-name: Security Event Token
      x-okta-lifecycle:
        lifecycle: LIMITED_GA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/secevent+jwt
      x-accepts:
      - application/json
  /webauthn-registration/api/v1/activate:
    post:
      description: "Activates a preregistered WebAuthn Factor. As part of this operation,\
        \ Okta first decrypts and verifies the Factor PIN and enrollment data sent\
        \ by the fulfillment provider."
      operationId: activatePreregistrationEnrollment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EnrollmentActivationRequest'
        description: Enrollment Activation Request
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EnrollmentActivationResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                NoDisable:
                  $ref: '#/components/examples/ErrorPinOrCredResponsesProcessingFailure'
              schema:
                $ref: '#/components/schemas/Error'
          description: PIN or Cred Requests Generation Failed
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Activate a Preregistered WebAuthn Factor
      tags:
      - WebAuthnPreregistration
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /webauthn-registration/api/v1/enroll:
    post:
      description: "Enrolls a preregistered WebAuthn Factor. This WebAuthn Factor\
        \ has a longer challenge timeout period to accommodate the fulfillment request\
        \ process. As part of this operation, Okta generates EC key-pairs used to\
        \ encrypt the Factor PIN and enrollment data sent by the fulfillment provider."
      operationId: enrollPreregistrationEnrollment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EnrollmentInitializationRequest'
        description: Enrollment Initialization Request
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EnrollmentInitializationResponse'
          description: Success
        "400":
          content:
            application/json:
              examples:
                NoDisable:
                  $ref: '#/components/examples/ErrorPinOrCredRequestsGenerationFailure'
              schema:
                $ref: '#/components/schemas/Error'
          description: PIN or Cred Requests Generation Failed
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Enroll a Preregistered WebAuthn Factor
      tags:
      - WebAuthnPreregistration
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /webauthn-registration/api/v1/initiate-fulfillment-request:
    post:
      description: Generates a fulfillment request by sending a WebAuthn Preregistration
        event to start the flow. The Okta Workflows WebAuthn preregistration integration
        uses this to populate the fulfillment request.
      operationId: generateFulfillmentRequest
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/FulfillmentRequest'
        description: Fulfillment Request
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Generate a Fulfillment Request
      tags:
      - WebAuthnPreregistration
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /webauthn-registration/api/v1/send-pin:
    post:
      description: "Sends the decoded PIN for the specified WebAuthn Preregistration\
        \ Enrollment. PINs are sent to the user's email. To resend the PIN, call this\
        \ operation again."
      operationId: sendPin
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PinRequest'
        description: Send PIN Request
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Send a PIN to user
      tags:
      - WebAuthnPreregistration
      x-codegen-request-body-name: body
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-content-type: application/json
      x-accepts:
      - application/json
  /webauthn-registration/api/v1/users/{userId}/enrollments:
    get:
      description: Lists all WebAuthn Preregistration Factors for the specified user
      operationId: listWebAuthnPreregistrationFactors
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      responses:
        "200":
          content:
            application/json:
              example:
              - id: fwf23789dfs9asdf782
                factorType: webauthn
                provider: FIDO
                vendorName: FIDO
                fulfillmentProvider: yubico
                status: ACTIVE
                created: 2018-05-24T20:43:19.000Z
                lastUpdated: 2018-05-24T21:43:32.000Z
                profile:
                  credentialId: l3Br0n-7H3g047NqESqJynFtIgf3Ix9OfaRoNwLoloso99Xl2zS_O7EXUkmPeAIzTVtEL4dYjicJWBz7NpqhGA
                  authenticatorName: YubiKey 5C
                  presetPinAvailable: true
                _links:
                  self:
                    href: https://example.okta.com/webauthn-registration/api/v1/users/00u15s1KDETTQMQYABRL/enrollments/fwf23789dfs9asdf782
                    hints:
                      allow:
                      - DELETE
              schema:
                items:
                  $ref: '#/components/schemas/WebAuthnPreregistrationFactor'
                type: array
          description: Success
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.read
      summary: List all WebAuthn Preregistration Factors
      tags:
      - WebAuthnPreregistration
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
  /webauthn-registration/api/v1/users/{userId}/enrollments/{authenticatorEnrollmentId}:
    delete:
      description: Deletes a specific WebAuthn Preregistration Factor for a user
      operationId: deleteWebAuthnPreregistrationFactor
      parameters:
      - description: ID of an existing Okta user
        explode: false
        in: path
        name: userId
        required: true
        schema:
          example: 00ub0oNGTSWTBKOLGLNR
          type: string
        style: simple
      - description: ID for a WebAuthn Preregistration Factor in Okta
        explode: false
        in: path
        name: authenticatorEnrollmentId
        required: true
        schema:
          type: string
        style: simple
      responses:
        "204":
          description: No Content
        "403":
          content:
            application/json:
              examples:
                AccessDenied:
                  $ref: '#/components/examples/ErrorAccessDenied'
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        "404":
          content:
            application/json:
              examples:
                ResourceNotFound:
                  $ref: '#/components/examples/ErrorResourceNotFound'
              schema:
                $ref: '#/components/schemas/Error'
          description: Not Found
        "429":
          content:
            application/json:
              examples:
                TooManyRequests:
                  $ref: '#/components/examples/ErrorTooManyRequests'
              schema:
                $ref: '#/components/schemas/Error'
          description: Too Many Requests
      security:
      - apiToken: []
      - oauth2:
        - okta.users.manage
      summary: Delete a WebAuthn Preregistration Factor
      tags:
      - WebAuthnPreregistration
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs:
        - Okta Identity Engine
      x-accepts:
      - application/json
components:
  examples:
    APIDevicesListAllResponse:
      summary: List all devices with embedded users
      value:
      - id: guo4a5u7YAHhjXrMK0g4
        status: CREATED
        created: 2019-10-02T18:03:07.000Z
        lastUpdated: 2019-10-02T18:03:07.000Z
        profile:
          displayName: Example Device name 1
          platform: WINDOWS
          serialNumber: XXDDRFCFRGF3M8MD6D
          sid: S-1-11-111
          registered: true
          secureHardwarePresent: false
          diskEncryptionType: ALL_INTERNAL_VOLUMES
        resourceType: UDDevice
        resourceDisplayName:
          value: Example Device name 1
          sensitive: false
        resourceAlternateId: null
        resourceId: guo4a5u7YAHhjXrMK0g4
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4"
            hints:
              allow:
              - GET
              - PATCH
              - PUT
          users:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users"
            hints:
              allow:
              - GET
        _embedded:
          users: []
      - id: guo4a5u7YAHhjXrMK0g5
        status: ACTIVE
        created: 2023-06-21T23:24:02.000Z
        lastUpdated: 2023-06-21T23:24:02.000Z
        profile:
          displayName: Example Device name 2
          platform: ANDROID
          manufacturer: Google
          model: Pixel 6
          osVersion: 13:2023-05-05
          registered: true
          secureHardwarePresent: true
          diskEncryptionType: USER
        resourceType: UDDevice
        resourceDisplayName:
          value: Example Device name 2
          sensitive: false
        resourceAlternateId: null
        resourceId: guo4a5u7YAHhjXrMK0g5
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5"
            hints:
              allow:
              - GET
              - PATCH
              - PUT
          users:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users"
            hints:
              allow:
              - GET
        _embedded:
          users:
          - managementStatus: MANAGED
            created: 2021-10-01T16:52:41.000Z
            screenLockType: BIOMETRIC
            user:
              id: 00u17vh0q8ov8IU881d7
              status: ACTIVE
              created: 2020-08-12T06:46:50.000Z
              activated: 2020-08-12T06:46:50.000Z
              statusChanged: 2021-01-27T21:05:32.000Z
              lastLogin: 2021-10-14T09:04:48.000Z
              lastUpdated: 2021-01-27T21:05:32.000Z
              passwordChanged: 2020-08-12T06:46:50.000Z
              type:
                id: oty7ut9Uu76oHVUZc0w4
              profile:
                firstName: fname
                lastName: lname
                mobilePhone: null
                secondEmail: null
                login: [email protected]
                email: [email protected]
              credentials:
                password: {}
                recovery_question:
                  question: What is the food you least liked as a child?
                provider:
                  type: OKTA
                  name: OKTA
              _links:
                suspend:
                  href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/suspend"
                  method: POST
                schema:
                  href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/osc7ut9Uu76oHVUZc0w4"
                resetPassword:
                  href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_password"
                  method: POST
                forgotPassword:
                  href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/forgot_password"
                  method: POST
                expirePassword:
                  href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/expire_password"
                  method: POST
                changeRecoveryQuestion:
                  href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_recovery_question"
                  method: POST
                self:
                  href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7"
                type:
                  href: "https://{yourOktaDomain}/api/v1/meta/types/user/oty7ut9Uu76oHVUZc0w4"
                changePassword:
                  href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_password"
                deactivate:
                  href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/deactivate"
    APIDevicesListAllUserSummaryResponse:
      summary: List all devices with embedded user summaries
      value:
      - id: guo4a5u7YAHhjXrMK0g4
        status: CREATED
        created: 2019-10-02T18:03:07.000Z
        lastUpdated: 2019-10-02T18:03:07.000Z
        profile:
          displayName: Example Device name 1
          platform: WINDOWS
          serialNumber: XXDDRFCFRGF3M8MD6D
          sid: S-1-11-111
          registered: true
          secureHardwarePresent: false
          diskEncryptionType: ALL_INTERNAL_VOLUMES
        resourceType: UDDevice
        resourceDisplayName:
          value: Example Device name 1
          sensitive: false
        resourceAlternateId: null
        resourceId: guo4a5u7YAHhjXrMK0g4
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/lifecycle/activate"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4"
            hints:
              allow:
              - GET
              - PATCH
              - PUT
          users:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g4/users"
            hints:
              allow:
              - GET
        _embedded:
          users: []
      - id: guo4a5u7YAHhjXrMK0g5
        status: ACTIVE
        created: 2023-06-21T23:24:02.000Z
        lastUpdated: 2023-06-21T23:24:02.000Z
        profile:
          displayName: Example Device name 2
          platform: ANDROID
          manufacturer: Google
          model: Pixel 6
          osVersion: 13:2023-05-05
          registered: true
          secureHardwarePresent: true
          diskEncryptionType: USER
        resourceType: UDDevice
        resourceDisplayName:
          value: Example Device name 2
          sensitive: false
        resourceAlternateId: null
        resourceId: guo4a5u7YAHhjXrMK0g5
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/lifecycle/activate"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5"
            hints:
              allow:
              - GET
              - PATCH
              - PUT
          users:
            href: "https://{yourOktaDomain}/api/v1/devices/guo4a5u7YAHhjXrMK0g5/users"
            hints:
              allow:
              - GET
        _embedded:
          users:
          - managementStatus: MANAGED
            created: 2021-10-01T16:52:41.000Z
            screenLockType: BIOMETRIC
            user:
              id: 00u17vh0q8ov8IU881d7
              realmId: 00u17vh0q8ov8IU8T0g5
              profile:
                firstName: fname
                lastName: lname
                login: [email protected]
                email: [email protected]
              _links:
                self:
                  href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7"
    APIDevicesListAllUsersResponse:
      summary: Response example
      value:
      - created: 2021-08-20T17:13:35.000Z
        managementStatus: NOT_MANAGED
        screenLockType: BIOMETRIC
        user:
          id: 00u17vh0q8ov8IU881d7
          status: ACTIVE
          created: 2021-08-20T16:08:25.000Z
          activated: null
          statusChanged: 2021-08-20T16:39:41.000Z
          lastLogin: 2023-04-18T17:54:12.000Z
          lastUpdated: 2021-12-20T18:27:30.000Z
          passwordChanged: 2021-12-20T18:27:30.000Z
          type:
            id: oty17vh0n2EHVnbYF1d7
          profile:
            firstName: Bunk
            lastName: Moreland
            mobilePhone: null
            secondEmail: null
            login: [email protected]
            email: [email protected]
          credentials:
            password: null
            provider:
              type: OKTA
              name: OKTA
          _links:
            suspend:
              href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/suspend"
              method: POST
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/osc17vh0n2EHVnbYF1d7"
            resetPassword:
              href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_password"
              method: POST
            forgotPassword:
              href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/forgot_password"
              method: POST
            expirePassword:
              href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/expire_password"
              method: POST
            changeRecoveryQuestion:
              href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_recovery_question"
              method: POST
            self:
              href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7"
            resetFactors:
              href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/reset_factors"
              method: POST
            type:
              href: "https://{yourOktaDomain}/api/v1/meta/types/user/oty17vh0n2EHVnbYF1d7"
            changePassword:
              href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/credentials/change_password"
              method: POST
            deactivate:
              href: "https://{yourOktaDomain}/api/v1/users/00u17vh0q8ov8IU881d7/lifecycle/deactivate"
              method: POST
    APIPushProvidersListAllResponse:
      value:
      - id: ppchvbeucdTgqeiGxR0g4
        providerType: APNS
        name: Example Push Provider 1
        lastUpdatedDate: 2022-01-00T00:00:00.000Z
        configuration:
          keyId: ABC123DEFG
          teamId: DEF123GHIJ
          fileName: fileName.p8
        _links:
          self:
            href: "https://your-subdomain.okta.com/api/v1/push-providers/{pushProviderId}"
            hints:
              allow:
              - DELETE
              - GET
              - PUT
      - id: ppctekcmngGaqeiBxB0g4
        providerType: FCM
        name: Example Push Provider 2
        lastUpdatedDate: 2022-01-00T00:00:00.000Z
        configuration:
          projectId: PROJECT_ID
          fileName: fileName.json
        _links:
          self:
            href: "https://your-subdomain.okta.com/api/v1/push-providers/{pushProviderId}"
            hints:
              allow:
              - DELETE
              - GET
              - PUT
    APIServiceIntegrationInstanceSecretListResponse:
      summary: Secrets list response example
      value:
      - id: ocs2f4zrZbs8nUa7p0g4
        status: INACTIVE
        client_secret: '***DhOW'
        secret_hash: yk4SVx4sUWVJVbHt6M-UPA
        created: 2023-02-21T20:08:24.000Z
        lastUpdated: 2023-02-21T20:08:24.000Z
        _links:
          activate:
            href: "https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4/lifecycle/activate"
            hints:
              allow:
              - POST
          delete:
            href: "https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4"
            hints:
              allow:
              - DELETE
      - id: ocs2f50kZB0cITmYU0g4
        status: ACTIVE
        client_secret: '***MQGQ'
        secret_hash: 0WOOvBSzV9clc4Nr7Rbaug
        created: 2023-04-06T21:32:33.000Z
        lastUpdated: 2023-04-06T21:32:33.000Z
        _links:
          deactivate:
            href: "https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    APIServiceIntegrationListResponse:
      summary: List response example
      value:
      - id: 0oa72lrepvp4WqEET1d9
        type: my_app_cie
        name: My App Cloud Identity Engine
        createdAt: 2023-02-21T20:08:24.000Z
        createdBy: 00uu3u0ujW1P6AfZC2d5
        configGuideUrl: "https://{docDomain}/my-app-cie/configuration-guide"
        grantedScopes:
        - okta.logs.read
        - okta.groups.read
        - okta.users.read
        _links:
          self:
            href: "https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9"
            hints:
              allow:
              - GET
              - DELETE
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9"
            hints:
              allow:
              - GET
          logo:
            name: small
            href: "https://{logoDomain}/{logoPath}/my_app_cie_small_logo"
    APIServiceIntegrationResponse:
      summary: Response example
      value:
        id: 0oa72lrepvp4WqEET1d9
        type: my_app_cie
        name: My App Cloud Identity Engine
        createdAt: 2023-02-21T20:08:24.000Z
        createdBy: 00uu3u0ujW1P6AfZC2d5
        configGuideUrl: "https://{docDomain}/my-app-cie/configuration-guide"
        grantedScopes:
        - okta.logs.read
        - okta.groups.read
        - okta.users.read
        _links:
          self:
            href: "https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9"
            hints:
              allow:
              - GET
              - DELETE
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9"
            hints:
              allow:
              - GET
          logo:
            name: small
            href: "https://{logoDomain}/{logoPath}/my_app_cie_small_logo"
    ActivateFactorCallResponse:
      summary: call
      value:
        id: clf1o51EADOTFXHHBXBP
        factorType: call
        provider: OKTA
        vendorName: OKTA
        status: ACTIVE
        created: 2014-08-06T16:56:31.000Z
        lastUpdated: 2014-08-06T16:56:31.000Z
        profile:
          phoneNumber: +1-555-415-1337
          phoneExtension: "1234"
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/clf1o51EADOTFXHHBXBP/verify"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/clf1o51EADOTFXHHBXBP"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    ActivateFactorEmailResponse:
      summary: email
      value:
        id: emfnf3gSScB8xXoXK0g3
        factorType: email
        provider: OKTA
        vendorName: OKTA
        status: ACTIVE
        profile:
          email: [email protected]
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00umvfJKwXOQ1mEL50g3/factors/emfnf3gSScB8xXoXK0g3/verify"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00umvfJKwXOQ1mEL50g3/factors/emfnf3gSScB8xXoXK0g3"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00umvfJKwXOQ1mEL50g3"
            hints:
              allow:
              - GET
    ActivateFactorPushResponse:
      summary: push
      value:
        id: opf3hkfocI4JTLAju0g4
        factorType: push
        provider: OKTA
        vendorName: OKTA
        status: ACTIVE
        created: 2015-03-16T18:01:28.000Z
        lastUpdated: 2015-08-27T14:25:17.000Z
        profile:
          credentialId: [email protected]
          deviceType: SmartPhone_IPhone
          name: Gibson
          platform: IOS
          version: "9.0"
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opf3hkfocI4JTLAju0g4/verify"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opf3hkfocI4JTLAju0g4"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    ActivateFactorSmsResponse:
      summary: sms
      value:
        id: sms1o51EADOTFXHHBXBP
        factorType: sms
        provider: OKTA
        vendorName: OKTA
        status: ACTIVE
        created: 2014-08-06T16:56:31.000Z
        lastUpdated: 2014-08-06T16:56:31.000Z
        profile:
          phoneNumber: +1-555-415-1337
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/sms1o51EADOTFXHHBXBP/verify"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/sms1o51EADOTFXHHBXBP"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    ActivateFactorTotpResponse:
      summary: token:software:totp
      value:
        id: ostf1fmaMGJLMNGNLIVG
        factorType: token:software:totp
        provider: OKTA
        vendorName: OKTA
        status: ACTIVE
        created: 2014-07-16T16:13:56.000Z
        lastUpdated: 2014-08-06T00:31:07.000Z
        profile:
          credentialId: [email protected]
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf1fmaMGJLMNGNLIVG/verify"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf1fmaMGJLMNGNLIVG"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    ActivateFactorU2fRequest:
      summary: u2f
      value:
        registrationData: BQTEMUyOM8h1TiZG4DL-RdMr-tYgTYSf62Y52AmwEFTiSYWIRVO5L-MwWdRJOthmV3J3JrqpmGfmFb820-awx1YIQFlTvkMhxItHlpkzahEqicpw7SIH9yMfTn2kaDcC6JaLKPfV5ds0vzuxF1JJj3gCM01bRC-HWI4nCVgc-zaaoRgwggEcMIHDoAMCAQICCwD52fCSMoNczORdMAoGCCqGSM49BAMCMBUxEzARBgNVBAMTClUyRiBJc3N1ZXIwGhcLMDAwMTAxMDAwMFoXCzAwMDEwMTAwMDBaMBUxEzARBgNVBAMTClUyRiBEZXZpY2UwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQFKJupuUgPQcRHUphaW5JPfLvkkwlEwlHKk_ntSp7MS4aTHJyGnpziqncrjiTC_oUVtb-wN-y_t_IMIjueGkhxMAoGCCqGSM49BAMCA0gAMEUCIQDBo6aOLxanIUYnBX9iu3KMngPnobpi0EZSTkVtLC8_cwIgC1945RGqGBKfbyNtkhMifZK05n7fU-gW37Bdnci5D94wRQIhAJv3VvclbRkHAQhaUR8rr8qFTg9iF-GtHoXU95vWaQdyAiAbEr-440U4dQAZF-Sj8G2fxgh5DkgkkWpyUHZhz7N9ew
        clientData: eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6IlhxR0h0RTBoUkxuVEoxYUF5U1oyIiwib3JpZ2luIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6MzAwMCIsImNpZF9wdWJrZXkiOiJ1bnVzZWQifQ
    ActivateFactorU2fResponse:
      summary: u2f
      value:
        id: fuf2rovRxogXJ0nDy0g4
        factorType: u2f
        provider: FIDO
        vendorName: FIDO
        status: ACTIVE
        created: 2018-05-24T20:43:19.000Z
        lastUpdated: 2018-05-24T21:43:32.000Z
        profile:
          credentialId: WVO-QyHEi0eWmTNqESqJynDtIgf3Ix9OfaRoNwLoloso99Xl2zS_O7EXUkmPeAIzTVtEL4dYjicJWBz7NpqhGA
          version: U2F_V2
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fuf2rovRxogXJ0nDy0g4"
            hints:
              allow:
              - GET
              - DELETE
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fuf2rovRxogXJ0nDy0g4/verify"
            hints:
              allow:
              - POST
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    ActivateFactorWebauthnRequest:
      summary: webAuthn
      value:
        attestation: o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEgwRgIhAMvf2+dzXlHZN1um38Y8aFzrKvX0k5dt/hnDu9lahbR4AiEAuwtMg3IoaElWMp00QrP/+3Po/6LwXfmYQVfsnsQ+da1oYXV0aERhdGFYxkgb9OHGifjS2dG03qLRqvXrDIRyfGAuc+GzF1z20/eVRV2wvl6tzgACNbzGCmSLCyXx8FUDAEIBvWNHOcE3QDUkDP/HB1kRbrIOoZ1dR874ZaGbMuvaSVHVWN2kfNiO4D+HlAzUEFaqlNi5FPqKw+mF8f0XwdpEBlClAQIDJiABIVgg0a6oo3W0JdYPu6+eBrbr0WyB3uJLI3ODVgDfQnpgafgiWCB4fFo/5iiVrFhB8pNH2tbBtKewyAHuDkRolcCnVaCcmQ==
        clientData: eyJjaGFsbGVuZ2UiOiJVSk5wYW9sVWt0dF9vcEZPNXJMYyIsIm9yaWdpbiI6Imh0dHBzOi8vcmFpbi5va3RhMS5jb20iLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0=
    ActivateFactorWebauthnResponse:
      summary: webAuthn
      value:
        id: fwf2rovRxogXJ0nDy0g4
        factorType: webauthn
        provider: FIDO
        vendorName: FIDO
        status: ACTIVE
        created: 2018-05-24T20:43:19.000Z
        lastUpdated: 2018-05-24T21:43:32.000Z
        profile:
          credentialId: l3Br0n-7H3g047NqESqJynFtIgf3Ix9OfaRoNwLoloso99Xl2zS_O7EXUkmPeAIzTVtEL4dYjicJWBz7NpqhGA
          authenticatorName: MacBook Touch ID
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fwf2rovRxogXJ0nDy0g4"
            hints:
              allow:
              - GET
              - DELETE
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fwf2rovRxogXJ0nDy0g4/verify"
            hints:
              allow:
              - POST
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    ActivateIdPResponse:
      summary: Activate an Identity Provider
      value:
        id: 0oa62bfdiumsUndnZ0h7
        type: GOOGLE
        name: Google
        status: ACTIVE
        created: 2016-03-24T23:21:49.000Z
        lastUpdated: 2016-03-25T19:14:23.000Z
        protocol:
          type: OIDC
          endpoints:
            authorization:
              url: https://accounts.google.com/o/oauth2/auth
              binding: HTTP-REDIRECT
            token:
              url: https://www.googleapis.com/oauth2/v3/token
              binding: HTTP-POST
          scopes:
          - profile
          - email
          - openid
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.email
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: |-
              https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oa62bfdiumsUndnZ0h7&
                        client_id={clientId}&response_type={responseType}&response_mode={responseMode}&
                        scope={scopes}&redirect_uri={redirectUri}&state={state}
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
    ActivateNetworkZone:
      summary: Activated Network Zone
      value:
        type: IP
        id: nzowc1U5Jh5xuAK0o0g3
        name: MyIpZone
        status: ACTIVE
        usage: POLICY
        created: 2021-06-24T20:37:32.000Z
        lastUpdated: 2021-06-24T20:37:32.000Z
        system: false
        gateways:
        - type: CIDR
          value: 1.2.3.4/24
        proxies:
        - type: RANGE
          value: 3.3.4.5-3.3.4.15
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate"
            hints:
              allow:
              - POST
    ActiveAuthorizationServerKey:
      summary: Active Authorization Server Key
      value:
        status: ACTIVE
        alg: RS256
        e: AQAB
        "n": "g0MirhrysJMPm_wK45jvMbbyanfhl-jmTBv0o69GeifPaISaXGv8LKn3-CyJvUJcjjeHE17KtumJWVxUDRzFqtIMZ1ctCZyIAuWO0n\
          \ LKilg7_EIDXJrS8k14biqkPO1lXGFwtjo3zLHeFSLw6sWf-CEN9zv6Ff3IAXb-RMYpfh-bVrxIgWsWCxjLW-UKI3la-gs0nWHH2PJr5HLJuI\
          \ JIOL5HLJuIJIOLWahqTnm_r1LSCSYr6N4C-fh--w2_BW8DzTHalBYe76bNr0d7AqtR4tGazmrvrc79Wa2bjyxmhhN1u9jSaZQqq-3VZEod8q3,\
          \ WHH2PJ5v1LoXniJQ4a2W8nDVqb6h4E8MUKYOpljTfQ"
        kid: RQ8DuhdxCczyMvy7GNJb4Ka3lQ99vrSo3oFBUiZjzzc
        kty: RSA
        use: sig
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/keys/RQ8DuhdxCczyMvy7GNJb4Ka3lQ99vrSo3oFBUiZjzzc"
            hints:
              allow:
              - GET
    AddMappingBody:
      summary: Update an existing profile mapping by adding one or more properties
      value:
        properties:
          additionalProperties:
            fullName:
              expression: user.firstName + user.lastName
              pushStatus: PUSH
            nickName:
              expression: user.nickName
              pushStatus: PUSH
    AddMappingResponse:
      summary: Update an existing profile mapping by adding one or more properties
      value:
        id: prm1k47ghydIQOTBW0g4
        source:
          id: otysbePhQ3yqt4cVv0g3
          name: user
          type: user
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3"
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3"
        target:
          id: 0oa1qmn4LZQQEH0wZ0g4
          name: okta_org2org
          type: appuser
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4"
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default"
        properties:
          fullName:
            expression: user.firstName + user.lastName
            pushStatus: PUSH
          nickName:
            expression: user.nickName
            pushStatus: PUSH
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4"
    AdminConsoleSettingsExample:
      summary: Default Okta Admin Console Settings
      value:
        sessionMaxLifetimeMinutes: 720
        sessionIdleTimeoutMinutes: 15
    AerialConsentDetails:
      description: Example response of consent details
      value:
        accountId: 0200bs0617vvhv2v675mch1cukp
        grantDate: 2023-04-06T21:32:33.000Z
        grantedBy: 00uabcdefg1234567890
    AerialConsentInvalidAccountIdResponse:
      description: Aerial account ID is invalid
      value:
        errorCode: E0000001
        errorSummary: "API validation failed: account"
        errorLink: E0000001
        errorId: oaewjePjfdBT7m71KkPz0Ipaw
        errorCauses:
        - errorSummary: Invalid aerial account ID.
    AerialConsentOrgAlreadyLinkedResponse:
      description: The revoke operation isn't possible when the org is already linked
      value:
        errorCode: E0000001
        errorSummary: "API validation failed: account"
        errorLink: E0000001
        errorId: oae_wheRkaxRT-EFAXwBmBKLg
        errorCauses:
        - errorSummary: The org is already linked to an Account.
    AerialGrantAlreadyPresentErrorResponse:
      description: Grant is already present
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: account"
        errorLink: E0000001
        errorId: oaewjePjfdBT7m71KkPz0Ipaw
        errorCauses:
        - errorSummary: The org already has a consent grant added to Aerial.
    AerialGrantNotFoundResponse:
      description: No grant found for org
      value:
        errorCode: E0000007
        errorSummary: "Not found: Resource not found: grant (String)"
        errorLink: E0000007
        errorId: sampleFYH_dTSSTdpPYIAdHJw
        errorCauses: []
    AllAssignmentsOperationResponse:
      value:
        id: rre4mje4ez7B2a7B60g7
        type: realm:assignment
        status: COMPLETED
        created: 2023-10-25T21:02:54.000Z
        started: 2023-10-25T21:02:54.000Z
        completed: 2023-10-25T21:02:54.000Z
        assignmentOperation:
          configuration:
            id: ALL
            name: All Assignments
        numUserMoved: 50
        _links:
          self:
            rel: self
            href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez7B2a7B60g7
            method: GET
    ApiTokenListMetadataResponse:
      value:
      - name: My API Token
        userId: 00uabcdefg1234567890
        tokenWindow: P30D
        network:
          connection: ANYWHERE
        id: 00Tabcdefg1234567890
        clientName: Okta API
        expiresAt: 2021-12-11T20:38:10.000Z
        created: 2021-11-09T20:38:10.000Z
        lastUpdated: 2021-11-11T20:38:10.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00uabcdefg1234567890"
            hints:
              allow:
              - GET
      - name: Another API Token
        userId: 00uabcdefg1234567890
        tokenWindow: PT5M
        id: 00T1234567890abcdefg
        clientName: Okta API
        expiresAt: 2021-11-11T20:43:10.000Z
        created: 2021-11-09T20:38:10.000Z
        lastUpdated: 2021-11-11T20:38:10.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/api-tokens/00T1234567890abcdefg"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00uabcdefg1234567890"
            hints:
              allow:
              - GET
    ApiTokenMetadataResponse:
      value:
        name: My API Token
        userId: 00uXXXXXXXXXXXXXXXXX
        tokenWindow: P30D
        network:
          connection: ANYWHERE
        id: 00Tabcdefg1234567890
        clientName: Okta API
        expiresAt: 2021-12-11T20:38:10.000Z
        created: 2021-11-09T20:38:10.000Z
        lastUpdated: 2021-11-11T20:38:10.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/api-tokens/00Tabcdefg1234567890"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00uXXXXXXXXXXXXXXXXX"
            hints:
              allow:
              - GET
    AppCsrJsonResponse:
      summary: CSR object in JSON format
      value:
        id: h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50
        created: 2017-03-28T01:11:10.000Z
        csr: MIIC4DCCAcgCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk9rdGEsIEluYy4xDDAKBgNVBAsMA0RldjESMBAGA1UEAwwJU1AgSXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6m8jHVCr9/tKvvbFN59T4raoCs/78KRm4fSefHQOv1TKLXo4wTLbsqYWRWc5u0sd5orUMQgPQOyj3i6qh13mALY4BzrT057EG1BUNjGg29QgYlnOk2iX890e5BIDMQQEIKFrvOi2V8cLUkLvE2ydRn0VO1Q1frbUkYeStJYC5Api2JQsYRwa+1ZeDH1ITnIzUaugWhW2WB2lSnwZkenne5KtffxMPYVu+IhNRHoKaRA6Z51YNhMJIx17JM2hs/H4Ka3drk6kzDf7ofk/yBpb9yBWyU7CTSQhdoHidxqFprMDaT66W928t3AeOENHBuwn8c2K9WeGG+bELNyQRJVmawIDAQABoCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxkZXYub2t0YS5jb20wDQYJKoZIhvcNAQELBQADggEBAA2hsVJRVM+A83X9MekjTnIbt19UNT8wX7wlE9jUKirWsxceLiZBpVGn9qfKhhVIpvdaIRSeoFYS2Kg/m1G6bCvjmZLcrQ5FcEBjZH2NKfNppGVnfC2ugtUkBtCB+UUzOhKhRKJtGugenKbP33zRWWIqnd2waF6Cy8TIuqQVPbwEDN9bCbAs7ND6CFYNguY7KYjWzQOeAR716eqpEEXuPYAS4nx/ty4ylonR8cv+gpq51rvq80A4k/36aoeM0Y6I4w64vhTfuvWW2UYFUD+/+y2FA2CSP4JfctySrf1s525v6fzTFZ3qZbB5OZQtP2b8xYWktMzywsxGKDoVDB4wkH4=
        kty: RSA
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/0oad5lTSBOMUBOBVVQSC/credentials/csrs/h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50"
            hints:
              allow:
              - GET
              - DELETE
          publish:
            href: "https://{yourOktaDomain}/api/v1/apps/0oad5lTSBOMUBOBVVQSC/credentials/csrs/h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50/lifecycle/publish"
            hints:
              allow:
              - POST
    AppCsrPkcs10Response:
      summary: CSR in DER format
      value: MIIC4DCCAcgCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk9rdGEsIEluYy4xDDAKBgNVBAsMA0RldjESMBAGA1UEAwwJU1AgSXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6m8jHVCr9
    AppFeatureListResponseEx:
      summary: List app Feature response
      value:
      - name: USER_PROVISIONING
        status: ENABLED
        description: User provisioning settings from Okta to a downstream application
        capabilities:
          create:
            lifecycleCreate:
              status: DISABLED
          update:
            profile:
              status: DISABLED
            lifecycleDeactivate:
              status: DISABLED
            password:
              status: DISABLED
              seed: RANDOM
              change: KEEP_EXISTING
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/${appId}/features/USER_PROVISIONING"
            hints:
              allow:
              - GET
              - PUT
    AppFeatureResponseEx:
      summary: App Feature response
      value:
        name: USER_PROVISIONING
        status: ENABLED
        description: User provisioning settings from Okta to a downstream application
        capabilities:
          create:
            lifecycleCreate:
              status: DISABLED
          update:
            profile:
              status: DISABLED
            lifecycleDeactivate:
              status: DISABLED
            password:
              status: DISABLED
              seed: RANDOM
              change: KEEP_EXISTING
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/${appId}/features/USER_PROVISIONING"
            hints:
              allow:
              - GET
              - PUT
    AppGrantsEx:
      summary: App Grants example
      value:
        id: oag91n9ruw3dsaXzP0h6
        status: ACTIVE
        created: 2023-02-21T16:54:00.000Z
        createdBy:
          id: 00u6eltha0nrSc47i0h7
          type: User
        lastUpdated: 2023-02-21T16:54:00.000Z
        issuer: "{yourOktaDomain}"
        clientId: "{clientId}"
        scopeId: okta.users.read
        source: ADMIN
        _embedded:
          scope:
            id: okta.users.read
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
            title: Application name
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oag91n9ruw3dsaXzP0h6"
            hints:
              allow:
              - GET
              - DELETE
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/{clientId}"
            title: Client name
    AppGrantsPostEx:
      summary: App Grants example
      value:
        issuer: "{yourOktaDomain}"
        scopeId: okta.users.read
    AppResponseBaseEx:
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
    AppUserAssignProvRequest:
      summary: SSO and provisioning Application User request example
      value:
        id: 00u15s1KDETTQMQYABRL
        scope: USER
        credentials:
          username: [email protected]
        profile:
          salesforceGroups:
          - Employee
          role: Developer
          profile: Standard User
    AppUserAssignSSORequest:
      summary: SSO Application User request example
      value:
        id: 00ud4tVDDXYVKPXKVLCO
        scope: USER
        credentials:
          username: [email protected]
    AppUserCredUpdateResponse:
      summary: Application User credential update
      value:
        id: 00ud4tVDDXYVKPXKVLCO
        externalId: null
        created: 2024-01-27T03:52:45.000Z
        lastUpdated: 2024-01-27T05:15:30.000Z
        scope: USER
        status: ACTIVE
        statusChanged: 2024-01-27T03:52:45.000Z
        passwordChanged: 2024-01-27T05:15:30.000Z
        syncState: DISABLED
        credentials":
          userName: [email protected]
          password: {}
        profile:
          street_address: null
          country: null
          website: null
          zoneinfo: America/Los_Angeles
          birthdate: null
          gender: null
          formatted: null
          profile: null
          locality: null
          given_name: Rae
          middle_name: null
          locale: en_US
          picture: null
          name: Rae Cloud
          nickname: null
          phone_number: null
          region: null
          postal_code: null
          family_name: Cloud
          email: [email protected]
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00ud4tVDDXYVKPXKVLCO"
    AppUserListEx:
      summary: List Application User example
      value:
      - id: 00u1dnq5S0CfjlkpABCD
        externalId: 00u5edt3PNbbjzvIABCD
        created: 2024-01-31T18:25:01.000Z
        lastUpdated: 2024-01-31T18:25:03.000Z
        scope: USER
        status: PROVISIONED
        statusChanged: 2024-01-31T18:25:03.000Z
        passwordChanged: null
        syncState: SYNCHRONIZED
        lastSync: 2024-01-31T18:25:03.000Z
        credentials:
          userName: [email protected]
        profile:
          secondEmail: null
          lastName: Test
          mobilePhone: null
          displayName: Saml O Test
          email: [email protected]
          salesforceGroups: []
          role: Tester
          firstName: Saml
          streetAddress: null
          profile: Standard Platform User
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/0oajiqIRNXPPJBNZMGYL"
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD"
        _embedded:
          user:
            id: 00u1dnq5S0CfjlkpABCD
            status: ACTIVE
            created: 2024-01-09T15:36:04.000Z
            activated: 2024-01-09T15:36:05.000Z
            statusChanged: 2024-01-09T15:36:05.000Z
            lastLogin: null
            lastUpdated: 2024-01-09T15:36:05.000Z
            passwordChanged: 2024-01-09T15:36:05.000Z
            type:
              id: otyzhh29g7Python90g3
            profile:
              firstName: Saml
              lastName: Test
              mobilePhone: null
              secondEmail: null
              login: [email protected]
              email: [email protected]
            credentials:
              password: {}
              provider:
                type: OKTA
                name: OKTA
            _links:
              suspend:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/suspend"
                method: POST
              schema:
                href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscarho9g7PythoN23z9"
              resetPassword:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/reset_password"
                method: POST
              expirePassword:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/expire_password"
                method: POST
              changeRecoveryQuestion:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_recovery_question"
                method: POST
              self:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD"
              type:
                href: "https://{yourOktaDomain}/api/v1/meta/types/user/otyzhh29g7Python90g3"
              changePassword:
                href: https://rain.okta1.com/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_password
                method: POST
              deactivate:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/deactivate"
                method: POST
    AppUserProfUpdateResponse:
      summary: Application User profile update
      value:
        id: 00ud4tVDDXYVKPXKVLCO
        externalId: null
        created: 2024-01-27T03:52:45.000Z
        lastUpdated: 2024-01-27T05:05:32.000Z
        scope: USER
        status: ACTIVE
        statusChanged: 2024-01-27T03:52:45.000Z
        passwordChanged: null
        syncState: DISABLED
        credentials":
          userName: [email protected]
        profile:
          street_address: null
          country: null
          website: null
          zoneinfo: America/Los_Angeles
          birthdate: null
          gender: null
          formatted: null
          profile: null
          locality: null
          given_name: Rae
          middle_name: Mae
          locale: en_US
          picture: null
          name: Rae Mae Cloud
          nickname: null
          phone_number: null
          region: null
          postal_code: null
          family_name: Cloud
          email: [email protected]
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00ud4tVDDXYVKPXKVLCO"
    AppUserProvExpandResponse:
      summary: Application User expand example
      value:
        id: 00u1dnq5S0CfjlkpABCD
        externalId: 00u5edt3PNbbjzvIABCD
        created: 2024-01-31T18:25:01.000Z
        lastUpdated: 2024-01-31T18:25:03.000Z
        scope: USER
        status: PROVISIONED
        statusChanged: 2024-01-31T18:25:03.000Z
        passwordChanged: null
        syncState: SYNCHRONIZED
        lastSync: 2024-01-31T18:25:03.000Z
        credentials:
          userName: [email protected]
        profile:
          secondEmail: null
          lastName: Test
          mobilePhone: null
          displayName: Saml O Test
          email: [email protected]
          salesforceGroups: []
          role: Tester
          firstName: Saml
          streetAddress: null
          profile: Standard Platform User
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/0oajiqIRNXPPJBNZMGYL"
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD"
        _embedded:
          user:
            id: 00u1dnq5S0CfjlkpABCD
            status: ACTIVE
            created: 2024-01-09T15:36:04.000Z
            activated: 2024-01-09T15:36:05.000Z
            statusChanged: 2024-01-09T15:36:05.000Z
            lastLogin: null
            lastUpdated: 2024-01-09T15:36:05.000Z
            passwordChanged: 2024-01-09T15:36:05.000Z
            type:
              id: otyzhh29g7Python90g3
            profile:
              firstName: Saml
              lastName: Test
              mobilePhone: null
              secondEmail: null
              login: [email protected]
              email: [email protected]
            credentials:
              password: {}
              provider:
                type: OKTA
                name: OKTA
            _links:
              suspend:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/suspend"
                method: POST
              schema:
                href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscarho9g7PythoN23z9"
              resetPassword:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/reset_password"
                method: POST
              expirePassword:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/expire_password"
                method: POST
              changeRecoveryQuestion:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_recovery_question"
                method: POST
              self:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD"
              type:
                href: "https://{yourOktaDomain}/api/v1/meta/types/user/otyzhh29g7Python90g3"
              changePassword:
                href: https://rain.okta1.com/api/v1/users/00u1dnq5S0CfjlkpABCD/credentials/change_password
                method: POST
              deactivate:
                href: "https://{yourOktaDomain}/api/v1/users/00u1dnq5S0CfjlkpABCD/lifecycle/deactivate"
                method: POST
    AppUserProvResponse:
      summary: SSO and provisioning Application User response example
      value:
        id: 00u15s1KDETTQMQYABRL
        externalId: 005o0000000ogQ9AAI
        created: 2014-08-16T02:35:14.000Z
        lastUpdated: 2014-08-16T02:56:49.000Z
        scope: USER
        status: PROVISIONED
        statusChanged: 2014-08-16T02:56:49.000Z
        passwordChanged: null
        syncState: SYNCHRONIZED
        lastSync: 2014-08-16T02:56:49.000Z
        credentials:
          userName: [email protected]
        profile:
          secondEmail: null
          lastName: Jackson
          mobilePhone: null
          email: [email protected]
          salesforceGroups:
          - Employee
          role: Developer
          firstName: Saml
          profile: Standard User
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
    AppUserSSOResponse:
      summary: SSO Application User response example
      value:
        id: 00ud4tVDDXYVKPXKVLCO
        externalId: null
        created: 2024-01-27T03:52:45.000Z
        lastUpdated: 2024-01-27T03:52:45.000Z
        scope: USER
        status: ACTIVE
        statusChanged: 2024-01-27T03:52:45.000Z
        passwordChanged: null
        syncState: DISABLED
        credentials":
          userName: [email protected]
        profile:
          street_address: null
          country: null
          website: null
          zoneinfo: America/Los_Angeles
          birthdate: null
          gender: null
          formatted: null
          profile: null
          locality: null
          given_name: Rae
          middle_name: null
          locale: en_US
          picture: null
          name: Rae Cloud
          nickname: null
          phone_number: null
          region: null
          postal_code: null
          family_name: Cloud
          email: [email protected]
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00ud4tVDDXYVKPXKVLCO"
    AppUserSchemaAddRequest:
      value:
        definitions:
          custom:
            id: '#custom'
            type: object
            properties:
              twitterUserName:
                title: Twitter username
                externalName: twitterUserName
                description: User's username for twitter.com
                type: string
                required: false
                minLength: 1
                maxLength: 20
            required: []
    AppUserSchemaResponse:
      value:
        id: "https://{yourOktaDomain}/meta/schemas/apps/0oa25gejWwdXNnFH90g4/default"
        $schema: http://json-schema.org/draft-04/schema#
        name: Example App
        title: Example App User
        lastUpdated: 2017-07-18T23:18:43.000Z
        created: 2017-07-18T22:35:30.000Z
        definitions:
          base:
            id: '#base'
            type: object
            properties:
              userName:
                title: Username
                type: string
                required: true
                scope: NONE
                maxLength: 100
            required:
            - userName
          custom:
            id: '#custom'
            type: object
            properties:
              twitterUserName:
                title: Twitter username
                externalName: twitterUserName
                description: User's username for twitter.com
                type: string
                scope: NONE
                minLength: 1
                maxLength: 20
            required: []
        type: object
        properties:
          profile:
            allOf:
            - $ref: '#/definitions/base'
            - $ref: '#/definitions/custom'
    AppUserUpdateCredRequest:
      summary: Application User credentials update
      value:
        credentials:
          userName: [email protected]
          password:
            value: updatedP@55word
    AppUserUpdateProfileRequest:
      summary: Application User profile update
      value:
        profile:
          name: Rae Mae Cloud
          middle_name: Mae
    AppleIdPResponse:
      summary: Apple Identity Provider
      value:
        id: 0oa18hsHsG3boVejU0g4
        type: APPLE
        issuerMode: ORG_URL
        name: Apple Identity Provider
        status: ACTIVE
        created: 2020-06-05T20:57:51.000Z
        lastUpdated: 2020-06-05T20:57:51.000Z
        protocol:
          type: OIDC
          endpoints:
            authorization:
              url: https://appleid.apple.com/auth/authorize
              binding: HTTP-REDIRECT
            token:
              url: https://appleid.apple.com/auth/token
              binding: HTTP-POST
          scopes:
          - openid
          - email
          - name
          credentials:
            client:
              client_id: your-client-id
            signing:
              teamId: test team ID
              privateKey: MIGTAgEAMBM........Cb9PnybCnzDv+3cWSGWqpAIsQQZ
              kid: test key ID
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.email
            filter: null
            matchType: USERNAME
            matchAttribute: null
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oa18hsHsG3boVejU0g4&client_id={clientId}&response_type={responseType}&response_mode={responseMode}&scope={scopes}&redirect_uri=${redirectUri}&state={state}&nonce={nonce}"
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
    AssignGroupOwnerRequest:
      summary: Assign a group owner request example
      value:
        id: 00u1cmc03xjzePoWD0h8
        type: USER
    AssignGroupOwnerResponse:
      summary: Assign a group owner response example
      value:
        id: 00u1cmc03xjzePoWD0h8
        type: USER
        resolved: true
        originId: null
        originType: OKTA_DIRECTORY
        displayName: Oliver Putnam
        lastUpdated: Wed Mar 29 18:34:31 UTC 2023
    AuthenticatorMethodInactiveVoice:
      value:
        type: voice
        status: INACTIVE
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/voice"
            hints:
              allow:
              - GET
              - PUT
          activate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/voice/lifecycle/activate"
            hints:
              allow:
              - POST
    AuthenticatorMethodPhone:
      value:
      - type: sms
        status: ACTIVE
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/sms"
            hints:
              allow:
              - GET
              - PUT
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/sms/lifecycle/deactivate"
            hints:
              allow:
              - POST
      - type: voice
        status: INACTIVE
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/voice"
            hints:
              allow:
              - GET
              - PUT
          activate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/voice/lifecycle/activate"
            hints:
              allow:
              - POST
    AuthenticatorMethodSms:
      value:
        type: sms
        status: ACTIVE
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/sms"
            hints:
              allow:
              - GET
              - PUT
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/sms/lifecycle/deactivate"
            hints:
              allow":
              - POST
    AuthenticatorMethodWebauth:
      value:
        type: webauthn
        status: ACTIVE
        settings:
          userVerification: DISCOURAGED
          attachment: ANY
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods/webauthn"
            hints:
              allow:
              - GET
              - PUT
    AuthenticatorRequestDuo:
      value:
        key: duo
        name: Duo Security
        provider:
          type: DUO
          configuration:
            userNameTemplate:
              template: oktaId
            integrationKey: testIntegrationKey
            secretKey: testSecretKey
            host: https://api-xxxxxxxx.duosecurity.com
    AuthenticatorResponseDuo:
      value:
        type: app
        id: aut9gnvcjUHIWb37J0g4
        key: duo
        status: ACTIVE
        name: Duo Security
        created: 2022-07-15T21:14:02.000Z
        lastUpdated: 2022-07-15T21:14:02.000Z
        settings: {}
        provider:
          type: DUO
          configuration:
            host: https://api-xxxxxxxx.duosecurity.com
            userNameTemplate:
              template: oktaId
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4"
            hints:
              allow:
              - GET
              - PUT
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut5gnvcjUHIWb25J0g4/methods"
            hints:
              allow:
              - GET
    AuthenticatorResponseEmail:
      value:
        type: email
        id: aut1nbsPHh7jNjjyP0g4
        key: okta_email
        status: ACTIVE
        name: Email
        created: 2020-07-26T21:05:23.000Z
        lastUpdated: 2020-07-28T21:45:52.000Z
        settings:
          allowedFor: any
          tokenLifetimeInMinutes: 5
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4"
            hints:
              allow:
              - GET
              - PUT
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/methods"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    AuthenticatorResponseInactiveWebAuthn:
      value:
        type: security_key
        id: aut1nd8PQhGcQtSxB0g4
        key: webauthn
        status: INACTIVE
        name: Security Key or Biometric
        created: 2020-07-26T21:16:37.000Z
        lastUpdated: 2020-07-27T18:59:30.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4"
            hints:
              allow:
              - GET
              - PUT
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    AuthenticatorResponsePassword:
      value:
        type: password
        id: aut1nbtrJKKA9m45a0g4
        key: okta_password
        status: ACTIVE
        name: Password
        created: 2020-07-26T21:05:23.000Z
        lastUpdated: 2020-07-26T21:05:23.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4"
            hints:
              allow:
              - GET
              - PUT
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4/methods"
            hints:
              allow:
              - GET
    AuthenticatorResponsePhone:
      value:
        type: phone
        id: aut1nbuyD8m1ckAYc0g4
        key: phone_number
        status: INACTIVE
        name: Phone
        created: 2020-07-26T21:05:23.000Z
        lastUpdated: 2020-07-29T00:21:29.000Z
        settings:
          allowedFor: none
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4"
            hints:
              allow:
              - GET
              - PUT
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/methods"
            hints:
              allow:
              - GET
          activate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/lifecycle/activate"
            hints:
              allow:
              - POST
    AuthenticatorResponseSecurityQuestion:
      summary: Security Question
      value:
        type: security_question
        id: aut1nbvIgEenhwE6c0g4
        key: security_question
        status: ACTIVE
        name: Security Question
        created: 2020-07-26T21:05:23.000Z
        lastUpdated: 2020-07-26T21:05:23.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4"
            hints:
              allow:
              - GET
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4/methods"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbvIgEenhwE6c0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    AuthenticatorResponseWebAuthn:
      value:
        type: security_key
        id: aut1nd8PQhGcQtSxB0g4
        key: webauthn
        status: ACTIVE
        name: Security Key or Biometric
        created: 2020-07-26T21:16:37.000Z
        lastUpdated: 2020-07-27T18:59:30.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4"
            hints:
              allow:
              - GET
              - PUT
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    AuthenticatorsResponse:
      summary: Org Authenticators
      value:
      - type: email
        id: aut1nbsPHh7jNjjyP0g4
        key: okta_email
        status: ACTIVE
        name: Email
        created: 2020-07-26T21:05:23.000Z
        lastUpdated: 2020-07-28T21:45:52.000Z
        settings:
          allowedFor: any
          tokenLifetimeInMinutes: 5
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4"
            hints:
              allow:
              - GET
              - PUT
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/methods"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbsPHh7jNjjyP0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
      - type: password
        id: aut1nbtrJKKA9m45a0g4
        key: okta_password
        status: ACTIVE
        name: Password
        created: 2020-07-26T21:05:23.000Z
        lastUpdated: 2020-07-26T21:05:23.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4"
            hints:
              allow:
              - GET
              - PUT
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbtrJKKA9m45a0g4/methods"
            hints:
              allow:
              - GET
      - type: phone
        id: aut1nbuyD8m1ckAYc0g4
        key: phone_number
        status: INACTIVE
        name: Phone
        created: 2020-07-26T21:05:23.000Z
        lastUpdated: 2020-07-29T00:21:29.000Z
        settings:
          allowedFor: none
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4"
            hints:
              allow:
              - GET
              - PUT
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/methods"
            hints:
              allow:
              - GET
          activate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nbuyD8m1ckAYc0g4/lifecycle/activate"
            hints:
              allow:
              - POST
      - type: security_key
        id: aut1nd8PQhGcQtSxB0g4
        key: webauthn
        status: ACTIVE
        name: Security Key or Biometric
        created: 2020-07-26T21:16:37.000Z
        lastUpdated: 2020-07-27T18:59:30.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4"
            hints:
              allow:
              - GET
              - PUT
          methods:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/methods"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authenticators/aut1nd8PQhGcQtSxB0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    AuthorizationServerPolicy:
      summary: Authorization Server Policy
      value:
        type: OAUTH_AUTHORIZATION_POLICY
        id: 00palyaappA22DPkj0h7
        status: ACTIVE
        name: Vendor2 Policy
        description: Vendor2 policy description
        priority: 1
        system: false
        conditions:
          clients:
            include:
            - ALL_CLIENTS
        created: 2017-05-26T19:43:53.000Z
        lastUpdated: 2017-06-07T15:28:17.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies/00palyaappA22DPkj0h7"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies/00palyaappA22DPkj0h7/lifecycle/deactivate"
            hints:
              allow:
              - POST
          rules:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies/00palyaappA22DPkj0h7/rules"
            hints:
              allow:
              - GET
    AuthorizationServerPolicyRule:
      summary: Authorization Server Policy Rule
      value:
        type: RESOURCE_ACCESS
        id: 0prbsjfyl01zfSZ9K0h7
        status: ACTIVE
        name: Default Policy Rule
        priority: 1
        created: 2017-08-25T16:57:02.000Z
        lastUpdated: 2017-08-30T14:51:05.000Z
        system: false
        conditions:
          people:
            users:
              include: []
              exclude: []
            groups:
              include:
              - EVERYONE
              exclude: []
          grantTypes:
            include:
            - implicit
            - client_credentials
            - authorization_code
            - password
          scopes:
            include:
            - '*'
        actions:
          token:
            accessTokenLifetimeMinutes: 60
            refreshTokenLifetimeMinutes: 0
            refreshTokenWindowMinutes: 10080
            inlineHook:
              id: cal4egvp1mbMldrYN0g7
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/0prbsjfyl01zfSZ9K0h7"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
            deactivate:
              href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/0prbsjfyl01zfSZ9K0h7/lifecycle/deactivate"
              hints:
                allow:
                - POST
    AutoLoginAppResponseEx:
      summary: AUTO_LOGIN
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            customswaapp_link: true
        name: customswaapp
        label: Custom SWA App
        features: []
        signOnMode: AUTO_LOGIN
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          revealPassword: false
          signing: {}
        settings:
          app: {}
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
          signOn:
            redirectUrl: http://swasecondaryredirecturl.okta.com
            loginUrl: http://swaprimaryloginurl.okta.com
    AutoLoginEx:
      summary: AUTO_LOGIN
      value:
        label: Custom SWA App
        signOnMode: AUTO_LOGIN
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
        settings:
          signOn:
            redirectUrl: http://swasecondaryredirecturl.okta.com
            loginUrl: http://swaprimaryloginurl.okta.com
    AutoLoginPutEx:
      summary: AUTO_LOGIN
      value:
        label: Custom SWA App updated
        status: ACTIVE
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
        features: []
        signOnMode: AUTO_LOGIN
        credentials:
          scheme: ADMIN_SETS_CREDENTIALS
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
        settings:
          signOn:
            redirectUrl: http://swasecondaryredirecturlupdated.okta.com
            loginUrl: http://swaprimaryloginurl.okta.com
    AutoLoginPutResponseEx:
      summary: AUTO_LOGIN
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            customswaapp_link: true
        name: customswaapp
        label: Custom SWA App updated
        features: []
        signOnMode: AUTO_LOGIN
        credentials:
          scheme: ADMIN_SETS_CREDENTIALS
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          revealPassword: false
          signing: {}
        settings:
          app: {}
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
          signOn:
            redirectUrl: http://swasecondaryredirecturlupdated.okta.com
            loginUrl: http://swaprimaryloginurl.okta.com
    BaseSignOnModeEx:
      value:
        status: ACTIVE
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
        features: []
    BasicAuthEx:
      summary: BASIC_AUTH
      value:
        name: template_basic_auth
        label: Sample Basic Auth App
        signOnMode: BASIC_AUTH
        settings:
          app:
            url: https://example.com/login.html
            authURL: https://example.com/auth.html
    BasicAuthPutEx:
      summary: BASIC_AUTH
      value:
        label: Sample Basic Auth App updated
        signOnMode: BASIC_AUTH
        settings:
          app:
            url: https://example.com/loginUpdated.html
            authURL: https://example.com/auth.html
    BasicAuthPutResponseEx:
      summary: BASIC_AUTH
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: template_basic_auth
        label: Sample Basic Auth App updated
        features: []
        signOnMode: BASIC_AUTH
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          revealPassword: false
          signing: {}
        settings:
          app:
            loginUrlRegex: null
            url: https://example.com/loginUpdated.html
            authURL: https://example.com/auth.html
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    BasicAuthResponseEx:
      summary: BASIC_AUTH
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: template_basic_auth
        label: Sample Basic Auth App
        features: []
        signOnMode: BASIC_AUTH
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          revealPassword: false
          signing: {}
        settings:
          app:
            loginUrlRegex: null
            url: https://example.com/login.html
            authURL: https://example.com/auth.html
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    BehaviorRuleRequest:
      value:
        name: My Behavior Rule
        type: VELOCITY
    BehaviorRuleResponse:
      value:
        id: abcd1234
        name: My Behavior Rule
        type: VELOCITY
        settings:
          velocityKph: 805
        status: ACTIVE
        created: 2021-11-09T20:38:10.000Z
        lastUpdated: 2021-11-11T20:38:10.000Z
        _link:
          self:
            href: https://your-subdomain.okta.com/api/v1/behaviors/abcd1234
            hints:
              allow:
              - GET
              - POST
              - PUT
              - DELETE
    BookmarkAppResponseEx:
      summary: BOOKMARK
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: bookmark
        label: Sample Bookmark App
        features: []
        signOnMode: BOOKMARK
        credentials:
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          signing: {}
        settings:
          app:
            requestIntegration: false
            url: https://example.com/bookmark.html
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    BookmarkEx:
      summary: BOOKMARK
      value:
        name: bookmark
        label: Sample Bookmark App
        signOnMode: BOOKMARK
        settings:
          app:
            url: https://example.com/bookmark.html
    BookmarkPutEx:
      summary: BOOKMARK
      value:
        name: bookmark
        label: Sample Bookmark App updated
        signOnMode: BOOKMARK
        settings:
          app:
            requestIntegration: true
            url: https://example.com/bookmark.html
    BookmarkPutResponseEx:
      summary: BOOKMARK
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: bookmark
        label: Sample Bookmark App updated
        features: []
        signOnMode: BOOKMARK
        credentials:
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          signing: {}
        settings:
          app:
            requestIntegration: true
            url: https://example.com/bookmark.html
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    BrowserPluginEx:
      summary: BROWSER_PLUGIN
      value:
        name: template_swa
        label: Sample Plugin App
        signOnMode: BROWSER_PLUGIN
        settings:
          app:
            buttonField: btn-login
            passwordField: txtbox-password
            usernameField: txtbox-username
            url: https://example.com/login.html
    BrowserPluginPutEx:
      summary: BROWSER_PLUGIN
      value:
        name: template_swa
        label: Sample Plugin App updated
        signOnMode: BROWSER_PLUGIN
        settings:
          app:
            buttonField: btn-login
            passwordField: txtbox-password
            usernameField: txtbox-username
            url: https://example_updated.com/login.html
    BrowserPluginPutResponseEx:
      summary: BROWSER_PLUGIN
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: template_swa
        label: Sample Plugin App updated
        features: []
        signOnMode: BROWSER_PLUGIN
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          revealPassword: false
          signing: {}
        settings:
          app:
            loginUrlRegex: null
            usernameField: txtbox-username
            buttonField: btn-login
            passwordField: txtbox-password
            url: https://example_updated.com/login.html
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    BrowserPluginResponseEx:
      summary: BROWSER_PLUGIN
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: template_swa
        label: Sample Plugin App
        features: []
        signOnMode: BROWSER_PLUGIN
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          revealPassword: false
          signing: {}
        settings:
          app:
            loginUrlRegex: null
            usernameField: txtbox-username
            buttonField: btn-login
            passwordField: txtbox-password
            url: https://example.com/login.html
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    BrowserPluginSwa3FieldEx:
      summary: BROWSER_PLUGIN with three CSS selectors
      value:
        name: template_swa3field
        label: Sample Plugin App
        signOnMode: BROWSER_PLUGIN
        settings:
          app:
            buttonSelector: '#btn-login'
            passwordSelector: '#txtbox-password'
            userNameSelector: '#txtbox-username'
            targetURL: https://example.com/login.html
            extraFieldSelector: .login
            extraFieldValue: SOMEVALUE
    BrowserPluginSwa3FieldPutEx:
      summary: BROWSER_PLUGIN with three CSS selectors
      value:
        name: template_swa3field
        label: Sample Plugin App updated
        signOnMode: BROWSER_PLUGIN
        settings:
          app:
            buttonSelector: '#btn-login'
            passwordSelector: '#txtbox-password'
            userNameSelector: '#txtbox-username'
            targetURL: https://exampleupdated.com/login.html
            extraFieldSelector: .login
            extraFieldValue: SOMEVALUE
    BrowserPluginSwa3FieldPutResponseEx:
      summary: BROWSER_PLUGIN with three CSS selectors
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: template_swa3field
        label: Sample Plugin App updated
        features: []
        signOnMode: BROWSER_PLUGIN
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          revealPassword: false
          signing: {}
        settings:
          app:
            loginUrlRegex: null
            extraFieldSelector: .login
            extraFieldValue: SOMEVALUE
            userNameSelector: '#txtbox-username'
            passwordSelector: '#txtbox-password'
            buttonSelector: '#btn-login'
            targetURL: https://exampleupdated.com/login.html
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    BrowserPluginSwa3FieldResponseEx:
      summary: BROWSER_PLUGIN with three CSS selectors
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: template_swa3field
        label: Sample Plugin App
        features: []
        signOnMode: BROWSER_PLUGIN
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          revealPassword: false
          signing: {}
        settings:
          app:
            loginUrlRegex: null
            extraFieldSelector: .login
            extraFieldValue: SOMEVALUE
            userNameSelector: '#txtbox-username'
            passwordSelector: '#txtbox-password'
            buttonSelector: '#btn-login'
            targetURL: https://example.com/login.html
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    BundleEntitlementsResponse:
      summary: List of governance bundle entitlements
      value:
        entitlements:
        - id: espfxqCAJWWGELFTYASJ
          role: GROUP_MEMBERSHIP_ADMIN
          name: Group Membership Admin
          description: Perform all admin activities for groups in the org
          _links:
            values: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements/espfxqCAJWWGELFTYASJ/values
        _links:
          self:
            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles?limit=2&after=10
          next:
            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles?after=bundleId12
          bundle:
            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA
    CAPTCHAInstanceRequestHCaptcha:
      value:
        name: myHCaptcha
        secretKey: xxxxxxxxxxx
        siteKey: xxxxxxxxxxx
        type: HCAPTCHA
    CAPTCHAInstanceRequestReCaptcha:
      value:
        name: myReCaptcha
        secretKey: xxxxxxxxxxx
        siteKey: yyyyyyyyyyyyyyy
        type: RECAPTCHA_V2
    CAPTCHAInstanceResponseHCaptcha:
      value:
        id: abcd1234
        name: myHCaptcha
        siteKey: xxxxxxxxxxx
        type: HCAPTCHA
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/captchas/abcd1234
            hints:
              allow:
              - GET
              - POST
              - PUT
              - DELETE
    CAPTCHAInstanceResponseReCaptcha:
      value:
        id: abcd4567
        name: myReCaptcha
        siteKey: yyyyyyyyyyyyyyy
        type: RECAPTCHA_V2
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
            hints:
              allow:
              - GET
              - POST
              - PUT
              - DELETE
    ChangePwdRequest:
      value:
        oldPassword:
          value: tlpWENT2m
        newPassword:
          value: "uTVM,TPw55"
        revokeSessions: true
    ChangePwdResponse:
      value:
        password: {}
        recovery_question:
          question: Who's a major player in the cowboy scene?
        provider:
          type: OKTA
          name: OKTA
    CreateAnEventHook:
      summary: Create an event hook
      value:
        name: Event Hook Test
        events:
          type: EVENT_TYPE
          items:
          - group.user_membership.add
        channel:
          type: HTTP
          version: 1.0.0
          config:
            uri: https://example_external_service/userAdded
            headers:
            - key: X-Other-Header
              value: my-header-value
            authScheme:
              type: HEADER
              key: Authorization
              value: my-shared-secret
    CreateAnEventHookWithFilter:
      summary: Create an event hook with a filter
      value:
        name: Event Hook with Filter
        description: An event hook using an Okta Expression Language filter
        events:
          type: EVENT_TYPE
          items:
          - group.user_membership.add
          filter:
            type: EXPRESSION_LANGUAGE
            eventFilterMap:
            - event: group.user_membership.add
              condition:
                expression: "event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName\
                  \ eq 'Sales'].size()>0"
        channel:
          type: HTTP
          version: 1.0.0
          config:
            uri: https://example_external_service/userAdded
            authScheme:
              type: HEADER
              key: Authorization
              value: my-shared-secret
    CreateAppleIdPRequest:
      summary: Create Apple Identity Provider
      value:
        type: APPLE
        name: Apple Identity Provider
        protocol:
          type: OIDC
          scopes:
          - openid
          - email
          - name
          credentials:
            client:
              client_id: your-client-id
            signing:
              privateKey: MIGTAgEAMBM........Cb9PnybCnzDv+3cWSGWqpAIsQQZ
              kid: test key ID
              teamId: test team ID
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.email
            matchType: USERNAME
    CreateAssocAuthServerBody:
      summary: Create a trusted relationship between authorization servers
      value:
      - trusted: "{authorizationServerId}"
    CreateAssocAuthServerResponse:
      summary: Create a trusted relationship between authorization servers
      value:
      - id: "{authorizationServerId}"
        name: Sample Authorization Server
        description: Sample Authorization Server description
        audiences:
        - https://api.resource.com
        issuer: "https://{yourOktaDomain}/oauth2/{authorizationServerId}"
        issuerMode: CUSTOM_URL
        status: ACTIVE
        created: 2023-05-17T22:25:57.000Z
        lastUpdated: 2023-05-17T22:25:57.000Z
        credentials:
          signing:
            rotationMode: AUTO
            lastRotated: 2023-05-17T22:25:57.000Z
            nextRotation: 2023-08-15T22:25:57.000Z
            kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
            use: sig
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}"
            hints:
              allow:
              - DELETE
    CreateAuthServerBody:
      summary: Create a custom authorization server
      value:
        name: Sample Authorization Server
        description: Sample Authorization Server description
        audiences:
        - api://default
    CreateAuthServerResponse:
      summary: Create a custom authorization server
      value:
        id: "{authorizationServerId}"
        name: Sample Authorization Server
        description: Sample Authorization Server description
        audiences:
        - https://api.resource.com
        issuer: "https://{yourOktaDomain}/oauth2/{authorizationServerId}"
        issuerMode: ORG_URL
        status: ACTIVE
        created: 2023-05-17T22:25:57.000Z
        lastUpdated: 2023-05-17T22:25:57.000Z
        credentials:
          signing:
            rotationMode: AUTO
            lastRotated: 2023-05-17T22:25:57.000Z
            nextRotation: 2023-08-15T22:25:57.000Z
            kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
        _links:
          scopes:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes"
            hints:
              allow:
              - GET
          claims:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims"
            hints:
              allow:
              - GET
          policies:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies"
            hints:
              allow:
              - GET
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}"
            hints:
              allow:
              - GET
              - DELETE
              - PUT
          metadata:
          - name: oauth-authorization-server
            href: "https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server"
            hints:
              allow:
              - GET
          - name: openid-configuration
            href: "https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration"
            hints:
              allow:
              - GET
          rotateKey:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate"
            hints:
              allow:
              - POST
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
    CreateAuthorizationServerPolicyRequest:
      summary: Create Authorization Server Policy
      value:
        type: OAUTH_AUTHORIZATION_POLICY
        status: ACTIVE
        name: Default Policy
        description: Default policy description
        priority: 1
        system: false
        conditions:
          clients":
            include":
            - ALL_CLIENTS
    CreateAuthorizationServerPolicyRuleRequest:
      summary: Create Authorization Server Policy Rule
      value:
        type: RESOURCE_ACCESS
        name: Default Policy Rule
        priority: 1
        conditions:
          people:
            groups:
              include:
              - EVERYONE
          grantTypes:
            include:
            - implicit
            - client_credentials
            - authorization_code
            - password
          scopes:
            include:
            - '*'
        actions:
          token:
            accessTokenLifetimeMinutes: 60
            refreshTokenLifetimeMinutes: 0
            refreshTokenWindowMinutes: 10080
            inlineHook:
              id: cal4egvp1mbMldrYN0g7
    CreateBrandRequest:
      value:
        name: My Awesome Brand
    CreateBrandResponse:
      value:
        id: bnd114iNkrcN6aR680g5
        removePoweredByOkta: false
        customPrivacyPolicyUrl: "null,"
        agreeToCustomPrivacyPolicy: "false,"
        name: My Awesome Brand
        locale: en
        defaultApp:
          appInstanceId: null
          appLinkName: null
          classicApplicationUri: null
        isDefault: false
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g5"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          themes:
            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g5/themes"
            hints:
              allow:
              - GET
    CreateChildOrgRequestEx:
      summary: Create Org request
      value:
        subdomain: my-child-org-1
        name: My Child Org 1
        website: http://www.examplecorp.com
        edition: SKU
        admin:
          profile:
            firstName: First
            lastName: Last
            email: [email protected]
            login: [email protected]
            mobilePhone: null
          credentials:
            password:
              value: XXXX
    CreateChildOrgResponseEx:
      summary: Create Org response
      value:
        id: 00o1n8sbwArJ7OQRw406
        subdomain: my-child-org-1
        name: My Child Org 1
        website: http://www.examplecorp.com
        status: ACTIVE
        edition: SKU
        expiresAt: null
        created: 2024-08-27T15:42:52.000Z
        lastUpdated: 2024-08-27T15:42:56.000Z
        licensing:
          apps: []
        settings:
          app:
            errorRedirectUrl: null
            interstitialUrl: null
            interstitialMinWaitTime: 1200
          userAccount:
            attributes:
              secondaryEmail: true
              secondaryImage: true
          portal:
            errorRedirectUrl: null
            signOutUrl: null
          logs:
            level: INFO
        token: XXXXXXXXXXXXX
        tokenType: SSWS
        _links:
          administrator:
            href: https://my-child-org-1.oktapreview.com/api/v1/users/00u1n8sheI1WBQlDV406
          uploadLogo:
            href: https://my-child-org-1.oktapreview.com/api/v1/org/logo
          organization:
            href: https://my-child-org-1.oktapreview.com/api/v1/orgs/my-child-org-1
          contacts:
            href: https://my-child-org-1.oktapreview.com/api/v1/orgs/my-child-org-1/contacts
          policy:
            href: https://my-child-org-1.oktapreview.com/api/v1/orgs/my-child-org-1/policy
    CreateCustomRoleResponseGroup:
      value:
        id: irb1q92TFAHzySt3x0g4
        role: cr0Yq6IJxGIr0ouum0g3
        label: UserCreatorRole
        type: CUSTOM
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: GROUP
        resource-set: iamoJDFKaJxGIr0oamd9g
        _links:
          assignee:
            href": "https://{yourOktaDomain}/api/v1/groups/00gsr2IepS8YhHRFf0g3"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions"
    CreateCustomTokenClaimBody:
      summary: Create a custom token Claim
      value:
      - alwaysIncludeInToken: true
        claimType: IDENTITY
        conditions:
          scopes:
          - profile
        group_filter_type: CONTAINS
        name: Support
        status: ACTIVE
        system: false
        value: Support
        valueType: GROUPS
    CreateCustomTokenClaimResponse:
      summary: Create a custom token Claim response
      value:
      - id: "{claimId}"
        name: Support
        status: ACTIVE
        claimType: IDENTITY
        valueType: GROUPS
        value: Support
        conditions:
          scopes:
          - profile
        system: false
        alwaysIncludeInToken: true
        apiResourceId: null
        group_filter_type: CONTAINS
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    CreateEDNZRequest:
      summary: Create an Enhanced Dynamic Network Zone
      value:
        type: DYNAMIC_V2
        name: testZone106
        status: ACTIVE
        usage: BLOCKLIST
        locations:
          include: []
          exclude: []
        asns:
          include: []
          exclude: []
        ipServiceCategories:
          include:
          - ALL_ANONYMIZERS
          exclude: []
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    CreateEDNZResponse:
      summary: Enhanced Dynamic Network Zone
      value:
        type: DYNAMIC_V2
        id: nzok0oz2xYHOZtIch0g4
        name: testZone106
        status: ACTIVE
        usage: BLOCKLIST
        create: 2024-05-13T16:33:44.000Z
        lastUpdated: 2024-05-13T16:33:44.000Z
        system: false
        locations:
          include: []
          exclude: []
        asns:
          include: []
          exclude: []
        ipServiceCategories:
          include:
          - ALL_ANONYMIZERS
          exclude: []
        _links:
          self:
            href: "http://{yourOktaDomain}/api/v1/zones/nzok0oz2xYHOZtIch0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "http://{yourOktaDomain}/api/v1/zones/nzok0oz2xYHOZtIch0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    CreateEmailDomainRequest:
      value:
        displayName: Admin
        userName: admin
        domain: example.com
        brandId: bnd100iSrkcN6aR680g1
        validationSubdomain: mail
    CreateFacebookIdPRequest:
      summary: Create Facebook Identity Provider
      value:
        type: FACEBOOK
        name: Facebook
        protocol:
          type: OAUTH2
          scopes:
          - public_profile
          - email
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
    CreateGenericOidcIdPRequest:
      summary: Create Generic OpenID Connect Identity Provider
      value:
        type: OIDC
        name: Example OpenID Connect IdP
        protocol:
          algorithms:
            request:
              signature:
                algorithm: HS256
                scope: REQUEST
          endpoints:
            acs:
              binding: HTTP-POST
              type: INSTANCE
            authorization:
              binding: HTTP-REDIRECT
              url: https://idp.example.com/authorize
            token:
              binding: HTTP-POST
              url: https://idp.example.com/token
            userInfo:
              binding: HTTP-REDIRECT
              url: https://idp.example.com/userinfo
            jwks:
              binding: HTTP-REDIRECT
              url: https://idp.example.com/keys
          scopes:
          - openid
          - profile
          - email
          type: OIDC
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
              pkce_required: "true"
          issuer:
            url: https://idp.example.com
        policy:
          accountLink:
            action: AUTO
            filter: null
          provisioning:
            action: AUTO
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
            groups:
              action: NONE
          mapAMRClaims: false
          maxClockSkew: 120000
          subject:
            userNameTemplate:
              template: idpuser.email
            matchType: USERNAME
    CreateGoogleIdPRequest:
      summary: Create Google Identity Provider
      value:
        type: GOOGLE
        name: Google
        protocol:
          type: OAUTH2
          scopes:
          - profile
          - email
          - openid
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
    CreateHookKeyResponse:
      description: |-
        The response is a [Key object](https://developer.okta.com/docs/reference/api/hook-keys/#key-object) that represents the key that you create. The `id` property in the response serves as the unique ID for the key, which you can specify when invoking other CRUD operations. The `keyId` provided in the response is the alias of the public key that you can use to get details of the public key data in a separate call.
        > **Note:** The keyId is the alias of the public key that you can use to retrieve the public key.
      summary: Create a key response example
      value:
        id: HKY1p7jWLndGQV9M60g4
        keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
        name: My new key
        created: 2022-08-31T18:09:58.000Z
        lastUpdated: 2022-08-31T18:09:58.000Z
        isUsed: "false"
        _embedded:
          kty: RSA
          alg: RSA
          kid: 7fbc27fd-e3df-4522-86bf-1930110256ad
          use: "null"
          e: AQAB
          "n": 2naqCnv6r4xNQs7207lRtKQvdtnlVND-8k5iYBIiqoKGY3CqUmRm1jleoOniiQoMkFX8Wj2DmVqr002efF3vOQ7_gjtTatBTVUNbNIQLybun4dkVoUtfP7pRc5SLpcP3eGPRVar734ZrpQXzmCEdpqBt3jrVjwYjNE5DqOjbYXFJtMsy8CWE9LRJ3kyHEoHPzo22dG_vMrXH0_sAQoCk_4TgNCbvyzVmGVYXI_BkUnp0hv2pR4bQVRYzGB9dKJdctOh8zULqc_EJ8tiYsS05YnF7whrWEyARK0rH-e4d4W-OmBTga_zhY4kJ4NsoQ4PyvcatZkxjPO92QHQOFDnf3w`
    CreateIAMStandardRoleResponseGroup:
      value:
        id: irb1q92TFAHzySt3x0g4
        role: ACCESS_REQUESTS_ADMIN
        label: Access Requests Administrator
        type: ACCESS_REQUESTS_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: GROUP
        resource-set: ACCESS_CERTIFICATIONS_IAM_POLICY
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/groups/00gsr2IepS8YhHRFf0g3"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/ACCESS_REQUESTS_ADMIN"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/ACCESS_REQUESTS_ADMIN/permissions"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY/bindings/ACCESS_REQUESTS_ADMIN/members/irb4jlomnnDBuBDyJ0g7"
    CreateIPPolicyBlockListNetworkZone:
      summary: Create an IP Blocklist Network Zone
      value:
        type: IP
        name: newBlockListNetworkZone
        status: ACTIVE
        usage: BLOCKLIST
        gateways:
        - type: CIDR
          value: 1.2.3.4/24
        - type: CIDR
          value: 2.3.4.5/24
        proxies: null
    CreateIPPolicyBlockListNetworkZoneResponse:
      summary: IP Blocklist Network Zone
      value:
        type: IP
        id: nzo1qasnPb1kqEq0e0g4
        name: newBlockListNetworkzone
        status: ACTIVE
        usage: BLOCKLIST
        created: 2021-08-09T20:22:09.000Z
        lastUpdated: 2021-08-09T20:22:09.000Z
        system: false
        gateways:
        - type: CIDR
          value: 1.2.3.4/24
        - type: CIDR
          value: 2.3.4.5/24
        proxies: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzo1qasnPb1kqEq0e0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzo1qasnPb1kqEq0e0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    CreateIPPolicyNetworkZone:
      summary: Create an IP Policy Network Zone
      value:
        type: IP
        name: newNetworkZone
        gateways:
        - type: CIDR
          value: 1.2.3.4/24
        - type: CIDR
          value: 2.3.4.5/24
        proxies:
        - type: CIDR
          value: 2.2.3.4/24
        - type: CIDR
          value: 3.3.4.5/24
    CreateIPPolicyNetworkZoneResponse:
      summary: IP Policy Network Zone
      value:
        type: IP
        id: nzowb8T5Jh5xuAJ0o0g7
        name: newNetworkZone
        status: ACTIVE
        usage: POLICY
        created: 2021-08-09T21:32:01.000Z
        lastUpdated: 2021-08-09T21:32:01.000Z
        system: false
        gateways:
        - type: CIDR
          value: 1.2.3.4/24'
        - type: CIDR
          value: 2.3.4.5/24
        proxies:
        - type: CIDR
          value: 2.2.3.4/24
        - type: CIDR
          value: 3.3.4.5/24
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowb8T5Jh5xuAJ0o0g7"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowb8T5Jh5xuAJ0o0g7/lifecycle/deactivate"
            hints:
              allow:
              - POST
    CreateLinkedObjectRequest:
      summary: Create manager-subordinate link request
      value:
        primary:
          name: manager
          title: manager
          description: Manager link property
          type: USER
        associated:
          name: subordinate
          title: subordinate
          description: Subordinate link property
          type: USER
    CreateLinkedObjectResponse:
      summary: Create manager-subordinate link property response
      value:
        primary:
          name: manager
          title: manager
          description: Manager link property
          type: USER
        associated:
          name: subordinate
          title: subordinate
          description: Subordinate link property
          type: USER
        _links:
          self:
            href: http://your-subdomain.okta.com/api/v1/meta/schemas/user/linkedObjects/manager
    CreateMicrosoftIdPRequest:
      summary: Create Microsoft Identity Provider
      value:
        type: MICROSOFT
        name: Microsoft
        protocol:
          type: OIDC
          scopes:
          - openid
          - email
          - profile
          - https://graph.microsoft.com/User.Read
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
    CreateOAuth2ScopeRequest:
      summary: Example scope
      value:
        name: car:drive
        description: Drive car
        consent: REQUIRED
        displayName: Saml Jackson
    CreateOrReplaceSMSTemplateRequest:
      value:
        name: Custom
        type: SMS_VERIFY_CODE
        template: "${org.name}: your verification code is ${code}"
        translations:
          es: "${org.name}: el código de verificación es ${code}"
          fr: "${org.name}: votre code de vérification est ${code}"
          it: "${org.name}: il codice di verifica è ${code}"
    CreateOrReplaceSMSTemplateResponse:
      value:
        id: 6NQUJ5yR3bpgEiYmq8IC
        name: Custom
        type: SMS_VERIFY_CODE
        template: "${org.name}: your verification code is ${code}"
        translations:
          es: "${org.name}: el código de verificación es ${code}"
          fr: "${org.name}: votre code de vérification est ${code}"
          it: "${org.name}: il codice di verifica è ${code}"
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
    CreateSamlIdPRequest:
      summary: Create SAML 2.0 Identity Provider
      value:
        type: SAML2
        name: Example SAML IdP
        protocol:
          type: SAML2
          endpoints:
            sso:
              url: https://idp.example.com
              binding: HTTP-POST
              destination: https://idp.example.com
            acs:
              binding: HTTP-POST
              type: INSTANCE
          algorithms:
            request:
              signature:
                algorithm: SHA-256
                scope: REQUEST
            response:
              signature:
                algorithm: SHA-256
                scope: ANY
          credentials:
            trust:
              issuer: https://idp.example.com
              audience: http://www.okta.com/123
              kid: your-key-id
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: saml.subjectNameId
            format:
            - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
            filter: (\S+@example\.com)
            matchType: USERNAME
    CreateSessionBody:
      summary: Create a new Session with a valid session token
      value:
        sessionToken: 00HiohZYpJgMSHwmL9TQy7RRzuY-q9soKp1SPmYYow
    CreateSessionResponse:
      summary: Create a new Session with a valid session token
      value:
        amr:
        - pwd
        createdAt: 2019-08-24T14:15:22Z
        expiresAt: 2019-08-24T14:15:22Z
        id: l7FbDVqS8zHSy65uJD85
        idp:
          id: 01a2bcdef3GHIJKLMNOP
          type: ACTIVE_DIRECTORY
        lastFactorVerification: 2019-08-24T14:15:22Z
        lastPasswordVerification: 2019-08-24T14:15:22Z
        login: [email protected]
        status: ACTIVE
        userId: 00u0abcdefGHIJKLMNOP
        _links:
          self:
            hints:
              allow:
              - DELETE
          href: "https://{yourOktaDomain}/api/v1/sessions/l7FbDVqS8zHSy65uJD85"
    CreateSmartCardIdPRequest:
      summary: Create SmartCard Identity Provider
      value:
        type: X509
        status: ACTIVE
        name: Smart Card IDP Name
        properties:
          additionalAmr:
          - sc
          - hwk
          - pin
          - mfa
        protocol:
          type: MTLS
          credentials:
            trust:
              revocation: CRL
              revocationCacheLifetime: 2880
              issuer: your-issuer
              kid: your-kid
        policy:
          provisioning:
            action: DISABLED
          mapAMRClaims: false
          maxClockSkew: 120000
          subject:
            matchType: EMAIL
            matchAttribute: ""
            userNameTemplate:
              template: idpuser.subjectAltNameEmail
    CreateStandardRoleAssignmentResponseGroup:
      value:
        id: grasraHPx7i79ajaJ0g3
        label: Organization Administrator
        type: ORG_ADMIN
        status: ACTIVE
        created: 2019-02-27T14:56:55.000Z
        lastUpdated: 2019-02-27T14:56:55.000Z
        assignmentType: GROUP
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/groups/00gsr2IepS8YhHRFf0g3"
    CreateUISchemaBody:
      summary: UI Schema body request
      value:
        uiSchema:
          type: Group
          elements:
          - type: Control
            scope: '#/properties/firstName'
            label: First Name
            options:
              format: text
          - type: Control
            scope: '#/properties/lastName'
            label: Last Name
            options:
              format: text
          - type: Control
            scope: '#/properties/email'
            label: Primary email
            options:
              format: text
          buttonLabel: Submit
          label: Sign in
    CreateUISchemaResponse:
      summary: Returns full UI Schema body
      value:
        id: uis4a7liocgcRgcxZ0g7
        uiSchema:
          type: Group
          label: Sign in
          buttonLabel: Submit
          elements:
          - type: Control
            scope: '#/properties/firstName'
            label: First name
            options:
              format: text
          - type: Control
            scope: '#/properties/lastName'
            label: Last name
            options:
              format: text
          - type: Control
            scope: '#/properties/email'
            label: Primary email
            options:
              format: text
        created: 2022-07-25T12:56:31.000Z
        lastUpdated: 2022-07-26T11:53:59.000Z
        _links:
          self:
            href: https://exmaple.com/api/v1/meta/uischemas/uis4a7liocgcRgcxZ0g7
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    CreateUpdateEmailCustomizationRequest:
      value:
        language: fr
        subject: "Bienvenue dans ${org.name}!"
        body: "
Bonjour ${user.profile.firstName}. Activer le compte
"
        isDefault: false
    CreateUpdateEmailCustomizationResponse:
      value:
        language: fr
        subject: "Bienvenue dans ${org.name}!"
        body: "
Bonjour ${user.profile.firstName}. Activer le compte
"
        isDefault: false
        id: oel11u6DqUiMbQkpl0g4
        created: 2021-11-09T20:38:10.000Z
        lastUpdated: 2021-11-11T20:38:10.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          template:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
            hints:
              allow:
              - GET
          preview:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview"
            hints:
              allow:
              - GET
          test:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
            hints:
              allow:
              - POST
    CreateUpdateIamRolePermissionRequestExampleWithExclude:
      value:
        conditions:
          exclude:
            okta:ResourceAttribute/User/Profile:
            - zipCode
    CreateUpdateIamRolePermissionRequestExampleWithInclude:
      value:
        conditions:
          include:
            okta:ResourceAttribute/User/Profile:
            - city
            - state
    CreateUserRequest:
      summary: Create a user type request
      value:
        description: A new custom user type
        displayName: New User Type
        name: newUserType
    CreateUserResponse:
      summary: Create a user type response
      value:
        id: otyfnly5cQjJT9PnR0g4
        displayName: New User Type
        name: newUserType
        description: A new custom user type
        createdBy: sprz9fj1ycBcsgopy1d6
        lastUpdatedBy: sprz9fj1ycBcsgopy1d6
        created: 2021-07-05T20:40:38.000Z
        lastUpdated: 2021-07-05T20:40:38.000Z
        default: false
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
          schema:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
    CsrJsonResponse:
      summary: CSR object in JSON format
      value:
        id: h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50
        created: 2017-03-28T01:11:10.000Z
        csr: MIIC4DCCAcgCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk9rdGEsIEluYy4xDDAKBgNVBAsMA0RldjESMBAGA1UEAwwJU1AgSXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6m8jHVCr9/tKvvbFN59T4raoCs/78KRm4fSefHQOv1TKLXo4wTLbsqYWRWc5u0sd5orUMQgPQOyj3i6qh13mALY4BzrT057EG1BUNjGg29QgYlnOk2iX890e5BIDMQQEIKFrvOi2V8cLUkLvE2ydRn0VO1Q1frbUkYeStJYC5Api2JQsYRwa+1ZeDH1ITnIzUaugWhW2WB2lSnwZkenne5KtffxMPYVu+IhNRHoKaRA6Z51YNhMJIx17JM2hs/H4Ka3drk6kzDf7ofk/yBpb9yBWyU7CTSQhdoHidxqFprMDaT66W928t3AeOENHBuwn8c2K9WeGG+bELNyQRJVmawIDAQABoCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxkZXYub2t0YS5jb20wDQYJKoZIhvcNAQELBQADggEBAA2hsVJRVM+A83X9MekjTnIbt19UNT8wX7wlE9jUKirWsxceLiZBpVGn9qfKhhVIpvdaIRSeoFYS2Kg/m1G6bCvjmZLcrQ5FcEBjZH2NKfNppGVnfC2ugtUkBtCB+UUzOhKhRKJtGugenKbP33zRWWIqnd2waF6Cy8TIuqQVPbwEDN9bCbAs7ND6CFYNguY7KYjWzQOeAR716eqpEEXuPYAS4nx/ty4ylonR8cv+gpq51rvq80A4k/36aoeM0Y6I4w64vhTfuvWW2UYFUD+/+y2FA2CSP4JfctySrf1s525v6fzTFZ3qZbB5OZQtP2b8xYWktMzywsxGKDoVDB4wkH4=
        kty: RSA
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/idps/0oad5lTSBOMUBOBVVQSC/credentials/csrs/h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50"
            hints:
              allow:
              - GET
              - DELETE
          publish:
            href: "https://{yourOktaDomain}/api/v1/idps/0oad5lTSBOMUBOBVVQSC/credentials/csrs/h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50/lifecycle/publish"
            hints:
              allow:
              - POST
    CsrPkcs10Response:
      summary: CSR in DER format
      value: MIIC4DCCAcgCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk9rdGEsIEluYy4xDDAKBgNVBAsMA0RldjESMBAGA1UEAwwJU1AgSXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6m8jHVCr9
    CustomRoleAssignmentRequest:
      value:
        type: CUSTOM
        role: cr04cxy6yzSCtNciD0g7
        resource-set: iam4cxy6z7hhaZCSk0g7
    CustomRoleResponseClient:
      value:
        id: irb4ey26fpFI3vQ8y0g7
        label: view_minimal
        type: CUSTOM
        status: ACTIVE
        created: 2023-05-01T15:16:47.000Z
        lastUpdated: 2023-05-01T15:16:47.000Z
        assignmentType: CLIENT
        resource-set: iam4cxy6z7hhaZCSk0g7
        role: cr04cxy6yzSCtNciD0g7
        _links:
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr04cxy6yzSCtNciD0g7"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iam4cxy6z7hhaZCSk0g7"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr04cxy6yzSCtNciD0g7/permissions"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iam4cxy6z7hhaZCSk0g7/bindings/cr04cxy6yzSCtNciD0g7/members/irb4ey26fpFI3vQ8y0g7"
          assignee:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/0oa4ee9vgbIuqTUvd0g7"
    CustomRoleResponseUser:
      value:
        id: irb1q92TFAHzySt3x0g4
        role: cr0Yq6IJxGIr0ouum0g3
        label: UserCreatorRole
        type: CUSTOM
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: USER
        resource-set: iamoJDFKaJxGIr0oamd9g
        _links:
          assignee:
            href": "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions"
    CustomRolesListResponseClient:
      value:
      - id: irb4ey26fpFI3vQ8y0g7
        label: view_minimal
        type: CUSTOM
        status: ACTIVE
        created: 2023-05-01T15:16:47.000Z
        lastUpdated: 2023-05-01T15:16:47.000Z
        assignmentType: CLIENT
        resource-set: iam4cxy6z7hhaZCSk0g7
        role: cr04cxy6yzSCtNciD0g7
        _links:
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr04cxy6yzSCtNciD0g7"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iam4cxy6z7hhaZCSk0g7"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr04cxy6yzSCtNciD0g7/permissions"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iam4cxy6z7hhaZCSk0g7/bindings/cr04cxy6yzSCtNciD0g7/members/irb4ey26fpFI3vQ8y0g7"
          assignee:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/0oa4ee9vgbIuqTUvd0g7"
    CustomRolesListResponseGroup:
      value:
      - id: irb1q92TFAHzySt3x0g4
        role: cr0Yq6IJxGIr0ouum0g3
        label: UserCreatorRole
        type: CUSTOM
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: GROUP
        resource-set: iamoJDFKaJxGIr0oamd9g
        _links:
          assignee:
            href": "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3/members/irb1qe6PGuMc7Oh8N0g4"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/permission-sets/cr0Yq6IJxGIr0ouum0g3/permissions"
    DeactivateIdPResponse:
      summary: Deactivate an Identity Provider
      value:
        id: 0oa62bfdiumsUndnZ0h7
        type: GOOGLE
        name: Google
        status: INACTIVE
        created: 2016-03-24T23:21:49.000Z
        lastUpdated: 2016-03-25T19:16:53.000Z
        protocol:
          type: OIDC
          endpoints:
            authorization:
              url: https://accounts.google.com/o/oauth2/auth
              binding: HTTP-REDIRECT
            token:
              url: https://www.googleapis.com/oauth2/v3/token
              binding: HTTP-POST
          scopes:
          - profile
          - email
          - openid
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: |-
              https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oa62bfdiumsUndnZ0h7&
                    client_id={clientId}&response_type={responseType}&response_mode={responseMode}&
                    scope={scopes}&redirect_uri={redirectUri}&state={state}
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
    DeactivateNetworkZone:
      summary: Deactivated Network Zone
      value:
        type: IP
        id: nzowc1U5Jh5xuAK0o0g3
        name: MyIpZone
        status: INACTIVE
        usage: POLICY
        created: 2021-06-24T20:37:32.000Z
        lastUpdated: 2021-06-24T20:37:32.000Z
        system: false
        gateways:
        - type: CIDR
          value: 1.2.3.4/24
        proxies:
        - type: RANGE
          value: 3.3.4.5-3.3.4.15
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          activate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/activate"
            hints:
              allow:
              - POST
    DeactivatedSecurityEventsProviderResponse:
      summary: Inactive Security Events Provider
      value:
        id: sse1qg25RpusjUP6m0g5
        name: Security Events Provider with well-known URL
        type: okta
        status: INACTIVE
        settings:
          well_known_url: https://example.okta.com/.well-known/ssf-configuration
          issuer: Issuer
          jwks_url: https://example.okta.com/jwks/path
        _links:
          self:
            href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          activate:
            href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5/lifecycle/activate
            hints:
              allow:
              - POST
    DefaultEnhancedDynamicNetworkZone:
      summary: Default Enhanced Dynamic Network Zone
      value:
        type: DYNAMIC_V2
        id: nzohcnxFrSgsiwyHp0g4
        name: DefaultEnhancedDynamicZone
        status: ACTIVE
        usage: BLOCKLIST
        created: 2024-05-06T19:12:29.000Z
        lastUpdated: 2024-05-09T21:02:31.000Z
        system: true
        locations:
          include: []
          exclude: []
        ipServiceCategories:
          include:
          - ALL_ANONYMIZERS
          exclue: []
        asns:
          include: []
          exclude: []
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6/lifecycle/deactivate"
            hints:
              allow:
              - POST
    DefaultIpBlocklistNetworkZone:
      summary: Default IP Blocklist Network Zone
      value:
        type: IP
        id: nzou3u0stMCmgOzXK1d6
        name: BlockedIpZone
        status: ACTIVE
        usage: BLOCKLIST
        created: 2021-06-09T21:32:46.000Z
        lastUpdated: 2021-06-09T21:32:46.000Z
        system: true
        gateways: null
        proxies: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6/lifecycle/deactivate"
            hints:
              allow:
              - POST
    DefaultIpNetworkZone:
      summary: Default IP Network Zone
      value:
        type: IP
        id: nzou3u0ssJfZjYsWL1d6
        name: LegacyIpZone
        status: ACTIVE
        usage: POLICY
        created: 2021-06-09T21:32:46.000Z
        lastUpdated: 2021-06-09T21:32:46.000Z
        system: true
        gateways: null
        proxies: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0ssJfZjYsWL1d6"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0ssJfZjYsWL1d6/lifecycle/deactivate"
            hints:
              allow:
              - POST
    DefaultRealmAssignment:
      value:
        id: rul2jy7jLUlnO5ng00g4
        status: ACTIVE
        name: Catch-all
        created: 2022-04-04T15:56:05.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
        isDefault: true
        conditions:
          profileSourceId: "0oa4enoRyjwSCy6hx0g4,"
          expression:
            value: string
        actions:
          assignUserToRealm:
            realmId: 00g1b7rvh0xPLKXFf2g5
        priority: 499
        _links:
          self:
            rel: self
            href: http://your-subdomain.okta.com/api/v1/realm-assignments/rul2jy7jLUlnO5ng00g4
            method: GET
    DefaultRealmResponse:
      value:
        id: guox9jQ16k9V8IQWL0g3
        created: 2022-04-04T15:56:05.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
        isDefault: true
        profile:
          name: Default Realm
        _links:
          self:
            rel: self
            href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IQWL0g3
            method: GET
    DeviceAssuranceAndroidRequest:
      summary: Android request
      value:
        name: Device Assurance Android
        osVersion:
          minimum: 12
        diskEncryptionType:
          include:
          - USER
          - FULL
        jailbreak: false
        platform: ANDROID
        screenLockType:
          include:
          - BIOMETRIC
        secureHardwarePresent: true
    DeviceAssuranceAndroidResponse:
      summary: Android response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance Android
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersion:
          minimum: 12.4.5
        diskEncryptionType:
          include:
          - USER
          - FULL
        jailbreak: false
        platform: ANDROID
        screenLockType:
          include:
          - BIOMETRIC
        secureHardwarePresent: true
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
    DeviceAssuranceAndroidWithDynamicVersionRequirementRequest:
      summary: Android with dynamic version requirement request
      value:
        name: Device Assurance Android
        osVersion:
          dynamicVersionRequirement:
            type: MINIMUM
            distanceFromLatestMajor: 0
        diskEncryptionType:
          include:
          - USER
          - FULL
        jailbreak: false
        platform: ANDROID
        screenLockType:
          include:
          - BIOMETRIC
        secureHardwarePresent: true
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceAndroidWithDynamicVersionRequirementResponse:
      summary: Android with dynamic version requirement response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance Android
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersion:
          dynamicVersionRequirement:
            type: MINIMUM
            distanceFromLatestMajor: 0
        diskEncryptionType:
          include:
          - USER
          - FULL
        jailbreak: false
        platform: ANDROID
        screenLockType:
          include:
          - BIOMETRIC
        secureHardwarePresent: true
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceChromeOSWithThirdPartySignalProvidersRequest:
      summary: ChromeOS with third-party signal providers request
      value:
        name: Device Assurance ChromeOS
        platform: CHROMEOS
        thirdPartySignalProviders:
          dtc:
            osVersion:
              minimum: 10.0.19041.1110
            diskEncrypted: true
            osFirewall: true
            screenLockSecured: true
            allowScreenLock: true
            browserVersion:
              minimum: 15393.27.0
            deviceEnrollmentDomain: testDomain
            builtInDnsClientEnabled: true
            chromeRemoteDesktopAppBlocked: true
            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
            siteIsolationEnabled: true
            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
            realtimeUrlCheckMode: true
            keyTrustLevel: CHROME_OS_VERIFIED_MODE
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceChromeOSWithThirdPartySignalProvidersResponse:
      summary: ChromeOS with third-party signal providers response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance ChromeOS
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        platform: CHROMEOS
        thirdPartySignalProviders:
          dtc:
            osVersion:
              minimum: 10.0.19041.1110
            diskEncrypted: true
            osFirewall: true
            screenLockSecured: true
            allowScreenLock: true
            browserVersion:
              minimum: 15393.27.0
            deviceEnrollmentDomain: testDomain
            builtInDnsClientEnabled: true
            chromeRemoteDesktopAppBlocked: true
            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
            siteIsolationEnabled: true
            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
            realtimeUrlCheckMode: true
            keyTrustLevel: CHROME_OS_VERIFIED_MODE
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceIosRequest:
      summary: iOS request
      value:
        name: Device Assurance iOS
        osVersion:
          minimum: 12.4.5
        jailbreak: false
        platform: IOS
        screenLockType:
          include:
          - BIOMETRIC
    DeviceAssuranceIosResponse:
      summary: iOS response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance iOS
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersion:
          minimum: 12.4.5.9
        jailbroken: false
        platform: IOS
        screenLockType:
          include:
          - BIOMETRIC
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
    DeviceAssuranceIosWithDynamicVersionRequirementRequest:
      summary: iOS with dynamic version requirement request
      value:
        name: Device Assurance iOS
        osVersion:
          dynamicVersionRequirement:
            type: EXACT_ANY_SUPPORTED
            latestSecurityPatch: true
        jailbreak: false
        platform: IOS
        screenLockType:
          include:
          - BIOMETRIC
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceIosWithDynamicVersionRequirementResponse:
      summary: iOS with dynamic version requirement response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance iOS
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersion:
          dynamicVersionRequirement:
            type: EXACT_ANY_SUPPORTED
            latestSecurityPatch: true
        jailbroken: false
        platform: IOS
        screenLockType:
          include:
          - BIOMETRIC
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceMacOSRequest:
      summary: macOS request
      value:
        name: Device Assurance macOS
        osVersion:
          minimum: 12.4.5
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: MACOS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
    DeviceAssuranceMacOSResponse:
      summary: macOS response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance macOS
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersion:
          minimum: 12.4.5
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: MACOS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
    DeviceAssuranceMacOSWithDynamicVersionRequirementRequest:
      summary: macOS with dynamic version requirement request
      value:
        name: Device Assurance macOS
        osVersion:
          dynamicVersionRequirement:
            type: EXACT
            distanceFromLatestMajor: 0
            latestSecurityPatch: true
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: MACOS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceMacOSWithDynamicVersionRequirementResponse:
      summary: macOS with dynamic version requirement response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance macOS
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersion:
          dynamicVersionRequirement:
            type: EXACT
            distanceFromLatestMajor: 0
            latestSecurityPatch: true
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: MACOS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceMacOSWithThirdPartySignalProvidersRequest:
      summary: macOS with third-party signal providers request
      value:
        name: Device Assurance macOS
        osVersion:
          minimum: 12.4.5
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: MACOS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
        thirdPartySignalProviders:
          dtc:
            osVersion:
              minimum: 10.0.19041.1110
            diskEncrypted: true
            osFirewall: true
            screenLockSecured: true
            browserVersion:
              minimum: 15393.27.0
            deviceEnrollmentDomain": testDomain
            builtInDnsClientEnabled": true
            chromeRemoteDesktopAppBlocked": true
            safeBrowsingProtectionLevel": true
            siteIsolationEnabled": true
            passwordProtectionWarningTrigger": PASSWORD_PROTECTION_OFF
            realtimeUrlCheckMode": true
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceMacOSWithThirdPartySignalProvidersResponse:
      summary: macOS with third-party signal providers response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance macOS
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersion:
          minimum: 12.4.5.9
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: MACOS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
        thirdPartySignalProviders:
          dtc:
            osVersion:
              minimum: 10.0.19041.1110
            diskEncrypted: true
            osFirewall: true
            screenLockSecured: true
            browserVersion:
              minimum: 15393.27.0
            deviceEnrollmentDomain: testDomain
            builtInDnsClientEnabled: true
            chromeRemoteDesktopAppBlocked: true
            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
            siteIsolationEnabled: true
            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
            realtimeUrlCheckMode: true
            keyTrustLevel: CHROME_BROWSER_HW_KEY
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceWindowsRequest:
      summary: Windows request
      value:
        name: Device Assurance Windows
        osVersion:
          minimum: 12.4.5.9
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: WINDOWS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
    DeviceAssuranceWindowsResponse:
      summary: Windows response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance Windows
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersion:
          minimum: 12.4.5.9
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: WINDOWS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
    DeviceAssuranceWindowsWithDynamicVersionRequirementsRequest:
      summary: Windows with Windows 11 and Windows 10 dynamic version requirements
        request
      value:
        name: Device Assurance Windows
        osVersionConstraints:
        - majorVersionConstraint: WINDOWS_11
          dynamicVersionRequirement:
            type: MINIMUM
            distanceFromLatestMajor: 1
            latestSecurityPatch: true
        - majorVersionConstraint: WINDOWS_10
          dynamicVersionRequirement:
            type: EXACT_ANY_SUPPORTED
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: WINDOWS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceWindowsWithDynamicVersionRequirementsResponse:
      summary: Windows with Windows 11 and Windows 10 dynamic version requirements
        response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance Windows
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersionConstraints:
        - majorVersionConstraint: WINDOWS_11
          dynamicVersionRequirement:
            type: MINIMUM
            distanceFromLatestMajor: 1
            latestSecurityPatch: true
        - majorVersionConstraint: WINDOWS_10
          dynamicVersionRequirement:
            type: EXACT_ANY_SUPPORTED
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: WINDOWS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceWindowsWithThirdPartySignalProvidersRequest:
      summary: Windows with third-party signal providers request
      value:
        name: Device Assurance Windows
        osVersion:
          minimum: 12.4.5.9
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: WINDOWS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
        thirdPartySignalProviders:
          dtc:
            osVersion:
              minimum: 10.0.19041.1110
            diskEncrypted: true
            osFirewall: true
            screenLockSecured: true
            browserVersion:
              minimum: 15393.27.0
            deviceEnrollmentDomain: testDomain
            builtInDnsClientEnabled: true
            chromeRemoteDesktopAppBlocked: true
            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
            siteIsolationEnabled: true
            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
            realtimeUrlCheckMode: true
            secureBootEnabled: true
            windowsMachineDomain: testMachineDomain
            windowsUserDomain: testUserDomain
            thirdPartyBlockingEnabled: true
            crowdStrikeCustomerId: testCustomerId
            crowdStrikeAgentId": testAgentId
            keyTrustLevel: CHROME_BROWSER_HW_KEY
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceWindowsWithThirdPartySignalProvidersResponse:
      summary: Windows with third-party signal providers response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance Windows
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersion:
          minimum: 12.4.5.9
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: WINDOWS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
        thirdPartySignalProviders:
          dtc:
            osVersion:
              minimum: 10.0.19041.1110
            diskEncrypted: true
            osFirewall: true
            screenLockSecured: true
            browserVersion:
              minimum: 15393.27.0
            deviceEnrollmentDomain: testDomain
            builtInDnsClientEnabled: true
            chromeRemoteDesktopAppBlocked: true
            safeBrowsingProtectionLevel: ENHANCED_PROTECTION
            siteIsolationEnabled: true
            passwordProtectionWarningTrigger: PASSWORD_PROTECTION_OFF
            realtimeUrlCheckMode: true
            secureBootEnabled: true
            windowsMachineDomain: testMachineDomain
            windowsUserDomain: testUserDomain
            thirdPartyBlockingEnabled: true
            crowdStrikeCustomerId: testCustomerId
            crowdStrikeAgentId": testAgentId
            keyTrustLevel: CHROME_BROWSER_HW_KEY
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringRequest:
      summary: Windows with Windows 11 dynamic version requirement and Windows 10
        minimum version request
      value:
        name: Device Assurance Windows
        osVersionConstraints:
        - majorVersionConstraint: WINDOWS_11
          dynamicVersionRequirement:
            type: EXACT
            distanceFromLatestMajor: 1
        - majorVersionConstraint: WINDOWS_10
          minimum: 10.0.19045.0
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: WINDOWS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceWindowsWithWin11DynamicVersionRequirementAndWin10MinimumVersionStringResponse:
      summary: Windows with Windows 11 dynamic version requirement and Windows 10
        minimum version response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance Windows
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersionConstraints:
        - majorVersionConstraint: WINDOWS_11
          dynamicVersionRequirement:
            type: EXACT
            distanceFromLatestMajor: 1
        - majorVersionConstraint: WINDOWS_10
          minimum: 10.0.19045.0
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: WINDOWS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementRequest:
      summary: Windows with Windows 11 minimum version and a Windows 10 dynamic version
        requirement request
      value:
        name: Device Assurance Windows
        osVersionConstraints:
        - majorVersionConstraint: WINDOWS_11
          minimum: 10.0.22000.0
        - majorVersionConstraint: WINDOWS_10
          dynamicVersionRequirement:
            type: NOT_ALLOWED
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: WINDOWS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceAssuranceWindowsWithWin11MinimumVersionStringAndWin10DynamicVersionRequirementResponse:
      summary: Windows with Windows 11 minimum version and Windows 10 dynamic version
        requirement response
      value:
        id: dae3m8o4rWhwReDeM1c5
        name: Device Assurance Windows
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        osVersionConstraints:
        - majorVersionConstraint: WINDOWS_11
          minimum: 10.0.22000.0
        - majorVersionConstraint: WINDOWS_10
          dynamicVersionRequirement:
            type: NOT_ALLOWED
        diskEncryptionType:
          include:
          - ALL_INTERNAL_VOLUMES
        platform: WINDOWS
        screenLockType:
          include:
          - PASSCODE
          - BIOMETRIC
        secureHardwarePresent: true
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-assurances/dae3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: false
        SKUs: []
    DeviceChecksMacOSRequest:
      summary: macOS request
      value:
        name: Device Check macOS
        description: Query macOS devices to check if firewall is enabled
        variableName: macOSFirewall
        platform: MACOS
        query: SELECT CASE WHEN global_state = 0 THEN 0 ELSE 1 END AS firewall_enabled
          FROM alf;
    DeviceChecksMacOSResponse:
      summary: macOS response
      value:
        id: dch3m8o4rWhwReDeM1c5
        name: Device Check macOS
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        description: Query macOS devices to check if firewall is enabled
        variableName: macOSFirewall
        query: SELECT CASE WHEN global_state = 0 THEN 0 ELSE 1 END AS firewall_enabled
          FROM  alf;
        platform: MACOS
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-checks/dch3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
    DeviceChecksWindowsRequest:
      summary: Windows request
      value:
        name: Device Check Windows
        description: Query Windows devices to check if firewall is enabled
        variableName: windowsFirewall
        platform: WINDOWS
        query: SELECT CASE WHEN enabled = 1 THEN 1 ELSE 0 END AS firewall_enabled
          FROM windows_firewall_profiles;
    DeviceChecksWindowsResponse:
      summary: Windows response
      value:
        id: dch3m8o4rWhwReDeM1c5
        name: Device Check Windows
        lastUpdate: 2022-01-01T00:00:00.000Z
        createdUpdate: 2022-01-01T00:00:00.000Z
        lastUpdatedBy: 00u217pyf72CdUrBt1c5
        createdBy: 00u217pyf72CdUrBt1c5
        description: Query Windows devices to check if firewall is enabled
        variableName: windowsFirewall
        query: SELECT CASE WHEN enabled = 1 THEN 1 ELSE 0 END AS firewall_enabled
          FROM windows_firewall_profiles;
        platform: WINDOWS
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/device-checks/dch3m8o4rWhwReDeM1c5
            hints:
              allow:
              - DELETE
              - GET
              - PUT
    DeviceResponse:
      value:
        id: guo8jx5vVoxfvJeLb0w4
        status: ACTIVE
        created: 2020-11-03T21:47:01.000Z
        lastUpdated: 2020-11-03T23:46:27.000Z
        profile:
          displayName: DESKTOP-EHAD3IE
          platform: WINDOWS
          manufacturer: International Corp
          model: "VMware7,1"
          osVersion: 10.0.18362
          serialNumber: 56 4d 4f 95 74 c5 d3 e7-fc 3a 57 9c c2 f8 5d ce
          udid: 954F4D56-C574-E7D3-FC3A-579CC2F85DCE
          sid: S-1-5-21-3992267483-1860856704-2413701314-500
          registered: true
          secureHardwarePresent: false
          diskEncryptionType: NONE
        resourceId: guo8jx5vVoxfvJeLb0w4
        resourceDisplayName:
          value: DESKTOP-EHAD3IE
          sensitive: false
        resourceType: UDDevice
        resourceAlternateId: null
        _links:
          suspend:
            href: "https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/lifecycle/suspend"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4"
            hints:
              allow:
              - GET
              - PATCH
              - PUT
          users:
            href: "https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/users"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/devices/guo8jx5vVoxfvJeLb0w4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    EmailCustomizationResponse:
      value:
        language: en
        isDefault: true
        subject: "Welcome to ${org.name}!"
        body: "
Hello, ${user.profile.firstName}. Click\
          \ here to activate your account."
        id: oel11u6DqUiMbQkpl0g4
        created: 2021-11-09T20:38:10.000Z
        lastUpdated: 2021-11-11T20:38:10.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          template:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
            hints:
              allow:
              - GET
          preview:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview"
            hints:
              allow:
              - GET
          test:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
            hints:
              allow:
              - POST
    EmailDomainResponse:
      value:
        id: OeD114iNkrcN6aR680g4
        validationStatus: NOT_STARTED
        displayName: Admin
        userName: admin
        domain: example.com
        validationSubdomain: mail
        dnsValidationRecords:
        - recordType: TXT
          fqdn: _oktaverification.example.com
          verificationValue: 759080212bda43e3bc825a7d73b4bb64
        - recordType: CNAME
          fqdn: mail.example.com
          verificationValue: u22224444.wl024.sendgrid.net
        - recordType: CNAME
          fqdn: t02._domainkey.example.com
          verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
        - recordType: CNAME
          fqdn: t022._domainkey.example.com
          verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
    EmailSettingsRequest:
      value:
        recipients: ALL_USERS
    EmailSettingsResponse:
      value:
        recipients: ALL_USERS
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings"
            hints:
              allow:
              - GET
              - PUT
          template:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
            hints:
              allow:
              - GET
    EmailTemplateDefaultContentResponse:
      value:
        subject: "Welcome to ${org.name}!"
        body: "
Hello, ${user.profile.firstName}. Click\
          \ here to activate your account."
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content"
            hints:
              allow:
              - GET
          template:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
            hints:
              allow:
              - GET
          preview:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content/preview"
            hints:
              allow:
              - GET
    EmbeddedGroupAssignmentSampleResponse:
      summary: Application Group with an embedded Group
      value:
        id: 00g15acRUy0SYb9GT0g4
        priority: 0
        lastUpdated: 2024-06-02T13:17:57.000Z
        profile:
          preferredLanguage: English
          manager: Donald Glover
          securityQuestion: Who is the footballer to have played the game
          securityAnswer: Ronaldinho
          timezone: Canada/Eastern
          initialStatus: active_with_pass
          managerId: [email protected]
          locale: en_US
          division: top
          organization: wazobia
          userType: null
          department: marketing
        _links:
          app:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4"
          self:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4"
          group:
            href: "http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4"
        _embedded:
          group:
            id: 00g15acRUy0SYb9GT0g4
            created: 2024-06-02T13:02:12.000Z
            lastUpdated: 2024-06-02T13:02:12.000Z
            lastMembershipUpdated: 2024-06-02T13:03:13.000Z
            objectClass:
            - okta:user_group
            type: OKTA_GROUP
            profile:
              name: Football Group
              description: Group with professional footballers
            _links:
              logo:
              - name: medium
                href: "http://{yourOktaDomain}/assets/img/logos/groups/odyssey/okta-medium.30ce6d4085dff29412984e4c191bc874.png"
                type: image/png
              - name: large
                href: "http://{yourOktaDomain}/assets/img/logos/groups/odyssey/okta-large.c3cb8cda8ae0add1b4fe928f5844dbe3.png"
                type: image/png
              users:
                href: "http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4/users"
              apps:
                href: "http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4/apps"
    EmbeddedMetadataGroupAssignmentSampleResponse:
      summary: Application Group with embedded metadata
      value:
        id: 00g15acRUy0SYb9GT0g4
        priority: 0
        lastUpdated: 2024-06-02T13:17:57.000Z
        profile:
          preferredLanguage: English
          manager: Donald Glover
          securityQuestion: Who is the footballer to have played the game
          securityAnswer: Ronaldinho
          timezone: Canada/Eastern
          initialStatus: active_with_pass
          managerId: [email protected]
          locale: en_US
          division: top
          organization: wazobia
          userType: null
          department: marketing
        _links:
          app:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4"
          self:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4"
          group:
            href: "http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4"
        _embedded:
          metadata:
            credentials: {}
            profile:
              division:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              preferredLanguage:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              manager:
                source:
                  type: MAPPING
                  value:
                  - id: null
                lastUpdated: null
              securityQuestion:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              securityAnswer:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              timezone:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              organization:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              initialStatus:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              managerId:
                source:
                  type: MAPPING
                  value:
                  - id: null
                lastUpdated: null
              userType:
                source:
                  type: MAPPING
                  value:
                  - id: null
                lastUpdated: null
              locale:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              department:
                source:
                  type: MAPPING
                  value:
                  - id: null
                lastUpdated: null
    EnrollFactorCallRequest:
      summary: call
      value:
        factorType: call
        provider: OKTA
        profile:
          phoneNumber: +1-555-415-1337
          honeExtension: "1234"
    EnrollFactorCallResponse:
      summary: call
      value:
        id: clf1nz9JHJGHWRKMTLHP
        factorType: call
        provider: OKTA
        vendorName: OKTA
        status: PENDING_ACTIVATION
        created: 2014-08-05T20:59:49.000Z
        lastUpdated: 2014-08-06T03:59:49.000Z
        profile:
          phoneNumber: +1-555-415-1337
          phoneExtension: "1234"
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/clf1nz9JHJGHWRKMTLHP/lifecycle/activate"
            hints:
              allow:
              - POST
          resend:
          - name: call
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/clf1nz9JHJGHWRKMTLHP/resend"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/clf1nz9JHJGHWRKMTLHP"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    EnrollFactorCustomTotpRequest:
      summary: custom totp
      value:
        factorType: token:hotp
        provider: CUSTOM
        factorProfileId: fpr20l2mDyaUGWGCa0g4
        profile:
          sharedSecret: 484f97be3213b117e3a20438e291540a
    EnrollFactorCustomTotpResponse:
      summary: custom totp
      value:
        id: chf20l33Ks8U2Zjba0g4
        factorType: token:hotp
        provider: CUSTOM
        vendorName: Entrust Datacard
        status: ACTIVE
        created: 2019-07-22T23:22:36.000Z
        lastUpdated: 2019-07-22T23:22:36.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00utf43LCCmTJVcsK0g3/factors/chf20l33Ks8U2Zjba0g4"
            hints:
              allow:
              - GET
              - DELETE
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00utf43LCCmTJVcsK0g3/factors/chf20l33Ks8U2Zjba0g4/verify"
            hints:
              allow:
              - POST
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00utf43LCCmTJVcsK0g3"
            hints:
              allow:
              - GET
    EnrollFactorEmailRequest:
      summary: email
      value:
        factorType: email
        provider: OKTA
        profile:
          email: [email protected]
    EnrollFactorEmailResponse:
      summary: email
      value:
        id: emfnf3gSScB8xXoXK0g3
        factorType: email
        provider: OKTA
        vendorName: OKTA
        status: PENDING_ACTIVATION
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00umvfJKwXOQ1mEL50g3/factors/emfnf3gSScB8xXoXK0g3/lifecycle/activate"
            hints:
              allow:
              - POST
          resend:
          - name: email
            href: "https://{yourOktaDomain}/api/v1/users/00umvfJKwXOQ1mEL50g3/factors/emfnf3gSScB8xXoXK0g3/resend"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00umvfJKwXOQ1mEL50g3/factors/emfnf3gSScB8xXoXK0g3"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00umvfJKwXOQ1mEL50g3"
            hints:
              allow:
              - GET
    EnrollFactorGoogleRequest:
      summary: google token:software:totp
      value:
        factorType: token:software:totp
        provider: GOOGLE
    EnrollFactorGoogleResponse:
      value:
        id: ostf1fmaMGJLMNGNLIVG
        factorType: token:software:totp
        provider: GOOGLE
        vendorName: GOOGLE
        status: PENDING_ACTIVATION
        created: 2014-07-16T16:13:56.000Z
        lastUpdated: 2014-07-16T16:13:56.000Z
        profile:
          credentialId: [email protected]
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf1fmaMGJLMNGNLIVG/lifecycle/activate"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf1fmaMGJLMNGNLIVG"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
        _embedded:
          activation:
            timeStep: 30
            sharedSecret: JBTWGV22G4ZGKV3N
            encoding: base32
            keyLength: 16
            _links:
              qrcode:
                href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf1fmaMGJLMNGNLIVG/qr/00fukNElRS_Tz6k-CFhg3pH4KO2dj2guhmaapXWbc4"
                type: image/png
    EnrollFactorOVPushRequest:
      summary: token:software:totp push
      value:
        factorType: push
        provider: OKTA
    EnrollFactorOVPushResponse:
      summary: token:software:totp
      value:
        id: opfbtzzrjgwauUsxO0g4
        factorType: push
        provider: OKTA
        vendorName: OKTA
        status: PENDING_ACTIVATION
        created: 2015-11-13T07:34:22.000Z
        lastUpdated: 2015-11-13T07:34:22.000Z
        _links:
          poll:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfbtzzrjgwauUsxO0g4/lifecycle/activate/poll"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfbtzzrjgwauUsxO0g4"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
        _embedded:
          activation:
            expiresAt: 2015-11-13T07:44:22.000Z
            factorResult: WAITING
            _links:
              send:
              - name: email
                href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfbtzzrjgwauUsxO0g4/lifecycle/activate/email"
                hints:
                  allow:
                  - POST
              - name: sms
                href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfbtzzrjgwauUsxO0g4/lifecycle/activate/sms"
                hints:
                  allow:
                  - POST
              qrcode:
                href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfbtzzrjgwauUsxO0g4/qr/00Ji8qVBNJD4LmjYy1WZO2VbNqvvPdaCVua-1qjypa"
                type: image/png
    EnrollFactorOVTotpRequest:
      summary: token:software:totp
      value:
        factorType: token:software:totp
        provider: OKTA
    EnrollFactorOVTotpResponse:
      summary: token:software:totp
      value:
        id: ostf1fmaMGJLMNGNLIVG
        factorType: token:software:totp
        provider: OKTA
        vendorName: OKTA
        status: PENDING_ACTIVATION
        created: 2014-07-16T16:13:56.000Z
        lastUpdated: 2014-07-16T16:13:56.000Z
        profile:
          credentialId: [email protected]
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf1fmaMGJLMNGNLIVG/lifecycle/activate"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf1fmaMGJLMNGNLIVG"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
        _embedded:
          activation:
            timeStep: 30
            sharedSecret: JBTWGV22G4ZGKV3N
            encoding: base32
            keyLength: 6
          _links:
            qrcode:
              href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf1fmaMGJLMNGNLIVG/qr/00fukNElRS_Tz6k-CFhg3pH4KO2dj2guhmaapXWbc4"
              type: image/png
    EnrollFactorQuestionRequest:
      summary: question
      value:
        question:
          summary: question factor
          value:
            factorType: question
            provider: OKTA
            profile:
              question: disliked_food
              answer: mayonnaise
    EnrollFactorQuestionResponse:
      summary: question
      value:
        id: ufs1o01OTMGHLAJPVHDZ
        factorType: question
        provider: OKTA
        vendorName: OKTA
        status: ACTIVE
        created: 2014-08-05T22:58:49.000Z
        lastUpdated: 2014-08-05T22:58:49.000Z
        profile:
          question: disliked_food
          questionText: What is the food you least liked as a child?
        _links:
          questions:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/questions"
            hints:
              allow:
              - GET
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ufs1o01OTMGHLAJPVHDZ"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    EnrollFactorRsaSecurIdRequest:
      summary: RSA SecurID
      value:
        factorType: token
        provider: RSA
        profile:
          credentialId: [email protected]
        verify:
          passCode: "5275875498"
    EnrollFactorRsaSecurIdResponse:
      summary: RSA SecurID
      value:
        id: rsabtznMn6cp94ez20g4
        factorType: token
        provider: RSA
        vendorName: RSA
        status: ACTIVE
        created: 2015-11-13T07:05:53.000Z
        lastUpdated: 2015-11-13T07:05:53.000Z
        profile:
          credentialId: [email protected]
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/rsabtznMn6cp94ez20g4/verify"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/rsabtznMn6cp94ez20g4"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    EnrollFactorSmsRequest:
      summary: sms
      value:
        factorType: sms
        provider: OKTA
        profile:
          phoneNumber: +1-555-415-1337
    EnrollFactorSmsResponse:
      summary: sms
      value:
        id: mbl1nz9JHJGHWRKMTLHP
        factorType: sms
        provider: OKTA
        vendorName: OKTA
        status: PENDING_ACTIVATION
        created: 2014-08-05T20:59:49.000Z
        lastUpdated: 2014-08-06T03:59:49.000Z
        profile:
          phoneNumber: +1-555-415-1337
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/mbl1nz9JHJGHWRKMTLHP/lifecycle/activate"
            hints:
              allow:
              - POST
          resend:
          - name: sms
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/mbl1nz9JHJGHWRKMTLHP/resend"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/mbl1nz9JHJGHWRKMTLHP"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    EnrollFactorSymantecVipRequest:
      summary: Symantec VIP
      value:
        factorType: token
        provider: SYMANTEC
        profile:
          credentialId: VSMT14393584
        verify:
          passCode: "875498"
          nextPassCode: "678195"
    EnrollFactorSymantecVipResponse:
      summary: Symantec VIP
      value:
        id: ufvbtzgkYaA7zTKdQ0g4
        factorType: token
        provider: SYMANTEC
        vendorName: SYMANTEC
        status: ACTIVE
        created: 2015-11-13T06:52:08.000Z
        lastUpdated: 2015-11-13T06:52:08.000Z
        profile:
          credentialId: VSMT14393584
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ufvbtzgkYaA7zTKdQ0g4/verify"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ufvbtzgkYaA7zTKdQ0g4"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    EnrollFactorU2fRequest:
      summary: u2f
      value:
        factorType: u2f
        provider: FIDO
    EnrollFactorU2fResponse:
      summary: u2f
      value:
        id: fuf2rovRxogXJ0nDy0g4
        factorType: u2f
        provider: FIDO
        vendorName: FIDO
        status: PENDING_ACTIVATION
        created: 2018-05-24T20:43:19.000Z
        lastUpdated: 2018-05-24T20:43:19.000Z
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fuf2rovRxogXJ0nDy0g4/lifecycle/activate"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fuf2rovRxogXJ0nDy0g4"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
        _embedded:
          activation:
            version: U2F_V2
            nonce: 9DmGJDLvaU6KWxJbfrZ0
            timeoutSeconds: 20
    EnrollFactorWebauthnRequest:
      summary: webAuthn
      value:
        factorType: webauthn
        provider: FIDO
    EnrollFactorWebauthnResponse:
      summary: webAuthn
      value:
        id: fwf2rovRxogXJ0nDy0g4
        factorType: webauthn
        provider: FIDO
        vendorName: FIDO
        status: PENDING_ACTIVATION
        created: 2018-05-24T20:43:19.000Z
        lastUpdated: 2018-05-24T20:43:19.000Z
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fwf2rovRxogXJ0nDy0g4/lifecycle/activate"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fwf2rovRxogXJ0nDy0g4"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
        _embedded:
          activation:
            attestation: direct
            authenticatorSelection:
              userVerification: preferred
              requireResidentKey: false
            challenge: cdsZ1V10E0BGE4GcG3IK
            excludeCredentials: []
            pubKeyCredParams:
            - type: public-key
              alg: -7
            - type: public-key
              alg: -257
            rp:
              name: Rain-Cloud59
            user:
              displayName: First Last
              name: [email protected]
              id: 00u15s1KDETTQMQYABRL
    EnrollFactorYubikeyRequest:
      summary: yubikey
      value:
        factorType: token:hardware
        provider: YUBICO
        verify:
          passCode: cccccceukngdfgkukfctkcvfidnetljjiknckkcjulji
    EnrollFactorYubikeyResponse:
      value:
        id: ykfbty3BJeBgUi3750g4
        factorType: token:hardware
        provider: YUBICO
        vendorName: YUBICO
        status: ACTIVE
        created: 2015-11-13T05:27:49.000Z
        lastUpdated: 2015-11-13T05:27:49.000Z
        profile:
          credentialId: "000004102994"
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ykfbty3BJeBgUi3750g4/verify"
            hints:
              allow:
              - POST
          self:
            href: "hhttps://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ykfbty3BJeBgUi3750g4"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    EntitlementValuesResponse:
      summary: List of bundle entitlement values
      value:
        entitlementValues:
        - id: entfxqCAJWWGELFTYAAA
          value: orn:okta:00o5rb5mt2H3d1TJd0h7:groups:00guaxWZ0AOa5NFAj0g3
          name: Restricted users group
          _links:
            group: http://your-subdomain.okta.com/api/v1/groups/00guaxWZ0AOa5NFAj0g3
        _links:
          self:
            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles?limit=2&after=10
          bundle:
            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA
          entitlements:
            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements
    ErrorAccessDenied:
      summary: Access Denied
      value:
        errorCode: E0000006
        errorSummary: You do not have permission to perform the requested action
        errorLink: E0000006
        errorId: sampleNUSD_8fdkFd8fs8SDBK
        errorCauses: []
    ErrorAgentTimeOut:
      value:
        errorCode: E0000237
        errorSummary: Timed out waiting for agent.
        errorLink: E0000237
        errorId: sampleMlLvGUj_YD5v16vkYWY
        errorCauses: []
    ErrorApiValidationFailed:
      summary: API Validation Failed
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: {0}"
        errorLink: E0000001
        errorId: sampleiCF-8D5rLW6myqiPItW
        errorCauses: []
    ErrorAppFeatureAPIValidationFailed:
      summary: API Validation Failed
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: feature"
        errorLink: E0000001
        errorId: oaeZLxeiHUUQomPkM8xOqvu1A
        errorCauses:
        - errorSummary: Provisioning is not enabled for the app instance.
    ErrorAppUserForbiddenAction:
      description: "If the `PUSH_NEW_USERS` or `PUSH_PROFILE_UPDATES` feature is enabled\
        \ and the request specifies a value for a profile-mapped (Universal Directory)\
        \ attribute that doesn't match the mapped value, then a 403 error is returned."
      summary: Forbidden action
      value:
        errorCode: E0000075
        errorSummary: Cannot modify the firstName attribute because it has a field
          mapping and profile push is enabled.
        errorLink: E0000075
        errorId: sampleWXiR_K-WwaTKhlgBQ
        errorCauses: []
    ErrorAppUserUpdateBadRequest:
      description: "If you attempt to assign a username or password to an app with\
        \ an incompatible authentication scheme, then a 400 error is returned."
      summary: Bad request
      value:
        errorCode: E0000041
        errorSummary: Credentials should not be set on this resource based on the
          scheme.
        errorLink: E0000041
        errorId: oaeUM77NBynQQu4C_qT5ngjGQ
        errorCauses:
          errorSummary: User level credentials should not be provided for this scheme.
    ErrorCAPTCHALimitOfOne:
      value:
        errorCode: E0000165
        errorSummary: CAPTCHA count limit reached. At most one CAPTCHA instance is
          allowed per Org.
        errorLink: E0000165
        errorId: oaejrB1fWL1S7mc-2KcG-SOtw
        errorCauses: []
    ErrorCAPTCHAOrgWideSetting:
      value:
        errorCode: E0000149
        errorSummary: "Current CAPTCHA is associated with org-wide settings, cannot\
          \ be removed."
        errorLink: E0000149
        errorId: samplezsusshPdiTWiITwqBt8
        errorCauses: []
    ErrorCAPTCHAOrgWideSettingNull:
      summary: "captchaId is null, but enabledPages is defined"
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: captchaId"
        errorLink: E0000001
        errorId: oae-hk3rssXQmOWDRsaFfxe8A
        errorCauses:
          errorSummary: "captchaId: Invalid CAPTCHA ID. The value of captchaId cannot\
            \ be blank when enabledPages is not empty. Please resubmit with an existing\
            \ CAPTCHA ID or disable CAPTCHA support on all supported pages."
    ErrorClientJsonWebKeyDuplicateKid:
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: JsonWebKey"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: All keys in the 'jwks' must have a unique `kid`.
    ErrorClientJsonWebKeyKidLengthTooShort:
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: JsonWebKey"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: "RSA key length in the 'jwks' is less than '2,048' bits for\
            \ the given key."
    ErrorClientJsonWebKeyNonUniqueKid:
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: JsonWebKey"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: "Each key should have a unique kid when adding multiple keys.\
            \ Use the Apps API to update the JWKS to add a kid for the existing key,\
            \ or delete the existing key and re-add the key with a kid using the JWKS\
            \ APIs."
    ErrorClientJsonWebKeyTooManyKids:
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: JsonWebKey"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: "You can't create a new key. You have reached the maximum\
            \ number of keys allowed (50). To add another key, you must first delete\
            \ an existing one."
    ErrorClientSecretNonAscii:
      summary: Client secret allows only ASCII error
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: client_secret"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: "client_secret: ''client_secret'' must only contain printable\
            \ ASCII: [x20-x7E]+"
    ErrorClientSecretTooLong:
      summary: Client secret too long error
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: client_secret"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: "client_secret: 'client_secret' can't be more than '100' characters\
            \ long."
    ErrorClientSecretTooShort:
      summary: Client secret too short error
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: client_secret"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: "client_secret: 'client_secret' must be at least '14' characters\
            \ long."
    ErrorClientSecretTooShortWithClientSecretJWT:
      summary: Client secret is too short for JWT error
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: client_secret"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: "client_secret: 'client_secret' must be at least '32' characters\
            \ long when 'token_endpoint_auth_method' is 'client_secret_jwt'."
    ErrorClientSecretWithPrivateKeyJWT:
      summary: Client secret can't be used for private key JWT error
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: client_secret"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: '''client_secret'' can''t be used when ''token_endpoint_auth_method''
            is ''private_key_jwt''.'
    ErrorCreateBrandExists:
      value:
        errorCode: E0000202
        errorSummary: Brand name already exists.
        errorLink: E0000202
        errorId: oaeKABuesTdRvCXeCTpSpXAcQ
        errorCauses: []
    ErrorCreateUserWithExpiredPasswordWithNullPassword:
      value:
        errorCode: E0000124
        errorSummary: "Could not create User. To create a User and expire their password\
          \ immediately, a password must be specified."
        errorLink: E0000124
        errorId: oaeXxuZgXBySvqi1FvtkwoYCA
        errorCauses:
        - errorSummary: "Could not create User. To create a User and expire their\
            \ password immediately, a password must be specified."
    ErrorCreateUserWithExpiredPasswordWithoutActivation:
      value:
        errorCode: E0000125
        errorSummary: "Could not create User. To create a User and expire their password\
          \ immediately, `activate` must be true."
        errorLink: E0000125
        errorId: oaeDd77L9R-TJaD7j_rXsQ31w
        errorCauses:
        - errorSummary: "Could not create User. To create a User and expire their\
            \ password immediately, `activate` must be true."
    ErrorCreateUserWithTooManyManyGroupsResponse:
      value:
        errorCode: E0000093
        errorSummary: Target count limit exceeded
        errorLink: E0000093
        errorId: oaePVSLIYnIQsC0B-ptBIllVA
        errorCauses:
        - errorSummary: The number of group targets is too large
    ErrorDeactivateTheOnlyClientSecret:
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: OAuth2ClientSecretMediated"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: You can't deactivate the only active client secret.
    ErrorDeactivateTheOnlyKeyWithPrivateKeyJwtAuthMethod:
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: JsonWebKey"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: Can't deactivate the only active JSON Web Key when the value
            for `token_endpoint_auth_method` is `private_key_jwt`.
    ErrorDeactivateTheOnlyKeyWithRequestObjectSignAlgorithm:
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: JsonWebKey"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: The `jwks` must contain at least one key with an algorithm
            matching the `request_object_signature_algorithm`.
    ErrorDeleteActiveJsonWebKey:
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: JsonWebKey"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: You can't delete an active JSON Web key. Deactivate the key
            before deleting it.
    ErrorDeleteActiveSecret:
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: OAuth2ClientSecretMediated"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: You can't delete an active client secret. Deactivate the secret
            before deleting it.
    ErrorDeleteBrandAssociatedWithDomain:
      value:
        errorCode: E0000201
        errorSummary: A brand associated with a domain cannot be deleted
        errorLink: E0000201
        errorId: oaeAdRqprFuTyKokyYPbURJkA
        errorCauses: []
    ErrorDeleteDefaultBrand:
      value:
        errorCode: E0000200
        errorSummary: A default brand cannot be deleted
        errorLink: E0000200
        errorId: oaeAdRqprFuTyKokyYPbURJkA
        errorCauses: []
    ErrorDeviceAssuranceInUse:
      summary: Can't delete device assurance policy in use by authentication policies
      value:
        errorSummary: Device assurance is in use and cannot be deleted.
        errorId: oaenwA1ra80S9W-pvbh4m6haA
        errorCauses: []
    ErrorDeviceCheckInUse:
      summary: Can't delete device check in use by device assurance policies
      value:
        errorSummary: Device check is in use and can't be deleted.
        errorId: oaenwA1ra80S9W-pvbh4m6haA
        errorCauses: []
    ErrorEmailCustomizationCannotClearDefault:
      value:
        errorCode: E0000185
        errorSummary: The isDefault parameter of the default email template customization
          can't be set to false.
        errorLink: E0000185
        errorId: oaejrB1fWL1S7mc-2KcG-SOtw
        errorCauses: []
    ErrorEmailCustomizationCannotDeleteDefault:
      value:
        errorCode: E0000184
        errorSummary: A default email template customization can't be deleted.
        errorLink: E0000184
        errorId: oaeAdRqprFuTyKokyYPbURJkA
        errorCauses: []
    ErrorEmailCustomizationDefaultAlreadyExists:
      value:
        errorCode: E0000182
        errorSummary: A default email template customization already exists.
        errorLink: E0000182
        errorId: oaeXYwTiMvASsC3O4HCzjFaCA
        errorCauses: []
    ErrorEmailCustomizationLanguageAlreadyExists:
      value:
        errorCode: E0000183
        errorSummary: An email template customization for that language already exists.
        errorLink: E0000183
        errorId: oaeUcGELffqRay0u1OPdnPypw
        errorCauses: []
    ErrorEmailDomainAlreadyExists:
      value:
        errorCode: E0000197
        errorSummary: Email domain already exists.
        errorLink: E0000197
        errorId: oaeEdRqprFuTyKokyYPbURJkA
        errorCauses: []
    ErrorEmailDomainInUse:
      value:
        errorCode: E0000216
        errorSummary: Email domain can't be deleted due to mail provider restrictions.
        errorLink: E0000216
        errorId: oaeEdRqprFuTyKokyYPbURJkB
        errorCauses: []
    ErrorEmailDomainInvalidStatus:
      value:
        errorCode: E0000217
        errorSummary: Invalid status. Can't validate email domain with current status.
        errorLink: E0000217
        errorId: oaeEdRqprFuTyKokyYPbURJkD
        errorCauses: []
    ErrorEmailDomainNotVerified:
      value:
        errorCode: E0000218
        errorSummary: Email domain couldn't be verified by mail provider.
        errorLink: E0000218
        errorId: oaeEdRqprFuTyKokyYPbURJkC
        errorCauses: []
    ErrorInternalServer:
      summary: Internal Server Error
      value:
        errorCode: E0000009
        errorSummary: Internal Server Error
        errorLink: E0000000
        errorId: sampleAlJ82XS2SDB_vaNIWgcA
        errorCauses: []
    ErrorInvalidEmailTemplateRecipients:
      value:
        errorCode: E0000189
        errorSummary: This template does not support the recipients value.
        errorLink: E0000189
        errorId: oae8L1-UkcNTeGi5xVQ28_lww
        errorCauses: []
    ErrorInvalidLinkedObjectDef:
      summary: Invalid linked objection definition
      value:
        errorCode: E0000127
        errorSummary: Invalid linked objection definition. Linked object identifier
          is already in use.
        errorLink: E0000127
        errorId: oaeh5FICFF2RnqakoNofPadhw
        errorCauses:
        - errorSummary: Linked object identifier for primary is already in use.
          reason: UNIQUE_CONSTRAINT
          locationType: body
          domain: linkedObjects
        - errorSummary: Linked object identifier for associated is already in use.
          reason: UNIQUE_CONSTRAINT
          locationType: body
          domain: linkedObjects
    ErrorInvalidTokenProvided:
      summary: Invalid Token Provided
      value:
        errorCode: E0000011
        errorSummary: Invalid token provided
        errorLink: E0000011
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses: []
    ErrorKeyCredentialCloneDuplicateKey:
      summary: Duplicate key credential error
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: cloneKey"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: Key already exists in the list of key credentials for the
            target app.
    ErrorKeyCredentialInvalidValidity:
      summary: Key credential invalid year error
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: generateKey"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: Validity years out of range. It should be 2 - 10 years.
    ErrorMaxNumberOfSecrets:
      summary: Maximum client secrets reached error
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: OAuth2ClientSecretMediated"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: You've reached the maximum number of client secrets per client.
    ErrorMissingRequiredParameter:
      summary: Missing Required Parameter
      value:
        errorCode: E0000028
        errorSummary: The request is missing a required parameter.
        errorLink: E0000028
        errorId: sampleiCF-l7mr9XqM1NQ
        errorCauses: []
    ErrorNoConnectedAgents:
      value:
        errorCode: E0000236
        errorSummary: There are no connected agents.
        errorLink: E0000236
        errorId: sampleMlLvGUj_YD5v16vkYWY
        errorCauses: []
    ErrorPinOrCredRequestsGenerationFailure:
      summary: PIN or Cred Requests Generation Failed
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: pinRequest|credRequests"
        errorLink: E0000001
        errorId: oaehk3rssXQmOWDRsaFfxe8A
        errorCauses:
          errorSummary: There was a problem generating the pinRequest|credRequests.
    ErrorPinOrCredResponsesProcessingFailure:
      summary: PIN or Cred Response Processing Failed
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: pinResponse|credResponses"
        errorLink: E0000001
        errorId: oaehk3rssXQmOWDRsaFfxe8B
        errorCauses:
          errorSummary: There was a problem generating the pinResponse|credResponses.
    ErrorPublishCSRCertDoesNotMatchCSR:
      summary: Mismatch certificate and CSR error
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: certificate"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: The certificate doesn't match the CSR.
    ErrorPublishCSRCertValidityLessThan90Days:
      summary: Certificate valid for 90 days error
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: certificate"
        errorLink: E0000001
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses:
        - errorSummary: The certificate must be valid for more than 90 days.
    ErrorPushProviderUsedByCustomAppAuthenticator:
      value:
        errorCode: E0000187
        errorSummary: Cannot delete push provider because it is being used by a custom
          app authenticator.
        errorLink: E0000187
        errorId: oaenwA1ra80S9W-pvbh4m6haA
        errorCauses: []
    ErrorResourceNotFound:
      summary: Resource Not Found
      value:
        errorCode: E0000007
        errorSummary: "Not found: {0}"
        errorLink: E0000007
        errorId: sampleMlLvGUj_YD5v16vkYWY
        errorCauses: []
    ErrorTooManyRequests:
      summary: Too Many Requests
      value:
        errorCode: E0000047
        errorSummary: API call exceeded rate limit due to too many requests.
        errorLink: E0000047
        errorId: sampleQPivGUj_ND5v78vbYWW
        errorCauses: []
    ExampleOAuth2Scope:
      summary: Example scope
      value:
        id: scp5yu8kLOnDzo7lh0g4
        name: car:drive
        description: Drive car
        system: false
        default: false
        displayName: Saml Jackson
        consent: REQUIRED
        optional: false
        metadataPublish: NO_CLIENTS
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/scp5yu8kLOnDzo7lh0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    ExampleOAuth2Scopes:
      summary: All scopes
      value:
      - id: scp5yu8kLOnDzo7lh0g4
        name: car:drive
        description: Drive car
        system: false
        default: false
        displayName: Saml Jackson
        consent: REQUIRED
        optional: false
        metadataPublish: NO_CLIENTS
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/scp5yu8kLOnDzo7lh0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    ExpirePwdResponse:
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        status: PASSWORD_EXPIRED
        created: 2013-06-24T16:39:18.000Z
        activated: 2013-06-24T16:39:19.000Z
        statusChanged: 2013-06-24T16:39:19.000Z
        lastLogin: 2013-06-24T17:39:19.000Z
        lastUpdated: 2013-06-27T16:35:28.000Z
        passwordChanged: 2013-06-24T16:39:19.000Z
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          password: {}
          recovery_question:
            question: Who's a major player in the cowboy scene?
          provider:
            type: OKTA
            name: OKTA
        _links:
          resetPassword:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_password"
          resetFactors:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_factors"
          expirePassword:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/expire_password"
          forgotPassword:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/forgot_password"
          changeRecoveryQuestion:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_recovery_question"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/deactivate"
          changePassword:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_password"
    ExpirePwdWithTempPwdResponse:
      value:
        tempPassword: F46gy7X4
    ExpiredAuthorizationServerKey:
      summary: Expired Authorization Server Key
      value:
        status: EXPIRED
        alg: RS256
        e: AQAB
        "n": lC4ehVB6W0OCtNPnz8udYH9Ao83B6EKnHA5eTcMOap_lQZ-nKtS1lZwBj4wXRVc1XmS0d2OQFA1VMQ-dHLDE3CiGfsGqWbaiZFdW7U
          GLO1nAwfDdH6xp3xwpKOMewDXbAHJlXdYYAe2ap - CE9c5WLTUBU6JROuWcorHCNJisj1aExyiY5t3JQQVGpBz2oUIHo7NRzQoKimvp
          dMvMzcYnTlk1dhlG11b1GTkBclprm1BmOP7Ltjd7aEumOJWS67nKcAZzl48Zyg5KtV11V9F9dkGt25qHauqFKL7w3wu
          - DYhT0hmyFc wn - tXS6e6HQbfHhR_MQxysLtDGOk2ViWv8AQ
        kid: h5Sr3LXcpQiQlAUVPdhrdLFoIvkhRTAVs_h39bQnxlU
        kty: RSA
        use: sig
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/keys/h5Sr3LXcpQiQlAUVPdhrdLFoIvkhRTAVs_h39bQnxlU"
            hints:
              allow:
              - GET
    FacebookIdPResponse:
      summary: Facebook Identity Provider
      value:
        id: 0oa62b57p7c8PaGpU0h7
        type: FACEBOOK
        name: Facebook
        status: ACTIVE
        created: 2016-03-24T23:18:27.000Z
        lastUpdated: 2016-03-24T23:18:27.000Z
        protocol:
          type: OAUTH2
          endpoints:
            authorization:
              url: https://www.facebook.com/dialog/oauth
              binding: HTTP-REDIRECT
            token:
              url: https://graph.facebook.com/v2.5/oauth/access_token
              binding: HTTP-POST
          scopes:
          - public_profile
          - email
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: |-
              https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oa62b57p7c8PaGpU0h7&
                        client_id={clientId}&response_type={responseType}&response_mode={responseMode}&
                        scope={scopes}&redirect_uri={redirectUri}&state={state}
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
    FactorEmail:
      value:
        id: emfnf3gSScB8xXoXK0g3
        factorType: email
        provider: OKTA
        vendorName: OKTA
        status: ACTIVE
        profile:
          email: [email protected]
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00umvfJKwXOQ1mEL50g3/factors/emfnf3gSScB8xXoXK0g3/verify"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00umvfJKwXOQ1mEL50g3/factors/emfnf3gSScB8xXoXK0g3"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00umvfJKwXOQ1mEL50g3"
            hints:
              allow:
              - GET
    FactorPasscodeRequest:
      value:
        passCode: "123456"
    FactorResponseSms:
      value:
        id: sms2gt8gzgEBPUWBIFHN
        factorType: sms
        provider: OKTA
        vendorName: OKTA
        status: ACTIVE
        created: 2014-06-27T20:27:26.000Z
        lastUpdated: 2014-06-27T20:27:26.000Z
        profile:
          phoneNumber: +1-555-415-1337
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/sms2gt8gzgEBPUWBIFHN/verify"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/sms2gt8gzgEBPUWBIFHN"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    ForgotPwdRecoveryQuestionRequest:
      value:
        password:
          value: "uTVM,TPw55"
        recovery_question:
          answer: Annie Oakley
    ForgotPwdRecoveryQuestionResponse:
      value:
        password: {}
        recovery_question:
          question: Who's a major player in the cowboy scene?
        provider:
          type: OKTA
          name: OKTA
    ForgotPwdResponse:
      value:
        resetPasswordUrl: "https://{yourOktaDomain}/signin/reset-password/XE6wE17zmphl3KqAPFxO"
    GenericOidcIdpResponse:
      summary: Generic OpenID Connect Identity Provider
      value:
        id: 0oaulob4BFVa4zQvt0g3
        type: OIDC
        name: Example OpenID Connect IdP
        status: ACTIVE
        created: 2019-02-07T20:07:47.000Z
        lastUpdated: 2019-02-07T20:07:47.000Z
        protocol:
          type: OIDC
          endpoints:
            authorization:
              url: https://idp.example.com/authorize
              binding: HTTP-REDIRECT
            token:
              url: https://idp.example.com/token
              binding: HTTP-POST
            userInfo:
              url: https://idp.example.com/userinfo
              binding: HTTP-REDIRECT
            jwks:
              url: https://idp.example.com/keys
              binding: HTTP-REDIRECT
          algorithms:
            request:
              signature:
                algorithm: HS256
                scope: REQUEST
          scopes:
          - openid
          issuer:
            url: https://idp.example.com
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
              pkce_required: "true"
        policy:
          provisioning:
            action: AUTO
            profileMaster: false
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.email
            filter: null
            matchType: USERNAME
            matchAttribute: null
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oaulob4BFVa4zQvt0g3&client_id={clientId}&response_type={responseType}&response_mode={responseMode}&scope={scopes}&redirect_uri={redirectUri}&state={state}&nonce={nonce}"
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
    GetApplicationsByGroupResponseEx:
      summary: Retrieve apps assigned to a group
      value:
      - id: 0oa7vicdkRNrz59R80w6
        name: workday
        label: hrportal2
        status: ACTIVE
        lastUpdated: 2021-05-17T23:10:50.000Z
        created: 2021-05-17T23:10:49.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        features: []
        signOnMode: SAML_2_0
        credentials:
          userNameTemplate:
            template: "${source.login}"
            type: BUILT_IN
          signing:
            kid: wRejFXWxFlK9nnLozx5qKWQa3fg-JRXw7dvdlTjs5Pg
        settings:
          app:
            siteURL: https://acme.workday.com
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          signOn:
            defaultRelayState: null
            ssoAcsUrlOverride: null
            audienceOverride: null
            recipientOverride: null
            destinationOverride: null
            attributeStatements: []
        _links:
          help:
            href: https://testorgone-admin.okta.com/app/workday/0oa7vicdkRNrz59R80w6/setup/help/SAML_2_0/external-doc
            type: text/html
          metadata:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicdkRNrz59R80w6/sso/saml/metadata
            type: application/xml
          appLinks:
          - name: login
            href: https://testorgone.okta.com/home/workday/0oa7vicdkRNrz59R80w6/30
            type: text/html
          groups:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicdkRNrz59R80w6/groups
          logo:
          - name: medium
            href: https://tc2static.oktacdn.com/fs/bcg/4/gfs1wwhrwJR4LpB5X0w6
            type: image/png
          users:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicdkRNrz59R80w6/users
          deactivate:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicdkRNrz59R80w6/lifecycle/deactivate
      - id: 0oa7vicvor8YSr9Hc0w6
        name: workday
        label: hrportal1
        status: ACTIVE
        lastUpdated: 2021-05-17T23:10:22.000Z
        created: 2021-05-17T23:10:22.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        features: []
        signOnMode: SAML_2_0
        credentials:
          userNameTemplate:
            template: "${source.login}"
            type: BUILT_IN
          signing:
            kid: wRejFXWxFlK9nnLozx5qKWQa3fg-JRXw7dvdlTjs5Pg
        settings:
          app:
            siteURL: https://acme.workday.com
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          signOn:
            defaultRelayState: null
            ssoAcsUrlOverride: null
            audienceOverride: null
            recipientOverride: null
            destinationOverride: null
            attributeStatements: []
        _links:
          help:
            href: https://testorgone-admin.okta.com/app/workday/0oa7vicvor8YSr9Hc0w6/setup/help/SAML_2_0/external-doc
            type: text/html
          metadata:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicvor8YSr9Hc0w6/sso/saml/metadata
            type: application/xml
          appLinks:
          - name: login
            href: https://testorgone.okta.com/home/workday/0oa7vicvor8YSr9Hc0w6/30
            type: text/html
          groups:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicvor8YSr9Hc0w6/groups
          logo:
          - name: medium
            href: https://tc2static.oktacdn.com/fs/bcg/4/gfs1wwhrwJR4LpB5X0w6
            type: image/png
          users:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicvor8YSr9Hc0w6/users
          deactivate:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicvor8YSr9Hc0w6/lifecycle/deactivate
      - id: 0oabkvBLDEKCNXBGYUAS
        name: template_swa
        label: Sample Plugin App
        status: ACTIVE
        lastUpdated: 2013-09-11T17:58:54.000Z
        created: 2013-09-11T17:46:08.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        features: []
        signOnMode: BROWSER_PLUGIN
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.login}"
            type: BUILT_IN
        settings:
          app:
            buttonField: btn-login
            passwordField: txtbox-password
            usernameField: txtbox-username
            url: https://example.com/login.html
        _links:
          logo:
          - href: https:/example.okta.com/img/logos/logo_1.png
            name: medium
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/users"
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/groups"
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/lifecycle/deactivate"
    GetApplicationsByKeyResponseEx:
      summary: Retrieve apps using a key
      value:
      - id: 0oa1gjh63g214q0Hq0g4
        name: testorgone_customsaml20app_1
        label: Custom Saml 2.0 App
        status: ACTIVE
        lastUpdated: 2016-08-09T20:12:19.000Z
        created: 2016-08-09T20:12:19.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            testorgone_customsaml20app_1_link: true
        features: []
        signOnMode: SAML_2_0
        credentials:
          userNameTemplate:
            template: "${fn:substringBefore(source.login, \"@\")}"
            type: BUILT_IN
          signing: {}
        settings:
          app: {}
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          signOn:
            defaultRelayState: ""
            ssoAcsUrl: "https://{yourOktaDomain}"
            idpIssuer: "https://www.okta.com/${org.externalKey}"
            audience: https://example.com/tenant/123
            recipient: https://recipient.okta.com
            destination: https://destination.okta.com
            subjectNameIdTemplate: "${user.userName}"
            subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
            responseSigned: true
            assertionSigned: true
            signatureAlgorithm: RSA_SHA256
            digestAlgorithm: SHA256
            honorForceAuthn: true
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            slo:
              enabled: true
              spIssuer: https://testorgone.okta.com
              logoutUrl: https://testorgone.okta.com/logout
            participateSlo:
              enabled: true
              logoutRequestUrl: https://testorgone.okta.com/logout/participate
              sessionIndexRequired: true
              bindingType: REDIRECT
            spCertificate:
              x5c:
              - "MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV\r\
                \n"
              requestCompressed: false
              allowMultipleAcsEndpoints: false
              acsEndpoints: []
              attributeStatements: []
              _links:
                logo:
                - name: medium
                  href: https://testorgone.okta.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png
                  type: image/png
                appLinks:
                - name: testorgone_customsaml20app_1_link
                  href: https://testorgone.okta.com/home/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/aln1gofChJaerOVfY0g4
                  type: text/html
                help:
                  href: https://testorgone-admin.okta.com/app/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/setup/help/SAML_2_0/instructions
                  type: text/html
                users:
                  href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/users
                deactivate:
                  href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/lifecycle/deactivate
                groups:
                  href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/groups
                metadata:
                  href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/sso/saml/metadata
                  type: application/xml
              _embedded:
                user:
                  id: 00ucw2RPGIUNTDQOYPOF
                  externalId: null
                  created: 2014-03-21T23:31:35.000Z
                  lastUpdated: 2014-03-21T23:31:35.000Z
                  scope: USER
                  status: ACTIVE
                  statusChanged: 2014-03-21T23:31:35.000Z
                  passwordChanged: null
                  syncState: DISABLED
                  lastSync: null
                  credentials:
                    userName: [email protected]
                  _links:
                    app:
                      href: "https://{yourOktaDomain}/api/v1/apps/0oabizCHPNYALCHDUIOD"
                    user:
                      href: "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
                id: 0oabkvBLDEKCNXBGYUAS
                name: template_swa
                label: Sample Plugin App
                status: ACTIVE
                lastUpdated: 2013-09-11T17:58:54.000Z
                created: 2013-09-11T17:46:08.000Z
                accessibility:
                  selfService: false
                  errorRedirectUrl: null
                visibility:
                  autoSubmitToolbar: false
                  hide:
                    iOS: false
                    web: false
                  appLinks:
                    login: true
                features: []
                signOnMode: BROWSER_PLUGIN
                credentials:
                  scheme: EDIT_USERNAME_AND_PASSWORD
                  userNameTemplate:
                    template: "${source.login}"
                    type: BUILT_IN
                settings:
                  app:
                    buttonField: btn-login
                    passwordField: txtbox-password
                    usernameField: txtbox-username
                    url: https://example.com/login.html
                _links:
                  logo:
                  - href: https://example.okta.com/img/logos/logo_1.png
                    name: medium
                    type: image/png
                  users:
                    href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/users"
                  groups:
                    href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/groups"
                  self:
                    href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
                  deactivate:
                    href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/lifecycle/deactivate"
                _embedded:
                  user:
                    id: 00ucw2RPGIUNTDQOYPOF
                    externalId: null
                    created: 2014-06-10T15:16:01.000Z
                    lastUpdated: 2014-06-10T15:17:38.000Z
                    scope: USER
                    status: ACTIVE
                    statusChanged: 2014-06-10T15:16:01.000Z
                    passwordChanged: 2014-06-10T15:17:38.000Z
                    syncState: DISABLED
                    lastSync: null
                    credentials:
                      userName: [email protected]
                      password: {}
                    _links:
                      app:
                        href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
                      user:
                        href: "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
    GetApplicationsByNameResponseEx:
      summary: Retrieve apps by name
      value:
      - id: 0oa7vicdkRNrz59R80w6
        name: workday
        label: hrportal2
        status: ACTIVE
        lastUpdated: 2021-05-17T23:10:50.000Z
        created: 2021-05-17T23:10:49.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        features: []
        signOnMode: SAML_2_0
        credentials:
          userNameTemplate:
            template: "${source.login}"
            type: BUILT_IN
          signing:
            kid: wRejFXWxFlK9nnLozx5qKWQa3fg-JRXw7dvdlTjs5Pg
        settings:
          app:
            siteURL: https://acme.workday.com
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          signOn:
            defaultRelayState: null
            ssoAcsUrlOverride: null
            audienceOverride: null
            recipientOverride: null
            destinationOverride: null
            attributeStatements: []
        _links:
          help:
            href: https://testorgone-admin.okta.com/app/workday/0oa7vicdkRNrz59R80w6/setup/help/SAML_2_0/external-doc
            type: text/html
          metadata:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicdkRNrz59R80w6/sso/saml/metadata
            type: application/xml
          appLinks:
          - name: login
            href: https://testorgone.okta.com/home/workday/0oa7vicdkRNrz59R80w6/30
            type: text/html
          groups:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicdkRNrz59R80w6/groups
          logo:
          - name: medium
            href: https://tc2static.oktacdn.com/fs/bcg/4/gfs1wwhrwJR4LpB5X0w6
            type: image/png
          users:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicdkRNrz59R80w6/users
          deactivate:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicdkRNrz59R80w6/lifecycle/deactivate
      - id: 0oa7vicvor8YSr9Hc0w6
        name: workday
        label: hrportal1
        status: ACTIVE
        lastUpdated: 2021-05-17T23:10:22.000Z
        created: 2021-05-17T23:10:22.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        features: []
        signOnMode: SAML_2_0
        credentials:
          userNameTemplate:
            template: "${source.login}"
            type: BUILT_IN
          signing:
            kid: wRejFXWxFlK9nnLozx5qKWQa3fg-JRXw7dvdlTjs5Pg
        settings:
          app:
            siteURL: https://acme.workday.com
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          signOn:
            defaultRelayState: null
            ssoAcsUrlOverride: null
            audienceOverride: null
            recipientOverride: null
            destinationOverride: null
            attributeStatements: []
        _links:
          help:
            href: https://testorgone-admin.okta.com/app/workday/0oa7vicvor8YSr9Hc0w6/setup/help/SAML_2_0/external-doc
            type: text/html
          metadata:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicvor8YSr9Hc0w6/sso/saml/metadata
            type: application/xml
          appLinks:
          - name: login
            href: https://testorgone.okta.com/home/workday/0oa7vicvor8YSr9Hc0w6/30
            type: text/html
          groups:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicvor8YSr9Hc0w6/groups
          logo:
          - name: medium
            href: https://tc2static.oktacdn.com/fs/bcg/4/gfs1wwhrwJR4LpB5X0w6
            type: image/png
          users:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicvor8YSr9Hc0w6/users
          deactivate:
            href: https://testorgone.okta.com/api/v1/apps/0oa7vicvor8YSr9Hc0w6/lifecycle/deactivate
    GetApplicationsByUserResponseEx:
      summary: Retrieve apps assigned to a user
      value:
      - id: 0oa1gjh63g214q0Hq0g4
        name: testorgone_customsaml20app_1
        label: Custom Saml 2.0 App
        status: ACTIVE
        lastUpdated: 2016-08-09T20:12:19.000Z
        created: 2016-08-09T20:12:19.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            testorgone_customsaml20app_1_link: true
        features: []
        signOnMode: SAML_2_0
        credentials:
          userNameTemplate:
            template: "${fn:substringBefore(source.login, \"@\")}"
            type: BUILT_IN
          signing: {}
        settings:
          app: {}
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          signOn:
            defaultRelayState: ""
            ssoAcsUrl: "https://{yourOktaDomain}"
            idpIssuer: "https://www.okta.com/${org.externalKey}"
            audience: https://example.com/tenant/123
            recipient: https://recipient.okta.com
            destination: https://destination.okta.com
            subjectNameIdTemplate: "${user.userName}"
            subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
            responseSigned: true
            assertionSigned: true
            signatureAlgorithm: RSA_SHA256
            digestAlgorithm: SHA256
            honorForceAuthn: true
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            slo:
              enabled: true
              spIssuer: https://testorgone.okta.com
              logoutUrl: https://testorgone.okta.com/logout
            participateSlo:
              enabled: true
              logoutRequestUrl: https://testorgone.okta.com/logout/participate
              sessionIndexRequired: true
              bindingType: REDIRECT
            spCertificate:
              x5c:
              - "MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV\r\
                \n"
              requestCompressed: false
              allowMultipleAcsEndpoints: false
              acsEndpoints: []
              attributeStatements: []
              _links:
                logo:
                - name: medium
                  href: https://testorgone.okta.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png
                  type: image/png
                appLinks:
                - name: testorgone_customsaml20app_1_link
                  href: https://testorgone.okta.com/home/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/aln1gofChJaerOVfY0g4
                  type: text/html
                help:
                  href: https://testorgone-admin.okta.com/app/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/setup/help/SAML_2_0/instructions
                  type: text/html
                users:
                  href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/users
                deactivate:
                  href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/lifecycle/deactivate
                groups:
                  href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/groups
                metadata:
                  href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/sso/saml/metadata
                  type: application/xml
              _embedded:
                user:
                  id: 00ucw2RPGIUNTDQOYPOF
                  externalId: null
                  created: 2014-03-21T23:31:35.000Z
                  lastUpdated: 2014-03-21T23:31:35.000Z
                  scope: USER
                  status: ACTIVE
                  statusChanged: 2014-03-21T23:31:35.000Z
                  passwordChanged: null
                  syncState: DISABLED
                  lastSync: null
                  credentials:
                    userName: [email protected]
                  _links:
                    app:
                      href: "https://{yourOktaDomain}/api/v1/apps/0oabizCHPNYALCHDUIOD"
                    user:
                      href: "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
                id: 0oabkvBLDEKCNXBGYUAS
                name: template_swa
                label: Sample Plugin App
                status: ACTIVE
                lastUpdated: 2013-09-11T17:58:54.000Z
                created: 2013-09-11T17:46:08.000Z
                accessibility:
                  selfService: false
                  errorRedirectUrl: null
                visibility:
                  autoSubmitToolbar: false
                  hide:
                    iOS: false
                    web: false
                  appLinks:
                    login: true
                features: []
                signOnMode: BROWSER_PLUGIN
                credentials:
                  scheme: EDIT_USERNAME_AND_PASSWORD
                  userNameTemplate:
                    template: "${source.login}"
                    type: BUILT_IN
                settings:
                  app:
                    buttonField: btn-login
                    passwordField: txtbox-password
                    usernameField: txtbox-username
                    url: https://example.com/login.html
                _links:
                  logo:
                  - href: https://example.okta.com/img/logos/logo_1.png
                    name: medium
                    type: image/png
                  users:
                    href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/users"
                  groups:
                    href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/groups"
                  self:
                    href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
                  deactivate:
                    href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS/lifecycle/deactivate"
                _embedded:
                  user:
                    id: 00ucw2RPGIUNTDQOYPOF
                    externalId: null
                    created: 2014-06-10T15:16:01.000Z
                    lastUpdated: 2014-06-10T15:17:38.000Z
                    scope: USER
                    status: ACTIVE
                    statusChanged: 2014-06-10T15:16:01.000Z
                    passwordChanged: 2014-06-10T15:17:38.000Z
                    syncState: DISABLED
                    lastSync: null
                    credentials:
                      userName: [email protected]
                      password: {}
                    _links:
                      app:
                        href: "https://{yourOktaDomain}/api/v1/apps/0oabkvBLDEKCNXBGYUAS"
                      user:
                        href: "https://{yourOktaDomain}/api/v1/users/00ucw2RPGIUNTDQOYPOF"
    GetApplicationsResponseEx:
      summary: Retrieve an app
      value:
        id: 0oa1gjh63g214q0Hq0g4
        name: testorgone_customsaml20app_1
        label: Custom Saml 2.0 App
        status: ACTIVE
        lastUpdated: 2016-08-09T20:12:19.000Z
        created: 2016-08-09T20:12:19.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            testorgone_customsaml20app_1_link: true
        features: []
        signOnMode: SAML_2_0
        credentials:
          userNameTemplate:
            template: "${fn:substringBefore(source.login, \"@\")}"
            type: BUILT_IN
          signing: {}
        settings:
          app: {}
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          signOn:
            defaultRelayState: ""
            ssoAcsUrl: "https://{yourOktaDomain}"
            idpIssuer: "https://www.okta.com/${org.externalKey}"
            audience: https://example.com/tenant/123
            recipient: https://recipient.okta.com
            destination: https://destination.okta.com
            subjectNameIdTemplate: "${user.userName}"
            subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
            responseSigned: true
            assertionSigned: true
            signatureAlgorithm: RSA_SHA256
            digestAlgorithm: SHA256
            honorForceAuthn: true
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            slo:
              enabled: true
              spIssuer: https://testorgone.okta.com
              logoutUrl: https://testorgone.okta.com/logout
            participateSlo:
              enabled: true
              logoutRequestUrl: https://testorgone.okta.com/logout/participate
              sessionIndexRequired: true
              bindingType: REDIRECT
            spCertificate:
              x5c:
              - "MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV\r\
                \n"
            requestCompressed: false
            allowMultipleAcsEndpoints: false
            acsEndpoints: []
            attributeStatements: []
            inlineHooks:
            - id: cal3ughy17pylLxQB357
              _links:
                self:
                  href: "https://{yourOktaDomain}/api/v1/inlineHooks/cal3ughy17pylLxQB357"
                  hints:
                    allow:
                    - GET
                    - PUT
                    - DELETE
        _links:
          logo:
          - name: medium
            href: https://testorgone.okta.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png
            type: image/png
          appLinks:
          - name: testorgone_customsaml20app_1_link
            href: https://testorgone.okta.com/home/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/aln1gofChJaerOVfY0g4
            type: text/html
          help:
            href: https://testorgone-admin.okta.com/app/testorgone_customsaml20app_1/0oa1gjh63g214q0Hq0g4/setup/help/SAML_2_0/instructions
            type: text/html
          users:
            href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/users
          deactivate:
            href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/lifecycle/deactivate
          groups:
            href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/groups
          metadata:
            href: https://testorgone.okta.com/api/v1/apps/0oa1gjh63g214q0Hq0g4/sso/saml/metadata
            type: application/xml
    GetAssociatedLinkedObjectsResponse:
      summary: Retrieve all associated Linked Object values response
      value:
      - _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u5zex6ztMbOZhF50h7"
      - _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u1tsf0nQKavLDUh0g5"
    GetBrandResponse:
      value:
        id: bnd114iNkrcN6aR680g4
        agreeToCustomPrivacyPolicy: false
        removePoweredByOkta: false
        customPrivacyPolicyUrl: null
        name: Okta Default
        isDefault: true
        locale: en
        emailDomainId: OeD114iNkrcN6aR680g4
        defaultApp:
          appInstanceId: 0oa114iNkrcN6aR680g4
          appLinkName: null
          classicApplicationUri: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          themes:
            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes"
            hints:
              allow:
              - GET
          emailDomain:
            href: "https://{yourOktaDomain}/api/v1/email-domains/OeD114iNkrcN6aR680g4"
            hints:
              allow:
              - GET
              - PUT
    GetEmailTemplateResponse:
      value:
        name: UserActivation
        _embedded:
          customizationCount: 0
          settings:
            recipients: ALL_USERS
            _links:
              self:
                href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings"
                hints:
                  allow:
                  - GET
                  - PUT
              template:
                href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
                hints:
                  allow:
                  - GET
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
            hints:
              allow:
              - GET
          settings:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings"
            hints:
              allow:
              - GET
              - PUT
          defaultContent:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content"
            hints:
              allow:
              - GET
          customizations:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations"
            hints:
              allow:
              - GET
              - POST
              - DELETE
          test:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
            hints:
              allow:
              - POST
    GetPrimaryLinkedObjectResponse:
      summary: Retrieve primary Linked Object value response
      value:
      - _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u5t60iloOHN9pBi0h7"
    GetRealmAssignmentResponse:
      value:
        id: rul2jy7jLUlnO3ng00g4
        status: ACTIVE
        name: Realm Assignment 1
        created: 2022-04-04T15:56:05.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
        isDefault: false
        conditions:
          profileSourceId: 0oa4enoRyjwSCy5hx0g4
          expression:
            value: string
        actions:
          assignUserToRealm:
            realmId: 00g1b7rvh0xPLKXFf0g5
        priority: 0
        _links:
          self:
            rel: self
            href: http://your-subdomain.okta.com/api/v1/realm-assignments/rul2jy7jLUlnO3ng00g4
            method: GET
    GetRoleAssignmentGovernanceGrantResources:
      value:
        resources:
        - resource: orn:okta:directory:00ozmkUsqWxsUxhGO0g3:groups:00g114290ar1oCC5A0g5
          label: test-group-1
        - resource: orn:okta:directory:00ozmkUsqWxsUxhGO0g3:groups:00g118990hl1oCC5B0g5
          label: test-group-2
        _links:
          next:
            href: "https://{yourOktaDomain}/api/v1/users/00u15r0i2hC4jeTne0g5/roles/KVJUKUS7IFCE2SKO/governance/grai2556vZgWesWf10g4/resources?after=orn:okta:directory:00ozmkUsqWxsUxhGO0g3:groups:00g118990hl1oCC5A0g5"
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15r0i2hC4jeTne0g5/roles/KVJUKUS7IFCE2SKO/governance/grai2556vZgWesWf10g4/resources"
    GetRoleAssignmentGovernanceGrantResponse:
      value:
        type: ENTITLEMENT-BUNDLE
        grantId: grai2556vZgWesWf10g4
        bundleId: enbhz2pAwtts9UBes0g4
        expirationDate: 2024-12-09 14:17:22.0
        _links:
          resources:
            href: "https://{yourOktaDomain}/api/v1/users/00u15r0i2hC4jeTne0g5/roles/KVJUKUS7IFCE2SKO/governance/grai2556vZgWesWf10g4/resources"
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15r0i2hC4jeTne0g5/roles/KVJUKUS7IFCE2SKO/governance/grai2556vZgWesWf10g4"
    GetSessionResponse:
      value:
        id: aps1qqonvr2SZv6o70h8
        identitySourceId: 0oa3l6l6WK6h0R0QW0g4
        status: CREATED
        importType: INCREMENTAL
        created: 2022-04-04T15:56:05.000Z
        lastUpdated: 2022-05-05T16:15:44.000Z
    GetThemeResponse:
      value:
        id: thdul904tTZ6kWVhP0g3
        logo: "https://{yourOktaDomain}/assets/img/logos/okta-logo.47066819ac7db5c13f4c431b2687cef6.png"
        favicon: "https://{yourOktaDomain}/favicon.ico"
        backgroundImage: null
        primaryColorHex: '#1662dd'
        primaryColorContrastHex: '#000000'
        secondaryColorHex: '#ebebed'
        secondaryColorContrastHex: '#000000'
        signInPageTouchPointVariant: OKTA_DEFAULT
        endUserDashboardTouchPointVariant: OKTA_DEFAULT
        errorPageTouchPointVariant: OKTA_DEFAULT
        emailTemplateTouchPointVariant: OKTA_DEFAULT
        loadingPageTouchPointVariant: OKTA_DEFAULT
    GetUseRoleGovernanceResponse:
      value:
        grants:
        - type: CUSTOM
          grantId: grai24zWTjnDazeOI0g4
          _links:
            resources:
              href: "https://{yourOktaDomain}/api/v1/users/00u15r0i2hC4jeTne0g5/roles/KVJUKUS7IFCE2SKO/governance/grai24zWTjnDazeOI0g4/resources"
        - type: ENTITLEMENT-BUNDLE
          grantId: grai2556vZgWesWf10g4
          bundleId: enbhz2pAwtts9UBes0g4
          expirationDate: 2024-12-09 14:17:22.0
          _links:
            resources:
              href: "https://{yourOktaDomain}//api/v1/users/00u15r0i2hC4jeTne0g5/roles/KVJUKUS7IFCE2SKO/governance/grai2556vZgWesWf10g4/resources"
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15r0i2hC4jeTne0g5/roles/KVJUKUS7IFCE2SKO/governance"
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00u15r0i2hC4jeTne0g5\""
    GetUserLinkedObjectResponse:
      summary: Retrieve User Linked Object value
      value:
      - _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u5t60iloOHN9pBi0h7"
    GetUserResponse:
      summary: Retrieve a user type response
      value:
        id: otyfnly5cQjJT9PnR0g4
        displayName: New User Type
        name: newUserType
        description: A new custom user type
        createdBy: sprz9fj1ycBcsgopy1d6
        lastUpdatedBy: sprz9fj1ycBcsgopy1d6
        created: 2021-07-05T20:40:38.000Z
        lastUpdated: 2021-07-05T20:40:38.000Z
        default: false
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
          schema:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
    GetYubikeyOptTokenResponse:
      summary: Get Yubikey OPT Token response
      value:
        id: ykkxdtCA1fKVxyu6R0g3
        created: 2020-06-09T23:42:05.000Z
        activated: 2020-06-09T23:47:29.000Z
        lastVerified: 2020-06-09T23:47:29.000Z
        lastUpdated: 2020-06-09T23:47:29.000Z
        status: ACTIVE
        profile:
          serial: "000009508427"
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/org/factors/yubikey_token/tokens/ykkxdtCA1fKVxyu6R0g3"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00uu0x8sxTr9HcHOo0g3"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/users/00uu0x8sxTr9HcHOo0g3/factors/ykfxduQAhl89YyPrV0g3"
            hints:
              allow:
              - DELETE
    GoogleIdPResponse:
      summary: Google Identity Provider
      value:
        id: 0oa62bfdiumsUndnZ0h7
        type: GOOGLE
        name: Google
        status: ACTIVE
        created: 2016-03-24T23:21:49.000Z
        lastUpdated: 2016-03-24T23:21:49.000Z
        protocol:
          type: OIDC
          endpoints:
            authorization:
              url: https://accounts.google.com/o/oauth2/auth
              binding: HTTP-REDIRECT
            token:
              url: https://www.googleapis.com/oauth2/v3/token
              binding: HTTP-POST
          scopes:
          - profile
          - email
          - openid
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: |-
              https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oa62bfdiumsUndnZ0h7&
                        client_id={clientId}&response_type={responseType}&response_mode={responseMode}&
                        scope={scopes}&redirect_uri={redirectUri}&state={state}
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
    GovernanceBundle:
      summary: Governance Bundle
      value:
        id: 0bbfxqCAJWWGELFTYAAA
        name: Group admin bundle
        description: Group bundle for administrative access
        status: ACTIVE
        orn: orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA
        _links:
          self: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA
          entitlements: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements
    GovernanceBundleCreateRequestCustomRole:
      summary: Create governance bundle with custom role
      value:
        name: Custom admin bundle
        description: Custom bundle for administrative access
        entitlements:
          role: cr0WxyzJxGIr0ouum0g4
          resourceSets:
          - iamoJDFKaJxGIr0oamd9g
    GovernanceBundleCreateRequestScopedStandardRole:
      summary: Create governance bundle with scoped standard role
      value:
        name: Group admin bundle
        description: Group bundle for administrative access
        entitlements:
          role: GROUP_MEMBERSHIP_ADMIN
          targets:
          - 00guaxWZ0AOa5NFAj0g3
    GovernanceBundleCreateRequestStandardRole:
      summary: Create governance bundle with non-scoped standard role
      value:
        name: Group admin bundle
        description: Group bundle for administrative access
        entitlements:
          role: GROUP_MEMBERSHIP_ADMIN
    GovernanceBundleUpdateRequestCustomRole:
      summary: Update governance bundle with custom role
      value:
        name: Custom admin bundle
        description: Custom bundle for administrative access
        entitlements:
          role: cr0WxyzJxGIr0ouum0g4
          resourceSets:
          - iamoJDFKaJxGIr0oamd9g
    GovernanceBundleUpdateRequestScopedStandardRole:
      summary: Update governance bundle with scoped standard role
      value:
        name: Group admin bundle
        description: Group bundle for administrative access
        entitlements:
          role: GROUP_MEMBERSHIP_ADMIN
          targets:
          - 00guaxWZ0AOa5NFAj0g3
    GovernanceBundleUpdateRequestStandardRole:
      summary: Update governance bundle with non-scoped standard role
      value:
        name: Group admin bundle
        description: Group bundle for administrative access
        entitlements:
          role: GROUP_MEMBERSHIP_ADMIN
    GovernanceBundlesResponse:
      summary: List of governance bundles
      value:
        bundles:
        - id: 0bbfxqCAJWWGELFTYAAA
          name: Group admin bundle
          description: Group bundle for administrative access
          status: ACTIVE
          orn: orn:okta:governance:00o5rb5mt2H3d1TJd0h7:bundles:0bbfxqCAJWWGELFTYAAA
          _links:
            entitlements: http://your-subdomain.okta.com/api/v1/iam/governance/bundles/0bbfxqCAJWWGELFTYAAA/entitlements
        _links:
          self:
            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles?limit=2&after=10
          next:
            href: http://your-subdomain.okta.com/api/v1/iam/governance/bundles?after=bundleId12
    GroupAssignmentExListResponse:
      summary: Application Groups list with embedded metadata
      value:
      - id: 00g15acRUy0SYb9GT0g4
        priority: 0
        lastUpdated: 2024-06-02T13:17:57.000Z
        profile:
          preferredLanguage: English
          manager: Donald Glover
          securityQuestion: Who is the footballer to have played the game
          securityAnswer: Ronaldinho
          timezone: Canada/Eastern
          initialStatus: active_with_pass
          managerId: [email protected]
          locale: en_US
          division: top
          organization: wazobia
          userType: null
          department: marketing
        _links:
          app:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4"
          self:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4"
          group:
            href: "http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4"
        _embedded:
          metadata:
            credentials: {}
            profile:
              division:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              preferredLanguage:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              manager:
                source:
                  type: MAPPING
                  value:
                  - id: null
                lastUpdated: null
              securityQuestion:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              securityAnswer:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              timezone:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              organization:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              initialStatus:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              managerId:
                source:
                  type: MAPPING
                  value:
                  - id: null
                lastUpdated: null
              userType:
                source:
                  type: MAPPING
                  value:
                  - id: null
                lastUpdated: null
              locale:
                source:
                  type: USER
                  value:
                  - id: 00uzojLwDGgUynjJS0g3
                    self:
                      href: "http://{yourOktaDomain}/api/v1/users/00uzojLwDGgUynjJS0g3"
                lastUpdated: null
              department:
                source:
                  type: MAPPING
                  value:
                  - id: null
                lastUpdated: null
    GroupAssignmentExResponse:
      summary: Application Group response
      value:
        id: 00g15acRUy0SYb9GT0g4
        priority: 0
        lastUpdated: 2024-06-02T13:17:57.000Z
        profile:
          preferredLanguage: English
          manager: Donald Glover
          securityQuestion: Who is the footballer to have played the game
          securityAnswer: Ronaldinho
          timezone: Canada/Eastern
          initialStatus: active_with_pass
          managerId: [email protected]
          locale: en_US
          division: top
          organization: wazobia
          userType: null
          department: marketing
        _links:
          app:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4"
          self:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4"
          group:
            href: "http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4"
    GroupAssignmentPatchRequestExample:
      summary: Update app group request
      value:
      - op: replace
        path: /profile/manager
        value: Carlo Ancelotti
    GroupAssignmentPatchResponseExample:
      summary: Update Application Group response
      value:
        id: 00g15acRUy0SYb9GT0g4
        priority: 0
        lastUpdated: 2024-06-03T13:42:20.000Z
        profile:
          preferredLanguage: English
          securityQuestion: Who is the footballer to have played the game
          securityAnswer: Jay Jay Okocha
          timezone: Canada/Eastern
          initialStatus: active_with_pass
          managerId: [email protected]
          locale: en_US
          division: top
          organization: null
          userType: null
          department: Accounting
          manager: Carlo Ancelotti
        _links:
          app:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4"
          self:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4"
          group:
            href: "http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4"
    GroupAssignmentPutRequestExample:
      summary: Assign Application Group request
      value:
        id: 00g15acRUy0SYb9GT0g4
        profile:
          preferredLanguage: English
          manager: Arsene Wenger
          securityQuestion: Who is the footballer to have played the game
          securityAnswer: Jay Jay Okocha
          timezone: Canada/Eastern
          initialStatus: active_with_pass
          managerId: [email protected]
          locale: en_US
          division: top
          organization: null
          userType: null
          department: Accounting
    GroupAssignmentPutResponseExample:
      summary: Assign Application Group response
      value:
        id: 00g15acRUy0SYb9GT0g4
        priority: 0
        lastUpdated: 2024-06-03T13:52:07.000Z
        profile:
          preferredLanguage: English
          manager: Arsene Wenger
          securityQuestion: Who is the footballer to have played the game
          securityAnswer: Jay Jay Okocha
          timezone: Canada/Eastern
          initialStatus: active_with_pass
          managerId: [email protected]
          locale: en_US
          division: top
          organization: null
          userType: null
          department: Accounting
        _links:
          app:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4"
          self:
            href: "http://{yourOktaDomain}/api/v1/apps/0oa15anjcUHSI6hTB0g4/groups/00g15acRUy0SYb9GT0g4"
          group:
            href: "http://{yourOktaDomain}/api/v1/groups/00g15acRUy0SYb9GT0g4"
    GroupSchemaAddRequest:
      value:
        definitions:
          custom:
            id: '#custom'
            type: object
            properties:
              groupContact:
                title: Group administrative contact
                description: Group administrative contact
                type: string
                required: false
                minLength: 1
                maxLength: 20
                permissions:
                - principal: SELF
                  action: READ_WRITE
            required: []
    GroupSchemaResponse:
      value:
        $schema: http://json-schema.org/draft-04/schema#
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/group/default"
            method: GET
            rel: self
        created: 2021-01-30T00:18:24.000Z
        definitions:
          base:
            id: '#base'
            properties: {}
            required:
            - name
            type: object
          custom:
            id: '#custom'
            properties:
              groupContact:
                description: Group administrative contact
                master:
                  type: PROFILE_MASTER
                mutability: READ_WRITE
                permissions:
                - action: READ_WRITE
                  principal: SELF
                scope: NONE
                title: Group administrative contact
                type: string
            required: []
            type: object
        description: Okta group profile template
        id: "https://{yourOktaDomain}/meta/schemas/group/default"
        lastUpdated: 2021-02-25T23:05:31.000Z
        name: group
        properties:
          profile:
            allOf:
            - $ref: '#/definitions/custom'
            - $ref: '#/definitions/base'
        title: Okta group
        type: object
    IAMStandardRoleResponseClient:
      value:
        id: irb4jlodtdN4yJ88b0g7
        role: ACCESS_REQUESTS_ADMIN
        label: Access Requests Administrator
        type: ACCESS_REQUESTS_ADMIN
        status: ACTIVE
        created: 2023-07-06T21:52:48.000Z
        lastUpdated: 2023-07-06T21:52:48.000Z
        assignmentType: CLIENT
        resource-set: ACCESS_CERTIFICATIONS_IAM_POLICY
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/client/0oa5vymVNCe2cPEeZ0g4"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/ACCESS_REQUESTS_ADMIN"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/ACCESS_REQUESTS_ADMIN/permissions"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY/bindings/ACCESS_REQUESTS_ADMIN/members/irb4jlomnnDBuBDyJ0g7"
    IAMStandardRoleResponseUser:
      value:
        id: irb1q92TFAHzySt3x0g4
        role: ACCESS_REQUESTS_ADMIN
        label: Access Requests Administrator
        type: ACCESS_REQUESTS_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: USER
        resource-set: ACCESS_CERTIFICATIONS_IAM_POLICY
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/ACCESS_REQUESTS_ADMIN"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/ACCESS_REQUESTS_ADMIN/permissions"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY/bindings/ACCESS_REQUESTS_ADMIN/members/irb1q92TFAHzySt3x0g4"
    IAMStandardRolesListResponse:
      value:
      - id: IFIFAX2BIRGUSTQ
        label: Application Administrator
        type: APP_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:17:40.000Z
        lastUpdated: 2019-02-06T16:17:40.000Z
        assignmentType: USER
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00ur32Vg0fvpyHZeQ0g3"
      - id: irb1q92TFAHzySt3x0g4
        role: cr0Yq6IJxGIr0ouum0g3
        label: UserCreatorRole
        type: CUSTOM
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: USER
        resource-set: iamoJDFKaJxGIr0oamd9g
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00u1gytb3XCr9Dkr18r2"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3/members/irb1qe6PGuMc7Oh8N0g4"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/permission-sets/cr0Yq6IJxGIr0ouum0g3/permissions"
      - id: irb5e92YgBazyyQ3x1q5
        role: ACCESS_CERTIFICATIONS_ADMIN
        label: Access Certifications Administrator
        type: ACCESS_CERTIFICATIONS_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: USER
        resource-set: ACCESS_CERTIFICATIONS_IAM_POLICY
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00u1gytb3XCr9Dkr18r2"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY/bindings/ACCESS_CERTIFICATIONS_ADMIN/members/irb1qe6PGuMc7Oh8N0g4"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/ACCESS_CERTIFICATIONS_ADMIN"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/permission-sets/OKTA_IAM_TEST_DELIVERED_ROLE/permissions"
    IAMStandardRolesListResponseClient:
      value:
      - id: irb5e92YgBazyyQ3x1q5
        role: ACCESS_CERTIFICATIONS_ADMIN
        label: Access Certifications Administrator
        type: ACCESS_CERTIFICATIONS_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: CLIENT
        resource-set: ACCESS_CERTIFICATIONS_IAM_POLICY
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/clients/0oa4ee9vgbIuqTUvd0g7"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY/bindings/ACCESS_CERTIFICATIONS_ADMIN/members/irb1qe6PGuMc7Oh8N0g4"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/ACCESS_CERTIFICATIONS_ADMIN"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/permission-sets/OKTA_IAM_TEST_DELIVERED_ROLE/permissionsZ"
    IAMStandardRolesListResponseGroup:
      value:
      - id: irb5e92YgBazyyQ3x1q5
        role: ACCESS_CERTIFICATIONS_ADMIN
        label: Access Certifications Administrator
        type: ACCESS_CERTIFICATIONS_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: Group
        resource-set: ACCESS_CERTIFICATIONS_IAM_POLICY
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/ACCESS_CERTIFICATIONS_IAM_POLICY/bindings/ACCESS_CERTIFICATIONS_ADMIN/members/irb1qe6PGuMc7Oh8N0g4"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/ACCESS_CERTIFICATIONS_ADMIN"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/permission-sets/OKTA_IAM_TEST_DELIVERED_ROLE/permissions"
    IdPAppUserResponse:
      summary: IdP User
      value:
        id: 00u5t60iloOHN9pBi0h7
        externalId: externalId
        created: 2017-12-19T17:30:16.000Z
        lastUpdated: 2017-12-19T17:30:16.000Z
        profile:
          profileUrl: null
          firstName: null
          lastName: null
          honorificSuffix: null
          displayName: null
          honorificPrefix: null
          middleName: null
          email: null
        _links:
          idp:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bfdiumsUndnZ0h7"
          self:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bfdiumsUndnZ0h7/users/00u5t60iloOHN9pBi0h7"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u5t60iloOHN9pBi0h7"
    IdPKeyCredentialRequest:
      summary: Identity Provider Key Credential
      value:
        e: "65537"
        "n": "101438407598598116085679865987760095721749307901605456708912786847324207000576780508113360584555007890315805735307890113536927352312915634368993759211767770602174860126854831344273970871509573365292777620005537635317282520456901584213746937262823585533063042033441296629204165064680610660631365266976782082747"
        x5c:
        - MIIDnjCCAoagAwIBAgIGAVG3MN+PMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB2V4YW1wbGUxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMTUxMjE4MjIyMjMyWhcNMjUxMjE4MjIyMzMyWjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdleGFtcGxlMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcnyvuVCrsFEKCwHDenS3Ocjed8eWDv3zLtD2K/iZfE8BMj2wpTfn6Ry8zCYey3mWlKdxIybnV9amrujGRnE0ab6Q16v9D6RlFQLOG6dwqoRKuZy33Uyg8PGdEudZjGbWuKCqqXEp+UKALJHV+k4wWeVH8g5d1n3KyR2TVajVJpCrPhLFmq1Il4G/IUnPe4MvjXqB6CpKkog1+ThWsItPRJPAM+RweFHXq7KfChXsYE7Mmfuly8sDQlvBmQyxZnFHVuiPfCvGHJjpvHy11YlHdOjfgqHRvZbmo30+y0X/oY/yV4YEJ00LL6eJWU4wi7ViY3HP6/VCdRjHoRdr5L/DwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCzzhOFkvyYLNFj2WDcq1YqD4sBy1iCia9QpRH3rjQvMKDwQDYWbi6EdOX0TQ/IYR7UWGj+2pXd6v0t33lYtoKocp/4lUvT3tfBnWZ5KnObi+J2uY2teUqoYkASN7F+GRPVOuMVoVgm05ss8tuMb2dLc9vsx93sDt+XlMTv/2qi5VPwaDtqduKkzwW9lUfn4xIMkTiVvCpe0X2HneD2Bpuao3/U8Rk0uiPfq6TooWaoW3kjsmErhEAs9bA7xuqo1KKY9CdHcFhkSsMhoeaZylZHtzbnoipUlQKSLMdJQiiYZQ0bYL83/Ta9fulr1EERICMFt3GUmtYaZZKHpWSfdJp9
        x5t#S256: wzPVobIrveR1x-PCbjsFGNV-6zn7Rm9KuOWOG4Rk6jE
    IdPKeyCredentialResponse:
      summary: Identity Provider Key Credential
      value:
        kid: your-key-id
        created: 2016-01-03T18:15:47.000Z
        lastUpdated: 2016-01-03T18:15:47.000Z
        e: "65537"
        "n": "101438407598598116085679865987760095721749307901605456708912786847324207000576780508113360584555007890315805735307890113536927352312915634368993759211767770602174860126854831344273970871509573365292777620005537635317282520456901584213746937262823585533063042033441296629204165064680610660631365266976782082747"
        kty: RSA
        use: sig
        x5c:
        - MIIDnjCCAoagAwIBAgIGAVG3MN+PMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB2V4YW1wbGUxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMTUxMjE4MjIyMjMyWhcNMjUxMjE4MjIyMzMyWjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdleGFtcGxlMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcnyvuVCrsFEKCwHDenS3Ocjed8eWDv3zLtD2K/iZfE8BMj2wpTfn6Ry8zCYey3mWlKdxIybnV9amrujGRnE0ab6Q16v9D6RlFQLOG6dwqoRKuZy33Uyg8PGdEudZjGbWuKCqqXEp+UKALJHV+k4wWeVH8g5d1n3KyR2TVajVJpCrPhLFmq1Il4G/IUnPe4MvjXqB6CpKkog1+ThWsItPRJPAM+RweFHXq7KfChXsYE7Mmfuly8sDQlvBmQyxZnFHVuiPfCvGHJjpvHy11YlHdOjfgqHRvZbmo30+y0X/oY/yV4YEJ00LL6eJWU4wi7ViY3HP6/VCdRjHoRdr5L/DwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCzzhOFkvyYLNFj2WDcq1YqD4sBy1iCia9QpRH3rjQvMKDwQDYWbi6EdOX0TQ/IYR7UWGj+2pXd6v0t33lYtoKocp/4lUvT3tfBnWZ5KnObi+J2uY2teUqoYkASN7F+GRPVOuMVoVgm05ss8tuMb2dLc9vsx93sDt+XlMTv/2qi5VPwaDtqduKkzwW9lUfn4xIMkTiVvCpe0X2HneD2Bpuao3/U8Rk0uiPfq6TooWaoW3kjsmErhEAs9bA7xuqo1KKY9CdHcFhkSsMhoeaZylZHtzbnoipUlQKSLMdJQiiYZQ0bYL83/Ta9fulr1EERICMFt3GUmtYaZZKHpWSfdJp9
        x5t#S256: wzPVobIrveR1x-PCbjsFGNV-6zn7Rm9KuOWOG4Rk6jE
    IdPSigningKeyCredentialResponse:
      summary: Identity Provider Signing Key Credential
      value:
        created: 2015-12-10T18:56:23.000Z
        expiresAt: 2017-12-10T18:56:22.000Z
        kid: akm5hvbbevE341ovl0h7
        kty: RSA
        use: sig
        x5c:
        - MIIDnjCCAoagAwIBAgIGAVG3MN+PMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB2V4YW1wbGUxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMTUxMjE4MjIyMjMyWhcNMjUxMjE4MjIyMzMyWjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdleGFtcGxlMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcnyvuVCrsFEKCwHDenS3Ocjed8eWDv3zLtD2K/iZfE8BMj2wpTfn6Ry8zCYey3mWlKdxIybnV9amrujGRnE0ab6Q16v9D6RlFQLOG6dwqoRKuZy33Uyg8PGdEudZjGbWuKCqqXEp+UKALJHV+k4wWeVH8g5d1n3KyR2TVajVJpCrPhLFmq1Il4G/IUnPe4MvjXqB6CpKkog1+ThWsItPRJPAM+RweFHXq7KfChXsYE7Mmfuly8sDQlvBmQyxZnFHVuiPfCvGHJjpvHy11YlHdOjfgqHRvZbmo30+y0X/oY/yV4YEJ00LL6eJWU4wi7ViY3HP6/VCdRjHoRdr5L/DwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCzzhOFkvyYLNFj2WDcq1YqD4sBy1iCia9QpRH3rjQvMKDwQDYWbi6EdOX0TQ/IYR7UWGj+2pXd6v0t33lYtoKocp/4lUvT3tfBnWZ5KnObi+J2uY2teUqoYkASN7F+GRPVOuMVoVgm05ss8tuMb2dLc9vsx93sDt+XlMTv/2qi5VPwaDtqduKkzwW9lUfn4xIMkTiVvCpe0X2HneD2Bpuao3/U8Rk0uiPfq6TooWaoW3kjsmErhEAs9bA7xuqo1KKY9CdHcFhkSsMhoeaZylZHtzbnoipUlQKSLMdJQiiYZQ0bYL83/Ta9fulr1EERICMFt3GUmtYaZZKHpWSfdJp9
        x5t#S256: wzPVobIrveR1x-PCbjsFGNV-6zn7Rm9KuOWOG4Rk6jE
    InlineHookTelephony:
      value:
        channel:
          type: HTTP
          version: 1.0.0
          config:
            uri: https://your-external-webservice/sendOtp
            headers: []
            method: POST
            authScheme:
              type: HEADER
              key: x-telephony-key
        created: 2024-03-28T17:30:25.000Z
        id: caldpyulr3nbET2du1d7
        lastUpdated: 2024-05-07T16:35:18.000Z
        name: testTelephonyHook
        status: ACTIVE
        type: com.okta.telephony.provider
        version: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/inlineHooks/caldpyulr3nbET2du1d7"
          execute:
            href: "https://{yourOktaDomain}/api/v1/inlineHooks/caldpyulr3nbET2du1d7/execute"
            hints:
              allow":
              - POST
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/inlineHooks/caldpyulr3nbET2du1d7/lifecycle/deactivate"
            hints:
              allow":
              - POST
    InvalidRotateUse:
      summary: Invalid Use
      value:
        errorCode: E0000001
        errorSummary: "Api validation failed: rotateKeys"
        errorLink: E0000001
        errorId: oaeprak9qKHRlaWiclJ4oPJRQ
        errorCauses:
        - errorSummary: Invalid value specified for key 'use' parameter
    KeyCredentialExample:
      summary: Key Credential example
      value:
        created: 2015-12-10T18:56:23.000Z
        lastUpdated: 2024-08-13T18:26:57.000Z
        expiresAt: 2017-12-10T18:56:22.000Z
        x5c:
        - MIIDqDCCApCgAwIBAgIGAVGNQFX5MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODU1MjJaFw0xNzEyMTAxODU2MjJaMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJJjrcnI6cXBiXNq9YDgfYrQe2O5qEHG4MXP8Ue0sMeefFkFEHYHnHUeZCq6WTAGqR+1LFgOl+Eq9We5V+qNlGIfkFkQ3iHGBrIALKqLCd0Et76HicDiegz7j9DtN+lo0hG/gfcw5783L5g5xeQ7zVmCQMkFwoUA0uA3bsfUSrmfORHJL+EMNQT8XIXD8NkG4g6u7ylHVRTLgXbe+W/p04m3EP6l41xl+MhIpBaPxDsyUvcKCNwkZN3aZIin1O9Y4YJuDHxrM64/VtLLp0sC05iawAmfsLunF7rdJAkWUpPn+xkviyNQ3UpvwAYuDr+jKLUdh2reRnm1PezxMIXzBVMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEARnFIjyitrCGbleFr3KeAwdOyeHiRmgeKupX5ZopgXtcseJoToUIinX5DVw2fVZPahqs0Q7/a0wcVnTRpw6946qZCwKd/PvZ1feVuVEA5Ui3+XvHuSH5xLp7NvYG1snNEvlbN3+NDUMlWj2NEbihowUBt9+UxTpQO3+N08q3aZk3hOZ+tHt+1Te7KEEL/4CM28GZ9MY7fSrS7MAgp1+ZXtn+kRlMrXnQ49qBda37brwDRqmSY9PwNMbev3r+9ZHwxr9W5wXW4Ev4C4xngA7RkVoyDbItSUho0I0M0u/LHuppclnXrw97xyO5Z883eIBvPVjfRcxsJxXJ8jx70ATDskw==
        e: AQAB
        "n": mkC6yAJVvFwUlmM9gKjb2d-YK5qHFt-mXSsbjWKKs4EfNm-BoQeeovBZtSACyaqLc8IYFTPEURFcbDQ9DkAL04uUIRD2gaHYY7uK0jsluEaXGq2RAIsmzAwNTzkiDw4q9pDL_q7n0f_SDt1TsMaMQayB6bU5jWsmqcWJ8MCRJ1aJMjZ16un5UVx51IIeCbe4QRDxEXGAvYNczsBoZxspDt28esSpq5W0dBFxcyGVudyl54Er3FzAguhgfMVjH-bUec9j2Tl40qDTktrYgYfxz9pfjm01Hl4WYP1YQxeETpSL7cQ5Ihz4jGDtHUEOcZ4GfJrPzrGpUrak8Qp5xcwCqQ
        kid: SIMcCQNY3uwXoW3y0vf6VxiBb5n9pf8L2fK8d-FIbm4
        kty: RSA
        use: sig
        x5t#S256": 5GOpy9CQVtfvBmu2T8BHvpKE4OGtC3BuS046t7p9pps
    LinkIdPAppUserResponse:
      summary: Linked IdP User
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        externalId: "121749775026145"
        created: 2017-03-30T02:19:51.000Z
        lastUpdated: 2017-03-30T02:19:51.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62b57p7c8PaGpU0h7/users/00ub0oNGTSWTBKOLGLNR"
            hints:
              allow:
              - GET
              - DELETE
          idp:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62b57p7c8PaGpU0h7"
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
    ListAllKeyCredentialsExample:
      summary: List all Key Credentials example
      value:
      - created: 2015-12-10T18:56:23.000Z
        lastUpdated: 2024-08-13T18:26:57.000Z
        expiresAt: 2017-12-10T18:56:22.000Z
        x5c:
        - MIIDqDCCApCgAwIBAgIGAVGNQFX5MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODU1MjJaFw0xNzEyMTAxODU2MjJaMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJJjrcnI6cXBiXNq9YDgfYrQe2O5qEHG4MXP8Ue0sMeefFkFEHYHnHUeZCq6WTAGqR+1LFgOl+Eq9We5V+qNlGIfkFkQ3iHGBrIALKqLCd0Et76HicDiegz7j9DtN+lo0hG/gfcw5783L5g5xeQ7zVmCQMkFwoUA0uA3bsfUSrmfORHJL+EMNQT8XIXD8NkG4g6u7ylHVRTLgXbe+W/p04m3EP6l41xl+MhIpBaPxDsyUvcKCNwkZN3aZIin1O9Y4YJuDHxrM64/VtLLp0sC05iawAmfsLunF7rdJAkWUpPn+xkviyNQ3UpvwAYuDr+jKLUdh2reRnm1PezxMIXzBVMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEARnFIjyitrCGbleFr3KeAwdOyeHiRmgeKupX5ZopgXtcseJoToUIinX5DVw2fVZPahqs0Q7/a0wcVnTRpw6946qZCwKd/PvZ1feVuVEA5Ui3+XvHuSH5xLp7NvYG1snNEvlbN3+NDUMlWj2NEbihowUBt9+UxTpQO3+N08q3aZk3hOZ+tHt+1Te7KEEL/4CM28GZ9MY7fSrS7MAgp1+ZXtn+kRlMrXnQ49qBda37brwDRqmSY9PwNMbev3r+9ZHwxr9W5wXW4Ev4C4xngA7RkVoyDbItSUho0I0M0u/LHuppclnXrw97xyO5Z883eIBvPVjfRcxsJxXJ8jx70ATDskw==
        e: AQAB
        "n": mkC6yAJVvFwUlmM9gKjb2d-YK5qHFt-mXSsbjWKKs4EfNm-BoQeeovBZtSACyaqLc8IYFTPEURFcbDQ9DkAL04uUIRD2gaHYY7uK0jsluEaXGq2RAIsmzAwNTzkiDw4q9pDL_q7n0f_SDt1TsMaMQayB6bU5jWsmqcWJ8MCRJ1aJMjZ16un5UVx51IIeCbe4QRDxEXGAvYNczsBoZxspDt28esSpq5W0dBFxcyGVudyl54Er3FzAguhgfMVjH-bUec9j2Tl40qDTktrYgYfxz9pfjm01Hl4WYP1YQxeETpSL7cQ5Ihz4jGDtHUEOcZ4GfJrPzrGpUrak8Qp5xcwCqQ
        kid: SIMcCQNY3uwXoW3y0vf6VxiBb5n9pf8L2fK8d-FIbm4
        kty: RSA
        use: sig
        x5t#S256": 5GOpy9CQVtfvBmu2T8BHvpKE4OGtC3BuS046t7p9pps
      - created: 2015-12-10T18:55:35.000Z
        lastUpdated: 2024-08-13T18:26:57.000Z
        expiresAt: 2045-01-23T02:15:23.000Z
        x5c:
        - MIIDqDCCApCgAwIBAgIGAUsUkouzMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTAeFw0xNTAxMjMwMjE0MjNaFw00NTAxMjMwMjE1MjNaMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhmkmKsu3FYeBiJg44aN6Ah3g9gof1cytXJVMnblDUWpLfe/FMUQCssh8Y8NCYRri5jni4efBgk6B3SkC7ymqsOXILIEHSwUYWnAaqDOTxO101mHzryowu1+0PldRNoyTthahpprvAPYlTin9zrDTqFT+WY/zwoaN8H+CfixlW1nM85qF18zYYekkW50MSoHPcfJKe2ywIhPXTYTSBEPcHh8dQEjBrZn7A4qOoDnfOXll8OL7j2O6EVyTtHA0tLJHVLpwI4gSPsXFwEnHltjN57odwYe9yds0BbM/YG9i+am1+3cmZ6Uyd16mLGclrr05o9BHcEZ4ZctV2hr6whbRsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAnNlF27gRmhGTQ+GRAvbvYToFRgsIbBAPvRqB2LmEIiQ6UJd602w6uP1sv/zEzBYg4SnMLuVyWgOJ6d71dCvXdIO9mgAq6BaEPjlo0WhGyt+zGrpkMnIX5EwRa64kHydcPRHNA607wVYA96sJdyNJEMzBvjY9fJnfevzzDCN3NWpMS2T6rk6HP5IziI1VuFWY2OUC1kbCqLj1dUgp8koe3ftLL55ZpkAocnVMnrzBveNjgAOAiKTMcyS0bhESph9aVWvuHVZSfTnUjnTPb/4jA2YlB3ED+qaU3aqHwft1KXwZskNXBKXy7lyC+CMoeB3/ncFhSg/UllBooPPS3wYlNA==
        e: AQAB
        "n": htbi5H5MN_oYaKcZ8vlWRZn2oTrPY0v8_2Br_VZPJgJ57dCgguq5dDk1Me_ax-B3kjBPdXcW8wEoUFaU30spyVeQjZrdqsSvF0nMW4OzrMOIqrGLwCrAoDBS8tutfk5Y7qc-5xABzxgu4BjgSK5nWXbCt_UR0DzVTknotmMGeT8tAej8F6GAphLa0YhIxWT7Jy-y_pdANsiUPRiZBoLueGI0rrCqgYHIQVjNoj4-si105KCXbQuyYM9_Cd-dyyu5KJ4Ic0cOW61gpx4pnecMgSy8OX57FEd06W2hExBd49ah6jra2KFMeOGe3rkIXirdkofl1mBgeQ77ruKO1wW9Qw
        kid: mXtzOtml09Dg1ZCeKxTRBo3KrQuBWFkJ5oxhVagjTzo
        kty: RSA
        use: sig
        x5t#S256": 7CCyXWwKzH4P6PoBP91B1S_iIZVzuGffVnUXu-BTYQQ
    ListAllKeysResponse:
      summary: List All Keys response example
      value:
      - id: HKY1i2htmXF5UNQhL0g4
        keyId: bb5bed7d-6e4d-488f-9c86-59b93a2bb3fb
        name: My new key
        created: 2022-08-22T16:34:33.000Z
        lastUpdated: 2022-08-22T16:34:33.000Z
        isUsed: "true"
      - id: HKY1p7jWLndGQV9M60g4
        keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
        name: Test key
        created: 2022-08-31T18:09:58.000Z
        lastUpdated: 2022-08-31T18:09:58.000Z
        isUsed: "false"
    ListAppGrantsEx:
      summary: List all app Grants example
      value:
      - id: oag91n9ruw3dsaXzP0h6
        status: ACTIVE
        created: 2023-02-21T16:54:00.000Z
        createdBy:
          id: 00u6eltha0nrSc47i0h7
          type: User
        lastUpdated: 2023-02-21T16:54:00.000Z
        issuer: "{yourOktaDomain}"
        clientId: "{clientId}"
        scopeId: okta.users.read
        source: ADMIN
        _embedded:
          scope:
            id: okta.users.read
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
            title: Application name
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oag91n9ruw3dsaXzP0h6"
            hints:
              allow:
              - GET
              - DELETE
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/{clientId}"
            title: Client name
      - id: oaghm3sh9ukdkvDmO0h6
        status: ACTIVE
        created: 2023-02-03T21:57:49.000Z
        createdBy:
          id: 00u6eltha0nrSc47i0h7
          type: User
        lastUpdated: 2023-02-03T21:57:49.000Z
        issuer: "{yourOktaDomain}"
        clientId: "{clientId}"
        scopeId: okta.apps.manage
        source: ADMIN
        _embedded:
          scope:
            id: okta.apps.manage
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
            title: Application name
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}/grants/oaghm3sh9ukdkvDmO0h6"
            hints:
              allow:
              - GET
              - DELETE
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/{clientId}"
            title: Client name
    ListAppLinks:
      value:
      - id: 00ub0oNGTSWTBKOLGLNR
        label: Google Apps Mail
        linkUrl: "https://{yourOktaDomain}/home/google/0oa3omz2i9XRNSRIHBZO/50"
        logoUrl: "https://{yourOktaDomain}/img/logos/google-mail.png"
        appName: google
        appInstanceId: 0oa3omz2i9XRNSRIHBZO
        appAssignmentId: 0ua3omz7weMMMQJERBKY
        credentialsSetup: false
        hidden: false
        sortOrder: 0
      - id: 00ub0oNGTSWTBKOLGLNR
        label: Google Apps Calendar
        linkUrl: "https://{yourOktaDomain}/home/google/0oa3omz2i9XRNSRIHBZO/54"
        logoUrl: "https://{yourOktaDomain}/img/logos/google-calendar.png"
        appName: google
        appInstanceId: 0oa3omz2i9XRNSRIHBZO
        appAssignmentId: 0ua3omz7weMMMQJERBKY
        credentialsSetup: false
        hidden: false
        sortOrder: 1
      - id: 00ub0oNGTSWTBKOLGLNR
        label: Box
        linkUrl: "https://{yourOktaDomain}/home/boxnet/0oa3ompioiQCSTOYXVBK/72"
        logoUrl: "https://{yourOktaDomain}/img/logos/box.png"
        appName: boxnet
        appInstanceId: 0oa3ompioiQCSTOYXVBK
        appAssignmentId: 0ua3omx46lYEZLPPRWBO
        credentialsSetup: false
        hidden: false
        sortOrder: 3
      - id: 00ub0oNGTSWTBKOLGLNR
        label: Salesforce.com
        linkUrl: "https://{yourOktaDomain}/home/salesforce/0oa12ecnxtBQMKOXJSMF/46"
        logoUrl: "https://{yourOktaDomain}/img/logos/salesforce_logo.png"
        appName: salesforce
        appInstanceId: 0oa12ecnxtBQMKOXJSMF
        appAssignmentId: 0ua173qgj5VAVOBQMCVB
        credentialsSetup: true
        hidden: false
        sortOrder: 2
    ListAssocAuthServerResponse:
      summary: List associated Authorization Servers
      value:
      - id: "{authorizationServerId}"
        name: Sample Authorization Server
        description: Sample Authorization Server description
        audiences:
        - https://api.resource.com
        issuer: "https://{yourOktaDomain}/oauth2/{authorizationServerId}"
        issuerMode: CUSTOM_URL
        status: ACTIVE
        created: 2023-05-17T22:25:57.000Z
        lastUpdated: 2023-05-17T22:25:57.000Z
        credentials:
          signing:
            rotationMode: DYNAMIC
            lastRotated: 2023-05-17T22:25:57.000Z
            nextRotation: 2023-08-15T22:25:57.000Z
            kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
            use: sig
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}"
            hints:
              allow:
              - DELETE
    ListAuthServersResponse:
      summary: List all custom authorization servers in your org
      value:
      - id: "{authorizationServerId}"
        name: Sample Authorization Server
        description: Sample Authorization Server description
        audiences:
        - https://api.resource.com
        issuer: "https://{yourOktaDomain}/oauth2/{authorizationServerId}"
        issuerMode: ORG_URL
        status: ACTIVE
        created: 2023-05-17T22:25:57.000Z
        lastUpdated: 2023-05-17T22:25:57.000Z
        credentials:
          signing:
            rotationMode: AUTO
            lastRotated: 2023-05-17T22:25:57.000Z
            nextRotation: 2023-08-15T22:25:57.000Z
            kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
        _links:
          scopes:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes"
            hints:
              allow:
              - GET
          claims:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims"
            hints:
              allow:
              - GET
          policies:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies"
            hints:
              allow:
              - GET
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}"
            hints:
              allow:
              - GET
              - DELETE
              - PUT
          metadata:
          - name: oauth-authorization-server
            href: "https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server"
            hints:
              allow:
              - GET
          - name: openid-configuration
            href: "https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration"
            hints:
              allow:
              - GET
          rotateKey:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate"
            hints:
              allow:
              - POST
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
    ListAuthorizationServerKeys:
      summary: All Credential Keys
      value:
      - status: ACTIVE
        alg: RS256
        e: AQAB
        "n": "g0MirhrysJMPm_wK45jvMbbyanfhl-jmTBv0o69GeifPaISaXGv8LKn3-CyJvUJcjjeHE17KtumJWVxUDRzFqtIMZ1ctCZyIAuWO0n\
          \ LKilg7_EIDXJrS8k14biqkPO1lXGFwtjo3zLHeFSLw6sWf-CEN9zv6Ff3IAXb-RMYpfh-bVrxIgWsWCxjLW-UKI3la-gs0nWHH2PJr5HLJuI\
          \ JIOL5HLJuIJIOLWahqTnm_r1LSCSYr6N4C-fh--w2_BW8DzTHalBYe76bNr0d7AqtR4tGazmrvrc79Wa2bjyxmhhN1u9jSaZQqq-3VZEod8q3,\
          \ WHH2PJ5v1LoXniJQ4a2W8nDVqb6h4E8MUKYOpljTfQ"
        kid: RQ8DuhdxCczyMvy7GNJb4Ka3lQ99vrSo3oFBUiZjzzc
        kty: RSA
        use: sig
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/keys/RQ8DuhdxCczyMvy7GNJb4Ka3lQ99vrSo3oFBUiZjzzc"
            hints:
              allow:
              - GET
      - status: NEXT
        alg: RS256
        e: AQAB
        "n": l1hZ_g2sgBE3oHvu34T-5XP18FYJWgtul_nRNg-5xra5ySkaXEOJUDRERUG0HrR42uqf9jYrUTwg9fp-SqqNIdHRaN8EwRSDRsKAwK
          3 HIJ2NJfgmrrO2ABkeyUq6rzHxAumiKv1iLFpSawSIiTEBJERtUCDcjbbqyHVFuivIFgH8L37
          - XDIDb0XG - R8DOoOHLJPTpsgH - rJe M5w96VIRZInsGC5OGWkFdtgk6OkbvVd7_TXcxLCpWeg1vlbmX
          - 0 TmG5yjSj7ek05txcpxIqYu - 7 FIGT0KKvXge_BOSEUlJpBhLKU28 OtsOnmc3NLIGXB
          - GeDiUZiBYQdPR - myB4ZoQ
        kid: Y3vBOdYT-l-I0j-gRQ26XjutSX00TeWiSguuDhW3ngo
        kty: RSA
        use: sig
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/keys/Y3vBOdYT-l-I0j-gRQ26XjutSX00TeWiSguuDhW3ngo"
            hints:
              allow:
              - GET
      - status: EXPIRED
        alg: RS256
        e: AQAB
        "n": lC4ehVB6W0OCtNPnz8udYH9Ao83B6EKnHA5eTcMOap_lQZ-nKtS1lZwBj4wXRVc1XmS0d2OQFA1VMQ-dHLDE3CiGfsGqWbaiZFdW7U
          GLO1nAwfDdH6xp3xwpKOMewDXbAHJlXdYYAe2ap - CE9c5WLTUBU6JROuWcorHCNJisj1aExyiY5t3JQQVGpBz2oUIHo7NRzQoKimvp
          dMvMzcYnTlk1dhlG11b1GTkBclprm1BmOP7Ltjd7aEumOJWS67nKcAZzl48Zyg5KtV11V9F9dkGt25qHauqFKL7w3wu
          - DYhT0hmyFc wn - tXS6e6HQbfHhR_MQxysLtDGOk2ViWv8AQ
        kid: h5Sr3LXcpQiQlAUVPdhrdLFoIvkhRTAVs_h39bQnxlU
        kty: RSA
        use: sig
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/keys/h5Sr3LXcpQiQlAUVPdhrdLFoIvkhRTAVs_h39bQnxlU"
            hints:
              allow:
              - GET
    ListAuthorizationServerPolicies:
      summary: List Authorization Server Policies
      value:
      - type: OAUTH_AUTHORIZATION_POLICY
        id: 00palyaappA22DPkj0h7
        status: ACTIVE
        name: Vendor2 Policy
        description: Vendor2 policy description
        priority: 1
        system: false
        conditions:
          clients:
            include:
            - ALL_CLIENTS
        created: 2017-05-26T19:43:53.000Z
        lastUpdated: 2017-06-07T15:28:17.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies/00palyaappA22DPkj0h7"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies/00palyaappA22DPkj0h7/lifecycle/deactivate"
            hints:
              allow:
              - POST
          rules:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies/00palyaappA22DPkj0h7/rules"
            hints:
              allow:
              - GET
    ListAuthorizationServerPolicyRules:
      summary: List Authorization Server Policy Rules
      value:
      - type: RESOURCE_ACCESS
        id: 0prbsjfyl01zfSZ9K0h7
        status: ACTIVE
        name: Default Policy Rule
        priority: 1
        created: 2017-08-25T16:57:02.000Z
        lastUpdated: 2017-08-30T14:51:05.000Z
        system: false
        conditions:
          people:
            users:
              include: []
              exclude: []
            groups:
              include:
              - EVERYONE
              exclude: []
          grantTypes:
            include:
            - implicit
            - client_credentials
            - authorization_code
            - password
          scopes:
            include:
            - '*'
        actions:
          token:
            accessTokenLifetimeMinutes: 60
            refreshTokenLifetimeMinutes: 0
            refreshTokenWindowMinutes: 10080
            inlineHook:
              id: cal4egvp1mbMldrYN0g7
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/0prbsjfyl01zfSZ9K0h7"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
            deactivate:
              href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authServerId}/policies/{policyId}/rules/0prbsjfyl01zfSZ9K0h7/lifecycle/deactivate"
              hints:
                allow:
                - POST
    ListBrandsResponse:
      value:
      - id: bnd114iNkrcN6aR680g4
        name: Okta Default
        isDefault: true
        agreeToCustomPrivacyPolicy: false
        removePoweredByOkta: false
        customPrivacyPolicyUrl: null
        locale: en
        emailDomainId: OeD114iNkrcN6aR680g4
        defaultApp:
          appInstanceId: 0oa114iNkrcN6aR680g4
          appLinkName: null
          classicApplicationUri: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          themes:
            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes"
            hints:
              allow:
              - GET
          emailDomain:
            href: "https://{yourOktaDomain}/api/v1/email-domains/OeD114iNkrcN6aR680g4"
            hints:
              allow:
              - GET
              - PUT
    ListClientsResponse:
      summary: List all Client resources for which an authorization server has tokens
      value:
      - client_id: "{clientId}"
        client_name: My Web App
        client_uri: "null,"
        logo_uri: "null,"
        _links:
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/{clientId}"
            title: My Web App
          tokens:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/clients/{clientId}/tokens"
            hints:
              allow:
              - GET
              - DELETE
    ListCustomTokenClaimsResponse:
      summary: List all custom token Claims for an authorization server
      value:
      - id: "{claimId}"
        name: sub
        status: ACTIVE
        claimType: RESOURCE
        valueType: EXPRESSION
        value: "(appuser != null) ? appuser.userName : app.clientId"
        conditions:
          scopes:
          - profile
        system: true
        alwaysIncludeInToken: true
        apiResourceId: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    ListEmailCustomizationResponse:
      value:
      - language: en
        isDefault: true
        subject: "Welcome to ${org.name}!"
        body: "
Hello, ${user.profile.firstName}. Click\
          \ here to activate your account."
        id: oel11u6DqUiMbQkpl0g4
        created: 2021-11-09T20:38:10.000Z
        lastUpdated: 2021-11-11T20:38:10.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          template:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
            hints:
              allow:
              - GET
          preview:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel11u6DqUiMbQkpl0g4/preview"
            hints:
              allow:
              - GET
          test:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
            hints:
              allow:
              - POST
    ListEmailTemplateResponse:
      value:
      - name: UserActivation
        _embedded:
          customizationCount: 0
          settings:
            recipients: ALL_USERS
            _links:
              self:
                href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings"
                hints:
                  allow:
                  - GET
                  - PUT
              template:
                href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
                hints:
                  allow:
                  - GET
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
            hints:
              allow:
              - GET
          settings:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/settings"
            hints:
              allow:
              - GET
              - PUT
          defaultContent:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content"
            hints:
              allow:
              - GET
          customizations:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations"
            hints:
              allow:
              - GET
              - POST
              - DELETE
          test:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
            hints:
              allow:
              - POST
    ListFactorsResults:
      summary: All of the enrolled Factors for the specified User
      value:
      - id: ufs2bysphxKODSZKWVCT
        factorType: question
        provider: OKTA
        vendorName: OKTA
        status: ACTIVE
        created: 2014-04-15T18:10:06.000Z
        lastUpdated: 2014-04-15T18:10:06.000Z
        profile:
          question: favorite_art_piece
          questionText: What is your favorite piece of art?
        _links:
          questions:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/questions"
            hints:
              allow:
              - GET
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ufs2bysphxKODSZKWVCT"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
      - id: ostf2gsyictRQDSGTDZE
        factorType: token:software:totp
        provider: OKTA
        status: PENDING_ACTIVATION
        created: 2014-06-27T20:27:33.000Z
        lastUpdated: 2014-06-27T20:27:33.000Z
        profile:
          credentialId: [email protected]
        _links:
          next:
            name: activate
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf2gsyictRQDSGTDZE/lifecycle/activate"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/ostf2gsyictRQDSGTDZE"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
        _embedded:
          activation:
            timeStep: 30
            sharedSecret: HE64TMLL2IUZW2ZLB
            encoding: base32
            keyLength: 16
      - id: sms2gt8gzgEBPUWBIFHN
        factorType: sms
        provider: OKTA
        status: ACTIVE
        created: 2014-06-27T20:27:26.000Z
        lastUpdated: 2014-06-27T20:27:26.000Z
        profile:
          phoneNumber: +1-555-415-1337
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/sms2gt8gzgEBPUWBIFHN/verify"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/sms2gt8gzgEBPUWBIFHN"
            hints:
              allow:
              - GET
              - DELETE
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL"
            hints:
              allow:
              - GET
    ListFeatureDependenciesResponse:
      summary: List all dependencies for a feature
      value:
      - id: ftrZooGoT8b41iWRiQs7
        description: Example feature description
        name: Example feature name
        stage:
          state: OPEN
          value: EA
        status: ENABLED
        type: self-service
        _links:
          self:
            hints:
              allow:
              - POST
            href: "https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7"
          dependents:
            href: "https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents"
          dependencies:
            href: "https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies"
    ListFeatureDependentsResponse:
      summary: List all feature dependents for the specified feature
      value:
      - id: ftrZooGoT8b41iWRiQs7
        description: Example feature description
        name: Example feature name
        stage:
          state: OPEN
          value: EA
        status: ENABLED
        type: self-service
        _links:
          self:
            hints:
              allow:
              - POST
            href: "https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7"
          dependents:
            href: "https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents"
          dependencies:
            href: "https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies"
    ListFeaturesResponse:
      summary: List all self-service features for your org
      value:
      - id: ftrZooGoT8b41iWRiQs7
        description: Example feature description
        name: Example feature name
        stage:
          state: CLOSED
          value: BETA
        status: DISABLED
        type: self-service
        _links:
          self:
            hints:
              allow:
              - POST
            href: "https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7"
          dependents:
            href: "https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents"
          dependencies:
            href: "https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies"
    ListIdPUsersResponse:
      summary: List of linked IdP Users
      value:
      - id: 00u5cl9lo7nMjHjPr0h7
        externalId: "109912936038778"
        created: 2015-11-03T19:10:11.000Z
        lastUpdated: 2015-11-03T19:11:49.000Z
        profile:
          firstName: Carol
          middleName: Lee
          lastName: Johnson
          email: [email protected]
          displayName: Carol Johnson
          profile: https://www.facebook.com/app_scoped_user_id/109912936038778/
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa4lb6lbtmH355Hx0h7/users/00u5cl9lo7nMjHjPr0h7"
            hints:
              allow:
              - GET
              - DELETE
          idp:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa4lb6lbtmH355Hx0h7"
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00u5cl9lo7nMjHjPr0h7"
    ListLinkedObjects:
      summary: List all Linked Object definitions
      value:
      - primary:
          name: manager
          title: manager
          description: Manager link property
          type: USER
        associated:
          name: subordinate
          title: subordinate
          description: Subordinate link property
          type: USER
        _links:
          self:
            href: http://your-subdomain.okta.com/api/v1/meta/schemas/user/linkedObjects/manager
    ListLogs:
      summary: List all system logs
      value:
      - actor:
          id: 00uttidj01jqL21aM1d6
          type: User
          alternateId: [email protected]
          displayName: John Doe
          detailEntry: null
        client:
          userAgent:
            rawUserAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36\
              \ (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
            os: Mac OS X
            browser: CHROME
          zone: null
          device: Computer
          id: null
          ipAddress: 10.0.0.1
          geographicalContext:
            city: New York
            state: New York
            country: United States
            postalCode: 10013
            geolocation:
              lat: 40.3157
              lon: -74.01
        device:
          id: guofdhyjex1feOgbN1d9
          name: "Mac15,6"
          os_platform: OSX
          os_version: 14.6.0
          managed: false
          registered: true
          device_integrator: null
          disk_encryption_type: ALL_INTERNAL_VOLUMES
          screen_lock_type: BIOMETRIC
          jailbreak: null
          secure_hardware_present: true
        authenticationContext:
          authenticationProvider: null
          credentialProvider: null
          credentialType: null
          issuer: null
          interface: null
          authenticationStep: 0
          rootSessionId: idxBager62CSveUkTxvgRtonA
          externalSessionId: idxBager62CSveUkTxvgRtonA
        displayMessage: User login to Okta
        eventType: user.session.start
        outcome:
          result: SUCCESS
          reason: null
        published: 2024-08-13T15:58:20.353Z
        securityContext:
          asNumber: 394089
          asOrg: ASN 0000
          isp: google
          domain: null
          isProxy: false
        severity: INFO
        debugContext:
          debugData:
            requestId: ab609228fe84ce59cdcbfa690bcce016
            requestUri: /idp/idx/authenticators/poll
            url: /idp/idx/authenticators/poll
        legacyEventType: core.user_auth.login_success
        transaction:
          type: WEB
          id: ab609228fe84ce59cdcbfa690bgce016
          detail: null
        uuid: dc9fd3c0-598c-11ef-8478-2b7584bf8d5a
        version: 0
        request:
          ipChain:
          - ip: 10.0.0.1
            geographicalContext:
              city: New York
              state: New York
              country: United States
              postalCode: 10013
              geolocation:
                lat: 40.3157
                lon: -74.01
            version: V4
            source: null
        target:
        - id: pfdfdhyjf0HMbkP2e1d7
          type: AuthenticatorEnrollment
          alternateId: unknown
          displayName: Okta Verify
          detailEntry: null
        - id: 0oatxlef9sQvvqInq5d6
          type: AppInstance
          alternateId: Okta Admin Console
          displayName: Okta Admin Console
          detailEntry: null
    ListMappingsResponse:
      summary: List all Profile Mappings response
      value:
      - id: prm1k47ghydIQOTBW0g4
        source:
          id: otysbePhQ3yqt4cVv0g3
          name: user
          type: user
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3"
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3"
        target:
          id: 0oa1qmn4LZQQEH0wZ0g4
          name: okta_org2org
          type: appuser
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4"
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default"
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4"
    ListOfSecurityEventsProviderInstances:
      summary: List of Security Events Providers
      value:
      - id: sse1qg25RpusjUP6m0g5
        name: Security Events Provider with well-known URL
        type: okta
        status: ACTIVE
        settings:
          well_known_url: https://example.okta.com/.well-known/ssf-configuration
          issuer: Issuer
          jwks_url: https://example.okta.com/jwks/path
        _links:
          self:
            href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5/lifecycle/deactivate
            hints:
              allow:
              - POST
      - id: sse1qu4fUtsoD12iF0g5
        name: Security Events Provider with an issuer and a JWKS URL
        type: okta
        status: ACTIVE
        settings:
          issuer: Issuer
          jwks_url: https://example.okta.com/jwks/path
        _links:
          self:
            href: https://example.okta.com/api/v1/security-events-providers/sse1qu4fUtsoD12iF0g5
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: https://example.okta.com/api/v1/security-events-providers/sse1qu4fUtsoD12iF0g5/lifecycle/deactivate
            hints:
              allow:
              - POST
    ListPrivilegedAccounts:
      summary: List Privileged Accounts with mixed account types
      value:
      - accountType: APP_ACCOUNT
        description: This is for accessing AWS Prod-5
        id: a747a818-a4c4-4446-8a87-704216495a08
        name: AWS Prod-5 account
        ownerGroupIds:
        - 00g57qp78yZT2XBA40g7
        ownerUserIds:
        - 00u11s48P9zGW8yqm0g5
        status: NO_ISSUES
        statusDetail: ROTATED
        created: 2023-04-04T15:56:05.000Z
        lastUpdated: 2023-05-05T18:15:44.000Z
        details:
          credentials:
            username: [email protected]
          oktaApplicationId: aln1aqcs055ZRoizW0g8
          appInstanceName: AWS Prod-5
          appGlobalName: AWS Account Federation
      - accountType: OKTA_USER_ACCOUNT
        description: Shared admin account for managing AD integrations
        id: d1b65a78-21ed-429b-8ea3-eec96f2748d6
        name: AD Integrations Admin
        ownerGroupIds:
        - 00g57qp78yZT2XBA40g7
        ownerUserIds:
        - 00u11s48P9zGW8yqm0g5
        status: INFO
        statusDetail: ROTATING
        created: 2023-04-04T15:56:05.000Z
        lastUpdated: 2023-05-05T18:15:44.000Z
        details:
          credentials:
            username: [email protected]
          email: [email protected]
          oktaUserId: 00u11s48P9zGW8yqm0g5
    ListRealmAssignmentsResponse:
      value:
      - id: rul2jy7jLUlnO3ng00g4
        status: ACTIVE
        name: Realm Assignment 1
        created: 2022-04-04T15:56:05.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
        isDefault: false
        conditions:
          profileSourceId: 0oa4enoRyjwSCy5hx0g4
          expression:
            value: user.profile.role ==\"Manager\"
        actions:
          assignUserToRealm:
            realmId: 00g1b7rvh0xPLKXFf0g5
        priority: 0
        _links:
          self:
            rel: self
            href: http://your-subdomain.okta.com/api/v1/realm-assignments/rul2jy7jLUlnO3ng00g4
            method: GET
      - id: rul2jy7jLUlnO5ng00g4
        status: ACTIVE
        name: Catch-all
        created: 2022-04-04T15:56:05.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
        isDefault: true
        conditions:
          profileSourceId: "0oa4enoRyjwSCy6hx0g4,"
          expression:
            value: string
        actions:
          assignUserToRealm:
            realmId: 00g1b7rvh0xPLKXFf2g5
        priority: 499
        _links:
          self:
            rel: self
            href: http://your-subdomain.okta.com/api/v1/realm-assignments/rul2jy7jLUlnO5ng00g4
            method: GET
    ListRealmAwareUsersResponse:
      summary: List all Users
      value:
      - id: 00u118oQYT4TBGuay0g4
        status: ACTIVE
        created: 2022-04-04T15:56:05.000Z
        activated: null
        statusChanged: null
        lastLogin: 2022-05-04T19:50:52.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
        passwordChanged: 2022-04-04T16:00:22.000Z
        type:
          id: oty1162QAr8hJjTaq0g4
        profile:
          firstName: Alice
          lastName: Smith
          mobilePhone: null
          secondEmail: null
          login: [email protected]
          email: [email protected]
        realmId: guo1afiNtSnZYILxO0g4
        credentials:
          password: {}
          provider:
            type: OKTA
            name: OKTA
        _links:
          self:
            href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
    ListRealmsResponse:
      value:
      - id: guox9jQ16k9V8IFEL0g3
        created: 2022-04-04T15:56:05.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
        isDefault: false
        profile:
          name: Car Co
          realmType: PARTNER
        _links:
          self:
            rel: self
            href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3
            method: GET
    ListRefreshTokensClientsResponse:
      summary: List all refresh tokens for a Client
      value:
      - id: "{refreshTokenId}"
        status: ACTIVE
        created: 2023-09-21T19:59:56.000Z
        lastUpdated: 2023-09-21T20:00:38.000Z
        expiresAt: 2023-09-28T20:00:38.000Z
        issuer: "https://{yourOktaDomain}/oauth2/{authorizationServerId}"
        client_id: "{clientId}"
        userId: "{userId}"
        scopes:
        - offline_access
        - openid
        _embedded:
          scopes:
          - id: "{scopeId}"
            name: openid
            displayName: openid
            description: Signals that a request is an OpenID request
            _links:
              scope:
                href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/{scopeId}"
                title: openid
          - id: "{scopeID}"
            name: offline_access
            displayName: Keep you signed in to the app
            description: "This keeps you signed in to the app, even when you aren't\
              \ using it."
            _links:
              scope:
                href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/{scopeId}"
                itle: Keep you signed in to the app
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
            title: My Web App
          authorizationServer:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}"
            title: Authorization Server name
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/clients/{clientId}/tokens/{tokenId}"
          revoke:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/clients/{clientId}/tokens/{tokenId}"
            hints:
              allow:
              - DELETE
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/{clientId}"
            title: My Web App
          user:
            href: "https://{yourOktaDomain}/api/v1/users/{userId}"
            title: Joe User
    ListRiskProviderResponse:
      summary: List Risk Provider response example
      value:
      - id: 00rp12r4skkjkjgsn
        action: log_only
        name: Risk-Partner-X
        clientId: 00ckjsfgjkdkjdkkljjsd
        created: 2021-01-05 22:18:30
        lastUpdated: 2021-01-05 22:18:30
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/risk/providers/00rp12r4skkjkjgsn"
            hints:
              allow:
              - GET
              - PUT
    ListSessionsResponseForGetSessions:
      value:
      - id: aps1qqonvr2SZv6o70h8
        identitySourceId: 0oa3l6l6WK6h0R0QW0g4
        status: CREATED
        importType: INCREMENTAL
        created: 2022-04-04T15:56:05.000Z
        lastUpdated: 2022-05-05T16:15:44.000Z
      - id: aps1quck606ngubVq0h8
        identitySourceId: 0oa3l6l6WK6h0R0QW0g4
        status: TRIGGERED
        importType: INCREMENTAL
        created: 2022-04-04T16:56:05.000Z
        lastUpdated: 2022-05-05T17:15:44.000Z
      - id: aps1qzy2acb5jDlUc0h8
        identitySourceId: 0oa3l6l6WK6h0R0QW0g4
        status: IN_PROGRESS
        importType: INCREMENTAL
        created: 2022-04-04T17:56:05.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
      - id: aps1qqne8c1JHkMdF0h8
        identitySourceId: 0oa3l6l6WK6h0R0QW0g4
        status: EXPIRED
        importType: INCREMENTAL
        created: 2022-04-04T18:56:05.000Z
        lastUpdated: 2022-05-05T19:15:44.000Z
      - id: aps1qqonvr2SZv6o70h8
        identitySourceId: 0oa3l6l6WK6h0R0QW0g4
        status: CLOSED
        importType: INCREMENTAL
        created: 2022-04-04T19:56:05.000Z
        lastUpdated: 2022-05-05T20:15:44.000Z
    ListThemesResponse:
      value:
      - id: thdul904tTZ6kWVhP0g3
        logo: "https://{yourOktaDomain}/assets/img/logos/okta-logo.47066819ac7db5c13f4c431b2687cef6.png"
        favicon: "https://{yourOktaDomain}/favicon.ico"
        backgroundImage: null
        primaryColorHex: '#1662dd'
        primaryColorContrastHex: '#000000'
        secondaryColorHex: '#ebebed'
        secondaryColorContrastHex: '#000000'
        signInPageTouchPointVariant: OKTA_DEFAULT
        endUserDashboardTouchPointVariant: OKTA_DEFAULT
        errorPageTouchPointVariant: OKTA_DEFAULT
        emailTemplateTouchPointVariant: OKTA_DEFAULT
        loadingPageTouchPointVariant: OKTA_DEFAULT
    ListUISchemaResponse:
      summary: Lists all UI Schemas response
      value:
      - id: uis4a7liocgcRgcxZ0g7
        uiSchema:
          type: Group
          label: Sign in
          buttonLabel: Submit
          elements:
          - type: Control
            scope: '#/properties/firstName'
            label: First name
            options:
              format: text
          - type: Control
            scope: '#/properties/lastName'
            label: Last name
            options:
              format: text
          - type: Control
            scope: '#/properties/email'
            label: Email
            options:
              format: text
          - type: Control
            scope: '#/properties/countryCode'
            label: Country code
            options:
              format: select
          - type: Control
            scope: '#/properties/bool2'
            label: bool2
            options:
              format: checkbox
          - type: Control
            scope: '#/properties/date'
            label: date
            options:
              format: text
          - type: Control
            scope: '#/properties/enum'
            label: enum
            options:
              format: radio
        created: 2022-07-25T12:56:31.000Z
        lastUpdated: 2022-07-26T11:53:59.000Z
        _links:
          self:
            href: https://example.com/api/v1/meta/uischemas/uis4a7liocgcRgcxZ0g7
            hints:
              allow:
              - GET
              - PUT
              - DELETE
      - id: uis4abjqkkKXVPGAU0g7
        uiSchema:
          type: Group
          label: Sign in 2
          buttonLabel: Submit
          elements:
          - type: Control
            scope: '#/properties/firstName'
            label: First name
            options:
              format: text
          - type: Control
            scope: '#/properties/lastName'
            label: Last name
            options:
              format: text
          - type: Control
            scope: '#/properties/email'
            label: Email
            options:
              format: text
          - type: Control
            scope: '#/properties/countryCode'
            label: Country code
            options:
              format: select
          - type: Control
            scope: '#/properties/bool2'
            label: bool2
            options:
              format: checkbox
          - type: Control
            scope: '#/properties/date'
            label: date
          - type: Control
            scope: '#/properties/enum'
            label: enum
            options:
              format: radio
        created: 2022-07-25T12:56:31.000Z
        lastUpdated: 2022-07-26T11:53:59.000Z
        _links:
          self:
            href: https://example.com/api/v1/meta/uischemas/uis4abjqkkKXVPGAU0g7
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    ListUserBlocksAnyDevicesResponse:
      value:
      - type: DEVICE_BASED
        appliesTo: ANY_DEVICES
    ListUserBlocksUnknownDevicesResponse:
      value:
      - type: DEVICE_BASED
        appliesTo: UNKNOWN_DEVICES
    ListUserClients:
      value:
      - client_id: 0oabskvc6442nkvQO0h7
        client_name: My App
        client_uri: null
        logo_uri: null
        _links:
          grants:
            href: "https://{yourOktaDomain}/api/v1/users/00u5t60iloOHN9pBi0h7/clients/0oabskvc6442nkvQO0h7/grants"
          tokens:
            href: "https://{yourOktaDomain}/api/v1/users/00u5t60iloOHN9pBi0h7/clients/0oabskvc6442nkvQO0h7/tokens"
    ListUserGroups:
      value:
      - id: 0gabcd1234
        profile:
          name: Cloud App Users
          description: Users can access cloud apps
      - id: 0gefgh5678
        profile:
          name: Internal App Users
          description: Users can access internal apps
    ListUsersResponse:
      summary: List all Users
      value:
      - id: 00u118oQYT4TBTemp0g4
        status: ACTIVE
        created: 2022-04-04T15:56:05.000Z
        activated: null
        statusChanged: null
        lastLogin: 2022-05-04T19:50:52.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
        passwordChanged: 2022-04-04T16:00:22.000Z
        type:
          id: oty1162QAr8hJjTaq0g4
        profile:
          firstName: Alice
          lastName: Smith
          mobilePhone: null
          secondEmail: null
          login: [email protected]
          email: [email protected]
        credentials:
          password: {}
          provider:
            type: OKTA
            name: OKTA
        _links:
          self:
            href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
    ListYubikeyOptTokensResponse:
      summary: List Yubikey OPT Token response
      value:
      - id: ykkwcx13nrDq8g4oy0g3
        created: 2020-01-14T21:53:09.000Z
        lastVerified: 2020-01-14T21:53:06.000Z
        lastUpdated: 2020-01-14T21:53:09.000Z
        status: UNASSIGNED
        profile:
          serial: "000003632071"
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/org/factors/yubikey_token/tokens/ykkwcx13nrDq8g4oy0g3"
            hints:
              allow:
              - GET
              - DELETE
      - id: ykkxdtCA1fKVxyu6R0g3
        created: 2020-06-09T23:42:05.000Z
        activated: 2020-06-09T23:47:29.000Z
        lastVerified: 2020-06-09T23:47:29.000Z
        lastUpdated: 2020-06-09T23:47:29.000Z
        status: ACTIVE
        profile:
          serial: "000009508427"
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/org/factors/yubikey_token/tokens/ykkxdtCA1fKVxyu6R0g3"
            hints:
              allow:
              - GET
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00uu0x8sxTr9HcHOo0g3"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/users/00uu0x8sxTr9HcHOo0g3/factors/ykfxduQAhl89YyPrV0g3"
            hints:
              allow:
              - DELETE
    ListsAllUserTypes:
      summary: Lists all user types
      value:
      - id: otyfnly5cQjJT9PnR0g4
        displayName: New User Type
        name: newUserType
        description: A new custom user type
        createdBy: sprz9fj1ycBcsgopy1d6
        lastUpdatedBy: sprz9fj1ycBcsgopy1d6
        created: 2021-07-05T20:40:38.000Z
        lastUpdated: 2021-07-05T20:40:38.000Z
        default: false
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
          schema:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
      - id: otyz9fj2jMiRBC1ZT1d6
        displayName: User
        name: user
        description: Okta user profile template with default permission settings
        createdBy: sprz9fj1ycBcsgopy1d6
        lastUpdatedBy: sprz9fj1ycBcsgopy1d6
        created: 2021-07-05T20:40:38.000Z
        lastUpdated: 2021-07-05T20:40:38.000Z
        default: true
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
          schema:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
    ListsOwnerOneResponse:
      summary: Lists a response with one owner
      value:
      - id: 00g1gae1k0znUcLuU0h8
        type: GROUP
        resolved: true
        originId: "null"
        originType: OKTA_DIRECTORY
        displayName: Product & Engineering
        lastUpdated: 2023-03-29 18:18:37.0
    ListsOwnersMultipleResponse:
      summary: Lists a response with multiple owners
      value:
      - id: 00u1cmbqjkkmFXeqb0h8
        type: USER
        resolved: true
        originId: "null"
        originType: OKTA_DIRECTORY
        displayName: Mabel Mora
        lastUpdated: 2023-03-29T18:30:58.000Z
      - id: 00u1cmc52x5B86cnZ0h8
        type: USER
        resolved: true
        originId: "null"
        originType: OKTA_DIRECTORY
        displayName: Cinda Canning
        lastUpdated: 2023-03-29T18:30:55.000Z
    LogStreamActivateResponse:
      summary: Activate Log Stream response
      value:
        id: 0oa1orqUGCIoCGNxf0g4
        type: aws_eventbridge
        name: Example AWS EventBridge
        lastUpdated: 2023-03-24T21:22:43.000Z
        created: 2023-03-24T21:02:43.000Z
        status: ACTIVE
        settings:
          accountId: "123456789012"
          eventSourceName: your-event-source-name
          region: us-east-2
        _links:
          self:
            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4"
            method: GET
          deactivate:
            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate"
            method: POST
    LogStreamDeactivateResponse:
      summary: Deactivate Log Stream response
      value:
        id: 0oa7agphh5FT7H521d7
        type: splunk_cloud_logstreaming
        name: Splunk Cloud Example
        lastUpdated: 2023-03-24T21:23:00.000Z
        created: 2023-03-24T21:15:13.000Z
        status: INACTIVE
        settings:
          edition: aws
          host: okexample.splunkcloud.com
        _links:
          self:
            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa7agphh5FT7H521d7"
            method: GET
          activate:
            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa7agphh5FT7H521d7/lifecycle/activate"
            method: POST
    LogStreamGetAllResponse:
      summary: Lists all Log Streams
      value:
      - id: 0oa1orqUGCIoCGNxf0g4
        type: aws_eventbridge
        name: Example AWS EventBridge
        lastUpdated: 2023-03-24T21:02:43.000Z
        created: 2023-03-24T21:02:43.000Z
        status: ACTIVE
        settings:
          accountId: "123456789012"
          eventSourceName: your-event-source-name
          region: us-east-2
        _links:
          self:
            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4"
            method: GET
          deactivate:
            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate"
            method: POST
    LogStreamPostRequest:
      summary: Create an AWS EventBridge Log Stream
      value:
        type: aws_eventbridge
        name: Example AWS EventBridge
        settings:
          eventSourceName: your-event-source-name
          accountId: "123456789012"
          region: us-east-2
    LogStreamPostResponse:
      summary: AWS EventBridge Log Stream response
      value:
        id: 0oa1orqUGCIoCGNxf0g4
        type: aws_eventbridge
        name: Example AWS EventBridge
        lastUpdated: 2023-03-24T21:02:43.000Z
        created: 2023-03-24T21:02:43.000Z
        status: ACTIVE
        settings:
          accountId: "123456789012"
          eventSourceName: your-event-source-name
          region: us-east-2
        _links:
          self:
            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4"
            method: GET
          deactivate:
            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate"
            method: POST
    LogStreamPutRequest:
      summary: Replace AWS EventBridge name
      value:
        type: aws_eventbridge
        name: Updated AWS EventBridge
        settings:
          eventSourceName: your-event-source-name
          accountId: "123456789012"
          region: us-east-2
    LogStreamPutResponse:
      summary: Replace AWS EventBridge name response
      value:
        id: 0oa1orqUGCIoCGNxf0g4
        type: aws_eventbridge
        name: Updated AWS EventBridge
        lastUpdated: 2023-03-24T21:12:43.000Z
        created: 2023-03-24T21:02:43.000Z
        status: ACTIVE
        settings:
          accountId: "123456789012"
          eventSourceName: your-event-source-name
          region: us-east-2
        _links:
          self:
            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4"
            method: GET
          deactivate:
            href: "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate"
            method: POST
    LogStreamSchemaAws:
      value:
        $schema: https://json-schema.org/draft/2020-12/schema
        $id: "http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge"
        title: AWS EventBridge
        type: object
        properties:
          settings:
            description: Configuration properties specific to AWS EventBridge
            type: object
            properties:
              accountId:
                title: AWS Account ID
                description: Your Amazon AWS Account ID.
                type: string
                writeOnce: true
                pattern: "^\\d{12}$"
              eventSourceName:
                title: AWS Event Source Name
                description: An alphanumeric name (no spaces) to identify this event
                  source in AWS EventBridge.
                type: string
                writeOnce: true
                pattern: "^[\\.\\-_A-Za-z0-9]{1,75}$"
              region:
                title: AWS Region
                description: The destination AWS region for your system log events.
                type: string
                writeOnce: true
                oneOf:
                - title: US East (Ohio)
                  const: us-east-2
                - title: US East (N. Virginia)
                  const: us-east-1
                - title: US West (N. California)
                  const: us-west-1
                - title: US West (Oregon)
                  const: us-west-2
                - title: Canada (Central)
                  const: ca-central-1
                - title: Europe (Frankfurt)
                  const: eu-central-1
                - title: Europe (Ireland)
                  const: eu-west-1
                - title: Europe (London)
                  const: eu-west-2
                - title: Europe (Paris)
                  const: eu-west-3
                - title: Europe (Milan)
                  const: eu-south-1
                - title: Europe (Stockholm)
                  const: eu-north-1
            required:
            - eventSourceName
            - accountId
            - region
            errorMessage:
              properties:
                accountId: Account number must be 12 digits.
                eventSourceName: "Event source name can use numbers, letters, the\
                  \ symbols \".\", \"-\" or \"_\". It must use fewer than 76 characters."
          name:
            title: Name
            description: A name for this log stream in Okta
            type: string
            writeOnce: false
            pattern: "^.{1,100}$"
        required:
        - name
        - settings
        errorMessage:
          properties:
            name: Name can't exceed 100 characters.
    LogStreamSchemaList:
      value:
      - $schema: https://json-schema.org/draft/2020-12/schema
        $id: "http://{yourOktaDomain}/api/v1/meta/schemas/logStream/aws_eventbridge"
        title: AWS EventBridge
        type: object
        properties:
          settings:
            description: Configuration properties specific to AWS EventBridge
            type: object
            properties:
              accountId:
                title: AWS Account ID
                description: Your Amazon AWS Account ID.
                type: string
                writeOnce: true
                pattern: "^\\d{12}$"
              eventSourceName:
                title: AWS Event Source Name
                description: An alphanumeric name (no spaces) to identify this event
                  source in AWS EventBridge.
                type: string
                writeOnce: true
                pattern: "^[\\.\\-_A-Za-z0-9]{1,75}$"
              region:
                title: AWS Region
                description: The destination AWS region for your system log events.
                type: string
                writeOnce: true
                oneOf:
                - title: US East (Ohio)
                  const: us-east-2
                - title: US East (N. Virginia)
                  const: us-east-1
                - title: US West (N. California)
                  const: us-west-1
                - title: US West (Oregon)
                  const: us-west-2
                - title: Canada (Central)
                  const: ca-central-1
                - title: Europe (Frankfurt)
                  const: eu-central-1
                - title: Europe (Ireland)
                  const: eu-west-1
                - title: Europe (London)
                  const: eu-west-2
                - title: Europe (Paris)
                  const: eu-west-3
                - title: Europe (Milan)
                  const: eu-south-1
                - title: Europe (Stockholm)
                  const: eu-north-1
            required:
            - eventSourceName
            - accountId
            - region
            errorMessage:
              properties:
                accountId: Account number must be 12 digits.
                eventSourceName: "Event source name can use numbers, letters, the\
                  \ symbols \".\", \"-\" or \"_\". It must use fewer than 76 characters."
          name:
            title: Name
            description: A name for this log stream in Okta
            type: string
            writeOnce: false
            pattern: "^.{1,100}$"
        required:
        - name
        - settings
        errorMessage:
          properties:
            name: Name can't exceed 100 characters.
      - $schema: https://json-schema.org/draft/2020-12/schema
        id: "http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming"
        title: Splunk Cloud
        type: object
        properties:
          settings:
            description: Configuration properties specific to Splunk Cloud
            type: object
            properties:
              host:
                title: Host
                description: "The domain for your Splunk Cloud instance without http\
                  \ or https. For example: acme.splunkcloud.com"
                type: string
                writeOnce: false
                pattern: "^([a-z0-9]+(-[a-z0-9]+)*){1,100}\\.splunkcloud(gc|fed)?\\\
                  .com$"
              token:
                title: HEC Token
                description: The token from your Splunk Cloud HTTP Event Collector
                  (HEC).
                type: string
                writeOnce: false
                pattern: "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"
            required:
            - host
            - token
            errorMessage:
              properties:
                host: "Host should be a domain without http or https. For example:\
                  \ acme.splunkcloud.com"
          name:
            title: Name
            description: A name for this log stream in Okta
            type: string
            writeOnce: false
            pattern: "^.{1,100}$"
        required:
        - name
        - settings
        errorMessage:
          properties:
            name: Name can't exceed 100 characters.
    LogStreamSchemaSplunk:
      value:
        $schema: https://json-schema.org/draft/2020-12/schema
        id: "http://{yourOktaDomain}/api/v1/meta/schemas/logStream/splunk_cloud_logstreaming"
        title: Splunk Cloud
        type: object
        properties:
          settings:
            description: Configuration properties specific to Splunk Cloud
            type: object
            properties:
              host:
                title: Host
                description: "The domain for your Splunk Cloud instance without http\
                  \ or https. For example: acme.splunkcloud.com"
                type: string
                writeOnce: false
                pattern: "^([a-z0-9]+(-[a-z0-9]+)*){1,100}\\.splunkcloud(gc|fed)?\\\
                  .com$"
              token:
                title: HEC Token
                description: The token from your Splunk Cloud HTTP Event Collector
                  (HEC).
                type: string
                writeOnce: false
                pattern: "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"
            required:
            - host
            - token
            errorMessage:
              properties:
                host: "Host should be a domain without http or https. For example:\
                  \ acme.splunkcloud.com"
          name:
            title: Name
            description: A name for this log stream in Okta
            type: string
            writeOnce: false
            pattern: "^.{1,100}$"
        required:
        - name
        - settings
        errorMessage:
          properties:
            name: Name can't exceed 100 characters.
    LogTargetChangeDetails:
      summary: Example of the `changeDetails` property on the target
      value:
        from:
          vpnLocationOptions: DISABLED
          vpnSettingsZones:
            include: null
            exclude: null
        to:
          message: You must a use VPN to connect to this application
          vpnLocationOptions: ZONE
          vpnSettingsZones:
            include:
            - ALL_ZONES
            exclude: null
    MicrosoftIdPResponse:
      summary: Microsoft Identity Provider
      value:
        id: 0oajmvdFawBih4gey0g3
        type: MICROSOFT
        name: Microsoft
        status: ACTIVE
        created: 2016-03-29T16:47:36.000Z
        lastUpdated: 2016-03-29T16:47:36.000Z
        protocol:
          type: OIDC
          endpoints:
            authorization:
              url: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
              binding: HTTP-REDIRECT
            token:
              url: https://login.microsoftonline.com/common/oauth2/v2.0/token
              binding: HTTP-POST
          scopes:
          - openid
          - email
          - profile
          - https://graph.microsoft.com/User.Read
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: |-
              https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oajmvdFawBih4gey0g3&
                        client_id={clientId}&response_type={responseType}&response_mode={responseMode}&
                        scope={scopes}&redirect_uri={redirectUri}&state={state}
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
    MultipleIdPCsrsResponse:
      summary: Identity Provider CSRs
      value:
      - id: h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50
        created: 2017-03-28T01:11:10.000Z
        csr: MIIC4DCCAcgCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk9rdGEsIEluYy4xDDAKBgNVBAsMA0RldjESMBAGA1UEAwwJU1AgSXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6m8jHVCr9/tKvvbFN59T4raoCs/78KRm4fSefHQOv1TKLXo4wTLbsqYWRWc5u0sd5orUMQgPQOyj3i6qh13mALY4BzrT057EG1BUNjGg29QgYlnOk2iX890e5BIDMQQEIKFrvOi2V8cLUkLvE2ydRn0VO1Q1frbUkYeStJYC5Api2JQsYRwa+1ZeDH1ITnIzUaugWhW2WB2lSnwZkenne5KtffxMPYVu+IhNRHoKaRA6Z51YNhMJIx17JM2hs/H4Ka3drk6kzDf7ofk/yBpb9yBWyU7CTSQhdoHidxqFprMDaT66W928t3AeOENHBuwn8c2K9WeGG+bELNyQRJVmawIDAQABoCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxkZXYub2t0YS5jb20wDQYJKoZIhvcNAQELBQADggEBAA2hsVJRVM+A83X9MekjTnIbt19UNT8wX7wlE9jUKirWsxceLiZBpVGn9qfKhhVIpvdaIRSeoFYS2Kg/m1G6bCvjmZLcrQ5FcEBjZH2NKfNppGVnfC2ugtUkBtCB+UUzOhKhRKJtGugenKbP33zRWWIqnd2waF6Cy8TIuqQVPbwEDN9bCbAs7ND6CFYNguY7KYjWzQOeAR716eqpEEXuPYAS4nx/ty4ylonR8cv+gpq51rvq80A4k/36aoeM0Y6I4w64vhTfuvWW2UYFUD+/+y2FA2CSP4JfctySrf1s525v6fzTFZ3qZbB5OZQtP2b8xYWktMzywsxGKDoVDB4wkH4=
        kty: RSA
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/idps/0oad5lTSBOMUBOBVVQSC/credentials/csrs/h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50"
            hints:
              allow:
              - GET
              - DELETE
          publish:
            href: "https://{yourOktaDomain}/api/v1/idps/0oad5lTSBOMUBOBVVQSC/credentials/csrs/h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50/lifecycle/publish"
            hints:
              allow:
              - POST
      - id: -_-BFwAGoUYN-DDvsSKQFdx7OXaPZqrEPpFDO1hu-rg
        created: 2017-03-28T01:21:10.000Z
        csr: MIIC4DCCAcgCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk9rdGEsIEluYy4xDDAKBgNVBAsMA0RldjESMBAGA1UEAwwJU1AgSXNzdWVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6m8jHVCr9/tKvvbFN59T4raoCs/78KRm4fSefHQOv1TKLXo4wTLbsqYWRWc5u0sd5orUMQgPQOyj3i6qh13mALY4BzrT057EG1BUNjGg29QgYlnOk2iX890e5BIDMQQEIKFrvOi2V8cLUkLvE2ydRn0VO1Q1frbUkYeStJYC5Api2JQsYRwa+1ZeDH1ITnIzUaugWhW2WB2lSnwZkenne5KtffxMPYVu+IhNRHoKaRA6Z51YNhMJIx17JM2hs/H4Ka3drk6kzDf7ofk/yBpb9yBWyU7CTSQhdoHidxqFprMDaT66W928t3AeOENHBuwn8c2K9WeGG+bELNyQRJVmawIDAQABoCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggxkZXYub2t0YS5jb20wDQYJKoZIhvcNAQELBQADggEBAA2hsVJRVM+A83X9MekjTnIbt19UNT8wX7wlE9jUKirWsxceLiZBpVGn9qfKhhVIpvdaIRSeoFYS2Kg/m1G6bCvjmZLcrQ5FcEBjZH2NKfNppGVnfC2ugtUkBtCB+UUzOhKhRKJtGugenKbP33zRWWIqnd2waF6Cy8TIuqQVPbwEDN9bCbAs7ND6CFYNguY7KYjWzQOeAR716eqpEEXuPYAS4nx/ty4ylonR8cv+gpq51rvq80A4k/36aoeM0Y6I4w64vhTfuvWW2UYFUD+/+y2FA2CSP4JfctySrf1s525v6fzTFZ3qZbB5OZQtP2b8xYWktMzywsxGKDoVDB4wkH4=
        kty: RSA
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/idps/0oad5lTSBOMUBOBVVQSC/credentials/csrs/-_-BFwAGoUYN-DDvsSKQFdx7OXaPZqrEPpFDO1hu-rg"
            hints:
              allow:
              - GET
              - DELETE
          publish:
            href: "https://{yourOktaDomain}/api/v1/idps/0oad5lTSBOMUBOBVVQSC/credentials/csrs/-_-BFwAGoUYN-DDvsSKQFdx7OXaPZqrEPpFDO1hu-rg/lifecycle/publish"
            hints:
              allow:
              - POST
    MultipleIdPKeyCredentialsResponse:
      summary: Identity Provider Key Credentials
      value:
      - kid: your-key-id
        created: 2016-01-03T18:15:47.000Z
        lastUpdated: 2016-01-03T18:15:47.000Z
        e: "65537"
        "n": "101438407598598116085679865987760095721749307901605456708912786847324207000576780508113360584555007890315805735307890113536927352312915634368993759211767770602174860126854831344273970871509573365292777620005537635317282520456901584213746937262823585533063042033441296629204165064680610660631365266976782082747"
        kty: RSA
        use: sig
        x5c:
        - MIIDnjCCAoagAwIBAgIGAVG3MN+PMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB2V4YW1wbGUxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMTUxMjE4MjIyMjMyWhcNMjUxMjE4MjIyMzMyWjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdleGFtcGxlMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcnyvuVCrsFEKCwHDenS3Ocjed8eWDv3zLtD2K/iZfE8BMj2wpTfn6Ry8zCYey3mWlKdxIybnV9amrujGRnE0ab6Q16v9D6RlFQLOG6dwqoRKuZy33Uyg8PGdEudZjGbWuKCqqXEp+UKALJHV+k4wWeVH8g5d1n3KyR2TVajVJpCrPhLFmq1Il4G/IUnPe4MvjXqB6CpKkog1+ThWsItPRJPAM+RweFHXq7KfChXsYE7Mmfuly8sDQlvBmQyxZnFHVuiPfCvGHJjpvHy11YlHdOjfgqHRvZbmo30+y0X/oY/yV4YEJ00LL6eJWU4wi7ViY3HP6/VCdRjHoRdr5L/DwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCzzhOFkvyYLNFj2WDcq1YqD4sBy1iCia9QpRH3rjQvMKDwQDYWbi6EdOX0TQ/IYR7UWGj+2pXd6v0t33lYtoKocp/4lUvT3tfBnWZ5KnObi+J2uY2teUqoYkASN7F+GRPVOuMVoVgm05ss8tuMb2dLc9vsx93sDt+XlMTv/2qi5VPwaDtqduKkzwW9lUfn4xIMkTiVvCpe0X2HneD2Bpuao3/U8Rk0uiPfq6TooWaoW3kjsmErhEAs9bA7xuqo1KKY9CdHcFhkSsMhoeaZylZHtzbnoipUlQKSLMdJQiiYZQ0bYL83/Ta9fulr1EERICMFt3GUmtYaZZKHpWSfdJp9
        x5t#S256: wzPVobIrveR1x-PCbjsFGNV-6zn7Rm9KuOWOG4Rk6jE
      - kty: EC
        created: 2020-04-24T20:51:20.000Z
        lastUpdated: 2020-04-24T20:51:20.000Z
        expiresAt: 2040-03-01T20:22:29.000Z
        alg: EC
        x5c:
        - MIICqDCCAgqgAwIBAgIJAOkmCa/S8dHiMAoGCCqGSM49BAMCMG0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRAwDgYDVQQKDAdKYW5reUNvMR8wHQYDVQQDDBZUZXN0IElkZW50aXR5IFByb3ZpZGVyMB4XDTIwMDMwNjIwMjIyOVoXDTQwMDMwMTIwMjIyOVowbTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB0phbmt5Q28xHzAdBgNVBAMMFlRlc3QgSWRlbnRpdHkgUHJvdmlkZXIwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABABW/lGHl17mKDtCD4D7gcMYYOWgyWTGno8MTefDOABA8PddessTsbfrguF49Gli6lCzrZaAKhhvgINc3R6t/dYleAE3lY6LAocOoLe9xDkeggXNcSuP5fDc1x5R9GHTXl44vLoJOLSLsMbOXVMXIXoqbPDzTSYUy24aFdv4W4LZxW6ak6NQME4wHQYDVR0OBBYEFChTXNWvs4z1qjRVemPDD/hqlDQ4MB8GA1UdIwQYMBaAFChTXNWvs4z1qjRVemPDD/hqlDQ4MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDgYsAMIGHAkIBuDhHMNLbBIsorbKtjxJzHJ2ItCSD2wAwqYv/6JBtA2ulKN5gRTSqdNCnqFsZ1/nYY7FFVXHEuQ2N3pPq7Ri8h84CQSgCq1UQyd0lFtb7+57JbiGb6LVaRqRm7vwx8zLRA+tVjIM1DlQ2Gbxkj3nlkzmM93j9wchiqGdQidyKnF6EBnfd
        x: Vv5Rh5de5ig7Qg-A-4HDGGDloMlkxp6PDE3nwzgAQPD3XXrLE7G364LhePRpYupQs62WgCoYb4CDXN0erf3WJXg
        "y": ATeVjosChw6gt73EOR6CBc1xK4_l8NzXHlH0YdNeXji8ugk4tIuwxs5dUxcheips8PNNJhTLbhoV2_hbgtnFbpqT
        crv: P-521
        kid: your-kid
        use: sig
        x5t#S256: TUx-AIwypm2pZURHNqafk7ZDxqQP_ypzIyUwDDnPOlw
    MultipleIdPSigningKeyCredentialsResponse:
      summary: Identity Provider Signing Key Credentials
      value:
      - created: 2015-12-10T18:56:23.000Z
        expiresAt: 2017-12-10T18:56:22.000Z
        x5c:
        - MIIDqDCCApCgAwIBAgIGAVGNQFX5MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODU1MjJaFw0xNzEyMTAxODU2MjJaMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJJjrcnI6cXBiXNq9YDgfYrQe2O5qEHG4MXP8Ue0sMeefFkFEHYHnHUeZCq6WTAGqR+1LFgOl+Eq9We5V+qNlGIfkFkQ3iHGBrIALKqLCd0Et76HicDiegz7j9DtN+lo0hG/gfcw5783L5g5xeQ7zVmCQMkFwoUA0uA3bsfUSrmfORHJL+EMNQT8XIXD8NkG4g6u7ylHVRTLgXbe+W/p04m3EP6l41xl+MhIpBaPxDsyUvcKCNwkZN3aZIin1O9Y4YJuDHxrM64/VtLLp0sC05iawAmfsLunF7rdJAkWUpPn+xkviyNQ3UpvwAYuDr+jKLUdh2reRnm1PezxMIXzBVMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEARnFIjyitrCGbleFr3KeAwdOyeHiRmgeKupX5ZopgXtcseJoToUIinX5DVw2fVZPahqs0Q7/a0wcVnTRpw6946qZCwKd/PvZ1feVuVEA5Ui3+XvHuSH5xLp7NvYG1snNEvlbN3+NDUMlWj2NEbihowUBt9+UxTpQO3+N08q3aZk3hOZ+tHt+1Te7KEEL/4CM28GZ9MY7fSrS7MAgp1+ZXtn+kRlMrXnQ49qBda37brwDRqmSY9PwNMbev3r+9ZHwxr9W5wXW4Ev4C4xngA7RkVoyDbItSUho0I0M0u/LHuppclnXrw97xyO5Z883eIBvPVjfRcxsJxXJ8jx70ATDskw==
        kid: akm5hvbbevE341ovl0h7
        kty: RSA
        use: sig
        x5t#S256: 5GOpy9CQVtfvBmu2T8BHvpKE4OGtC3BuS046t7p9pps
      - created: 2015-12-10T18:55:35.000Z
        expiresAt: 2045-01-23T02:15:23.000Z
        x5c:
        - MIIDqDCCApCgAwIBAgIGAVGNQFX5MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTAeFw0xNTEyMTAxODU1MjJaFw0xNzEyMTAxODU2MjJaMIGUMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGJhbGFjb21wdGVzdDEcMBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJJjrcnI6cXBiXNq9YDgfYrQe2O5qEHG4MXP8Ue0sMeefFkFEHYHnHUeZCq6WTAGqR+1LFgOl+Eq9We5V+qNlGIfkFkQ3iHGBrIALKqLCd0Et76HicDiegz7j9DtN+lo0hG/gfcw5783L5g5xeQ7zVmCQMkFwoUA0uA3bsfUSrmfORHJL+EMNQT8XIXD8NkG4g6u7ylHVRTLgXbe+W/p04m3EP6l41xl+MhIpBaPxDsyUvcKCNwkZN3aZIin1O9Y4YJuDHxrM64/VtLLp0sC05iawAmfsLunF7rdJAkWUpPn+xkviyNQ3UpvwAYuDr+jKLUdh2reRnm1PezxMIXzBVMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEARnFIjyitrCGbleFr3KeAwdOyeHiRmgeKupX5ZopgXtcseJoToUIinX5DVw2fVZPahqs0Q7/a0wcVnTRpw6946qZCwKd/PvZ1feVuVEA5Ui3+XvHuSH5xLp7NvYG1snNEvlbN3+NDUMlWj2NEbihowUBt9+UxTpQO3+N08q3aZk3hOZ+tHt+1Te7KEEL/4CM28GZ9MY7fSrS7MAgp1+ZXtn+kRlMrXnQ49qBda37brwDRqmSY9PwNMbev3r+9ZHwxr9W5wXW4Ev4C4xngA7RkVoyDbItSUho0I0M0u/LHuppclnXrw97xyO5Z883eIBvPVjfRcxsJxXJ8jx70ATDskw==
        kid: akm5hvbn1vojA9Fsa0h7
        kty: RSA
        use: sig
        x5t#S256: 7CCyXWwKzH4P6PoBP91B1S_iIZVzuGffVnUXu-BTYQQ
    MultipleIdPsResponse:
      summary: Multiple Identity Providers
      value:
      - id: 0oa62b57p7c8PaGpU0h7
        type: FACEBOOK
        name: Facebook
        status: ACTIVE
        created: 2016-03-24T23:18:27.000Z
        lastUpdated: 2016-03-24T23:18:27.000Z
        protocol:
          type: OAUTH2
          endpoints:
            authorization:
              url: https://www.facebook.com/dialog/oauth
              binding: HTTP-REDIRECT
            token:
              url: https://graph.facebook.com/v2.5/oauth/access_token
              binding: HTTP-POST
          scopes:
          - public_profile
          - email
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oa62b57p7c8PaGpU0h7&client_id={clientId}&response_type={responseType}&response_mode={responseMode}&scope={scopes}&redirect_uri={redirectUri}&state={state}"
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
      - id: 0oa62bc8wppPw0UGr0h7
        type: SAML2
        name: Example SAML IdP
        status: ACTIVE
        created: 2016-03-24T23:14:54.000Z
        lastUpdated: 2016-03-24T23:14:54.000Z
        protocol:
          type: SAML2
          endpoints:
            sso:
              url: https://idp.example.com
              binding: HTTP-POST
              destination: https://idp.example.com
            acs:
              binding: HTTP-POST
              type: INSTANCE
          algorithms:
            request:
              signature:
                algorithm: SHA-256
                scope: REQUEST
            response:
              signature:
                algorithm: SHA-256
                scope: ANY
          settings:
            nameFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
          credentials:
            trust:
              issuer: https://idp.example.com
              audience: http://www.okta.com/123
              kid: your-key-id
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: saml.subjectNameId
            filter: (\S+@example\.com)
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          metadata:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bc8wppPw0UGr0h7/metadata.xml"
            type: application/xml
            hints:
              allow:
              - GET
          acs:
            href: "https://{yourOktaDomain}/sso/saml2/0oa62bc8wppPw0UGr0h7"
            type: application/xml
            hints:
              allow:
              - POST
          users:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bc8wppPw0UGr0h7/users"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bc8wppPw0UGr0h7/lifecycle/deactivate"
            hints:
              allow:
              - POST
      - id: 0oa62bfdiumsUndnZ0h7
        type: GOOGLE
        name: Google
        status: ACTIVE
        created: 2016-03-24T23:21:49.000Z
        lastUpdated: 2016-03-24T23:21:49.000Z
        protocol:
          type: OIDC
          endpoints:
            authorization:
              url: https://accounts.google.com/o/oauth2/auth
              binding: HTTP-REDIRECT
            token:
              url: https://www.googleapis.com/oauth2/v3/token
              binding: HTTP-POST
          scopes:
          - profile
          - email
          - openid
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oa62bfdiumsUndnZ0h7&client_id={clientId}&response_type={responseType}&response_mode={responseMode}&scope={scopes}&redirect_uri={redirectUri}&state={state}"
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
      - id: 0oa62bfdjnK55Z5x80h7
        type: LINKEDIN
        name: LinkedIn
        status: ACTIVE
        created: 2016-03-24T23:23:59.000Z
        lastUpdated: 2016-03-24T23:23:59.000Z
        protocol:
          type: OAUTH2
          endpoints:
            authorization:
              url: https://www.linkedin.com/uas/oauth2/authorization
              binding: HTTP-REDIRECT
            token:
              url: https://www.linkedin.com/uas/oauth2/accessToken
              binding: HTTP-POST
          scopes:
          - r_basicprofile
          - r_emailaddress
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oa62bfdjnK55Z5x80h7&client_id={clientId}&response_type={responseType}&response_mode={responseMode}&scope={scopes}&redirect_uri={redirectUri}&state={state}"
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
      - id: 0oajmvdFawBih4gey0g3
        type: MICROSOFT
        name: Microsoft
        status: ACTIVE
        created: 2016-03-29T16:47:36.000Z
        lastUpdated: 2016-03-29T16:47:36.000Z
        protocol:
          type: OIDC
          endpoints:
            authorization:
              url: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
              binding: HTTP-REDIRECT
            token:
              url: https://login.microsoftonline.com/common/oauth2/v2.0/token
              binding: HTTP-POST
          scopes:
          - openid
          - email
          - profile
          - https://graph.microsoft.com/User.Read
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.userPrincipalName
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oajmvdFawBih4gey0g3&client_id={clientId}&response_type={responseType}&response_mode={responseMode}&scope={scopes}&redirect_uri={redirectUri}&state={state}"
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
      - id: 0oaulob4BFVa4zQvt0g3
        type: OIDC
        name: Example OpenID Connect IdP
        status: ACTIVE
        created: 2019-02-07T20:07:47.000Z
        lastUpdated: 2019-02-07T20:07:47.000Z
        protocol:
          type: OIDC
          endpoints:
            authorization:
              url: https://idp.example.com/authorize
              binding: HTTP-REDIRECT
            token:
              url: https://idp.example.com/token
              binding: HTTP-POST
            userInfo:
              url: https://idp.example.com/userinfo
              binding: HTTP-REDIRECT
            jwks:
              url: https://idp.example.com/keys
              binding: HTTP-REDIRECT
          scopes:
          - openid
          issuer:
            url: https://idp.example.com
          credentials:
            client:
              client_id: your-client-id
              client_secret: your-client-secret
        policy:
          provisioning:
            action: AUTO
            profileMaster: false
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.email
            filter: null
            matchType: USERNAME
            matchAttribute: null
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          authorize:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize?idp=0oaulob4BFVa4zQvt0g3&client_id={clientId}&response_type={responseType}&response_mode={responseMode}&scope={scopes}&redirect_uri={redirectUri}&state={state}&nonce={nonce}"
            templated: true
            hints:
              allow:
              - GET
          clientRedirectUri:
            href: "https://{yourOktaDomain}/oauth2/v1/authorize/callback"
            hints:
              allow:
              - POST
      - id: 0oa6jxasyhwM2ZHJh0g4
        type: X509
        name: Smart Card IDP Name
        status: ACTIVE
        created: 2020-01-07T00:19:27.000Z
        lastUpdated: 2020-01-07T00:19:27.000Z
        properties:
          additionalAmr:
          - sc
          - hwk
          - pin
          - mfa
        protocol:
          type: MTLS
          endpoints:
            sso:
              url: "https://{yourOktaDomain}.okta.com/login/cert"
          credentials:
            trust:
              issuer: "CN=Test Smart Card, OU=Test OU, O=Test O, C=US"
              audience: null
              kid: 45dec5ff-8cdc-48c0-85fe-a4869f1753dc
              revocation: CRL
              revocationCacheLifetime: 2880
        policy:
          provisioning:
            action: DISABLED
            profileMaster: false
            groups: null
          subject:
            userNameTemplate:
              template: idpuser.subjectAltNameEmail
            filter: null
            matchType: EMAIL
            matchAttribute: null
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          deactivate:
            href: "https://{yourOktaDomain}.okta.com/api/v1/idps/0oa6jxasyhwM2ZHJh0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
          users:
            href: "https://{yourOktaDomain}.okta.com/api/v1/idps/0oa6jxasyhwM2ZHJh0g4/users"
            hints:
              allow:
              - GET
          keys:
            href: "https://{yourOktaDomain}.okta.com/api/v1/idps/credentials/keys/45dec5ff-8cdc-48c0-85fe-a4869f1753dc"
            hints:
              allow:
              - GET
    NextAuthorizationServerKey:
      summary: Next Authorization Server Key
      value:
        status: NEXT
        alg: RS256
        e: AQAB
        "n": l1hZ_g2sgBE3oHvu34T-5XP18FYJWgtul_nRNg-5xra5ySkaXEOJUDRERUG0HrR42uqf9jYrUTwg9fp-SqqNIdHRaN8EwRSDRsKAwK
          3 HIJ2NJfgmrrO2ABkeyUq6rzHxAumiKv1iLFpSawSIiTEBJERtUCDcjbbqyHVFuivIFgH8L37
          - XDIDb0XG - R8DOoOHLJPTpsgH - rJe M5w96VIRZInsGC5OGWkFdtgk6OkbvVd7_TXcxLCpWeg1vlbmX
          - 0 TmG5yjSj7ek05txcpxIqYu - 7 FIGT0KKvXge_BOSEUlJpBhLKU28 OtsOnmc3NLIGXB
          - GeDiUZiBYQdPR - myB4ZoQ
        kid: Y3vBOdYT-l-I0j-gRQ26XjutSX00TeWiSguuDhW3ngo
        kty: RSA
        use: sig
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/keys/Y3vBOdYT-l-I0j-gRQ26XjutSX00TeWiSguuDhW3ngo"
            hints:
              allow:
              - GET
    NzErrorApiValidationFailed:
      summary: API Validation Failed
      value:
        errorCode: E0000003
        errorSummary: The request body was not well-formed.
        errorLink: E0000003
        errorId: samplewNxQUR9iohr4QYlD0eg
        errorCauses: []
    NzErrorResourceNotFound:
      summary: Resource Not Found
      value:
        errorCode: E0000007
        errorSummary: "Not found: Resource not found: itd (NetworkZone)"
        errorLink: E0000007
        errorId: samplejCSVaKFDkCMElmKQ
        errorCauses: []
    OAuth2RefreshTokenResponseEx:
      summary: OAuth 2.0 refresh token example
      value:
        id: oar579Mcp7OUsNTlo0g3
        status: ACTIVE
        created: 2023-03-09T03:18:06.000Z
        lastUpdated: 2023-03-09T03:18:06.000Z
        expiresAt: 2023-03-16T03:18:06.000Z
        issuer: "https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7"
        clientId: 0oabskvc6442nkvQO0h7
        userId: 00u5t60iloOHN9pBi0h7
        scopes:
        - offline_access
        - car:drive
        _embedded:
          scopes:
          - id: scppb56cIl4GvGxy70g3
            name: offline_access
            description: Requests a refresh token by default and is used to obtain
              more access tokens without re-prompting the user for authentication
            _links:
              scope:
                href: "https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scppb56cIl4GvGxy70g3"
                title: offline_access
          - id: scp142iq2J8IGRUCS0g4
            name: car:drive
            displayName: Drive car
            description: Allows the user to drive a car
            _links:
              scope:
                href: "https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scp142iq2J8IGRUCS0g4"
                title: Drive car
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7"
            title: Native
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3"
          revoke:
            href: "https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3"
            hints:
              allow:
              - DELETE
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/0oabskvc6442nkvQO0h7"
            title: Example Client App
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00upcgi9dyWEOeCwM0g3"
            title: Saml Jackson
          authorizationServer:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7"
            title: Example Authorization Server
    OAuth2RefreshTokenResponseListEx:
      summary: App refresh token list example
      value:
      - id: oar579Mcp7OUsNTlo0g3
        status: ACTIVE
        created: 2023-03-09T03:18:06.000Z
        lastUpdated: 2023-03-09T03:18:06.000Z
        expiresAt: 2023-03-16T03:18:06.000Z
        issuer: "https://{yourOktaDomain}/oauth2/ausain6z9zIedDCxB0h7"
        clientId: 0oabskvc6442nkvQO0h7
        userId: 00u5t60iloOHN9pBi0h7
        scopes:
        - offline_access
        - car:drive
        _embedded:
          scopes:
          - id: scppb56cIl4GvGxy70g3
            name: offline_access
            description: Requests a refresh token by default and is used to obtain
              more access tokens without re-prompting the user for authentication
            _links:
              scope:
                href: "https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scppb56cIl4GvGxy70g3"
                title: offline_access
          - id: scp142iq2J8IGRUCS0g4
            name: car:drive
            displayName: Drive car
            description: Allows the user to drive a car
            _links:
              scope:
                href: "https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7/scopes/scp142iq2J8IGRUCS0g4"
                title: Drive car
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7"
            title: Native
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3"
          revoke:
            href: "https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7/tokens/oar579Mcp7OUsNTlo0g3"
            hints:
              allow:
              - DELETE
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/0oabskvc6442nkvQO0h7"
            title: Example Client App
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00upcgi9dyWEOeCwM0g3"
            title: Saml Jackson
          authorizationServer:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7"
            title: Example Authorization Server
    OpenidConnectEx:
      summary: OPENID_CONNECT
      value:
        name: oidc_client
        label: Sample Client profile
        signOnMode: OPENID_CONNECT
        credentials:
          oauthClient:
            token_endpoint_auth_method: client_secret_post
        profile:
          label: oauth2 client app 1
        settings:
          oauthClient:
            client_uri: http://localhost:8080
            logo_uri: http://developer.okta.com/assets/images/logo-new.png
            redirect_uris:
            - https://example.com/oauth2/callback
            - myapp://callback
            response_types:
            - token
            - id_token
            - code
            grant_types:
            - authorization_code
            application_type: native
            participate_slo: false
    OpenidConnectPutEx:
      summary: OPENID_CONNECT
      value:
        name: oidc_client
        label: Sample Client profile updated
        signOnMode: OPENID_CONNECT
    OpenidConnectPutResponseEx:
      summary: OPENID_CONNECT
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: true
            web: true
          appLinks:
            oidc_client_link: true
        name: oidc_client
        label: Sample Client profile updated
        features: []
        signOnMode: OPENID_CONNECT
        credentials:
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          signing:
            kid: H34mvc6VrfV5yvy5wA8ikMFws6WInx4nvsAs-7EYbVc
          oauthClient:
            autoKeyRotation: true
            client_id: 0oahonkqCRR6TSNlg4
            client_secret: wj9bOsLK0BRNJqy7KMMnaE7m8qrW51bPO2n1-PYvkOmhHRYgcuOecQkEwq9MPYa5
            token_endpoint_auth_method: client_secret_post
            pkce_required: true
        settings:
          app: {}
          oauthClient:
            client_uri: http://localhost:8080
            logo_uri: http://developer.okta.com/assets/images/logo-new.png
            redirect_uris:
            - https://example.com/oauth2/callback
            - myapp://callback
            response_types:
            - token
            - id_token
            - code
            grant_types:
            - authorization_code
            application_type: native
            issuer_mode: DYNAMIC
            idp_initiated_login:
              mode: DISABLED
              default_scope: []
            wildcard_redirect: DISABLED
            dpop_bound_access_tokens: false
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    OpenidConnectResponseEx:
      summary: OPENID_CONNECT
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: true
            web: true
          appLinks:
            oidc_client_link: true
        name: oidc_client
        label: Sample Client profile
        features: []
        signOnMode: OPENID_CONNECT
        credentials:
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          signing:
            kid: H34mvc6VrfV5yvy5wA8ikMFws6WInx4nvsAs-7EYbVc
          oauthClient:
            autoKeyRotation: true
            client_id: 0oahonkqCRR6TSNlg4
            client_secret: wj9bOsLK0BRNJqy7KMMnaE7m8qrW51bPO2n1-PYvkOmhHRYgcuOecQkEwq9MPYa5
            token_endpoint_auth_method: client_secret_post
            pkce_required: true
        settings:
          app: {}
          oauthClient:
            client_uri: http://localhost:8080
            logo_uri: http://developer.okta.com/assets/images/logo-new.png
            redirect_uris:
            - https://example.com/oauth2/callback
            - myapp://callback
            response_types:
            - token
            - id_token
            - code
            grant_types:
            - authorization_code
            application_type: native
            issuer_mode: DYNAMIC
            idp_initiated_login:
              mode: DISABLED
              default_scope: []
            wildcard_redirect: DISABLED
            dpop_bound_access_tokens: false
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
        profile:
          label: oauth2 client app 1
    OperationResponse:
      value:
        id: rre4mje4ez6B2a7B60g7
        type: realm:assignment
        status: COMPLETED
        created: 2023-10-25T21:02:54.000Z
        started: 2023-10-25T21:02:54.000Z
        completed: 2023-10-25T21:02:54.000Z
        realmId: 00g1b7rvh0xPLKXFf0g5
        realmName: Realm Name
        assignmentOperation:
          configuration:
            id: 0pr1b7rxZj2ibQzfP0g5
            name: Realm Assignment 1
            conditions:
              profileSourceId: 0oa4enoRyjwSCy5hx0g4
              expression:
                value: string
            actions:
              assignUserToRealm:
                realmId: 00g1b7rvh0xPLKXFf0g5
        numUserMoved: 50
        _links:
          self:
            rel: self
            href: http://your-subdomain.okta.com/api/v1/operations/rre4mje4ez6B2a7B60g7
            method: GET
    OptInStatusResponse:
      summary: Opt in response
      value:
        optInStatus: OPTING_IN
        _links:
          optInStatus:
            href: http://your-subdomain.okta.com/api/v1/iam/governance/optIn
    OptOutStatusResponse:
      summary: Opt out response
      value:
        optInStatus: OPTING_OUT
        _links:
          optInStatus:
            href: http://your-subdomain.okta.com/api/v1/iam/governance/optIn
    OrgCAPTCHASettingsConfigured:
      summary: Org-wide Captcha Settings are configured
      value:
        captchaId: abcd4567
        enabledPages:
        - SSR
        - SIGN_IN
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
            hints:
              allow:
              - GET
              - POST
              - PUT
              - DELETE
    OrgCAPTCHASettingsDisable:
      summary: Disable Org-wide Captcha Settings
      value:
        captchaId: "null"
        enabledPages: "null"
    OrgCAPTCHASettingsDisabled:
      summary: Disabled Org-wide Captcha Settings
      value:
        captchaId: "null"
        enabledPages: "[]"
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/captchas/
            hints:
              allow:
              - GET
              - PUT
    OrgCAPTCHASettingsEmpty:
      summary: Org-wide Captcha Settings aren't configured
      value:
        captchaId: null
        enabledPages: []
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/captchas
            hints:
              allow:
              - GET
              - POST
              - PUT
              - DELETE
    OrgCAPTCHASettingsUpdate:
      summary: Update Org-wide Captcha Settings
      value:
        captchaId: abcd4567
        enabledPages:
        - SSR
        - SIGN_IN
    OrgCAPTCHASettingsUpdated:
      summary: Updated Org-wide Captcha Settings
      value:
        captchaId: abcd4567
        enabledPages:
        - SSR
        - SIGN_IN
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/captchas/abcd4567
            hints:
              allow:
              - GET
              - POST
              - PUT
              - DELETE
    OrgSettingResponse:
      summary: Org setting response
      value:
        address1: 100 1st St
        address2: 6th floor
        city: San Fransico
        companyName: okta
        country: United States
        endUserSupportHelpURL: support.okta.com
        phoneNumber: "+18887227871"
        postalCode: "94105"
        state: California
        supportPhoneNumber: "+18887227871"
        website: www.okta.com
        id: 00o3qqiw0vSCIwu8I0g7
        created: 2024-01-24T14:15:22Z
        lastUpdated: 2024-07-21T14:15:22Z
        expiresAt: 2024-12-24T14:15:22Z
        status: ACTIVE
        subdomain: okta
        _links:
          preferences:
            href: "https://{yourOktaDomain}/v1/org/preferences"
          uploadLogo:
            href: "https://{yourOktaDomain}/api/v1/org/logo"
            hints:
              allow:
              - POST
          oktaCommunication:
            href: "https://{yourOktaDomain}/api/v1/org/privacy/oktaCommunication"
          logo: null
          oktaSupport:
            href: "https://{yourOktaDomain}/api/v1/org/privacy/oktaSupport"
          contacts:
            href: https://vantest.oktapreview.com/api/v1/org/contacts
    PasswordImportPayloadExample:
      summary: An example password import inline hook request body
      value:
        eventId: 3o9jBzq1SmOGmmsDsqyyeQ
        eventTime: 2020-01-17T21:23:56.000Z
        eventType: com.okta.user.credential.password.import
        eventTypeVersion: "1.0"
        contentType: application/json
        cloudEventVersion: "0.1"
        source: "https://${yourOktaDomain}/api/v1/inlineHooks/cbl2ad6phv9fsPLcF0g7"
        data:
          context:
            request:
              id: XiIl6wn7005Rr@fjYqeC7CCDBxw
              method: POST
              url:
                value: /idp/idx/challenge/answer
              ipAddress: 66.124.153.138
            credential:
              username: [email protected]
              password: Okta
          action:
            credential: UNVERIFIED
    PasswordImportUnVerifiedResponse:
      summary: A sample response for an unverified user password
      value:
        commands:
        - type: com.okta.action.update
          value:
            credential: UNVERIFIED
    PasswordImportVerifiedResponse:
      summary: A sample response for a verified user password
      value:
        commands:
        - type: com.okta.action.update
          value:
            credential: VERIFIED
    PerClientRateLimitSettingsEnforceDefault:
      value:
        defaultMode: ENFORCE
    PerClientRateLimitSettingsEnforceDefaultWithOverrides:
      value:
        defaultMode: ENFORCE
        useCaseModeOverrides:
          OAUTH2_AUTHORIZE: PREVIEW
          OIE_APP_INTENT: DISABLE
    PerClientRateLimitSettingsPreviewDefaultWithOverrides:
      value:
        defaultMode: PREVIEW
        useCaseModeOverrides:
          LOGIN_PAGE: ENFORCE
    PermissionResponse:
      value:
        label: okta.users.manage
        created: 2021-02-06T16:20:57.000Z
        lastUpdated: 2021-02-06T16:20:57.000Z
        _links:
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
          self:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.manage"
    PermissionResponseWithConditions:
      value:
        label: okta.users.read
        conditions:
          include:
            okta:ResourceAttribute/User/Profile:
            - city
            - state
            - zipCode
        created: 2021-02-06T16:20:57.000Z
        lastUpdated: 2021-02-06T16:20:57.000Z
        _links:
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
          self:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.read"
    PermissionsResponse:
      value:
        permissions:
        - label: okta.users.create
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            role:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
            self:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.create"
        - label: okta.users.read
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          conditions:
            include:
              okta:ResourceAttribute/User/Profile:
              - city
              - state
              - zipCode
          _links:
            role:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
            self:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.read"
        - label: okta.groups.read
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            role:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
            self:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.groups.read"
        - label: okta.users.userprofile.manage
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            role:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
            self:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions/okta.users.userprofile.manage"
    PreviewEmailCustomizationResponse:
      value:
        subject: Welcome to Okta!
        body: "
Hello, John. Click here to activate your account."
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/customizations/oel2kk1zYJBJbeaGo0g4/preview"
            hints:
              allow:
              - GET
          template:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
            hints:
              allow:
              - GET
          test:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test"
            hints:
              allow:
              - POST
    PreviewEmailTemplateDefaultContentResponse:
      value:
        subject: Welcome to Okta!
        body: "
Hello, John. Click here to activate your account."
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/default-content/preview"
            hints:
              allow:
              - GET
          template:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation"
            hints:
              allow:
              - GET
          defaultContent:
            href: "https://{yourOktaDomain}/api/v1/brands/{brandId}/templates/email/UserActivation/test/default-content"
            hints:
              allow:
              - POST
    PrincipalRateLimitEntityRequestEmptyPercentages:
      value:
        principalId: token1234
        principalType: SSWS_TOKEN
    PrincipalRateLimitEntityRequestSSWSToken:
      value:
        principalId: token1234
        principalType: SSWS_TOKEN
        defaultPercentage: 50
        defaultConcurrencyPercentage: 75
    PrincipalRateLimitEntityResponseSSWSToken:
      value:
        id: abcd1234
        orgId: org1234
        principalId: token1234
        principalType: SSWS_TOKEN
        defaultPercentage: 50
        defaultConcurrencyPercentage: 75
        createdDate: 2022-05-19T20:05:32.720Z
        createdBy: user1234
        lastUpdate: 2022-05-20T21:13:07.410Z
        lastUpdatedBy: user4321
    PrivilegedResourceClaimAppAccountResponse:
      value:
        id: opa100xTfFs4MasRf0g4
        resourceType: APP_ACCOUNT
        containerDetails:
          appName: "google,"
          containerId: "0oa103099SBEb3Z2b0g4,"
          displayName: "Google App1,"
          globalAppId: "964b82aa-85b4-5645-b790-83312c473480,"
          passwordPushSupported: "true,"
          provisioningEnabled: "true,"
          _links:
            login:
              href: "https://appinstance-admin.oktapreview.com/home/google/0oa103099SBEb3Z2b0g4,"
            logo:
              href: "https://appinstance-admin.oktapreview.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png,"
        credentials:
          userName: [email protected]
        created: 2024-06-10T11:11:01.000Z
        lastUpdated: 2024-06-10T11:11:01.000Z
        status: ACTIVE
        credentialSyncInfo:
          secretVersionId: ""
          syncTime: ""
          syncState: NOT_SYNCED
          errorCode: ""
          errorReason: ""
    PrivilegedResourceClaimOktaAccountResponse:
      value:
        id: opa100xTfFs4MasRf0g4
        resourceType: OKTA_USER_ACCOUNT
        resourceId: "00u100xTfFs4MasRf0g4,"
        credentials:
          userName: username
        profile:
          email: [email protected]
        created: 2024-06-10T11:11:01.000Z
        lastUpdated: 2024-06-10T11:11:01.000Z
        status: ACTIVE
        credentialSyncInfo:
          secretVersionId: ""
          syncTime: ""
          syncState: NOT_SYNCED
          errorCode: ""
          errorReason: ""
    PrivilegedResourceCreateAppAccountRequest:
      value:
        resourceType: APP_ACCOUNT
        containerDetails:
          containerId: 0oa103099SBEb3Z2b0g4
        credentials:
          userName: [email protected]
    PrivilegedResourceCreateAppAccountResponse:
      value:
        id: opa100xTfFs4MasRf0g4
        resourceType: APP_ACCOUNT
        containerDetails:
          appName: "google,"
          containerId: "0oa103099SBEb3Z2b0g4,"
          displayName: "Google App1,"
          globalAppId: "964b82aa-85b4-5645-b790-83312c473480,"
          passwordPushSupported: "true,"
          provisioningEnabled: "true,"
          _links:
            login:
              href: "https://appinstance-admin.oktapreview.com/home/google/0oa103099SBEb3Z2b0g4,"
            logo:
              href: "https://appinstance-admin.oktapreview.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png,"
        credentials:
          userName: [email protected]
        created: 2024-06-10T11:11:01.000Z
        lastUpdated: 2024-06-10T11:11:01.000Z
        status: INACTIVE
        credentialSyncInfo:
          secretVersionId: ""
          syncTime: ""
          syncState: NOT_SYNCED
          errorCode: ""
          errorReason: ""
    PrivilegedResourceCreateOktaAccountRequestConvert:
      value:
        resourceType: OKTA_USER_ACCOUNT
        resourceId: 00u100xTfFs4MasRf0g4
    PrivilegedResourceCreateOktaAccountRequestNew:
      value:
        resourceType: OKTA_USER_ACCOUNT
        credentials:
          userName: username
        profile:
          email: [email protected]
    PrivilegedResourceCreateOktaAccountResponse:
      value:
        id: opa100xTfFs4MasRf0g4
        resourceType: OKTA_USER_ACCOUNT
        resourceId: "00u100xTfFs4MasRf0g4,"
        credentials:
          userName: username
        profile:
          email: [email protected]
        created: 2024-06-10T11:11:01.000Z
        lastUpdated: 2024-06-10T11:11:01.000Z
        status: INACTIVE
        credentialSyncInfo:
          secretVersionId: ""
          syncTime: ""
          syncState: NOT_SYNCED
          errorCode: ""
          errorReason: ""
    PrivilegedResourceRotatePasswordAppAccountResponse:
      value:
        id: opa100xTfFs4MasRf0g4
        resourceType: APP_ACCOUNT
        containerDetails:
          appName: "google,"
          containerId: "0oa103099SBEb3Z2b0g4,"
          displayName: "Google App1,"
          globalAppId: "964b82aa-85b4-5645-b790-83312c473480,"
          passwordPushSupported: "true,"
          provisioningEnabled: "true,"
          _links:
            login:
              href: "https://appinstance-admin.oktapreview.com/home/google/0oa103099SBEb3Z2b0g4,"
            logo:
              href: "https://appinstance-admin.oktapreview.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png,"
        credentials:
          userName: [email protected]
        created: 2024-06-10T11:11:01.000Z
        lastUpdated: 2024-06-10T11:11:01.000Z
        status: ACTIVE
        credentialSyncInfo:
          secretVersionId: 9f8400-e29b-41d4-a716-926655440034
          syncTime: ""
          syncState: SYNCING
          errorCode: ""
          errorReason: ""
    PrivilegedResourceRotatePasswordOktaAccountResponse:
      value:
        id: opa100xTfFs4MasRf0g4
        resourceType: OKTA_USER_ACCOUNT
        resourceId: "00u100xTfFs4MasRf0g4,"
        credentials:
          userName: username
        profile:
          email: [email protected]
        created: 2024-06-10T11:11:01.000Z
        lastUpdated: 2024-06-10T11:11:01.000Z
        status: ACTIVE
        credentialSyncInfo:
          secretVersionId: 9f8400-e29b-41d4-a716-926655440034
          syncTime: 2024-06-11T11:11:01.000Z
          syncState: SYNCED
          errorCode: ""
          errorReason: ""
    PrivilegedResourcesAppAccountUpdateRequest:
      value:
        username: username
    PrivilegedResourcesGetAppAccountResponse:
      value:
        id: opa100xTfFs4MasRf0g4
        resourceType: APP_ACCOUNT
        containerDetails:
          appName: "google,"
          containerId: "0oa103099SBEb3Z2b0g4,"
          displayName: "Google App1,"
          globalAppId: "964b82aa-85b4-5645-b790-83312c473480,"
          passwordPushSupported: "true,"
          provisioningEnabled: "true,"
          _links:
            login:
              href: "https://appinstance-admin.oktapreview.com/home/google/0oa103099SBEb3Z2b0g4,"
            logo:
              href: "https://appinstance-admin.oktapreview.com/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png,"
        credentials:
          userName: [email protected]
        created: 2024-06-10T11:11:01.000Z
        lastUpdated: 2024-06-10T11:11:01.000Z
        status: ACTIVE
        credentialSyncInfo:
          secretVersionId: 9f8400-e29b-41d4-a716-926655440034
          syncTime: 2024-06-10T11:30:01.000Z
          syncState: SYNC_FAILED
          errorCode: UNKNOWN_ERROR
          errorReason: Password update failed
    PrivilegedResourcesGetOktaAccountResponse:
      value:
        id: opa100xTfFs4MasRf0g4
        resourceType: OKTA_USER_ACCOUNT
        resourceId: "00u100xTfFs4MasRf0g4,"
        credentials:
          userName: [email protected]
        profile:
          email: [email protected]
        created: 2024-06-10T11:11:01.000Z
        lastUpdated: 2024-06-10T11:11:01.000Z
        status: ACTIVE
        credentialSyncInfo:
          secretVersionId: 9f8400-e29b-41d4-a716-926655440034
          syncTime: 2024-06-10T11:30:01.000Z
          syncState: SYNCED
          errorCode: ""
          errorReason: ""
    PrivilegedResourcesOktaUserAccountUpdateRequest:
      value:
        username: username
        profile:
          email: [email protected]
    ProfileEnrollmentRequest:
      summary: An example Profile Enrollment (SSR) inline hook request body
      value:
        eventId: 04Dmt8BcT_aEgM
        eventTime: 2022-04-25T17:35:27.000Z
        eventType: com.okta.user.pre-registration
        eventTypeVersion: 1
        contentType: application/json
        cloudEventVersion: 0.1
        source: regt4qeBKU29vSoPz0g3
        requestType: self.service.registration
        data:
          context:
            request:
              method: POST
              ipAddress: 127.0.0.1
              id: 123testId456
              url:
                value: /idp/idx/enroll/new
          userProfile:
            firstName: Rosario
            lastName: Jones
            login: [email protected]
            email: [email protected]
          action: ALLOW
    ProfileEnrollmentResponse:
      summary: An example Profile Enrollment (SSR) inline hook response
      value:
        commands:
        - type: com.action.update
          value:
            registration: ALLOW
    ProfileEnrollmentResponseDeny:
      summary: An example Profile Enrollment (SSR) inline hook Deny response
      value:
        commands:
        - type: com.action.update
          value:
            registration: DENY
        error:
          errorSummary: Incorrect email address. Please contact your admin.
          errorCauses:
          - errorSummary: Only example.com emails can register.
            reason: INVALID_EMAIL_DOMAIN
            locationType: body
            location: data.userProfile.email
            domain: end-user
    ProgressiveProfileRequest:
      summary: An example Progressive Profile inline hook request
      value:
        eventId: vzYp_zMwQu2htIWRbNJdfw
        eventTime: 2022-04-25T04:04:41.000Z
        eventType: com.okta.user.pre-registration
        eventTypeVersion: 1
        contentType: application/json
        cloudEventVersion: 0.1
        source: regt4qeBKU29vS
        requestType: progressive.profile
        data:
          context:
            request:
              method: POST
              ipAddress: 127.0.0.1
              id: 123dummyId456
              url:
                value: /idp/idx/enroll/update
            user:
              passwordChanged: 2022-01-01T00:00:00.000Z
              _links:
                groups:
                  href: /api/v1/users/00u48gwcu01WxvNol0g7/groups
                factors:
                  href: /api/v1/users/00u48gwcu01WxvNol0g7/factors
              profile:
                firstName: Rosario
                lastName: Jones"
                timeZone: America/Los_Angeles
                login: [email protected]
                locale: en_US
              id: 00u48gwcu01WxvNo
          action: ALLOW
          userProfileUpdate:
            employeeNumber: 1234
    ProgressiveProfileResponse:
      summary: An example Progressive Profile inline hook response
      value:
        commands:
        - type: com.okta.user.progressive.profile.update'
          value: "request.body.data.userProfileUpdate['employeeNumber']"
    ProgressiveProfileResponseDeny:
      summary: An example Progressive Profile inline hook Deny response
      value:
        commands:
        - type: com.action.update
          value:
            registration: DENY
        error:
          errorSummary: Incorrect employee number. Enter an employee number with 4
            digits.
          errorCauses:
          - errorSummary: Only employee numbers with 4 digits can register.
            reason: INVALID_EMPLOYEE_NUMBER
            locationType: body
            location: data.userProfile.employeeNumber
            domain: end-user
    ProvisioningConnectionOauthO365RequestEx:
      summary: Provisioning Connection with OAuth 2.0 for Microsoft Office 365 app
      value:
        profile:
          authScheme: OAUTH2
          settings:
            adminUsername: office_admin-username
            adminPassword: office_admin-password
    ProvisioningConnectionOauthRequestEx:
      summary: Provisioning Connection with OAuth 2.0
      value:
        profile:
          authScheme: OAUTH2
    ProvisioningConnectionOauthResponseEx:
      summary: Provisioning Connection with OAuth 2.0 for Microsoft Office 365 app
      value:
        status: ENABLED
        profile:
          authScheme: OAUTH2
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default"
            hints:
              allow:
              - GET
              - POST
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default/lifecycle/deactivate"
            hints:
              allow:
              - POST
          authorize:
            href: https://login.microsoftonline.com/myofficetenant.onmicrosoft.com/oauth2/authorize?response_type=code&state=>&client_id=&redirect_uri=&scope=
            hints:
              allow:
              - GET
            guidance:
            - Specifies the URI to invoke in a browser for granting scope consent
              required to complete the OAuth 2.0 connection.
    ProvisioningConnectionTokenOrg2OrgRequestEx:
      summary: Provisioning Connection with token for Okta Org2Org app
      value:
        profile:
          authScheme: TOKEN
          clientId: 0oa2h6su6bVFyJzIf1d7
    ProvisioningConnectionTokenRequestEx:
      summary: Provisioning Connection with token for Zscaler 2.0 (`zscalerbyz`) app
      value:
        baseUrl: https://scim.zscalerbeta.net/1234567/890/scim
        profile:
          authScheme: TOKEN
          token: 00NgAPZqUVy8cX9ehNzzahEE5b-On9sImTcInvWp-x
    ProvisioningConnectionTokenResponseWithProfileOrg2OrgEx:
      summary: Provisioning Connection with token for Okta Org2Org (`okta_org2org`)
        app
      value:
        authScheme: TOKEN
        status: ENABLED
        baseUrl: https://targetorg.okta.com
        profile:
          authScheme: TOKEN
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default"
            hints:
              allow:
              - GET
              - POST
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default/lifecycle/deactivate"
            hints:
              allow:
              - POST
    ProvisioningConnectionTokenResponseWithProfileZscalerEx:
      summary: Provisioning Connection with token for Zscaler 2.0 (`zscalerbyz`) app
      value:
        authScheme: TOKEN
        status: ENABLED
        baseUrl: https://scim.zscalerbeta.net/1234567/890/scim
        profile:
          authScheme: TOKEN
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default"
            hints:
              allow:
              - GET
              - POST
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/${appId}/connections/default/lifecycle/deactivate"
            hints:
              allow:
              - POST
    PushProviderAPNsRequest:
      value:
        name: APNs Example
        providerType: APNS
        configuration:
          keyId: KEY_ID
          teamId: TEAM_ID
          tokenSigningKey: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE
            KEY-----\n'
          fileName: fileName.p8
    PushProviderAPNsResponse:
      value:
        id: ppctekcmngGaqeiBxB0g4
        name: APNs Example
        providerType: APNS
        lastUpdatedDate: 2022-01-01T00:00:00.000Z
        configuration:
          keyId: KEY_ID
          teamId: TEAM_ID
          fileName: fileName.p8
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
            hints:
              allow:
              - DELETE
              - GET
              - PUT
    PushProviderFCMRequest:
      value:
        name: FCM Example
        providerType: FCM
        configuration:
          serviceAccountJson:
            type: service_account
            project_id: PROJECT_ID
            private_key_id: KEY_ID
            private_key: '-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE
              KEY-----\n'
            client_email: SERVICE_ACCOUNT_EMAIL
            client_id: CLIENT_ID
            auth_uri: https://accounts.google.com/o/oauth2/auth
            token_uri: https://accounts.google.com/o/oauth2/token
            auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
            client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL
          fileName: fileName.json
    PushProviderFCMResponse:
      value:
        id: ppctekcmngGaqeiBxB0g4
        name: FCM Example
        providerType: FCM
        lastUpdatedDate: 2022-01-01T00:00:00.000Z
        configuration:
          projectId: PROJECT_ID
          fileName: fileName.p8
        _links:
          self:
            href: https://your-subdomain.okta.com/api/v1/push-providers/ppctekcmngGaqeiBxB0g4
            hints:
              allow:
              - DELETE
              - GET
              - PUT
    RateLimitAdminNotificationsDisabled:
      value:
        notificationsEnabled: false
    RateLimitAdminNotificationsEnabled:
      value:
        notificationsEnabled: true
    RateLimitWarningThresholdValidExample:
      value:
        warningThreshold: 66
    RealmResponse:
      value:
        id: guox9jQ16k9V8IFEL0g3
        created: 2022-04-04T15:56:05.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
        isDefault: false
        profile:
          name: Car Co
        _links:
          self:
            rel: self
            href: http://your-subdomain.okta.com/api/v1/realms/guox9jQ16k9V8IFEL0g3
            method: GET
    RefreshCurrentSessionResponse:
      summary: Refresh current session
      value:
        amr:
        - pwd
        createdAt: 2019-08-24T14:15:22Z
        expiresAt: 2019-08-24T14:15:22Z
        id: l7FbDVqS8zHSy65uJD85
        idp:
          id: 01a2bcdef3GHIJKLMNOP
          type: ACTIVE_DIRECTORY
        lastFactorVerification: 2019-08-24T14:15:22Z
        lastPasswordVerification: 2019-08-24T14:15:22Z
        login: [email protected]
        status: ACTIVE
        userId: 00u0abcdefGHIJKLMNOP
        _links:
          self:
            hints:
              allow:
              - GET
              - DELETE
            href: "https://{yourOktaDomain}/api/v1/sessions/me"
          refresh:
            hints:
              allow:
              - POST
            href: "https://{yourOktaDomain}/api/v1/sessions/me/lifecycle/refresh"
          user:
            hints:
              allow:
              - GET
            href: "https://{yourOktaDomain}/api/v1/users/me"
            name: User Name
    RefreshSessionResponse:
      summary: Refresh an existing Session using the session ID
      value:
        amr:
        - pwd
        createdAt: 2019-08-25T14:17:22Z
        expiresAt: 2019-08-25T14:17:22Z
        id: l7FbDVqS8zHSy65uJD85
        idp:
          id: 01a2bcdef3GHIJKLMNOP
          type: ACTIVE_DIRECTORY
        lastFactorVerification: 2019-08-24T14:15:22Z
        lastPasswordVerification: 2019-08-24T14:15:22Z
        login: [email protected]
        status: ACTIVE
        userId: 00u0abcdefGHIJKLMNOP
        _links:
          self:
            hints:
              allow:
              - DELETE
          href: "https://{yourOktaDomain}/api/v1/sessions/l7FbDVqS8zHSy65uJD85"
    RemoveMappingBody:
      summary: Update an existing profile mapping by removing one or more properties
      value:
        properties:
          nickName:
            expression: null
            pushStatus: null
    RemoveMappingResponse:
      summary: Update an existing profile mapping by removing one or more properties
      value:
        id: prm1k47ghydIQOTBW0g4
        source:
          id: otysbePhQ3yqt4cVv0g3
          name: user
          type: user
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3"
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3"
        target:
          id: 0oa1qmn4LZQQEH0wZ0g4
          name: okta_org2org
          type: appuser
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4"
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default"
        properties:
          fullName:
            expression: user.firstName + user.lastName
            pushStatus: PUSH
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4"
    ReplaceAnEventHookWithFilter:
      summary: Replace an event hook
      value:
        name: Event Hook with Filter
        description: An event hook using an Okta Expression Language filter
        events:
          type: EVENT_TYPE
          items:
          - group.user_membership.add
          filter:
            type: EXPRESSION_LANGUAGE
            eventFilterMap:
            - event: group.user_membership.add
              condition:
                expression: "event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName\
                  \ eq 'Sales'].size()>0"
        channel:
          type: HTTP
          version: 1.0.0
          config:
            uri: https://example_external_service/userAdded
            authScheme:
              type: HEADER
              key: Authorization
              value: my-shared-secret
    ReplaceAuthServerBody:
      summary: Replace a custom authorization server
      value:
        name: New Authorization Server
        description: Authorization Server description
        audiences:
        - api://default
        credentials:
          signing:
            rotationMode: AUTO
            use: sig
        issuer: "https://{yourOktaDomain}/oauth2/{authorizationServerId}"
        issuerMode: ORG_URL
        status: ACTIVE
    ReplaceAuthServerResponse:
      summary: Replace a custom authorization server
      value:
        id: "{authorizationServerId}"
        name: Sample Authorization Server
        description: Sample Authorization Server description
        audiences:
        - https://api.resource.com
        issuer: "https://{yourOktaDomain}/oauth2/{authorizationServerId}"
        issuerMode: ORG_URL
        status: ACTIVE
        created: 2023-05-17T22:25:57.000Z
        lastUpdated: 2023-05-17T22:25:57.000Z
        credentials:
          signing:
            rotationMode: AUTO
            lastRotated: 2023-05-17T22:25:57.000Z
            nextRotation: 2023-08-15T22:25:57.000Z
            kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
        _links:
          scopes:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes"
            hints:
              allow:
              - GET
          claims:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims"
            hints:
              allow:
              - GET
          policies:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies"
            hints:
              allow:
              - GET
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}"
            hints:
              allow:
              - GET
              - DELETE
              - PUT
          metadata:
          - name: oauth-authorization-server
            href: "https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server"
            hints:
              allow:
              - GET
          - name: openid-configuration
            href: "https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration"
            hints:
              allow:
              - GET
          rotateKey:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate"
            hints:
              allow:
              - POST
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
    ReplaceCustomTokenClaimBody:
      summary: Replace a custom token Claim
      value:
      - alwaysIncludeInToken: true
        claimType: IDENTITY
        conditions:
          scopes:
          - profile
        group_filter_type: CONTAINS
        name: Knowledge_Base
        status: ACTIVE
        system: false
        value: Knowledge Base
        valueType: GROUPS
    ReplaceCustomTokenClaimResponse:
      summary: Replace a custom token Claim response
      value:
      - id: "{claimId}"
        name: Knowledge_Base
        status: ACTIVE
        claimType: IDENTITY
        valueType: GROUPS
        value: Knowledge Base
        conditions:
          scopes:
          - profile
        system: false
        alwaysIncludeInToken: true
        apiResourceId: null
        group_filter_type: CONTAINS
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    ReplaceIdPRequestResponse:
      summary: Replace an Identity Provider
      value:
        id: 0oa62bc8wppPw0UGr0h7
        type: SAML2
        name: Example SAML IdP
        status: INACTIVE
        created: null
        lastUpdated: 2016-03-29T21:23:45.000Z
        protocol:
          type: SAML2
          endpoints:
            sso:
              url: https://idp.example.com/saml2/sso
              binding: HTTP-REDIRECT
              destination: https://idp.example.com/saml2/sso
            acs:
              binding: HTTP-POST
              type: INSTANCE
          algorithms:
            request:
              signature:
                algorithm: SHA-256
                scope: REQUEST
            response:
              signature:
                algorithm: SHA-256
                scope: ANY
          settings:
            nameFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
          credentials:
            trust:
              issuer: https://idp.example.com
              audience: https://www.okta.com/saml2/service-provider/spCQJRNaaxs7ANqKBO7M
              kid: your-key-id
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: idpuser.subjectNameId
            filter: null
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 120000
        _links:
          metadata:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bc8wppPw0UGr0h7/metadata.xml"
            type: application/xml
            hints:
              allow:
              - GET
          acs:
            href: "https://{yourOktaDomain}/sso/saml2/0oa62bc8wppPw0UGr0h7"
            type: application/xml
            hints:
              allow:
              - POST
          users:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bc8wppPw0UGr0h7/users"
            hints:
              allow:
              - GET
          activate:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bc8wppPw0UGr0h7/lifecycle/activate"
            hints:
              allow:
              - POST
    ReplaceKeyResponse:
      summary: Replace a key response example
      value:
        id: HKY1p7jWLndGQV9M60g4
        keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
        name: My updated new key
        created: 2022-08-31T18:09:58.000Z
        lastUpdated: 2022-08-31T18:16:59.000Z
        isUsed: "false"
    ReplaceNetworkZone:
      summary: Replace a Network Zone
      value:
        type: IP
        id: nzovw2rFz2YoqmvwZ0g9
        name: UpdatedNetZone
        status: ACTIVE
        system: false
        usage: POLICY
        gateways:
        - type: CIDR
          value: 10.2.3.4/24
        - type: CIDR
          value: 12.2.3.4/24
        - type: RANGE
          value: 13.4.5.6-13.4.5.8
        - type: CIDR
          value: 14.2.3.4/24
        proxies:
        - type: CIDR
          value: 12.2.3.4/24
        - type: CIDR
          value: 13.3.4.5/24
        - type: RANGE
          value: 14.4.5.6-14.4.5.8
        - type: RANGE
          value: 15.5.6.7/24-15.5.6.9
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzovw2rFz2YoqmvwZ0g9"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzovw2rFz2YoqmvwZ0g9/lifecycle/deactivate"
            hints:
              allow:
              - POST
    ReplaceNetworkZoneResponse:
      summary: Replace Network Zone
      value:
        type: IP
        id: nzovw2rFz2YoqmvwZ0g9
        name: UpdatedNetZone
        status: ACTIVE
        usage: POLICY
        created: 2022-05-08T18:25:05.000Z
        lastUpdated: 2022-05-10T13:15:22.000Z
        system: false
        gateways:
        - type: CIDR
          value: 10.2.3.4/24
        - type: CIDR
          value: 12.2.3.4/24
        - type: RANGE
          value: 13.4.5.6-13.4.5.8
        - type: CIDR
          value: 14.2.3.4/24
        proxies:
        - type: CIDR
          value: 12.2.3.4/24
        - type: CIDR
          value: 13.3.4.5/24
        - type: RANGE
          value: 14.4.5.6-14.4.5.8
        - type: RANGE
          value: 15.5.6.7/24-15.5.6.9
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzovw2rFz2YoqmvwZ0g9"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzovw2rFz2YoqmvwZ0g9/lifecycle/deactivate"
            hints:
              allow:
              - POST
    ReplaceResourceSetRequest:
      value:
        label: SF-IT-People
        description: People in the IT department of San Francisco
    ReplaceRoleRequest:
      value:
        label: UserCreator
        description: Create users
    ReplaceUserTypePutRequest:
      summary: Replace user type request
      value:
        displayName: Replacement Display Name
        description: Replacement description
        name: newUserType
    ReplaceUserTypePutResponse:
      summary: Replace user type response
      value:
        id: otyfnly5cQjJT9PnR0g4
        displayName: Replacement Display Name
        name: newUserType
        description: Replacement description
        createdBy: sprz9fj1ycBcsgopy1d6
        lastUpdatedBy: sprz9fj1ycBcsgopy1d6
        created: 2021-07-05T20:40:38.000Z
        lastUpdated: 2021-07-05T20:40:38.000Z
        default: false
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
          schema:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
    ResetPwdWithoutSendingEmailResponse:
      value:
        summary: Reset password without sending email
        resetPasswordUrl: "https://{yourOktaDomain}/reset_password/XE6wE17zmphl3KqAPFxO"
    ResourceSelectorCreateRequestExample:
      value:
        name: All applications except Workday applications
        description: All applications except Workday applications
        schema: /api/v1/apps
        filter: name ne "workday"
    ResourceSelectorCreateResponseExample:
      value:
        id: rsl1hx31gVEa6x10v0g5
        name: All applications except Workday applications
        description: All applications except Workday applications
        orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5"
          resources:
            href: "https://{yourOktaDomain}/api/v1/apps?filter=\"name ne \"workday\"\
              \""
    ResourceSelectorPatchRequestExample:
      value:
        name: All applications except Facebook applications
        description: All applications except Facebook applications
        filter: name ne "facebook"
    ResourceSelectorPatchResponseExample:
      value:
        id: rsl1hx31gVEa6x10v0g5
        name: All applications except Facebook applications
        description: All applications except Facebook applications
        orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5"
          resources:
            href: "https://{yourOktaDomain}/api/v1/apps?filter=\"name ne \"facebook\"\
              \""
    ResourceSelectorResponseExample:
      value:
        id: rsl1hx31gVEa6x10v0g5
        name: All applications except a specific application
        description: All applications except a specific application
        orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/resource-selectors/rsl1hx31gVEa6x10v0g5"
          resources:
            href: "https://{yourOktaDomain}/api/v1/apps?filter=\"id ne 0oafxqAAJWWGELFTYASH\""
    ResourceSelectorsResponseExample:
      value:
        resourceSelectors:
        - id: rsl1hx31gVEa6x10v0g5
          name: All applications except Workday applications
          description: All applications except Workday applications
          orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g5:apps
          _links:
            resources:
              href: "http://${yourOktaDomain}/api/v1/apps?filter=\"id ne 0oafxqCAJWWGELFTYASJ\""
        - id: rsl1hx31gVEa6x10v0g6
          name: All applications except Facebook applications
          description: All applications except Facebook applications
          orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:resource_selectors:rsl1hx31gVEa6x10v0g6:apps
          _links:
            resources:
              href: "http://${yourOktaDomain}/api/v1/apps?filter=\"id ne 0oafxqAAJWWGELFTYASH"
        _links:
          next:
            href: "https://{yourOktaDomain}/api/v1/resource-selectors?after=rsl1hx31gVEa6x10v0g6"
    ResourceSetBindingAddMembersRequestExample:
      value:
        additions:
        - "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
        - "https://{yourOktaDomain}/api/v1/users/00u67DU2qNCjNZYO0g3"
    ResourceSetBindingCreateRequestExample:
      value:
        role: cr0Yq6IJxGIr0ouum0g3
        members:
        - "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
    ResourceSetBindingMemberResponse:
      value:
        id: irb1qe6PGuMc7Oh8N0g4
        created: 2021-02-06T16:20:57.000Z
        lastUpdated: 2021-02-06T16:20:57.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3"
    ResourceSetBindingMembersResponse:
      value:
        members:
        - id: irb1qe6PGuMc7Oh8N0g4
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/users/00uuk41Hjga5qGfQ30g3"
        - id: irb1q92TFAHzySt3x0g4
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
        _links:
          binding:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3"
          next:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3/members?after=0ouRq6IJmGIr3ouum0g3"
    ResourceSetBindingResponseExample:
      value:
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3"
          bindings:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
    ResourceSetBindingResponseWithIdExample:
      value:
        id: cr0Yq6IJxGIr0ouum0g3
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3"
          bindings:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
    ResourceSetBindingsResponse:
      value:
        roles:
        - id: cr0WxyzJxGIr0ouum0g4
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0WxyzJxGIr0ouum0g4"
            members:
              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0WxyzJxGIr0ouum0g4/members"
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
          next:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings?after=cr0WxyzJxGIr0ouum0g4"
    ResourceSetRequest:
      value:
        label: SF-IT-People
        description: People in the IT department of San Francisco
        resources:
        - "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
        - "https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users"
        - "https://{yourOktaDomain}/api/v1/users"
    ResourceSetResourcePatchRequestExample:
      value:
        additions:
        - "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
        - "https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users"
    ResourceSetResourcePostRequestExample:
      summary: Resource Set with conditions request
      value:
        resourceOrnOrUrl: "https://{yourOktaDomain}/api/v1/apps"
        conditions:
          Exclude:
            okta:ORN:
            - orn:okta:idp:00o5rb5mt2H3d1TJd0h7:apps:0oa1014FmyZ2H0oRY0g4
            - orn:okta:idp:00o5rb5mt2H3d1TJd0h7:apps:slack
    ResourceSetResourcePutRequestExample:
      value:
        conditions:
          Exclude:
            okta:ORN:
            - orn:okta:idp:00o5rb5mt2H3d1TJd0h7:apps:0oa1014FmyZ2H0oRY0g4
            - orn:okta:idp:00o5rb5mt2H3d1TJd0h7:apps:slack
    ResourceSetResourceResponse:
      summary: Resource Set response
      value:
        id: ire106sQKoHoXXsAe0g4
        orn: orn:okta:idp:00o5rb5mt2H3d1TJd0h7:apps
        conditions:
          Exclude:
            okta:ORN:
            - orn:okta:idp:00o5rb5mt2H3d1TJd0h7:apps:0oa1014FmyZ2H0oRY0g4
            - orn:okta:idp:00o5rb5mt2H3d1TJd0h7:apps:slack
        created: 2021-02-06T16:20:57.000Z
        lastUpdated: 2021-02-06T16:20:57.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/apps"
          resource:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources/ire2snv2xSY7a4iSe0g1"
    ResourceSetResourcesResponse:
      value:
        resources:
        - id: ire106sQKoHoXXsAe0g4
          orn: "orn:{partition}:directory:{yourOrgId}:groups:00guaxWZ0AOa5NFAj0g3"
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/groups/00guaxWZ0AOa5NFAj0g3"
            resource:
              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources/ire2snv2xSY7a4iSe0g1"
        - id: ire106riDrTYl4qA70g4
          orn: "orn:{partition}:directory:{yourOrgId}:groups:00gu67DU2qNCjNZYO0g3:contained_resources"
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/groups/00gu67DU2qNCjNZYO0g3/users"
            resource:
              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources/ire2snv2xSY7a4iSe0g2"
        - id: irezvo4AwE2ngpMw40g3
          orn: "orn:{partition}:directory:{yourOrgId}:users"
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/users"
            users:
              href: "https://{yourOktaDomain}/api/v1/users"
        - id: ire2j4iDnxHhUFaZN0g4
          orn: "orn:{partition}:directory:{yourOrgId}:groups"
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/groups"
            groups:
              href: "https://{yourOktaDomain}/api/v1/groups"
            resource:
              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources/ire2snv2xSY7a4iSe0g3"
        _links:
          next:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources?after=irezvn1ZZxLSIBM2J0g3"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
    ResourceSetResponse:
      value:
        id: iamoJDFKaJxGIr0oamd9g
        label: SF-IT-People
        description: People in the IT department of San Francisco
        created: 2021-02-06T16:20:57.000Z
        lastUpdated: 2021-02-06T16:20:57.000Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
          resources:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources"
          bindings:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
    ResourceSetsResponse:
      value:
        resource-sets:
        - id: iamoJDFKaJxGIr0oamd9g
          label: SF-IT-1
          description: First San Francisco IT Resource Set
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
            resources:
              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/resources"
            bindings:
              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings"
        - id: iamoJDFKaJxGIr0oamd0q
          label: SF-IT-2
          description: Second San Francisco IT Resource Set
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q"
            resources:
              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/resources"
            bindings:
              href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd0q/bindings"
        _links:
          next:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets?after=iamoJDFKaJxGIr0oamd0q"
    RetrieveADeactivatedEventHook:
      summary: Deactivated event hook
      value:
        id: who8vt36qfNpCGz9H1e6
        status: INACTIVE
        verificationStatus: VERIFIED
        name: Event Hook Test
        description: null
        created: 2023-07-07T13:41:56.000Z
        createdBy: 00u7xut94qEWYx5ss1e5
        lastUpdated: 2023-07-07T13:43:03.000Z
        events:
          type: EVENT_TYPE
          items:
          - group.user_membership.add
          filter: null
        channel:
          type: HTTP
          version: 1.0.0
          config:
            uri: https://example_external_service/userAdded
            headers:
            - key: X-Other-Header
              value: my-header-value
            method: POST
            authScheme:
              type: HEADER
              key: authorization
        _links:
          self:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
          verify:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
            hints:
              allow:
              - POST
          deactivate:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
            hints:
              allow:
              - POST
    RetrieveAllEventHooks:
      summary: Retrieves all event hooks
      value:
      - id: who8tsqyrhCdmetzx135
        status: ACTIVE
        verificationStatus: VERIFIED
        name: Event Hook Test
        description: null
        created: 2023-07-07T17:41:56.000Z
        createdBy: 00u7xut94qEWYx5ss1e5
        lastUpdated: 2023-07-07T17:43:03.000Z
        events:
          type: EVENT_TYPE
          items:
          - user.lifecycle.deactivate
          - user.lifecycle.activate
          filter: null
        channel:
          type: HTTP
          version: 1.0.0
          config:
            uri: https://example_external_service/userDeactivate
            headers: []
            method: POST
            authScheme:
              type: HEADER
              key: authorization
        _links:
          self:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135
          verify:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/verify
            hints:
              allow:
              - POST
          deactivate:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx135/lifecycle/deactivate
            hints:
              allow:
              - POST
      - id: who8vt36qfNpCGz9H1e6
        status: ACTIVE
        verificationStatus: VERIFIED
        name: Event Hook with Filter
        description: An event hook using an Okta Expression Language filter
        created: 2023-07-07T13:41:56.000Z
        createdBy: 00u7xut94qEWYx5ss1e5
        lastUpdated: 2023-07-07T13:43:03.000Z
        events:
          type: EVENT_TYPE
          items:
          - group.user_membership.add
          filter:
            type: EXPRESSION_LANGUAGE
            eventFilterMap:
            - event: group.user_membership.add
              condition:
                version: null
                expression: "event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName\
                  \ eq 'Sales'].size()>0"
        channel:
          type: HTTP
          version: 1.0.0
          config:
            uri: https://example_external_service/userAdded
            headers: []
            method: POST
            authScheme:
              type: HEADER
              key: authorization
        _links:
          self:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
          verify:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
            hints:
              allow:
              - POST
          deactivate:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
            hints:
              allow:
              - POST
    RetrieveAllZones:
      summary: Retrieves all Network Zones
      value:
      - type: DYNAMIC_V2
        id: nzok0oz2xYHOZtIch0g4
        name: testZone106
        status: ACTIVE
        usage: BLOCKLIST
        create: 2024-05-13T16:33:44.000Z
        lastUpdated: 2024-05-13T16:33:44.000Z
        system: false
        locations:
          include: []
          exclude: []
        asns:
          include: []
          exclude: []
        ipServiceCategories:
          include:
          - ALL_ANONYMIZERS
          exclude: []
        _links:
          self:
            href: "http://{yourOktaDomain}/api/v1/zones/nzok0oz2xYHOZtIch0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "http://{yourOktaDomain}/api/v1/zones/nzok0oz2xYHOZtIch0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
      - type: DYNAMIC
        id: nzoy0ox5xADOZtKrh0g6
        name: test
        status: ACTIVE
        usage: POLICY
        created: 2022-05-19T15:33:32.000Z
        lastUpdated: 2022-05-19T15:33:32.000Z
        system: false
        locations:
        - country: AF
          region: AF-BGL
        proxyType: ANY
        asns:
        - "23457"
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzoy0ox5xADOZtKrh0g6"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzoy0ox5xADOZtKrh0g6/lifecycle/deactivate"
            hints:
              allow:
              - POST
      - type: IP
        id: nzowc1U5Jh5xuAK0o0g3
        name: MyIpZone
        status: ACTIVE
        usage: POLICY
        created: 2021-06-24T20:37:32.000Z
        lastUpdated: 2021-06-24T20:37:32.000Z
        system: false
        gateways:
        - type: CIDR
          value: 1.2.3.4/24
        proxies:
        - type: RANGE
          value: 3.3.4.5-3.3.4.15
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate"
            hints:
              allow:
              - POST
      - type: IP
        id: nzou3u0stMCmgOzXK1d6
        name: BlockedIpZone
        status: ACTIVE
        usage: BLOCKLIST
        created: 2021-06-09T21:32:46.000Z
        lastUpdated: 2021-06-09T21:32:46.000Z
        system: true
        gateways: null
        proxies: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6/lifecycle/deactivate"
            hints:
              allow:
              - POST
      - type: DYNAMIC_V2
        id: nzohcnxFrSgsiwyHp0g4
        name: DefaultEnhancedDynamicZone
        status: ACTIVE
        usage: BLOCKLIST
        created: 2024-05-06T19:12:29.000Z
        lastUpdated: 2024-05-09T21:02:31.000Z
        system: true
        locations:
          include: []
          exclude: []
        ipServiceCategories:
          include:
          - ALL_ANONYMIZERS
          exclue: []
        asns:
          include: []
          exclude: []
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0stMCmgOzXK1d6/lifecycle/deactivate"
            hints:
              allow:
              - POST
      - type: IP
        id: nzou3u0ssJfZjYsWL1d6
        name: LegacyIpZone
        status: ACTIVE
        usage: POLICY
        created: 2021-06-09T21:32:46.000Z
        lastUpdated: 2021-06-09T21:32:46.000Z
        system: true
        gateways: null
        proxies: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0ssJfZjYsWL1d6"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzou3u0ssJfZjYsWL1d6/lifecycle/deactivate"
            hints:
              allow:
              - POST
    RetrieveAllZonesWithFilter:
      summary: Retrieves Network Zones with filter
      value:
      - type: IP
        id: nzowc1U5Jh5xuAK0o0g3
        name: MyIpZone
        status: ACTIVE
        usage: POLICY
        created: 2021-06-24T20:37:32.000Z
        lastUpdated: 2021-06-24T20:37:32.000Z
        system: false
        gateways:
        - type: CIDR
          value: 1.2.3.4/24
        proxies:
        - type: RANGE
          value: 3.3.4.5-3.3.4.15
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate"
            hints:
              allow:
              - POST
    RetrieveAnEventHook:
      summary: Retrieve an event hook
      value:
        id: who8vt36qfNpCGz9H1e6
        status: ACTIVE
        verificationStatus: VERIFIED
        name: Event Hook Test
        description: null
        created: 2023-07-07T13:41:56.000Z
        createdBy: 00u7xut94qEWYx5ss1e5
        lastUpdated: 2023-07-07T13:43:03.000Z
        events:
          type: EVENT_TYPE
          items:
          - group.user_membership.add
          filter: null
        channel:
          type: HTTP
          version: 1.0.0
          config:
            uri: https://example_external_service/userAdded
            headers:
            - key: X-Other-Header
              value: my-header-value
            method: POST
            authScheme:
              type: HEADER
              key: authorization
        _links:
          self:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
          verify:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
            hints:
              allow:
              - POST
          deactivate:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
            hints:
              allow:
              - POST
    RetrieveAnEventHookWithFilter:
      summary: Retrieve an event hook
      value:
        id: who8vt36qfNpCGz9H1e6
        status: ACTIVE
        verificationStatus: VERIFIED
        name: Event Hook with Filter
        description: An event hook using an Okta Expression Language filter
        created: 2023-07-07T13:41:56.000Z
        createdBy: 00u7xut94qEWYx5ss1e5
        lastUpdated: 2023-07-07T13:43:03.000Z
        events:
          type: EVENT_TYPE
          items:
          - group.user_membership.add
          filter:
            type: EXPRESSION_LANGUAGE
            eventFilterMap:
            - event: group.user_membership.add
              condition:
                version: null
                expression: "event.target.?[type eq 'UserGroup'].size()>0 && event.target.?[displayName\
                  \ eq 'Sales'].size()>0"
        channel:
          type: HTTP
          version: 1.0.0
          config:
            uri: https://example_external_service/userAdded
            method: POST
            authScheme:
              type: HEADER
              key: authorization
        _links:
          self:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6
          verify:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/verify
          hints:
            allow:
            - POST
          deactivate:
            href: https://example.com/api/v1/eventHooks/who8tsqyrhCdmetzx1e6/lifecycle/deactivate
            hints:
              allow:
              - POST
    RetrieveAuthServerResponse:
      summary: Retrieve a custom authorization server
      value:
        id: "{authorizationServerId}"
        name: Sample Authorization Server
        description: Sample Authorization Server description
        audiences:
        - https://api.resource.com
        issuer: "https://{yourOktaDomain}/oauth2/{authorizationServerId}"
        issuerMode: ORG_URL
        status: ACTIVE
        created: 2023-05-17T22:25:57.000Z
        lastUpdated: 2023-05-17T22:25:57.000Z
        credentials:
          signing:
            rotationMode: AUTO
            lastRotated: 2023-05-17T22:25:57.000Z
            nextRotation: 2023-08-15T22:25:57.000Z
            kid: WYQxoK4XAwGFn5Zw5AzLxFvqEKLP79BbsKmWeuc5TB4
        _links:
          scopes:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes"
            hints:
              allow:
              - GET
          claims:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims"
            hints:
              allow:
              - GET
          policies:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/policies"
            hints:
              allow:
              - GET
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}"
            hints:
              allow:
              - GET
              - DELETE
              - PUT
          metadata:
          - name: oauth-authorization-server
            href: "https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/oauth-authorization-server"
            hints:
              allow:
              - GET
          - name: openid-configuration
            href: "https://{yourOktaDomain}/oauth2/{authorizationServerId}/.well-known/openid-configuration"
            hints:
              allow:
              - GET
          rotateKey:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/credentials/lifecycle/keyRotate"
            hints:
              allow:
              - POST
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
    RetrieveCurrentSessionResponse:
      summary: Retrieve current session
      value:
        amr:
        - pwd
        createdAt: 2019-08-24T14:15:22Z
        expiresAt: 2019-08-24T14:15:22Z
        id: l7FbDVqS8zHSy65uJD85
        idp:
          id: 01a2bcdef3GHIJKLMNOP
          type: ACTIVE_DIRECTORY
        lastFactorVerification: 2019-08-24T14:15:22Z
        lastPasswordVerification: 2019-08-24T14:15:22Z
        login: [email protected]
        status: ACTIVE
        userId: 00u0abcdefGHIJKLMNOP
        _links:
          self:
            hints:
              allow:
              - GET
              - DELETE
            href: "https://{yourOktaDomain}/api/v1/sessions/me"
          refresh:
            hints:
              allow:
              - POST
            href: "https://{yourOktaDomain}/api/v1/sessions/me/lifecycle/refresh"
          user:
            hints:
              allow:
              - GET
            href: "https://{yourOktaDomain}/api/v1/users/me"
            name: User Name
    RetrieveCustomTokenClaimResponse:
      summary: Retrieve a custom token Claim response
      value:
      - id: "{claimId}"
        name: Support
        status: ACTIVE
        claimType: IDENTITY
        valueType: GROUPS
        value: Support
        conditions:
          scopes:
          - profile
        system: false
        alwaysIncludeInToken: true
        apiResourceId: null
        group_filter_type: CONTAINS
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/claims/{claimId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    RetrieveFeaturesResponse:
      summary: Retrieve a feature by ID
      value:
        id: ftrZooGoT8b41iWRiQs7
        description: Example feature description
        name: Example feature name
        stage:
          state: CLOSED
          value: BETA
        status: DISABLED
        type: self-service
        _links:
          self:
            hints:
              allow:
              - POST
            href: "https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7"
          dependents:
            href: "https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents"
          dependencies:
            href: "https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies"
    RetrieveKeyResponse:
      summary: Retrieve a key by id response example
      value:
        id: HKY1p7jWLndGQV9M60g4
        keyId: 7fbc27fd-e3df-4522-86bf-1930110256ad
        name: My new key
        created: 2022-08-31T18:09:58.000Z
        lastUpdated: 2022-08-31T18:09:58.000Z
        isUsed: "false"
    RetrieveMappingsResponse:
      summary: Retrieve a single Profile Mapping
      value:
        id: prm1k47ghydIQOTBW0g4
        source:
          id: otysbePhQ3yqt4cVv0g3
          name: user
          type: user
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3"
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3"
        target:
          id: 0oa1qmn4LZQQEH0wZ0g4
          name: okta_org2org
          type: appuser
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4"
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default"
        properties:
          firstName:
            expression: user.firstName
            pushStatus: PUSH
          lastName:
            expression: user.lastName
            pushStatus: PUSH
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4"
    RetrieveNetworkZoneDynamic:
      summary: Dynamic Network Zone
      value:
        type: DYNAMIC
        id: nzoy0ox5xADOZtKrh0g6
        name: test
        status: ACTIVE
        usage: POLICY
        created: 2022-05-19T15:33:32.000Z
        lastUpdated: 2022-05-19T15:33:32.000Z
        system: false
        locations:
        - country: AF
          region: AF-BGL
        proxyType: ANY
        asns:
        - "23457"
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzoy0ox5xADOZtKrh0g6"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzoy0ox5xADOZtKrh0g6/lifecycle/deactivate"
            hints:
              allow:
              - POST
    RetrieveNetworkZoneIP:
      summary: IP Network Zone
      value:
        type: IP
        id: nzowc1U5Jh5xuAK0o0g3
        name: MyIpZone
        status: ACTIVE
        usage: POLICY
        created: 2021-06-24T20:37:32.000Z
        lastUpdated: 2021-06-24T20:37:32.000Z
        system: false
        gateways:
        - type: CIDR
          value: 1.2.3.4/24
        proxies:
        - type: RANGE
          value: 3.3.4.5-3.3.4.15
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/zones/nzowc1U5Jh5xuAK0o0g3/lifecycle/deactivate"
            hints:
              allow:
              - POST
    RetrievePublicKeyResponse:
      summary: Retrieve Public Key response example
      value:
        _embedded:
          kty: RSA
          alg: RSA
          kid: 7fbc27fd-e3df-4522-86bf-1930110256ad
          use: null
          e: AQAB
          "n": 2naqCnv6r4xNQs7207lRtKQvdtnlVND-8k5iYBIiqoKGY3CqUmRm1jleoOniiQoMkFX8Wj2DmVqr002efF3vOQ7_gjtTatBTVUNbNIQLybun4dkVoUtfP7pRc5SLpcP3eGPRVar734ZrpQXzmCEdpqBt3jrVjwYjNE5DqOjbYXFJtMsy8CWE9LRJ3kyHEoHPzo22dG_vMrXH0_sAQoCk_4TgNCbvyzVmGVYXI_BkUnp0hv2pR4bQVRYzGB9dKJdctOh8zULqc_EJ8tiYsS05YnF7whrWEyARK0rH-e4d4W-OmBTga_zhY4kJ4NsoQ4PyvcatZkxjPO92QHQOFDnf3w`
    RetrieveRefreshTokenClientResponse:
      summary: Retrieve a refresh token for a Client
      value:
      - id: "{refreshTokenId}"
        status: ACTIVE
        created: 2023-09-21T19:59:56.000Z
        lastUpdated: 2023-09-21T20:00:38.000Z
        expiresAt: 2023-09-28T20:00:38.000Z
        issuer: "https://{yourOktaDomain}/oauth2/{authorizationServerId}"
        client_id: "{clientId}"
        userId: "{userId}"
        scopes:
        - offline_access
        - openid
        _embedded:
          scopes:
          - id: "{scopeID}"
            name: offline_access
            displayName: Keep you signed in to the app
            description: "This keeps you signed in to the app, even when you aren't\
              \ using it."
            _links:
              scope:
                href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/{scopeId}"
                title: Keep you signed in to the app
          - id: "{scopeId}"
            name: openid
            displayName: openid
            description: Signals that a request is an OpenID request
            _links:
              scope:
                href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/{scopeId}"
                title: openid
        _links:
          app:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
            title: My Web App
          authorizationServer:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}"
            title: Authorization Server name
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/clients/{clientId}/tokens/{tokenId}"
          revoke:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/clients/{clientId}/tokens/{tokenId}"
            hints:
              allow:
              - DELETE
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/{clientId}"
            title: My Web App
          user:
            href: "https://{yourOktaDomain}/api/v1/users/{userId}"
            title: Joe User
    RetrieveSessionResponse:
      summary: Retrieve Session information for a single session ID
      value:
        amr:
        - pwd
        createdAt: 2019-08-24T14:15:22Z
        expiresAt: 2019-08-24T14:15:22Z
        id: l7FbDVqS8zHSy65uJD85
        idp:
          id: 01a2bcdef3GHIJKLMNOP
          type: ACTIVE_DIRECTORY
        lastFactorVerification: 2019-08-24T14:15:22Z
        lastPasswordVerification: 2019-08-24T14:15:22Z
        login: [email protected]
        status: ACTIVE
        userId: 00u0abcdefGHIJKLMNOP
        _links:
          self:
            hints:
              allow:
              - DELETE
          href: "https://{yourOktaDomain}/api/v1/sessions/l7FbDVqS8zHSy65uJD85"
    RetrieveUISchemaResponse:
      summary: Retrieves a UI Schema response
      value:
        id: uis4a7liocgcRgcxZ0g7
        uiSchema:
          type: Group
          label: Sign in
          buttonLabel: Submit
          elements:
          - type: Control
            scope: '#/properties/firstName'
            label: First name
            options:
              format: text
          - type: Control
            scope: '#/properties/lastName'
            label: Last name
            options:
              format: text
          - type: Control
            scope: '#/properties/email'
            label: Email
            options:
              format: text
          - type: Control
            scope: '#/properties/countryCode'
            label: Country code
            options:
              format: select
          - type: Control
            scope: '#/properties/bool2'
            label: bool2
            options:
              format: checkbox
          - type: Control
            scope: '#/properties/date'
            label: date
          - type: Control
            scope: '#/properties/enum'
            label: enum
            options:
              format: radio
        created: 2022-07-25T12:56:31.000Z
        lastUpdated: 2022-07-26T11:53:59.000Z
        _links:
          self:
            href: https://exmaple.com/api/v1/meta/uischemas/uis4a7liocgcRgcxZ0g7
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    RiskEventsRequestExample:
      summary: Risk Events payload example
      value:
      - timestamp: 2021-01-20T00:00:00.001Z
        subjects:
        - ip: 6.7.6.7
          riskLevel: MEDIUM
        - ip: 1.1.1.1
          riskLevel: HIGH
          message: Detected Attack tooling and suspicious activity
      - timestamp: 2021-01-20T01:00:00.001Z
        subjects:
        - ip: 6.7.6.7
          riskLevel: LOW
        - ip: 2.2.2.2
          riskLevel: HIGH
    RiskProviderPutRequest:
      summary: Replace Risk Provider request example
      value:
        name: Risk-Partner-Y
        action: enforce_and_log
        clientId: 00ckjsfgjkdkjdkkljjsd
    RiskProviderPutResponse:
      summary: Replace Risk Provider response example
      value:
        id: 00rp12r4skkjkjgsn
        action: enforce_and_log
        name: Risk-Partner-Y
        clientId: 00ckjsfgjkdkjdkkljjsd
        created: 2021-01-05 22:18:30
        lastUpdated: 2021-01-05 23:18:30
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/risk/providers/00rp12r4skkjkjgsn"
            hints:
              allow:
              - GET
              - PUT
    RiskProviderRequest:
      summary: Risk Provider payload example
      value:
        name: Risk-Partner-X
        action: log_only
        clientId: 00ckjsfgjkdkjdkkljjsd
    RiskProviderResponse:
      summary: Risk Provider response example
      value:
        id: 00rp12r4skkjkjgsn
        action: log_only
        name: Risk-Partner-X
        clientId: 00ckjsfgjkdkjdkkljjsd
        created: 2021-01-05 22:18:30
        lastUpdated: 2021-01-05 22:18:30
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/risk/providers/00rp12r4skkjkjgsn"
            hints:
              allow:
              - GET
              - PUT
    RoleAssignedUsersResponseExample:
      value:
        value:
        - id: 00u118oQYT4TBGuay0g4
          orn: orn:okta:00o5rb5mt2H3d1TJd0h7:users:00u118oQYT4TBGuay0g4
          _links:
            self:
              href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4
            roles:
              href: http://your-subdomain.okta.com/api/v1/users/00u118oQYT4TBGuay0g4/roles
        _links:
          next:
            href: http://your-subdomain.okta.com/api/v1/iam/assignees/users?after=00u118oQYT4TBGuay0g4&limit=1
    RoleRequest:
      value:
        label: UserCreator
        description: Create users
        permissions:
        - okta.users.create
        - okta.users.read
        - okta.groups.read
        - okta.users.userprofile.manage
    RoleResponse:
      value:
        id: cr0Yq6IJxGIr0ouum0g3
        label: UserCreator
        description: Create users
        created: 2021-02-06T16:20:57.000Z
        lastUpdated: 2021-02-06T16:20:57.000Z
        _links:
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions"
          self:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
    RolesResponse:
      value:
        roles:
        - id: cr0Yq6IJxGIr0ouum0g3
          label: UserCreator
          description: Create users
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            permissions:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3/permissions"
            self:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
        - id: cr0Fw7HKcWIroo88m3r1
          label: GroupMembershipManager
          description: Manage group membership
          created: 2021-02-06T16:20:57.000Z
          lastUpdated: 2021-02-06T16:20:57.000Z
          _links:
            permissions:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Fw7HKcWIroo88m3r1/permissions"
            self:
              href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Fw7HKcWIroo88m3r1"
        _links:
          next:
            href: "https://{yourOktaDomain}/api/v1/iam/roles?after=cr0Fw7HKcWIroo88m3r1"
    SAMLHookResponseExample:
      summary: A sample response for a SAML inline hook
      value:
        commands:
        - type: com.okta.assertion.patch
          value:
          - op: replace
            path: /claims/array/attributeValues/1/value
            value: replacementValue
          - op: replace
            path: /authentication/authnContext
            value:
              authnContextClassRef: replacementValue
          - op: add
            path: /claims/extPatientId
            value:
              attributes:
                NameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
              attributeValues:
              - attributes:
                  xsi:type: xs:string
                value: "4321"
          - op: add
            path: /authentication/sessionLifetime
            value: 300
        - type: com.okta.assertion.patch
          value:
          - op: replace
            path: /authentication/sessionIndex
            value: exampleSession
    SAMLHookResponseWithURIFormat:
      summary: An example with `replace` and `add` operations with the URI formatted
        claim encoded
      value:
        commands:
        - type: com.okta.assertion.patch
          value:
          - op: replace
            path: /claims/http:~1~1schemas.xmlsoap.org~1ws~12005~105~1identity~1claims~1foo/attributeValues/0/value
            value: replacementValue
          - op: replace
            path: /claims/http:~1~1schemas.xmlsoap.org~1ws~12005~105~1identity~1claims~1foo/attributes
            value:
              attributes:
                NameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
          - op: add
            path: /claims/http:~1~1schemas.xmlsoap.org~1ws~12005~105~1identity~1claims~1bar
            value:
              attributes:
                NameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:basic
              attributeValues:
              - attributes:
                  xsi:type: xs:string
                value: bearer
    SAMLPayLoadExample:
      summary: An example SAML assertion inline hook request body
      value:
        source: "https://${yourOktaDomain}/app/saml20app_1/exkth8lMzFm0HZOTU0g3/sso/saml"
        eventId: XMFoHCM1S4Wi_SGWzL8T9A
        eventTime: 2019-03-28T19:15:23.000Z
        data:
          context:
            request:
              id: reqqXypjzYJRSu2j1G1imUovA
              method: GET
              url:
                value: "https://${yourOktaDomain}/app/saml20app_1/exkth8lMzFm0HZOTU0g3/sso/saml"
              ipAddress: 127.0.0.1
            protocol:
              type: SAML2.0
              issuer:
                id: 0oath92zlO60urQOP0g3
                name: SAML 2.0 App
                uri: http://www.okta.com/exkth8lMzFm0HZOTU0g3
            session:
              id: 102LN9Bnuc4S_ewfc9BYwageA
              userId: 00uq8tMo3zV0OfJON0g3
              login: [email protected]
              createdAt: 2019-03-28T16:45:55.000Z
              expiresAt: 2019-03-28T21:15:23.000Z
              status: ACTIVE
              lastPasswordVerification: 2019-03-28T16:45:55.000Z
              amr:
              - PASSWORD
              idp:
                id: 00oq6kcVwvrDY2YsS0g3
                type: OKTA
              mfaActive: false
            user:
              id: 00uq8tMo3zV0OfJON0g3
              passwordChanged: 2018-09-11T23:19:12.000Z
              profile:
                login: [email protected]
                firstName: Admin
                lastName: Last
                locale: en
                timeZone: America/Los_Angeles
              _links:
                groups:
                  href: "https://${yourOktaDomain}/00uq8tMo3zV0OfJON0g3/groups"
                factors:
                  href: "https://${yourOktaDomain}/api/v1/users/00uq8tMo3zV0OfJON0g3/factors"
          assertion:
            subject:
              nameId: [email protected]
              nameFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
              confirmation:
                method: urn:oasis:names:tc:SAML:2.0:cm:bearer
                data:
                  recipient: http://www.example.com:7070/saml/sso
            authentication:
              sessionIndex: id1553800523546.312669168
              authnContext:
                authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            conditions:
              audienceRestriction:
              - urn:example:sp
            claims:
              extPatientId:
                attributes:
                  NameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
                attributeValues:
                - attributes:
                    xsi:type: xs:integer
                  value: "4321"
              array:
                attributes:
                  NameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
                attributeValues:
                - attributes:
                    xsi:type: xs:string
                  value: Array 1
                - attributes:
                    xsi:type: xs:string
                  value: Array2
                - attributes:
                    xsi:type: xs:string
                  value: Array3
              middle:
                attributes:
                  NameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
                attributeValues:
                - attributes:
                    xsi:type: xs:string
                  value: admin
              firstAndLast:
                attributes:
                  NameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
                attributeValues:
                - attributes:
                    xsi:type: xs:string
                  value: 7d6a50c8-4d7e-4058-9c5b-2cc98cecd294
            lifetime:
              expiration: 300
        eventTypeVersion: "1.0"
        cloudEventVersion: "0.1"
        eventType: com.okta.saml.tokens.transform
        contentType: application/json
    SMSTemplateEditablePropertyValues:
      value:
        name: Custom
        type: SMS_VERIFY_CODE
        template: "${org.name}: your verification code is ${code}"
        translations:
          es: "${org.name}: el código de verificación es ${code}"
          fr: "${org.name}: votre code de vérification est ${code}"
          it: "${org.name}: il codice di verifica è ${code}"
    SMSTemplateListResponse:
      value:
      - id: 6NQUJ5yR3bpgEiYmq8IC
        name: Custom
        type: SMS_VERIFY_CODE
        template: "${org.name}: your verification code is ${code}"
        translations:
          es: "${org.name}: el código de verificación es ${code}"
          fr: "${org.name}: votre code de vérification est ${code}"
          it: "${org.name}: il codice di verifica è ${code}"
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
    SMSTemplateResponseValues:
      value:
        id: 6NQUJ5yR3bpgEiYmq8IC
        name: Custom
        type: SMS_VERIFY_CODE
        template: "${org.name}: your verification code is ${code}"
        translations:
          es: "${org.name}: el código de verificación es ${code}"
          fr: "${org.name}: votre code de vérification est ${code}"
          it: "${org.name}: il codice di verifica è ${code}"
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
    Saml2.0Ex:
      summary: SAML_2_0
      value:
        label: Example Custom SAML 2.0 App
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
        signOnMode: SAML_2_0
        settings:
          signOn:
            defaultRelayState: ""
            ssoAcsUrl: http://testorgone.okta
            idpIssuer: "http://www.okta.com/${org.externalKey}"
            audience: asdqwe123
            recipient: http://testorgone.okta
            destination: http://testorgone.okta
            subjectNameIdTemplate: "${user.userName}"
            subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
            responseSigned: true
            assertionSigned: true
            signatureAlgorithm: RSA_SHA256
            digestAlgorithm: SHA256
            honorForceAuthn: true
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            samlAssertionLifetimeSeconds: 3600
            slo:
              enabled: true
              issuer: https://testorgone.okta.com
              logoutUrl: https://testorgone.okta.com/logout
            participateSlo:
              enabled: true
              logoutRequestUrl: https://testorgone.okta.com/logout/participate
              sessionIndexRequired: true
              bindingType: REDIRECT
            spCertificate:
              x5c:
              - "MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV\r\
                \n"
            requestCompressed: false
            allowMultipleAcsEndpoints: true
            acsEndpoints:
            - url: http://testorgone.okta
              index: 0
            - url: http://testorgone.okta/1
              index: 1
            attributeStatements:
            - type: EXPRESSION
              name: Attribute
              namespace: urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
              values:
              - Value
    Saml2.0PutEx:
      summary: SAML_2_0
      value:
        label: Example Custom SAML 2.0 App updated
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
        signOnMode: SAML_2_0
        settings:
          signOn:
            defaultRelayState: ""
            ssoAcsUrl: http://testorgone.okta
            idpIssuer: "http://www.okta.com/${org.externalKey}"
            audience: asdqwe123
            recipient: http://testorgone.okta
            destination: http://testorgone.okta
            subjectNameIdTemplate: "${user.userName}"
            subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
            responseSigned: true
            assertionSigned: true
            signatureAlgorithm: RSA_SHA256
            digestAlgorithm: SHA256
            honorForceAuthn: true
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            samlAssertionLifetimeSeconds: 3600
            slo:
              enabled: true
              issuer: https://testorgone.okta.com
              logoutUrl: https://testorgone.okta.com/logout
            participateSlo:
              enabled: true
              logoutRequestUrl: https://testorgone.okta.com/logout/participate
              sessionIndexRequired: true
              bindingType: REDIRECT
            spCertificate:
              x5c:
              - "MIIFnDCCA4QCCQDBSLbiON2T1zANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxDjAMBgNV\r\
                \n..."
            requestCompressed: false
            allowMultipleAcsEndpoints: true
            acsEndpoints:
            - url: http://testorgone.okta
              index: 0
            - url: http://testorgone.okta/1
              index: 1
            attributeStatements:
            - type: EXPRESSION
              name: Attribute
              namespace: urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
              values:
              - Value
    Saml2.0PutResponseEx:
      summary: SAML_2_0
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            testorgone_examplecustomsaml20app_1_link: true
        name: testorgone_examplecustomsaml20app_1
        label: Example Custom SAML 2.0 App updated
        features: []
        signOnMode: SAML_2_0
        credentials:
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          signing:
            kid: mh_16Cc8sIfHMFDMlHnp194cxKvJ6yXqs_mNn_6ZC0Q
        settings:
          app: {}
          signOn:
            defaultRelayState: null
            ssoAcsUrl: http://testorgone.okta
            idpIssuer: "http://www.okta.com/${org.externalKey}"
            audience: asdqwe123
            recipient: http://testorgone.okta
            destination: http://testorgone.okta
            subjectNameIdTemplate: "${user.userName}"
            subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
            responseSigned: true
            assertionSigned: true
            signatureAlgorithm: RSA_SHA256
            digestAlgorithm: SHA256
            honorForceAuthn: true
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            spIssuer: https://testorgone.okta.com
            samlAssertionLifetimeSeconds: 3600
            slo:
              enabled: true
              issuer: https://testorgone.okta.com
              logoutUrl: https://testorgone.okta.com/logout
            requestCompressed: false
            allowMultipleAcsEndpoints: false
            acsEndpoints: []
            samlSignedRequestEnabled: false
            attributeStatements:
            - type: EXPRESSION
              name: Attribute
              namespace: urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
              values:
              - Value
            inlineHooks: []
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    Saml2.0ResponseEx:
      summary: SAML_2_0
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            testorgone_examplecustomsaml20app_1_link: true
        name: testorgone_examplecustomsaml20app_1
        label: Example Custom SAML 2.0 App
        features: []
        signOnMode: SAML_2_0
        credentials:
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          signing:
            kid: mh_16Cc8sIfHMFDMlHnp194cxKvJ6yXqs_mNn_6ZC0Q
        settings:
          app: {}
          signOn:
            defaultRelayState: null
            ssoAcsUrl: http://testorgone.okta
            idpIssuer: "http://www.okta.com/${org.externalKey}"
            audience: asdqwe123
            recipient: http://testorgone.okta
            destination: http://testorgone.okta
            subjectNameIdTemplate: "${user.userName}"
            subjectNameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
            responseSigned: true
            assertionSigned: true
            signatureAlgorithm: RSA_SHA256
            digestAlgorithm: SHA256
            honorForceAuthn: true
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            spIssuer: https://testorgone.okta.com
            samlAssertionLifetimeSeconds: 3600
            slo:
              enabled: true
              issuer: https://testorgone.okta.com
              logoutUrl: https://testorgone.okta.com/logout
            requestCompressed: false
            allowMultipleAcsEndpoints: false
            acsEndpoints: []
            samlSignedRequestEnabled: false
            attributeStatements:
            - type: EXPRESSION
              name: Attribute
              namespace: urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
              values:
              - Value
            inlineHooks: []
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    SamlIdPResponse:
      summary: SAML 2.0 Identity Provider
      value:
        id: 0oa62bc8wppPw0UGr0h7
        type: SAML2
        name: Example SAML IdP
        status: ACTIVE
        created: 2016-03-24T23:14:54.000Z
        lastUpdated: 2016-03-24T23:14:54.000Z
        protocol:
          type: SAML2
          endpoints:
            sso:
              url: https://idp.example.com
              binding: HTTP-POST
              destination: https://idp.example.com
            acs:
              binding: HTTP-POST
              type: INSTANCE
          algorithms:
            request:
              signature:
                algorithm: SHA-256
                scope: REQUEST
            response:
              signature:
                algorithm: SHA-256
                scope: ANY
          settings:
            nameFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
          credentials:
            trust:
              issuer: https://idp.example.com
              audience: http://www.okta.com/123
              kid: your-key-id
        policy:
          provisioning:
            action: AUTO
            profileMaster: true
            groups:
              action: NONE
            conditions:
              deprovisioned:
                action: NONE
              suspended:
                action: NONE
          accountLink:
            filter: null
            action: AUTO
          subject:
            userNameTemplate:
              template: saml.subjectNameId
            filter: (\S+@example\.com)
            matchType: USERNAME
          mapAMRClaims: false
          maxClockSkew: 0
        _links:
          metadata:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bc8wppPw0UGr0h7/metadata.xml"
            type: application/xml
            hints:
              allow:
              - GET
          acs:
            href: "https://{yourOktaDomain}/sso/saml2/0oa62bc8wppPw0UGr0h7"
            type: application/xml
            hints:
              allow:
              - POST
          users:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bc8wppPw0UGr0h7/users"
            hints:
              allow:
              - GET
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/idps/0oa62bc8wppPw0UGr0h7/lifecycle/deactivate"
            hints:
              allow:
              - POST
    SecurePasswordStoreEx:
      summary: SECURE_PASSWORD_STORE
      value:
        name: template_sps
        label: Example SWA App
        signOnMode: SECURE_PASSWORD_STORE
        settings:
          app:
            url: https://example.com/login.html
            passwordField: '#txtbox-password'
            usernameField: '#txtbox-username'
            optionalField1: param1
            optionalField1Value: somevalue
            optionalField2: param2
            optionalField2Value: yetanothervalue
            optionalField3: param3
            optionalField3Value: finalvalue
    SecurePasswordStorePutEx:
      summary: SECURE_PASSWORD_STORE
      value:
        name: template_sps
        label: Example SWA App updated
        signOnMode: SECURE_PASSWORD_STORE
        settings:
          app:
            url: https://example.com/login.html
            passwordField: '#txtbox-password'
            usernameField: '#txtbox-username'
            optionalField1: param1
            optionalField1Value: somevalue_updated
            optionalField2: param2
            optionalField2Value: yetanothervalue
            optionalField3: param3
            optionalField3Value: finalvalue_updated
    SecurePasswordStorePutResponseEx:
      summary: SECURE_PASSWORD_STORE
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: template_sps
        label: Example SWA App updated
        features: []
        signOnMode: SECURE_PASSWORD_STORE
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          revealPassword: false
          signing: {}
        settings:
          app:
            url: https://example.com/login.html
            passwordField: '#txtbox-password'
            usernameField: '#txtbox-username'
            optionalField1: param1
            optionalField1Value: somevalue_updated
            optionalField2: param2
            optionalField2Value: yetanothervalue
            optionalField3: param3
            optionalField3Value: finalvalue_updated
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    SecurePasswordStoreResponseEx:
      summary: SECURE_PASSWORD_STORE
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: template_sps
        label: Example SWA App
        features: []
        signOnMode: SECURE_PASSWORD_STORE
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          revealPassword: false
          signing: {}
        settings:
          app:
            url: https://example.com/login.html
            passwordField: '#txtbox-password'
            usernameField: '#txtbox-username'
            optionalField1: param1
            optionalField1Value: somevalue
            optionalField2: param2
            optionalField2Value: yetanothervalue
            optionalField3: param3
            optionalField3Value: finalvalue
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    SecurityEventsProviderRequestIssuerAndJwksUrl:
      summary: Provider with issuer and JWKS
      value:
        name: Security Events Provider with an issuer and a JWKS URL
        type: okta
        settings:
          issuer: Issuer
          jwks_url: https://example.okta.com/jwks/path
    SecurityEventsProviderRequestWellKnownUrl:
      summary: Provider with well-known URL
      value:
        name: Security Events Provider with well-known URL
        type: okta
        settings:
          well_known_url: https://example.okta.com/.well-known/ssf-configuration
    SecurityEventsProviderResponseIssuerAndJwksUrl:
      summary: Provider with issuer and JWKS
      value:
        id: sse1qu4fUtsoD12iF0g5
        name: Security Events Provider with an issuer and a JWKS URL
        type: okta
        status: ACTIVE
        settings:
          issuer: Issuer
          jwks_url: https://example.okta.com/jwks/path
        _links:
          self:
            href: https://example.okta.com/api/v1/security-events-providers/sse1qu4fUtsoD12iF0g5
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: https://example.okta.com/api/v1/security-events-providers/sse1qu4fUtsoD12iF0g5/lifecycle/deactivate
            hints:
              allow:
              - POST
    SecurityEventsProviderResponseWellKnownUrl:
      summary: Provider with well-known URL
      value:
        id: sse1qg25RpusjUP6m0g5
        name: Security Events Provider with well-known URL
        type: okta
        status: ACTIVE
        settings:
          well_known_url: https://example.okta.com/.well-known/ssf-configuration
          issuer: Issuer
          jwks_url: https://example.okta.com/jwks/path
        _links:
          self:
            href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: https://example.okta.com/api/v1/security-events-providers/sse1qg25RpusjUP6m0g5/lifecycle/deactivate
            hints:
              allow:
              - POST
    SimulatePolicyBody:
      description: Simulate policy request body
      summary: Simulate policy request body
      value:
        policyType:
        - OKTA_SIGN_ON
        - MFA_ENROLL
        appInstance: 0oa4eroj3nYCIJIW70g7
        policyContext:
          groups:
            ids:
            - 00g4eralvekR5RLuS0g7
            - 00g4eralvekR5RLuS0g8
          risk:
            level: LOW
          zones:
            ids:
            - nzo4eralxcRnbIHYJ0g7
          device:
            platform: IOS
            registered: true
            managed: true
    SimulatePolicyElExpressionBody:
      description: Simulate policy request body with EL context
      summary: Simulate policy request body with EL context
      value:
        appInstance: 0oa4fdudGhhB5FNKR0g4
        policyContext:
          user:
            id: 00u10wvS3zms2JVaO0g4
            status: ACTIVE
            created: 2024-04-29T18:05:24.000Z
            lastUpdated: 2024-04-29T18:05:24.000Z
            passwordChanged: 2024-04-29T18:05:24.000Z
            lastLogin: 2024-04-29T18:05:24.000Z
            profile:
              city: string
              costCenter: string
              countryCode: st
              department: string
              displayName: string
              division: string
              email: [email protected]
              employeeNumber: string
              firstName: string
              honorificPrefix: string
              honorificSuffix: string
              lastName: string
              locale: string
              login: string
              manager: string
              managerId: string
              middleName: string
              mobilePhone: string
              nickName: string
              organization: string
              postalAddress: string
              preferredLanguage: string
              primaryPhone: string
              profileUrl: string
              secondEmail: [email protected]
              state: string
              streetAddress: string
              timezone: string
              title: string
              userType: string
              zipCode: string
    SimulatePolicyElExpressionResponse:
      description: Simulate policy response body with EL Context
      summary: Simulate policy response body with EL Context
      value:
        evaluation:
        - status: null
          policyType: OKTA_SIGN_ON
          result:
            policies:
            - id: 00p4eromwukk6qUku0g7
              name: test policy
              status: MATCH
              conditions: []
              rules:
              - id: 0pr4erof85nGcyC7Y0g7
                name: test rule
                status: MATCH
                conditions:
                - type: people.groups.include
                  status: MATCH
          undefined:
            policies: []
          evaluated:
            policies: []
        - status: null
          policyType: MFA_ENROLL
          result:
            policies:
            - id: 00p4eram2kw1aLcrx0g7
              name: Default Policy
              status: MATCH
              conditions: []
              rules:
              - id: 0pr4eram2lMQT5FZF0g7
                name: null
                status: MATCH
                conditions: []
          undefined:
            policies: []
          evaluated:
            policies: []
        - status: null
          policyType: ACCESS_POLICY
          result:
            policies:
            - id: rst4eram06ZKZewEe0g7
              name: Any two factors
              status: MATCH
              conditions: []
              rules:
              - id: rul4eram07VsWgybo0g7
                name: Catch-all rule
                status: MATCH
                conditions: []
          undefined:
            policies: []
          evaluated:
            policies: []
        - status: null
          policyType: PROFILE_ENROLLMENT
          result:
            policies:
            - id: rst4eram08ZSjPTOl0g7
              name: Default Policy
              status: MATCH
              conditions: []
              rules:
              - id: rul4eram094PrQ2BX0g7
                name: Catch-all rule
                status: MATCH
                conditions: []
          undefined:
            policies: []
          evaluated:
            policies: []
    SimulatePolicyResponse:
      description: Simulate policy response body
      summary: Simulate policy response body
      value:
        evaluation:
        - status: null
          policyType: OKTA_SIGN_ON
          result:
            policies:
            - id: 00p4eromwukk6qUku0g7
              name: test policy
              status: MATCH
              conditions: []
              rules:
              - id: 0pr4erof85nGcyC7Y0g7
                name: test rule
                status: MATCH
                conditions:
                - type: people.groups.include
                  status: MATCH
          undefined:
            policies: []
          evaluated:
            policies: []
        - status: null
          policyType: MFA_ENROLL
          result:
            policies:
            - id: 00p4eram2kw1aLcrx0g7
              name: Default Policy
              status: MATCH
              conditions: []
              rules:
              - id: 0pr4eram2lMQT5FZF0g7
                name: null
                status: MATCH
                conditions: []
          undefined:
            policies: []
          evaluated:
            policies: []
        - status: null
          policyType: ACCESS_POLICY
          result:
            policies:
            - id: rst4eram06ZKZewEe0g7
              name: Any two factors
              status: MATCH
              conditions: []
              rules:
              - id: rul4eram07VsWgybo0g7
                name: Catch-all rule
                status: MATCH
                conditions: []
          undefined:
            policies: []
          evaluated:
            policies: []
        - status: null
          policyType: PROFILE_ENROLLMENT
          result:
            policies:
            - id: rst4eram08ZSjPTOl0g7
              name: Default Policy
              status: MATCH
              conditions: []
              rules:
              - id: rul4eram094PrQ2BX0g7
                name: Catch-all rule
                status: MATCH
                conditions: []
          undefined:
            policies: []
          evaluated:
            policies: []
    SmartCardIdPResponse:
      summary: SmartCard Identity Provider
      value:
        id: 0oa6jxasyhwM2ZHJh0g4
        type: X509
        name: Smart Card IDP Name
        status: ACTIVE
        created: 2020-01-07T00:19:27.000Z
        lastUpdated: 2020-01-07T00:19:27.000Z
        properties:
          additionalAmr:
          - sc
          - hwk
          - pin
          - mfa
        protocol:
          type: MTLS
          endpoints:
            sso:
              url: "https://{yourOktaDomain}.okta.com/login/cert"
          credentials:
            trust:
              issuer: "CN=Test Smart Card, OU=Test OU, O=Test O, C=US"
              audience: null
              kid: 45dec5ff-8cdc-48c0-85fe-a4869f1753dc
              revocation: CRL
              revocationCacheLifetime: 2880
        policy:
          provisioning:
            action: DISABLED
            profileMaster: false
            groups: null
          subject:
            userNameTemplate:
              template: idpuser.subjectAltNameEmail
            filter: null
            matchType: EMAIL
            matchAttribute: null
          mapAMRClaims: false
          maxClockSkew: 120000
        _links:
          deactivate:
            href: "https://{yourOktaDomain}.okta.com/api/v1/idps/0oa6jxasyhwM2ZHJh0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
          users:
            href: "https://{yourOktaDomain}.okta.com/api/v1/idps/0oa6jxasyhwM2ZHJh0g4/users"
            hints:
              allow:
              - GET
          keys:
            href: "https://{yourOktaDomain}.okta.com/api/v1/idps/credentials/keys/45dec5ff-8cdc-48c0-85fe-a4869f1753dc"
            hints:
              allow:
              - GET
    SocialAuthTokensResponse:
      summary: Social Authentication Tokens
      value:
      - id: 
        token: JBTWGV22G4ZGKV3N
        tokenType: urn:ietf:params:oauth:token-type:access_token
        tokenAuthScheme: Bearer
        expiresAt: 2014-08-06T16:56:31.000Z
        scopes:
        - openid
        - foo
      - id: 
        token: JBTWGV22G4ZJBRXJ
        tokenType: urn:ietf:params:oauth:token-type:id_token
        tokenAuthScheme: null
    StandardAndCustomRolesListResponse:
      value:
      - id: IFIFAX2BIRGUSTQ
        label: Application Administrator
        type: APP_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:17:40.000Z
        lastUpdated: 2019-02-06T16:17:40.000Z
        assignmentType: USER
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00ur32Vg0fvpyHZeQ0g3"
      - id: JBCUYUC7IRCVGS27IFCE2SKO
        label: Help Desk Administrator
        type: HELP_DESK_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:17:40.000Z
        lastUpdated: 2019-02-06T16:17:40.000Z
        assignmentType: USER
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00ur32Vg0fvpyHZeQ0g3"
      - id: ra125eqBFpETrMwu80g4
        label: Organization Administrator
        type: ORG_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:17:40.000Z
        lastUpdated: 2019-02-06T16:17:40.000Z
        assignmentType: USER
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00ur32Vg0fvpyHZeQ0g3"
      - id: gra25fapn1prGTBKV0g4
        label: API Access Management Administrator
        type: API_ACCESS_MANAGEMENT_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: GROUP
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/groups/00g1ousb3XCr9Dkr20g4"
      - id: irb1q92TFAHzySt3x0g4
        role: cr0Yq6IJxGIr0ouum0g3
        label: UserCreatorRole
        type: CUSTOM
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: USER
        resource-set: iamoJDFKaJxGIr0oamd9g
        _links:
          assignee:
            href": "https://{yourOktaDomain}/api/v1/users/00u1gytb3XCr9Dkr18r2"
          resource-set:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g"
          member:
            href: "https://{yourOktaDomain}/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3/members/irb1qe6PGuMc7Oh8N0g4"
          role:
            href: "https://{yourOktaDomain}/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
          permissions:
            href: "https://{yourOktaDomain}/api/v1/iam/permission-sets/cr0Yq6IJxGIr0ouum0g3/permissions"
      - id: irb5e92YgBazyyQ3x1q5
        role: cr0Yq6IJxGIr0ouum0g3
        label: UserCreatorRole
        type: CUSTOM
        status: ACTIVE
        created: 2019-02-06T16:20:57.000Z
        lastUpdated: 2019-02-06T16:20:57.000Z
        assignmentType: GROUP
        resource-set: iamoakjsdQaJxGIr03int1o
        _links:
          assignee:
            href: "https://{ yourOktaDomain }/api/v1/groups/00g1ousb3XCr9Dkr20g4"
          resource-set:
            href: "https://{ yourOktaDomain }/api/v1/iam/resource-sets/iamoakjsdQaJxGIr03int1o"
          member:
            href: "https://{ yourOktaDomain }/api/v1/iam/resource-sets/iamoJDFKaJxGIr0oamd9g/bindings/cr0Yq6IJxGIr0ouum0g3/members/irb1qe6PGuMc7Oh8N0g4"
          role:
            href: "https://{ yourOktaDomain }/api/v1/iam/roles/cr0Yq6IJxGIr0ouum0g3"
          permissions:
            href: "https://{ yourOktaDomain }/api/v1/iam/permission-sets/cr0Yq6IJxGIr0ouum0g3/permissions"
    StandardRoleAssignmentRequest:
      value:
        type: HELP_DESK_ADMIN
    StandardRoleResponseClient:
      value:
        id: JBCUYUC7IRCVGS27IFCE2SKO
        label: Help Desk Administrator
        type: HELP_DESK_ADMIN
        status: ACTIVE
        created: 2023-05-01T14:24:54.000Z
        lastUpdated: 2023-05-01T14:24:54.000Z
        assignmentType: CLIENT
        _links:
          assignee:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/0jrabyQWm4B9zVJPbotY/roles"
    StandardRoleResponseUser:
      value:
        id: ra1b8anIk7rx7em7L0g4
        label: Super Organization Administrator
        type: SUPER_ADMIN
        status: ACTIVE
        created: 2015-09-06T15:28:47.000Z
        lastUpdated: 2015-09-06T15:28:47.000Z
        assignmentType: USER
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
    StandardRolesListResponse:
      value:
      - id: IFIFAX2BIRGUSTQ
        label: Application Administrator
        type: APP_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:17:40.000Z
        lastUpdated: 2019-02-06T16:17:40.000Z
        assignmentType: USER
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00ur32Vg0fvpyHZeQ0g3"
      - id: JBCUYUC7IRCVGS27IFCE2SKO
        label: Help Desk Administrator
        type: HELP_DESK_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:17:40.000Z
        lastUpdated: 2019-02-06T16:17:40.000Z
        assignmentType: USER
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00ur32Vg0fvpyHZeQ0g3"
      - id: ra125eqBFpETrMwu80g4
        label: Organization Administrator
        type: ORG_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:17:40.000Z
        lastUpdated: 2019-02-06T16:17:40.000Z
        assignmentType: USER
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00ur32Vg0fvpyHZeQ0g3"
      - id: gra25fapn1prGTBKV0g4
        label: API Access Management Administrator
        type: API_ACCESS_MANAGEMENT_ADMIN
        status: ACTIVE
        created": 2019-02-06T16:20:57.000Z
        lastUpdated": 2019-02-06T16:20:57.000Z
        assignmentType": GROUP
        _links":
          assignee":
            href": "https://{yourOktaDomain}/api/v1/groups/00g1ousb3XCr9Dkr20g4"
    StandardRolesListResponseClient:
      value:
      - id: JBCUYUC7IRCVGS27IFCE2SKO
        label: Help Desk Administrator
        type: HELP_DESK_ADMIN
        status: ACTIVE
        created: 2023-05-01T14:24:54.000Z
        lastUpdated: 2023-05-01T14:24:54.000Z
        assignmentType: CLIENT
        _links:
          assignee:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/0jrabyQWm4B9zVJPbotY/roles"
    StandardRolesListResponseGroup:
      value:
      - id: IFIFAX2BIRGUSTQ
        label: Application Administrator
        type: APP_ADMIN
        status: ACTIVE
        created: 2019-02-06T16:17:40.000Z
        lastUpdated: 2019-02-06T16:17:40.000Z
        assignmentType: GROUP
        _links:
          assignee:
            href: "https://{yourOktaDomain}/api/v1/users/00ur32Vg0fvpyHZeQ0g3"
    SubmissionOidcRequest:
      summary: Submission OIDC request example
      value:
        name: Strawberry Central
        description: Your one source for in-season strawberry deals
        logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
        sso:
          oidc:
            redirectUris:
            - "https://${org.subdomain}.example.com/strawberry/oidc/login"
            initiateLoginUri: "https://${org.subdomain}.example.com/strawberry/oidc/sp-init"
            postLogoutUris:
            - "https://${org.subdomain}.example.com/strawberry/oidc/logged-out"
            doc: https://example.com/strawberry/help/oidcSetup
        config:
        - name: subdomain
          label: Subdomain
    SubmissionOidcResponse:
      summary: Submission OIDC response example
      value:
        id: acme_strawberrycentral_1
        name: Strawberry Central
        description: Your one source for in-season strawberry deals
        logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
        sso:
          oidc:
            redirectUris:
            - "https://${org.subdomain}.example.com/strawberry/oidc/login"
            initiateLoginUri: "https://${org.subdomain}.example.com/strawberry/oidc/sp-init"
            postLogoutUris:
            - "https://${org.subdomain}.example.com/strawberry/oidc/logged-out"
            doc: https://example.com/strawberry/help/oidcSetup
        config:
        - name: subdomain
          label: Subdomain
        status: New
        lastUpdated: 2023-08-24T14:15:22.000Z
        lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
        lastPublished: 2023-09-01T13:23:45.000Z
    SubmissionSamlRequest:
      summary: Submission SAML request example
      value:
        name: Strawberry Central
        description: Your one source for in-season strawberry deals
        logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
        sso:
          saml:
            acs:
            - url: "https://${org.subdomain}.example.com/saml/login"
            entityId: "https://${org.subdomain}.example.com"
            claims:
            - name: manager
              values:
              - "${user.manager}"
            groups:
            - name: groups
            doc: https://example.com/strawberry/help/samlSetup
        config:
        - name: subdomain
          label: Subdomain
    SubmissionSamlResponse:
      summary: Submission SAML response example
      value:
        id: acme_strawberrycentral_1
        name: Strawberry Central
        description: Your one source for in-season strawberry deals
        logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
        sso:
          saml:
            acs:
            - url: "https://${org.subdomain}.example.com/saml/login"
            entityId: "https://${org.subdomain}.example.com"
            claims:
            - name: manager
              values:
              - "${user.manager}"
            groups:
            - name: groups
            doc: https://example.com/strawberry/help/samlSetup
        config:
        - name: subdomain
          label: Subdomain
        status: To be reviewed by Okta
        lastUpdated: 2023-08-24T14:15:22.000Z
        lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
        lastPublished: null
    SubmissionsResponse:
      summary: Submission list example
      value:
      - id: acme_strawberrycentral_1
        name: Strawberry Central
        description: Your one source for in-season strawberry deals
        logo: https://acme.okta.com/bc/image/fileStoreRecord?id=fs03xxd3KmkDBwJU80g4
        sso:
          saml:
            acs:
            - url: "https://${org.subdomain}.example.com/saml/login"
            entityId: "https://${org.subdomain}.example.com"
            claims:
            - name: manager
              values:
              - "${user.manager}"
            groups:
            - name: groups
            doc: https://example.com/strawberry/help/samlSetup
        config:
        - name: subdomain
          label: Subdomain
        status: Complete
        lastUpdated: 2023-08-24T14:15:22.000Z
        lastUpdatedBy: 00ub0oNGTSWTBKOLGLNR
        lastPublished: 2023-09-01T13:23:45.000Z
    SupportedFactorResults:
      value:
      - factorType: question
        provider: OKTA
        vendorName: OKTA
        _links:
          questions:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/questions"
            hints:
              allow:
              - GET
          enroll:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors"
            hints:
              allow:
              - POST
      - factorType: token:software:totp
        provider: OKTA
        _links:
          enroll:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors"
            hints:
              allow:
              - POST
      - factorType: token:software:totp
        provider: GOOGLE
        _links:
          enroll:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors"
            hints:
              allow:
              - POST
      - factorType: sms
        provider: OKTA
        vendorName: OKTA
        _links:
          enroll:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors"
            hints:
              allow:
              - POST
        _embedded:
          phones:
          - id: mblldntFJevYKbyQQ0g3
            profile:
              phoneNumber: "+14081234567"
            status: ACTIVE
      - factorType: call
        provider: OKTA
        _links:
          enroll:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors"
            hints:
              allow:
              - POST
      - factorType: token
        provider: RSA
        _links:
          enroll:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors"
            hints:
              allow:
              - POST
      - factorType: token
        provider: SYMANTEC
        _links:
          enroll:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors"
            hints:
              allow:
              - POST
    TelephonyFailureResponse:
      summary: A sample response for external webservice returning failure
      value:
        error:
        - errorSummary: Failed to deliver SMS OTP to [email protected]
        - errorCauses:
            errorSummary: Provider could not deliver OTP
            reason: The content of the message is not supported
            location: South Africa
    TelephonyPayloadExample:
      summary: An example Telephony inline hook request body
      value:
        eventId: uS5871kJThSsU8qlA1LTcg
        eventTime: 2020-01-17T21:23:56.000Z
        eventType: com.okta.telephony.provider
        eventTypeVersion: "1.0"
        contentType: application/json
        cloudEventVersion: "0.1"
        source: "https://${yourOktaDomain}/api/v1/inlineHooks/cbl2ad6phv9fsPLcF0g7"
        data:
          context:
            request:
              id: reqRgSk8IBBRhuo0YdlEDTmUw
              method: POST
              url:
                value: /api/internal/v1/inlineHooks/com.okta.telephony.provider/generatePreview
              ipAddress: 127.0.0.1
          userProfile:
            firstName: test
            lastName: user
            login: [email protected]
            userId: 00uyxxSknGtK8022w0g3
          messageProfile:
            msgTemplate: (HOOK)Your code is 11111
            phoneNumber: 9876543210
            otpExpires: 2022-01-28T21:48:34.321Z
            deliveryChannel: SMS
            otpCode: 11111
            locale: EN-US
    TelephonySuccessResponse:
      summary: A sample response for external webservice returning success
      value:
        commands:
        - type: com.okta.telephony.action
        - value:
            status: FAILURE
            provider: VONAGE
            transactionId: SM49a8ece2822d44e4adaccd7ed268f954
            transactionMetadata: Duration=300ms
    TestInfoOidcRequest:
      summary: OIDC SSO Submission Testing Information request
      value:
        testAccount:
          url: https://example.com/strawberry/login
          username: [email protected]
          password: sUperP@ssw0rd
          instructions: Go to your app URL from a browser and enter your credentials
        escalationSupportContact: [email protected]
        oidcTestConfiguration:
          jit: false
          spInitiateUrl: https://test.example.com/strawberry/oidc/sp-init
    TestInfoOidcResponse:
      summary: OIDC SSO Submission Testing Information response
      value:
        testAccount:
          url: https://example.com/strawberry/login
          username: [email protected]
          password: sUperP@ssw0rd
          instructions: Go to your app URL from a browser and enter your credentials
        escalationSupportContact: [email protected]
        oidcTestConfiguration:
          idp: true
          sp: true
          jit: false
          spInitiateUrl: https://test.example.com/strawberry/oidc/sp-init
    TestInfoSamlRequest:
      summary: SAML SSO Submission Testing Information request
      value:
        testAccount:
          url: https://example.com/strawberry/login
          username: [email protected]
          password: sUperP@ssw0rd
          instructions: Go to your app URL from a browser and enter your credentials
        escalationSupportContact: [email protected]
        samlTestConfiguration:
          idp: true
          sp: true
          jit: false
          spInitiateUrl: https://test.example.com/strawberry/saml/sp-init
          spInitiateDescription: Go to the app URL from a browser and enter your username
    TestInfoSamlResponse:
      summary: SAML SSO Submission Testing Information response
      value:
        testAccount:
          url: https://example.com/strawberry/login
          username: [email protected]
          password: sUperP@ssw0rd
          instructions: Go to your app URL from a browser and enter your credentials
        escalationSupportContact: [email protected]
        samlTestConfiguration:
          idp: true
          sp: true
          jit: false
          spInitiateUrl: https://test.example.com/strawberry/saml/sp-init
          spInitiateDescription: Go to the app URL from a browser and enter your username
    ThreatInsightResponseExample:
      summary: ThreatInsight response
      value:
        action: none
        excludeZones: []
        created: 2020-08-05T22:18:30.629Z
        lastUpdated: 2020-08-05T22:18:30.629Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/threats/configuration"
            hints:
              allow:
              - GET
              - POST
    ThreatInsightUpdateRequestExample:
      summary: ThreatInsight update request
      value:
        action: audit
        excludeZones:
        - nzo1q7jEOsoCnoKcj0g4
        - nzouagptWUz5DlLfM0g3
    ThreatInsightUpdateResponseExample:
      summary: ThreatInsight update response
      value:
        action: audit
        excludeZones:
        - nzo1q7jEOsoCnoKcj0g4
        - nzouagptWUz5DlLfM0g3
        created: 2020-08-05T22:18:30.629Z
        lastUpdated: 2020-10-13T21:23:10.178Z
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/threats/configuration"
            hints:
              allow:
              - GET
              - POST
    TokenHookErrorExample:
      summary: Error response
      value:
        error:
          errorSummary: Human-readable summary of the error
    TokenHookModifyLifetime:
      summary: Modify token lifetime
      value:
        commands:
        - type: com.okta.identity.patch
          value:
          - op: replace
            path: /token/lifetime/expiration
            value: 36000
        - type: com.okta.access.patch
          value:
          - op: replace
            path: /token/lifetime/expiration
            value: 36000
    TokenHookRemoveClaim:
      summary: Remove claim
      value:
        commands:
        - type: com.okta.identity.patch
          value:
          - op: remove
            path: /claims/birthdate
            value: null
        - type: com.okta.access.patch
          value:
          - op: remove
            path: /claims/external_guid
    TokenHookRemoveFromArray:
      summary: Remove from array
      value:
        commands:
        - type: com.okta.identity.patch
          value:
          - op: remove
            path: /claims/preferred_airports/1
    TokenHookRemoveFromObject:
      summary: Remove from JSON object
      value:
        commands:
        - type: com.okta.identity.patch
          value:
          - op: remove
            path: /claims/employee_profile/email
    TokenHookReplaceExisting:
      summary: Replace an existing claim
      value:
        commands:
        - type: com.okta.identity.patch
          value:
          - op: replace
            path: /claims/extPatientId
            value: "1234"
          - op: replace
            path: /claims/external_guid
            value: F0384685-F87D-474B-848D-2058AC5655A7
    TokenHookReplaceInPath:
      summary: Replace within JSON object
      value:
        commands:
        - type: com.okta.identity.patch
          value:
          - op: replace
            path: /claims/employee_profile/email
            value: [email protected]
    TokenHookResponse:
      summary: Add a claim
      value:
        commands:
        - type: com.okta.assertion.patch
          value:
          - op: add
            path: /claims/extPatientId
            value: "1234"
        - type: com.okta.assertion.patch
          value:
          - op: add
            path: /claims/external_guid
            value: F0384685-F87D-474B-848D-2058AC5655A7
    TokenHookResponseAppendArray:
      summary: Append to array
      value:
        commands:
        - type: com.okta.identity.patch
          value:
          - op: add
            path: /claims/preferred_airports/3
            value: lax
    TokenHookResponseWithURIFormat:
      summary: Add new members to existing JSON objects
      value:
        commands:
        - type: com.okta.identity.patch
          value:
          - op: add
            path: /claims/employee_profile/department_id
            value: "4947"
    TokenPayLoadExample:
      description: An example token inline hook request body
      summary: Example token inline hook request body
      value:
        source: "https://{yourOktaDomain}/oauth2/default/v1/authorize"
        eventId: 3OWo4oo-QQ-rBWfRyTmQYw
        eventTime: 2019-01-15T23:20:47.000Z
        eventTypeVersion: "1.0"
        cloudEventVersion: "0.1"
        contentType: application/json
        eventType: com.okta.oauth2.tokens.transform
        data: null
        context:
          request:
            id: reqv66CbCaCStGEFc8AdfS0ng
            method: GET
            url:
              value: "https://{yourOktaDomain}/oauth2/default/v1/authorize?scope=openid+profile+email&response_type=token+id_token&redirect_uri=https%3A%2F%2Fhttpbin.org%2Fget&state=foobareere&nonce=asf&client_id=customClientIdNative"
            ipAddress: 127.0.0.1
          protocol:
            type: OAUTH2.0
            request:
              scope: openid profile email
              state: foobareere
              redirect_uri: https://httpbin.org/get
              response_mode: fragment
              response_type: token id_token
              client_id: customClientIdNative
            issuer:
              uri: "https://{yourOktaDomain}/oauth2/default"
            client:
              id: customClientIdNative
              name: Native client
              type: PUBLIC
          session:
            id: 102Qoe7t5PcRnSxr8j3I8I6pA
            userId: 00uq8tMo3zV0OfJON0g3
            login: [email protected]
            createdAt: 2019-01-15T23:17:09.000Z
            expiresAt: 2019-01-16T01:20:46.000Z
            status: ACTIVE
            lastPasswordVerification: 2019-01-15T23:17:09.000Z
            amr:
            - PASSWORD
            idp:
              id: 00oq6kcVwvrDY2YsS0g3
              type: OKTA
            mfaActive: false
          user:
            id: 00uq8tMo3zV0OfJON0g3
            passwordChanged: 2018-09-11T23:19:12.000Z
            profile:
              login: [email protected]
              firstName: Add-Min
              lastName: O'Cloudy Tud
              locale: en
              timeZone: America/Los_Angeles
            _links:
              groups:
                href: "https://{yourOktaDomain}/00uq8tMo3zV0OfJON0g3/groups"
              factors:
                href: "https://{yourOktaDomain}/api/v1/users/00uq8tMo3zV0OfJON0g3/factors"
          policy:
            id: 00pq8lGaLlI8APuqY0g3
            rule:
              id: 0prq8mLKuKAmavOvq0g3
        identity:
          claims:
            sub: 00uq8tMo3zV0OfJON0g3
            name: Add-Min O'Cloudy Tud
            email: [email protected]
            ver: 1
            iss: "https://{yourOktaDomain}/oauth2/default"
            aud: customClientIdNative
            jti: ID.YxF2whJfB3Eu4ktG_7aClqtCgjDq6ab_hgpiV7-ZZn0
            amr:
            - pwd
            idp: 00oq6kcVwvrDY2YsS0g3
            nonce: asf
            preferred_username: [email protected]
            auth_time: 1547594229
          token:
            lifetime:
              expiration: 3600
        access:
          claims:
            ver: 1
            jti: AT.W-rrB-z-kkZQmHW0e6VS3Or--QfEN_YvoWJa46A7HAA
            iss: "https://{yourOktaDomain}/oauth2/default"
            aud: api://default
            cid: customClientIdNative
            uid: 00uq8tMo3zV0OfJON0g3
            sub: [email protected]
            firstName: Add-Min
            preferred_username: [email protected]
          token:
            lifetime:
              expiration: 3600
          scopes:
            openid:
              id: scpq7bW1cp6dcvrz80g3
              action: GRANT
            profile:
              id: scpq7cWJ81CIP5Qkr0g3
              action: GRANT
            email:
              id: scpq7dxsoz6LQlRj00g3
              action: GRANT
        refresh_token:
          jti: oarob4a0tckCkGcyo1d6
    TriggerSessionResponse:
      value:
      - id: aps1qqonvr2SZv6o70h8
        identitySourceId: 0oa3l6l6WK6h0R0QW0g4
        status: TRIGGERED
        importType: INCREMENTAL
        created: 2022-04-04T15:56:05.000Z
        lastUpdated: 2022-05-05T18:15:44.000Z
    TrustedOriginBody:
      summary: Trusted origin request body
      value:
        name: New Trusted Origin
        origin: http://example.com
        scopes:
        - type: CORS
        - type: REDIRECT
    TrustedOriginBodyWithIframeEmbedding:
      description: "Creates a new Trusted Origin for iFrame embedding of an Okta resource\
        \ within that origin. In this example, the type \nof Okta resource is both\
        \ the Okta End-User Dashboard and the Okta sign-in page.\n"
      summary: Trusted origin request body with iFrame embedding (Okta End-User Dashboard
        and Okta sign-in page)
      value:
        name: New Trusted Origin
        origin: http://example.com
        scopes:
        - type: IFRAME_EMBED
          allowedOktaApps:
          - OKTA_ENDUSER
    TrustedOriginBodyWithIframeEmbeddingSignIn:
      description: "Creates a new Trusted Origin for iFrame embedding of an Okta resource\
        \ within that origin. In this example, the Okta \nresource is the Okta sign-in\
        \ page.\n"
      summary: Trusted origin request body with iFrame embedding (Okta sign-in page)
      value:
        name: New Trusted Origin
        origin: http://example.com
        scopes:
        - type: IFRAME_EMBED
          allowedOktaApps: []
    TrustedOriginInactiveResponse:
      summary: Trusted origin response
      value:
        id: tos10hu7rkbtrFt1M0g4
        name: New Trusted Origin
        origin: http://example.com
        status: INACTIVE
        scopes:
        - type: CORS
        - type: REDIRECT
        created: 2018-01-13T01:11:44.000Z
        createdBy: 00ut5t92p6IEOi4bu0g3
        lastedUpdated: 2018-01-13T01:11:44.000Z
        lastedUpdatedBy: 00ut5t92p6IEOi4bu0g3
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4/lifecycle/activate"
            hints:
              allow:
              - POST
          self:
            href: "https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    TrustedOriginPut:
      value:
        id: tosue7JvguwJ7U6kz0g3
        name: Updated Example Trusted Origin
        origin: http://updated.example.com
        scopes:
        - type: CORS
        - type: REDIRECT
        status: ACTIVE
        created: 2017-12-16T05:01:12.000Z
        createdBy: 00ut5t92p6IEOi4bu0g3
        lastUpdated: 2017-12-16T05:01:12.000Z
        lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
        _links:
          self:
            href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate"
            hints:
              allow:
              - POST
    TrustedOriginPutBody:
      summary: Trusted origin request body
      value:
        value:
          id: tosue7JvguwJ7U6kz0g3
          name: Updated Example Trusted Origin
          origin: http://updated.example.com
          scopes:
          - type: CORS
          - type: REDIRECT
          status: ACTIVE
          created: 2017-12-16T05:01:12.000Z
          createdBy: 00ut5t92p6IEOi4bu0g3
          lastUpdated: 2017-12-16T05:01:12.000Z
          lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
          _links:
            self:
              href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3"
              hints:
                allow:
                - GET
                - PUT
                - DELETE
            deactivate:
              href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate"
              hints:
                allow:
                - POST
    TrustedOriginPutBodyWithIframeEmbedding:
      summary: Trusted origin request body with iFrame embedding
      value:
        value:
          id: tosue7JvguwJ7U6kz0g3
          name: Updated Example Trusted Origin
          origin: http://updated.example.com
          scopes:
          - type: IFRAME_EMBED
            allowedOktaApps:
            - OKTA_ENDUSER
          status: ACTIVE
          created: 2017-12-16T05:01:12.000Z
          createdBy: 00ut5t92p6IEOi4bu0g3
          lastUpdated: 2017-12-16T05:01:12.000Z
          lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
          _links:
            self:
              href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3"
              hints:
                allow:
                - GET
                - PUT
                - DELETE
            deactivate:
              href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate"
              hints:
                allow:
                - POST
    TrustedOriginPutResponse:
      summary: Trusted origin response body
      value:
        value:
          id: tosue7JvguwJ7U6kz0g3
          name: Updated Example Trusted Origin
          origin: http://updated.example.com
          scopes:
          - type: CORS
          - type: REDIRECT
          status: ACTIVE
          created: 2017-12-16T05:01:12.000Z
          createdBy: 00ut5t92p6IEOi4bu0g3
          lastUpdated: 2017-12-16T05:01:12.000Z
          lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
          _links:
            self:
              href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3"
              hints:
                allow:
                - GET
                - PUT
                - DELETE
            deactivate:
              href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate"
              hints:
                allow:
                - POST
    TrustedOriginPutResponseWithIframeEmbedding:
      summary: Trusted origin response body with iFrame embedding
      value:
        value:
          id: tosue7JvguwJ7U6kz0g3
          name: Updated Example Trusted Origin
          origin: http://updated.example.com
          scopes:
          - type: IFRAME_EMBED
            allowedOktaApps:
            - OKTA_ENDUSER
          status: ACTIVE
          created: 2017-12-16T05:01:12.000Z
          createdBy: 00ut5t92p6IEOi4bu0g3
          lastUpdated: 2017-12-16T05:01:12.000Z
          lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
          _links:
            self:
              href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3"
              hints:
                allow:
                - GET
                - PUT
                - DELETE
            deactivate:
              href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate"
              hints:
                allow:
                - POST
    TrustedOriginPutWithIframeEmbedding:
      value:
        id: tosue7JvguwJ7U6kz0g3
        name: Updated Example Trusted Origin
        origin: http://updated.example.com
        scopes:
        - type: IFRAME_EMBED
          allowedOktaApps:
          - OKTA_ENDUSER
        status: ACTIVE
        created: 2017-12-16T05:01:12.000Z
        createdBy: 00ut5t92p6IEOi4bu0g3
        lastUpdated: 2017-12-16T05:01:12.000Z
        lastUpdatedBy: 00ut5t92p6IEOi4bu0g3
        _links:
          self:
            href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://${yourOktaDomain}/api/v1/trustedOrigins/tosue7JvguwJ7U6kz0g3/lifecycle/deactivate"
            hints:
              allow:
              - POST
    TrustedOriginResponse:
      summary: Trusted origin response
      value:
        id: tos10hu7rkbtrFt1M0g4
        name: New Trusted Origin
        origin: http://example.com
        status: ACTIVE
        scopes:
        - type: CORS
        - type: REDIRECT
        created: 2018-01-13T01:11:44.000Z
        createdBy: 00ut5t92p6IEOi4bu0g3
        lastedUpdated: 2018-01-13T01:11:44.000Z
        lastedUpdatedBy: 00ut5t92p6IEOi4bu0g3
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    TrustedOriginResponseWithIframeEmbedding:
      summary: Trusted origin response with iFrame embedding (End-User Dashboard and
        Okta sign-in page)
      value:
        id: tos10hu7rkbtrFt1M0g4
        name: New Trusted Origin
        origin: http://example.com
        status: ACTIVE
        scopes:
        - type: IFRAME_EMBED
          allowedOktaApps:
          - OKTA_ENDUSER
        created: 2018-01-13T01:11:44.000Z
        createdBy: 00ut5t92p6IEOi4bu0g3
        lastedUpdated: 2018-01-13T01:11:44.000Z
        lastedUpdatedBy: 00ut5t92p6IEOi4bu0g3
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    TrustedOriginResponseWithIframeEmbeddingSignIn:
      summary: Trusted origin response with iFrame embedding (Okta sign-in page)
      value:
        id: tos10hu7rkbtrFt1M0g4
        name: New Trusted Origin
        origin: http://example.com
        status: ACTIVE
        scopes:
        - type: IFRAME_EMBED
          allowedOktaApps: []
        created: 2018-01-13T01:11:44.000Z
        createdBy: 00ut5t92p6IEOi4bu0g3
        lastedUpdated: 2018-01-13T01:11:44.000Z
        lastedUpdatedBy: 00ut5t92p6IEOi4bu0g3
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    TrustedOriginsResponse:
      summary: Trusted origins response
      value:
      - id: tos10hu7rkbtrFt1M0g4
        name: New Trusted Origin
        origin: http://example.com
        status: ACTIVE
        scopes:
        - type: CORS
        - type: REDIRECT
        created: 2018-01-13T01:11:44.000Z
        createdBy: 00ut5t92p6IEOi4bu0g3
        lastedUpdated: 2018-01-13T01:11:44.000Z
        lastedUpdatedBy: 00ut5t92p6IEOi4bu0g3
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/trustedOrigins/tos10hu7rkbtrFt1M0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    UpdateAppFeatureRequestEx:
      summary: Update USER_PROVISIONING request
      value:
        create:
          lifecycleCreate:
            status: ENABLED
        update:
          lifecycleDeactivate:
            status: ENABLED
          profile:
            status: ENABLED
          password:
            status: ENABLED
            seed: RANDOM
            change: CHANGE
    UpdateAppFeatureResponseEx:
      summary: Update USER_PROVISIONING response
      value:
        name: USER_PROVISIONING
        status: ENABLED
        description: User provisioning settings from Okta to a downstream application
        capabilities:
          create:
            lifecycleCreate:
              status: ENABLED
          update:
            lifecycleDeactivate:
              status: ENABLED
            profile:
              status: ENABLED
            password:
              status: ENABLED
              seed: RANDOM
              change: CHANGE
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/${appId}/features/USER_PROVISIONING"
            hints:
              allow:
              - GET
              - PUT
    UpdateAuthorizationServerPolicyRequest:
      summary: Update Authorization Server Policy
      value:
        id: 00p5m9xrrBffPd9ah0g4
        type: OAUTH_AUTHORIZATION_POLICY
        status: ACTIVE
        name: Default Policy
        description: Default policy description
        priority: 1
        system: false
        conditions:
          clients":
            include":
            - ALL_CLIENTS
    UpdateAuthorizationServerPolicyRuleRequest:
      summary: Update Authorization Server Policy Rule
      value:
        type: RESOURCE_ACCESS
        name: Default Policy Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            groups:
              include:
              - EVERYONE
          grantTypes:
            include:
            - implicit
            - client_credentials
            - authorization_code
            - password
          scopes:
            include:
            - '*'
        actions:
          token:
            accessTokenLifetimeMinutes: 60
            refreshTokenLifetimeMinutes: 0
            refreshTokenWindowMinutes: 10080
            inlineHook:
              id: cal4egvp1mbMldrYN0g7
    UpdateBrandRequest:
      value:
        customPrivacyPolicyUrl: https://www.someHost.com/privacy-policy
        agreeToCustomPrivacyPolicy: true
        removePoweredByOkta: true
        name: New Name For Brand
        emailDomainId: OeD114iNkrcN6aR680g4
        locale: en
        defaultApp:
          appInstanceId: 0oa114iNkrcN6aR680g4
          appLinkName: null
          classicApplicationUri: null
    UpdateBrandResponse:
      value:
        id: bnd114iNkrcN6aR680g4
        removePoweredByOkta: true
        agreeToCustomPrivacyPolicy: true
        name: New Name For Brand
        isDefault: true
        customPrivacyPolicyUrl: https://www.someHost.com/privacy-policy
        emailDomainId: OeD114iNkrcN6aR680g4
        defaultApp:
          appInstanceId: 0oa114iNkrcN6aR680g4
          appLinkName: null
          classicApplicationUri: null
        locale: en
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          themes:
            href: "https://{yourOktaDomain}/api/v1/brands/bnd114iNkrcN6aR680g4/themes"
            hints:
              allow:
              - GET
          emailDomain:
            href: "https://{yourOktaDomain}/api/v1/email-domains/OeD114iNkrcN6aR680g4"
            hints:
              allow:
              - GET
              - PUT
    UpdateEmailDomainRequest:
      value:
        displayName: IT Admin
        userName: noreply
    UpdateFeatureLifecycleResponse:
      summary: Update the feature lifecycle status
      value:
        description: Example feature description
        id: ftrZooGoT8b41iWRiQs7
        name: Example feature name
        stage:
          state: OPEN
          value: BETA
        status: DISABLED
        type: self-service
        _links:
          self:
            hints:
              allow:
              - POST
            href: "https://{yourOktaDomain}/api/v1/features/ftrZooGoT8b41iWRiQs7"
          dependents:
            href: "https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependents"
          dependencies:
            href: "https://{yourOktaDomain}/api/v1/features/ftrlBDFcGwYP2epXCGYn/dependencies"
    UpdateInboundProvisioningFeatureRequestEx:
      summary: Update INBOUND_PROVISIONING request
      value:
        capabilities:
          importSettings:
            username:
              userNameFormat: EMAIL
            schedule:
              status: ENABLED
              fullImport:
                expression: 0 0 * * 0
                timezone: America/New_York
              incrementalImport:
                expression: 0 */3 * * *
                timezone: America/New_York
          importRules:
            userCreateAndMatch:
              exactMatchCriteria: EMAIL
              allowPartialMatch: false
              autoConfirmPartialMatch: false
              autoConfirmExactMatch: false
              autoConfirmNewUsers: false
              autoActivateNewUsers: false
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
    UpdateInboundProvisioningFeatureResponseEx:
      summary: Update INBOUND_PROVISIONING response
      value:
        name: INBOUND_PROVISIONING
        status: ENABLED
        description: In-bound provisioning settings from an application to Okta
        capabilities:
          importSettings:
            username:
              userNameFormat: EMAIL
            schedule:
              status: ENABLED
              fullImport:
                expression: 0 0 * * 0
                timezone: America/New_York
              incrementalImport:
                expression: 0 */3 * * *
                timezone: America/New_York
          importRules:
            userCreateAndMatch:
              exactMatchCriteria: EMAIL
              allowPartialMatch: false
              autoConfirmPartialMatch: false
              autoConfirmExactMatch: false
              autoConfirmNewUsers: false
              autoActivateNewUsers: false
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/apps/${appId}/features/INBOUND_PROVISIONING"
            hints:
              allow:
              - GET
              - PUT
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
    UpdateMappingBody:
      summary: Update an existing profile mapping by updating one or more properties
      value:
        properties:
          nickName:
            expression: user.honorificPrefix + user.displayName
            pushStatus: DONT_PUSH
    UpdateMappingResponse:
      summary: Update an existing profile mapping by updating one or more properties
      value:
        id: prm1k47ghydIQOTBW0g4
        source:
          id: otysbePhQ3yqt4cVv0g3
          name: user
          type: user
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/meta/types/user/otysbePhQ3yqt4cVv0g3"
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscsbePhQ3yqt4cVv0g3"
        target:
          id: 0oa1qmn4LZQQEH0wZ0g4
          name: okta_org2org
          type: appuser
          _links:
            self:
              href: "https://{yourOktaDomain}/api/v1/apps/0oa1qmn4LZQQEH0wZ0g4"
            schema:
              href: "https://{yourOktaDomain}/api/v1/meta/schemas/apps/0oa1qmn4LZQQEH0wZ0g4/default"
        properties:
          fullName:
            expression: user.firstName + user.lastName
            pushStatus: PUSH
          nickName:
            expression: user.honorificPrefix + user.displayName
            pushStatus: DONT_PUSH
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/mappings/prm1k48weFSOnEUnw0g4"
    UpdateOAuth2ScopeRequest:
      summary: Example scope
      value:
        description: Order car
        name: car:order
        metadataPublish: ALL_CLIENTS
    UpdateOrgSettingEx:
      summary: Org setting request
      value:
        address1: 100 1st St
        address2: 6th floor
        city: San Fransico
        companyName: okta
        country: United States
        endUserSupportHelpURL: support.okta.com
        phoneNumber: "+18887227871"
        postalCode: "94105"
        state: California
        supportPhoneNumber: "+18887227871"
        website: www.okta.com
    UpdateRecQuestionRequest:
      value:
        password:
          value: tlpWENT2m
        recovery_question:
          question: How many roads must a man walk down?
          answer: forty two
    UpdateRecQuestionResponse:
      value:
        password: {}
        recovery_question:
          question: How many roads must a man walk down?
        provider:
          type: OKTA
          name: OKTA
    UpdateSMSTemplateRequest:
      value:
        translations:
          de: "${org.name}: ihre bestätigungscode ist ${code}."
    UpdateSMSTemplateResponse:
      value:
        id: 6NQUJ5yR3bpgEiYmq8IC
        name: Custom
        type: SMS_VERIFY_CODE
        template: "${org.name}: your verification code is ${code}"
        translations:
          es: "${org.name}: el código de verificación es ${code}"
          fr: "${org.name}: votre code de vérification est ${code}"
          it: "${org.name}: il codice di verifica è ${code}"
          de: "${org.name}: ihre bestätigungscode ist ${code}."
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
    UpdateThemeRequest:
      value:
        primaryColorHex: '#1662dd'
        primaryColorContrastHex: '#000000'
        secondaryColorHex: '#ebebed'
        secondaryColorContrastHex: '#000000'
        signInPageTouchPointVariant: OKTA_DEFAULT
        endUserDashboardTouchPointVariant: OKTA_DEFAULT
        errorPageTouchPointVariant: OKTA_DEFAULT
        emailTemplateTouchPointVariant: OKTA_DEFAULT
        loadingPageTouchPointVariant: OKTA_DEFAULT
    UpdateThemeResponse:
      value:
        id: thdul904tTZ6kWVhP0g3
        logo: "https://{yourOktaDomain}/assets/img/logos/okta-logo.47066819ac7db5c13f4c431b2687cef6.png"
        favicon: "https://{yourOktaDomain}/favicon.ico"
        backgroundImage: null
        primaryColorHex: '#1662dd'
        primaryColorContrastHex: '#000000'
        secondaryColorHex: '#ebebed'
        secondaryColorContrastHex: '#000000'
        signInPageTouchPointVariant: OKTA_DEFAULT
        endUserDashboardTouchPointVariant: OKTA_DEFAULT
        errorPageTouchPointVariant: OKTA_DEFAULT
        emailTemplateTouchPointVariant: OKTA_DEFAULT
        loadingPageTouchPointVariant: OKTA_DEFAULT
    UpdateUserTypePostRequest:
      summary: Update user type request
      value:
        displayName: Updated Display Name
    UpdateUserTypePostResponse:
      summary: Update user type response
      value:
        id: otyfnly5cQjJT9PnR0g4
        displayName: Updated Display Name
        name: newUserType
        description: A new custom user type
        createdBy: sprz9fj1ycBcsgopy1d6
        lastUpdatedBy: sprz9fj1ycBcsgopy1d6
        created: 2021-07-05T20:40:38.000Z
        lastUpdated: 2021-07-05T20:40:38.000Z
        default: false
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
          schema:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscz9fj2jMiRBC1ZT1d6"
    UpdatedEmailDomainResponse:
      value:
        id: OeD114iNkrcN6aR680g4
        validationStatus: NOT_STARTED
        displayName: IT Admin
        userName: noreply
        domain: example.com
        validationSubdomain: mail
        dnsValidationRecords:
        - recordType: TXT
          fqdn: _oktaverification.example.com
          verificationValue: 759080212bda43e3bc825a7d73b4bb64
        - recordType: CNAME
          fqdn: mail.example.com
          verificationValue: u22224444.wl024.sendgrid.net
        - recordType: CNAME
          fqdn: t02._domainkey.example.com
          verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
        - recordType: CNAME
          fqdn: t022._domainkey.example.com
          verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
    UpdatedOAuth2ScopeResponse:
      summary: Updated scope
      value:
        id: scp5yu8kLOnDzo7lh0g4
        name: car:order
        description: Order car
        system: false
        default: false
        displayName: Saml Jackson
        consent: REQUIRED
        optional: false
        metadataPublish: ALL_CLIENTS
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/authorizationServers/{authorizationServerId}/scopes/scp5yu8kLOnDzo7lh0g4"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    UploadYubikeyTokenSeedRequest:
      summary: Yubikey OTP Seed
      value:
        serialNumber: "7886622"
        publicId: ccccccijgibu
        privateId: b74be6169486
        aesKey: 1fcc6d8ce39bf1604e0b17f3e0a11067
    UploadYubikeyTokenSeedResponse:
      value:
        id: ykkut4G6ti62DD8Dy0g3
        created: 2020-01-10T23:04:10.000Z
        lastVerified: 2020-01-10T23:04:10.000Z
        lastUpdated: 2020-01-10T23:04:10.000Z
        status: UNASSIGNED
        profile:
          serial: "000007886622"
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/org/factors/yubikey_token/tokens/ykkut4G6ti62DD8Dy0g3"
            hints:
              allow:
              - GET
              - DELETE
    UserFactorChallengeCallResponse:
      summary: call challenge
      value:
        factorResult: CHALLENGE
        profile:
          phoneNumber: "+12532236986"
          phoneExtension: "1234"
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/clff17zuKEUMYQAQGCOV/verify"
            hints:
              allow:
              - POST
          factor:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/clff17zuKEUMYQAQGCOV"
            hints:
              allow:
              - GET
              - DELETE
    UserFactorChallengeEmailResponse:
      summary: email challenge
      value:
        factorResult: CHALLENGE
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/emfnf3gSScB8xXoXK0g3/verify"
            hints:
              allow:
              - POST
          factor:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/emfnf3gSScB8xXoXK0g3"
            hints:
              allow:
              - GET
              - DELETE
    UserFactorChallengePushResponse:
      summary: push challenge
      value:
        expiresAt: 2015-04-01T15:57:32.000Z
        factorResult: WAITING
        _links:
          poll:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfh52xcuft3J4uZc0g3/transactions/mst1eiHghhPxf0yhp0g"
            hints:
              allow:
              - GET
          cancel:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfh52xcuft3J4uZc0g3/transactions/mst1eiHghhPxf0yhp0g"
            hints:
              allow:
              - DELETE
    UserFactorChallengeSmsResponse:
      summary: sms challenge
      value:
        factorResult: CHALLENGE
        profile:
          phoneNumber: "+12532236986"
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/smsszf1YNUtGWTx4j0g3/verify"
            hints:
              allow:
              - POST
          factor:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/smsszf1YNUtGWTx4j0g3"
            hints:
              allow:
              - GET
              - DELETE
    UserFactorChallengeU2fResponse:
      summary: u2f challenge
      value:
        factorResult: CHALLENGE
        profile:
          credentialId: GAiiLsVab2m3-zL1Fi3bVtNrM9G6_MntUITHKjxkV24ktGKjLSCRnz72wCEdHCe18IvC69Aia0sE4UpsO0HpFQ
          version: U2F_V2
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fuf2rovRxogXJ0nDy0g4/verify"
            hints:
              allow:
              - POST
          factor:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fuf2rovRxogXJ0nDy0g4"
            hints:
              allow:
              - GET
              - DELETE
        _embedded:
          challenge:
            nonce: vQFwTt6zKzMV7HFPzjS2
            timeoutSeconds: 20
    UserFactorChallengeWebauthnResponse:
      summary: webAuthn challenge
      value:
        factorResult: CHALLENGE
        profile:
          credentialId: l3Br0n-7H3g047NqESqJynFtIgf3Ix9OfaRoNwLoloso99Xl2zS_O7EXUkmPeAIzTVtEL4dYjicJWBz7NpqhGA
          authenticatorName: MacBook Touch ID
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fwf2rovRxogXJ0nDy0g4/verify"
            hints:
              allow:
              - POST
          factor:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/fwf2rovRxogXJ0nDy0g4"
            hints:
              allow:
              - GET
              - DELETE
        _embedded:
          challenge:
            challenge: vQFwTt6zKzMV7HFPzjS2
            extensions: {}
    UserFactorVerifyCallSuccessResponse:
      summary: call verify
      value:
        factorResult: SUCCESS
    UserFactorVerifyEmailSuccessResponse:
      summary: email verify
      value:
        factorResult: SUCCESS
    UserFactorVerifyPushRejectedResponse:
      summary: push verification rejected
      value:
        factorResult: REJECTED
        profile:
          credentialId: [email protected]
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfh52xcuft3J4uZc0g3/verify"
            hints:
              allow:
              - POST
          factor:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfh52xcuft3J4uZc0g3"
            hints:
              allow:
              - GET
              - DELETE
    UserFactorVerifyPushTransactionApproved:
      summary: SUCCESS
      value:
        factorResult: SUCCESS
    UserFactorVerifyPushTransactionRejected:
      summary: REJECTED
      value:
        factorResult: REJECTED
        profile:
          credentialId: [email protected]
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfh52xcuft3J4uZc0g3/verify"
            hints:
              allow:
              - POST
          factor:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfh52xcuft3J4uZc0g3"
            hints:
              allow:
              - GET
              - DELETE
    UserFactorVerifyPushTransactionTimeout:
      summary: TIMEOUT
      value:
        factorResult: TIMEOUT
        profile:
          credentialId: [email protected]
        _links:
          verify:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfh52xcuft3J4uZc0g3/verify"
            hints:
              allow:
              - POST
          factor:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfh52xcuft3J4uZc0g3"
            hints:
              allow:
              - GET
              - DELETE
    UserFactorVerifyPushTransactionWaiting:
      summary: WAITING
      value:
        expiresAt: 2015-04-01T15:57:32.000Z
        factorResult: WAITING
        profile:
          credentialId: [email protected]
        _links:
          poll:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfh52xcuft3J4uZc0g3/transactions/v2mst.GldKV5VxTrifyeZmWSQguA"
            hints:
              allow:
              - GET
          cancel:
            href: "https://{yourOktaDomain}/api/v1/users/00u15s1KDETTQMQYABRL/factors/opfh52xcuft3J4uZc0g3/transactions/v2mst.GldKV5VxTrifyeZmWSQguA"
            hints:
              allow:
              - DELETE
    UserFactorVerifySecurityQuestionRequest:
      summary: security question verify
      value:
        answer: mayonnaise
    UserFactorVerifySuccessSmsResponse:
      summary: sms verify
      value:
        factorResult: SUCCESS
    UserFactorVerifySuccessSqResponse:
      summary: security question verify
      value:
        factorResult: SUCCESS
    UserFactorVerifySuccessTokenResponse:
      summary: token verify
      value:
        factorResult: SUCCESS
    UserFactorVerifySuccessTotpResponse:
      summary: totp verify
      value:
        factorResult: SUCCESS
    UserFactorVerifySuccessYubikeyResponse:
      summary: yubikey verify
      value:
        factorResult: SUCCESS
    UserFactorVerifyU2fRequest:
      summary: u2f verify
      value:
        clientData: eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoiS2NCLXRqUFU0NDY0ZThuVFBudXIiLCJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDozMDAwIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9
        signatureData: AQAAACYwRgIhAKPktdpH0T5mlPSm_9uGW5w-VaUy-LhI9tIacexpgItkAiEAncRVZURVPOq7zDwIw-OM5LtSkdAxOkfv0ZDVUx3UFHc
    UserFactorVerifyU2fResponse:
      summary: u2f verify response
      value:
        factorResult: SUCCESS
        profile:
          credentialId: h1bFwJFU9wnelYkexJuQfoUHZ5lX3CgQMTZk4H3I8kM9Nn6XALiQ-BIab4P5EE0GQrA7VD-kAwgnG950aXkhBw
          version: U2F_V2
    UserFactorVerifyWebauthnRequest:
      summary: WebAuthn verify challenge (posts a signed assertion using the challenge
        `nonce`)
      value:
        clientData: eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoiS2NCLXRqUFU0NDY0ZThuVFBudXIiLCJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDozMDAwIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9
        authenticatorData: SBv04caJ+NLZ0bTeotGq9esMhHJ8YC5z4bMXXPbT95UFXbDsOg==
        signatureData: AQAAACYwRgIhAKPktdpH0T5mlPSm_9uGW5w-VaUy-LhI9tIacexpgItkAiEAncRVZURVPOq7zDwIw-OM5LtSkdAxOkfv0ZDVUx3UFHc
    UserFactorVerifyWebauthnResponse:
      summary: WebAuthn verify
      value:
        factorResult: SUCCESS
        profile:
          credentialId: l3Br0n-7H3g047NqESqJynFtIgf3Ix9OfaRoNwLoloso99Xl2zS_O7EXUkmPeAIzTVtEL4dYjicJWBz7NpqhGA
          authenticatorName: MacBook Touch ID
    UserImportChangeAppUserProfileExample:
      summary: Update an app user's profile response
      value:
        commands:
        - type: com.okta.appUser.profile.update
          value:
            firstName: Stan
    UserImportChangeUserProfileExample:
      summary: Update an Okta user's profile response
      value:
        commands:
        - type: com.okta.user.profile.update
          value:
            firstName: Stan
    UserImportCreateANewUserExample:
      summary: Create a new Okta user profile response
      value:
        commands:
        - type: com.okta.action.update
          value:
            result: CREATE_USER
    UserImportErrorExample:
      summary: Return an error object
      value:
        error:
          errorSummary: Error at third-party service. Please contact your admin.
    UserImportMatchExample:
      summary: Match an existing Okta user response
      value:
        commands:
        - type: com.okta.action.update
          value:
            result: LINK_USER
        - type: com.okta.user.update
          value:
            id: 00garwpuyxHaWOkdV0g3
    UserImportPayloadExample:
      summary: A sample Okta user import request
      value:
        source: cal7eyxOsnb20oWbZ0g4
        eventId: JUGOUiYZTaKPmH6db0nDag
        eventTime: 2019-02-27T20:59:04.000Z
        eventTypeVersion: "1.0"
        cloudEventVersion: "0.1"
        eventType: com.okta.import.transform
        contentType: application/json
        data:
          context:
            conflicts:
            - login
            application:
              name: test_app
              id: 0oa7ey7aLRuBvcYUD0g4
              label: Test App
              status: ACTIVE
            job:
              id: ij17ez2AWtMZRfCZ60g4
              type: import:users
            matches: []
            policy:
            - EMAIL
            - FIRST_AND_LAST_NAME
          action:
            result: CREATE_USER
          appUser:
            profile:
              firstName: Sally2
              lastName: Admin2
              mobilePhone: null
              accountType: PRO
              secondEmail: null
              failProvisioning: null
              failDeprovisioning: null
              externalId: user221
              groups:
              - [email protected]
              - [email protected]
              userName: administrator2
              email: [email protected]
          user:
            profile:
              lastName: Admin2
              zipCode: null
              city: null
              secondEmail: null
              postAddress: null
              login: [email protected]
              firstName: Sally2
              primaryPhone: null
              mobilePhone: null
              streetAddress: null
              countryCode: null
              typeId: null
              state: null
              email: [email protected]
    UserRiskNoneResponse:
      summary: Example User Risk with NONE risk level response
      value:
        riskLevel: NONE
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/{userId}/risk"
            hints:
              allow:
              - GET
              - PUT
          user:
            href: "https://{yourOktaDomain}/api/v1/users/{userId}"
            hints:
              allow:
              - GET
    UserRiskRequest:
      summary: Example upsert the risk for a user request
      value:
        riskLevel: HIGH
    UserRiskResponse:
      summary: Example User Risk response
      value:
        riskLevel: HIGH
        reason: Admin override risk
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/{userId}/risk"
            hints:
              allow:
              - GET
              - PUT
          user:
            href: "https://{yourOktaDomain}/api/v1/users/{userId}"
            hints:
              allow:
              - GET
    UserSchemaAddRequest:
      value:
        definitions:
          custom:
            id: '#custom'
            type: object
            properties:
              twitterUserName:
                title: Twitter username
                description: Twitter Username
                type: string
                required: false
                minLength: 1
                maxLength: 20
                permissions:
                - principal: SELF
                  action: READ_WRITE
            required: []
    UserSchemaResponse:
      value:
        id: "https://{yourOktaDomain}/meta/schemas/user/default"
        $schema: http://json-schema.org/draft-04/schema#
        name: user
        title: Default Okta User
        lastUpdated: 2015-09-05T10:40:45.000Z
        created: 2015-02-02T10:27:36.000Z
        definitions:
          base:
            id: '#base'
            type: object
            properties:
              login:
                title: Username
                type: string
                required: true
                minLength: 5
                maxLength: 100
                permissions:
                - principal: SELF
                  action: READ_WRITE
              firstName:
                title: First name
                type: string
                required: true
                minLength: 1
                maxLength: 50
                permissions:
                - principal: SELF
                  action: READ_WRITE
              lastName:
                title: Last name
                type: string
                required: true
                minLength: 1
                maxLength: 50
                permissions:
                - principal: SELF
                  action: READ_WRITE
              email:
                title: Primary email
                type: string
                required: true
                format: email
                permissions:
                - principal: SELF
                  action: READ_WRITE
            required:
            - login
            - firstName
            - lastName
            - email
          custom:
            id: '#custom'
            type: object
            properties:
              twitterUserName:
                title: Twitter username
                description: User's username for twitter.com
                type: string
                required: false
                minLength: 1
                maxLength: 20
                permissions:
                - principal: SELF
                  action: READ_WRITE
            required: []
        type: object
        properties:
          profile:
            allOf:
            - $ref: '#/definitions/base'
            - $ref: '#/definitions/custom'
    VerifiedEmailDomainResponse:
      value:
        id: OeD114iNkrcN6aR680g4
        validationStatus: VERIFIED
        displayName: IT Admin
        userName: noreply
        domain: example.com
        validationSubdomain: mail
        dnsValidationRecords:
        - recordType: TXT
          fqdn: _oktaverification.example.com
          verificationValue: 759080212bda43e3bc825a7d73b4bb64
        - recordType: CNAME
          fqdn: mail.example.com
          verificationValue: u22224444.wl024.sendgrid.net
        - recordType: CNAME
          fqdn: t02._domainkey.example.com
          verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
        - recordType: CNAME
          fqdn: t022._domainkey.example.com
          verificationValue: t02.domainkey.u22224444.wl024.sendgrid.net
    WSFederationEx:
      summary: WS_FEDERATION
      value:
        name: template_wsfed
        label: Sample WS-Fed App
        signOnMode: WS_FEDERATION
        settings:
          app:
            audienceRestriction: urn:example:app
            groupValueFormat: windowsDomainQualifiedName
            wReplyURL: https://example.com/
            nameIDFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            siteURL: https://example.com
            usernameAttribute: username
    WSFederationPutEx:
      summary: WS_FEDERATION
      value:
        name: template_wsfed
        label: Sample WS-Fed App updated
        signOnMode: WS_FEDERATION
        settings:
          app:
            audienceRestriction: urn:exampleupdated:app
            groupValueFormat: windowsDomainQualifiedName
            wReplyURL: https://example.com/
            nameIDFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            siteURL: https://example.com
            usernameAttribute: username
    WSFederationPutResponseEx:
      summary: WS_FEDERATION
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: template_wsfed
        label: Sample WS-Fed App updated
        features: []
        signOnMode: WS_FEDERATION
        credentials:
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          signing:
            kid: FzJvvXtBHvs_-n70T4C2Rb2d64AyN4fqOme6piHOUKU
        settings:
          app:
            groupFilter: null
            siteURL: https://example.com
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            wReplyOverride: false
            digestAlgorithm: SHA1
            usernameAttribute: username
            signatureAlgorithm: RSA_SHA1
            audienceRestriction: urn:exampleupdated:app
            wReplyURL: https://example.com/
            groupName: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
            attributeStatements: null
            nameIDFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
            realm: urn:okta:app:exkarjfNMKUjTmzTZ0g4
            groupValueFormat: windowsDomainQualifiedName
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    WSFederationResponseEx:
      summary: WS_FEDERATION
      value:
        id: 0oafxqCAJWWGELFTYASJ
        status: ACTIVE
        lastUpdated: 2023-01-21T14:11:24.000Z
        created: 2023-01-21T14:11:24.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
          loginRedirectUrl: null
        _links:
          uploadLogo:
            href: "http://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/logo"
            hints:
              allow:
              - POST
          appLinks:
          - name: customswaapp_link
            href: "http://{yourOktaDomain}/home/{appName}/0oafxqCAJWWGELFTYASJ/aln5vjkW5oUmDGLMX0g4"
            type: text/html
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/groups"
          logo:
          - name: medium
            href: "http://{yourOktaDomain}/assets/img/logos/default.6770228fb0dab49a1695ef440a5279bb.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafxqCAJWWGELFTYASJ/lifecycle/deactivate"
        visibility:
          autoLaunch: false
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        name: template_wsfed
        label: Sample WS-Fed App
        features: []
        signOnMode: WS_FEDERATION
        credentials:
          userNameTemplate:
            template: "${source.email}"
            type: BUILT_IN
          signing:
            kid: FzJvvXtBHvs_-n70T4C2Rb2d64AyN4fqOme6piHOUKU
        settings:
          app:
            groupFilter: null
            siteURL: https://example.com
            authnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
            wReplyOverride: false
            digestAlgorithm: SHA1
            usernameAttribute: username
            signatureAlgorithm: RSA_SHA1
            audienceRestriction: urn:example:app
            wReplyURL: https://example.com/
            groupName: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
            attributeStatements: null
            nameIDFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
            realm: urn:okta:app:exkarjfNMKUjTmzTZ0g4
            groupValueFormat: windowsDomainQualifiedName
          notifications:
            vpn:
              network:
                connection: DISABLED
              message: null
              helpUrl: null
          manualProvisioning: false
          implicitAssignment: false
          notes:
            admin: null
            enduser: null
    WellKnownAppAuthenticatorConfigurationCustomApp:
      value:
      - authenticatorId: aut22f6xzargnJZYE3l7
        orgId: 00o1vhf34q20MfCFC3l7
        type: app
        key: custom_app
        name: EnergyAus Authenticator
        createdDate: 2022-10-11T08:56:45.000Z
        lastUpdated: 2023-09-07T11:31:35.000Z
        settings:
          userVerification: PREFERRED
        supportedMethods:
        - type: push
          status: ACTIVE
          settings:
            algorithms:
            - RS256
            - ES256
            keyProtection: ANY
        appAuthenticatorEnrollEndpoint: "https://{yourOktaDomain}/idp/myaccount/app-authenticators"
    WellKnownOrgMetadataResponseClassic:
      value:
        id: 00o5rb5mt2H3d1TJd0h7
        _links:
          organization:
            href: "https://{{yourOktaDomain}}"
        pipeline: v1
        settings:
          analyticsCollectionEnabled: false
          bugReportingEnabled: true
          omEnabled: true
    WellKnownOrgMetadataResponseCustomUrlOie:
      value:
        id: 00o47wwoytgsDqEtz0g7
        _links:
          organization:
            href: "https://{yourSubdomain}.okta.com"
          alternate:
            href: "https://{yourCustomDomain}"
        pipeline: idx
        settings:
          analyticsCollectionEnabled: false
          bugReportingEnabled: true
          omEnabled: false
    activateOAuth2ClientSecretResponse:
      summary: Activate Secret response example
      value:
        id: ocs2f50kZB0cITmYU0g4
        status: ACTIVE
        client_secret: DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B
        secret_hash: 0WOOvBSzV9clc4Nr7Rbaug
        created: 2023-04-06T21:32:33.000Z
        lastUpdated: 2023-04-06T21:32:33.000Z
        _links:
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    activeAPIServiceIntegrationInstanceSecretResponse:
      summary: Activate Secret response example
      value:
        id: ocs2f50kZB0cITmYU0g4
        status: ACTIVE
        client_secret: '***MQGQ'
        secret_hash: 0WOOvBSzV9clc4Nr7Rbaug
        created: 2023-04-06T21:32:33.000Z
        lastUpdated: 2023-04-06T21:32:33.000Z
        _links:
          deactivate:
            href: "https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    bulkDeletePayload:
      value:
        entityType: USERS
        profiles:
        - externalId: EXT123456784C2IF
        - externalId: EXT123456784C3IF
        - externalId: EXT123456784C4IF
    bulkUpsertPayload:
      value:
        entityType: USERS
        profiles:
        - externalId: EXT123456784C2IF
          profile:
            userName: [email protected]
            firstName: Isaac
            lastName: Brock
            email: [email protected]
            secondEmail: [email protected]
            mobilePhone: 123-456-7890
            homeAddress: "Kirkland, WA"
    cloud-rule:
      description: This global session policy uses a rule to challenge cloud users
      summary: Global session policy - Challenge cloud users
      value:
        type: SIGN_ON
        name: Challenge Cloud Users
        conditions:
          people:
            users:
              include: []
              exclude: []
            groups:
              include: []
              exclude: []
          network:
            connection: ZONE
            include:
            - 00u7yq5goxNFTiMjW1d7
          authContext:
            authType: ANY
        actions:
          signon:
            access: ALLOW
            requireFactor: true
            factorPromptMode: ALWAYS
            rememberDeviceByDefault: false
            session:
              usePersistentCookie: false
              maxSessionIdleMinutes: 720
              maxSessionLifetimeMinutes: 0
    cloud-rule-response:
      description: The response body from the creation of a global session policy
        that uses a rule to challenge cloud users
      summary: Global session policy - Challenge cloud users
      value:
        id: rule8jjozjGMGbHyC1d6
        status: ACTIVE
        type: SIGN_ON
        name: Challenge Cloud Users
        priority: 0
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
        system: false
        conditions:
          people:
            users:
              include: []
              exclude: []
            groups:
              include: []
              exclude: []
          network:
            connection: ZONE
            include:
            - 00u7yq5goxNFTiMjW1d7
          authContext:
            authType: ANY
          risk:
            behaviors: []
          riskScore:
            level: ANY
          identityProvider:
            provider: ANY
        actions:
          signon:
            access: ALLOW
            requireFactor: true
            primaryFactor: PASSWORD_IDP_ANY_FACTOR
            factorPromptMode: ALWAYS
            rememberDeviceByDefault: false
            session:
              usePersistentCookie: false
              maxSessionIdleMinutes: 720
              maxSessionLifetimeMinutes: 0
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    create-auth-policy-rule-condition:
      description: Creates an authentication policy rule with a conditions object.
      summary: Authentication policy - Create rule with conditions
      value:
        system: false
        type: ACCESS_POLICY
        name: Rule with conditions
        conditions:
          userType:
            include: []
            exclude:
            - otyezu4m0xN6w5JEa1d7
          network:
            connection: ZONE
            exclude:
            - 00u7yq5goxNFTiMjW1d7
          riskScore:
            level: ANY
          people:
            users:
              exclude:
              - 00u7yq5goxNFTiMjW1d7
              include: []
            groups:
              include:
              - 00g9i12jictsYdZdi1d7
              exclude: []
          platform:
            include:
            - type: MOBILE
              os:
                type: IOS
            - type: MOBILE
              os:
                type: ANDROID
            - type: DESKTOP
              os:
                type: MACOS
          elCondition:
            condition: security.risk.level == 'HIGH'
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              factorMode: 2FA
              reauthenticateIn: PT2H
              constraints:
              - knowledge:
                  reauthenticateIn: PT2H
                  types:
                  - password
              type: ASSURANCE
    create-auth-policy-rule-condition-response:
      description: The response body from the creation of an authentication policy
        rule with conditions.
      summary: Authentication policy - Policy rule with conditions
      value:
        id: rule8jjozjGMGbHyC1d6
        status: ACTIVE
        name: Rule with conditions
        priority: 0
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
        system: false
        conditions:
          people:
            users:
              exclude:
              - 00u7yq5goxNFTiMjW1d7
            groups:
              include:
              - 00g9i12jictsYdZdi1d7
          network:
            connection: ZONE
            exclude:
            - nzo9o4rctwQCJNE6y1d7
          platform:
            include:
            - type: MOBILE
              os:
                type: IOS
            - type: MOBILE
              os:
                type: ANDROID
            - type: DESKTOP
              os:
                type: MACOS
            exclude: []
          riskScore:
            level: ANY
          userType:
            include: []
            exclude:
            - otyezu4m0xN6w5JEa1d7
          elCondition:
            condition: security.risk.level == 'HIGH'
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              factorMode: 2FA
              type: ASSURANCE
              reauthenticateIn: PT2H
              constraints:
                knowledge:
                  required: true
                  types:
                  - password
                  reauthenticateIn: PT2H
        type: ACCESS_POLICY
        _links:
          self:
            href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    create-group-rule-request-example:
      summary: Create group rule request example
      value:
        type: group_rule
        name: Engineering group rule
        conditions:
          people:
            users:
              exclude:
              - 00u22w79JPMEeeuLr0g4
            groups:
              exclude: []
          expression:
            value: user.role=="Engineer"
            type: urn:okta:expression:1.0
        actions:
          assignUserToGroups:
            groupIds:
            - 00gjitX9HqABSoqTB0g3
    create-user-in-group-request:
      value:
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        groupIds:
        - 00g1emaKYZTWRYYRRTSK
        - 00garwpuyxHaWOkdV0g4
    create-user-in-group-response:
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        status: STAGED
        created: 2013-07-02T21:36:25.344Z
        activated: null
        statusChanged: null
        lastLogin: null
        lastUpdated: 2013-07-02T21:36:25.344Z
        passwordChanged: null
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          provider:
            type: OKTA
            name: OKTA
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/activate"
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
    create-user-with-authentication-provider-request:
      description: Set `activate` parameter to `true`
      value:
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          provider:
            type: FEDERATION
            name: FEDERATION
    create-user-with-authentication-provider-response:
      value:
        id: 00uijntSwJjSHtDY70g3
        status: ACTIVE
        created: 2016-01-19T22:02:08.000Z
        activated: 2016-01-19T22:02:08.000Z
        statusChanged: 2016-01-19T22:02:08.000Z
        lastLogin: null
        lastUpdated: 2016-01-19T22:02:08.000Z
        passwordChanged: null
        profile:
          login: [email protected]
          firstName: Isaac
          lastName: Brock
          mobilePhone: 555-415-1337
          email: [email protected]
          secondEmail: null
        credentials:
          provider:
            type: FEDERATION
            name: FEDERATION
        _links:
          resetPassword:
            href: "https://{yourOktaDomain}/api/v1/users/00uijntSwJjSHtDY70g3/lifecycle/reset_password"
            method: POST
          changeRecoveryQuestion:
            href: "https://{yourOktaDomain}/api/v1/users/00uijntSwJjSHtDY70g3/credentials/change_recovery_question"
            method: POST
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/users/00uijntSwJjSHtDY70g3/lifecycle/deactivate"
            method: POST
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
    create-user-with-imported-hashed-password-request:
      description: Set `activate` parameter to `true`
      value:
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          password:
            hash:
              algorithm: BCRYPT
              workFactor: 10
              salt: rwh3vH166HCH/NT9XV5FYu
              value: qaMqvAPULkbiQzkTCWo5XDcvzpk8Tna
    create-user-with-imported-hashed-password-response:
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        status: ACTIVE
        created: 2013-07-02T21:36:25.344Z
        activated: null
        statusChanged: null
        lastLogin: null
        lastUpdated: 2013-07-02T21:36:25.344Z
        passwordChanged: 2013-07-02T21:36:25.344Z
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          password: {}
          provider:
            type: IMPORT
            name: IMPORT
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/activate"
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
    create-user-with-non-default-user-type-request:
      value:
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        type:
          id: otyfnjfba4ye7pgjB0g4
    create-user-with-non-default-user-type-response:
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        status: STAGED
        created: 2013-07-02T21:36:25.344Z
        activated: null
        statusChanged: null
        lastLogin: null
        lastUpdated: 2013-07-02T21:36:25.344Z
        passwordChanged: null
        type:
          id: otyfnjfba4ye7pgjB0g4
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          provider:
            type: OKTA
            name: OKTA
        _links:
          schema:
            href: "https://{yourOktaDomain}/api/v1/meta/schemas/user/oscfnjfba4ye7pgjB0g4"
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/activate"
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
          type:
            href: "https://{yourOktaDomain}/api/v1/meta/types/user/otyfnjfba4ye7pgjB0g4"
    create-user-with-password-and-recovery-question-request:
      value:
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          password:
            value: tlpWENT2m
          recovery_question:
            question: Who is a major player in the cowboy scene?
            answer: Annie Oakley
    create-user-with-password-and-recovery-question-response:
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        status: STAGED
        created: 2013-07-02T21:36:25.344Z
        activated: null
        statusChanged: null
        lastLogin: null
        lastUpdated: 2013-07-02T21:36:25.344Z
        passwordChanged: 2013-07-02T21:36:25.344Z
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          password: {}
          recovery_question:
            question: Who's a major player in the cowboy scene?
          provider:
            type: OKTA
            name: OKTA
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/activate"
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
    create-user-with-password-import-inline-hook-request:
      description: Set `activate` parameter to `true`
      value:
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          password:
            hook:
              type: default
    create-user-with-password-import-inline-hook-response:
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        status: ACTIVE
        created: 2013-07-02T21:36:25.344Z
        activated: null
        statusChanged: null
        lastLogin: null
        lastUpdated: 2013-07-02T21:36:25.344Z
        passwordChanged: 2013-07-02T21:36:25.344Z
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          password: {}
          provider:
            type: IMPORT
            name: IMPORT
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
    create-user-with-password-request:
      description: Set `activate` parameter to `true`
      value:
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          password:
            value: tlpWENT2m
    create-user-with-password-response:
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        status: ACTIVE
        created: 2013-07-02T21:36:25.344Z
        activated: null
        statusChanged: null
        lastLogin: null
        lastUpdated: 2013-07-02T21:36:25.344Z
        passwordChanged: 2013-07-02T21:36:25.344Z
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          password: {}
          provider:
            type: OKTA
            name: OKTA
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/activate"
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
    create-user-with-recovery-question-request:
      value:
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          recovery_question:
            question: Who is a major player in the cowboy scene?
            answer: Annie Oakley
    create-user-with-recovery-question-response:
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        status: STAGED
        created: 2013-07-02T21:36:25.344Z
        activated: null
        statusChanged: null
        lastLogin: null
        lastUpdated: 2013-07-02T21:36:25.344Z
        passwordChanged: null
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          recovery_question:
            question: Who's a major player in the cowboy scene?
          provider:
            type: OKTA
            name: OKTA
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/activate"
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
    create-user-without-credentials-request:
      value:
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
    create-user-without-credentials-response:
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        status: STAGED
        created: 2013-07-02T21:36:25.344Z
        activated: null
        statusChanged: null
        lastLogin: null
        lastUpdated: 2013-07-02T21:36:25.344Z
        passwordChanged: null
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
        credentials:
          provider:
            type: OKTA
            name: OKTA
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/activate"
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR"
    createOAuth2ClientSecretCustomRequestBody:
      summary: Add a user provided client secret
      value:
        client_secret: DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B
        status: ACTIVE
    createOAuth2ClientSecretSystemGeneratedRequestBody:
      summary: Add a system-generated client secret
      value: {}
    deactivateOAuth2ClientJsonWebKeyResponse:
      summary: Deactivate JSON Web Key example
      value:
        id: pks2f50kZB0cITmYU0g4
        kid: ASHJHGasa782333-Sla3x3POBiIxDreBCdZuFs5B
        kty: RSA
        alg: RS256
        use: sig
        e: AQAB
        "n": AJncrzOrouIUCSMlRL0HU.....Kuine49_CEVR4GPn=
        status: INACTIVE
        created: 2023-04-06T21:32:33.000Z
        lastUpdated: 2023-04-06T21:32:33.000Z
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/jwks/pks2f50kZB0cITmYU0g4/lifecycle/activate"
            hints:
              allow:
              - POST
    deactivateOAuth2ClientSecretResponse:
      summary: Deactivate Secret response example
      value:
        id: ocs2f4zrZbs8nUa7p0g4
        status: INACTIVE
        client_secret: DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B
        secret_hash: yk4SVx4sUWVJVbHt6M-UPA
        created: 2023-02-21T20:08:24.000Z
        lastUpdated: 2023-02-21T20:08:24.000Z
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4/lifecycle/activate"
            hints:
              allow:
              - POST
          delete:
            href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4"
            hints:
              allow:
              - DELETE
    deny-rule:
      description: This global session policy uses a rule to deny users
      summary: Global session policy - Deny users
      value:
        type: SIGN_ON
        name: Deny users
        conditions:
          network:
            connection: ANYWHERE
          authContext:
            authType: ANY
        actions:
          signon:
            access: DENY
            requireFactor: false
    deny-rule-response:
      description: The response body from the creation of a global session policy
        that uses a rule to deny users
      summary: Global session policy - Deny users
      value:
        id: rule8jjozjGMGbHyC1d6
        status: ACTIVE
        type: SIGN_ON
        name: Deny
        priority: 0
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
        system: false
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
          authContext:
            authType: ANY
          risk:
            behaviors: []
          riskScore:
            level: ANY
          identityProvider:
            provider: ANY
        actions:
          signon:
            access: DENY
            requireFactor: false
            primaryFactor: PASSWORD_IDP
            rememberDeviceByDefault: false
            session:
              usePersistentCookie: false
              maxSessionIdleMinutes: 120
              maxSessionLifetimeMinutes: 0
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    editFeatureExample:
      summary: Enable Okta Personal admin settings
      value:
        enableExportApps: true
        enableEnduserEntryPoints: true
    getBlockListExample:
      summary: List of blocked email domains
      value:
        domains:
        - yahoo.com
        - google.com
    group-example:
      description: Example of a Group
      summary: Group example
      value:
        id: 00g1emaKYZTWRYYRRTSK
        created: 2015-02-06T10:11:28.000Z
        lastUpdated: 2015-10-05T19:16:43.000Z
        lastMembershipUpdated: 2015-11-28T19:15:32.000Z
        objectClass:
        - okta:user_group
        type: OKTA_GROUP
        profile:
          name: West Coast Users
          description: All Users West of The Rockies
        _links:
          logo:
          - name: medium
            href: "https://{yourOktaDomain}/img/logos/groups/okta-medium.png"
            type: image/png
          - name: large
            href: "https://{yourOktaDomain}/img/logos/groups/okta-large.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
          apps:
            href: "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"
    group-rule-example:
      description: Example of a group rule
      summary: Group rule example
      value:
        type: group_rule
        id: 0pr3f7zMZZHPgUoWO0g4
        status: INACTIVE
        name: Engineering group rule
        created: 2016-12-01T14:40:04.000Z
        lastUpdated: 2016-12-01T14:40:04.000Z
        conditions:
          people:
            users:
              exclude:
              - 00u22w79JPMEeeuLr0g4
            groups:
              exclude: []
          expression:
            value: user.role=="Engineer"
            type: urn:okta:expression:1.0
        actions:
          assignUserToGroups:
            groupIds:
            - 00gjitX9HqABSoqTB0g3
    idp-discovery-dynamic-routing-rule:
      description: This routing rule uses a dynamic Identity Provider.
      summary: IdP discovery policy - Dynamic routing rule
      value:
        name: Dynamic routing rule
        priority: 1
        status: ACTIVE
        conditions:
          network:
            connection: ANYWHERE
        actions:
          idp:
            providers: []
            idpSelectionType: DYNAMIC
            matchCriteria:
            - providerExpression: login.identifier.substringAfter('@')
              propertyName: name
        system: false
        type: IDP_DISCOVERY
    idp-discovery-dynamic-routing-rule-response:
      summary: IdP discovery policy - Dynamic routing rule
      value:
        id: ruleId
        _links:
          self:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
        name: Dynamic routing rule
        priority: 1
        status: ACTIVE
        conditions:
          network:
            connection: ANYWHERE
        actions:
          idp:
            providers: []
            idpSelectionType: DYNAMIC
            matchCriteria:
            - providerExpression: login.identifier.substringAfter('@')
              propertyName: name
        system: false
        type: IDP_DISCOVERY
    idp-discovery-policy-response:
      summary: IDP_DISCOVERY
      value:
        type: IDP_DISCOVERY
        id: policyId
        status: ACTIVE
        name: Policy name
        description: Policy description
        priority: 1
        system: true
        created: createdDate
        lastUpdated: lastUpdated
        conditions: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}"
            hints:
              allow:
              - GET
              - PUT
          rules:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules"
            hints:
              allow:
              - POST
              - GET
    idp-discovery-specific-routing-rule:
      description: This routing rule uses a specific Identity Provider.
      summary: IdP discovery policy - Specific routing rule
      value:
        name: Specific routing rule
        priority: 1
        status: ACTIVE
        conditions:
          network:
            connection: ANYWHERE
        actions:
          idp:
            providers:
            - type: GOOGLE
              id: 0oa5ks3WmHLRh8Ivr0g4
            idpSelectionType: SPECIFIC
        system: false
        type: IDP_DISCOVERY
    idp-discovery-specific-routing-rule-response:
      summary: IdP discovery policy - Specific routing rule
      value:
        id: ruleId
        _links:
          self:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
        name: Specific routing rule
        priority: 1
        status: ACTIVE
        conditions:
          network:
            connection: ANYWHERE
        actions:
          idp:
            providers:
            - type: GOOGLE
              id: 0oa5ks3WmHLRh8Ivr0g4
            idpSelectionType: SPECIFIC
        system: false
        type: IDP_DISCOVERY
    inactiveAPIServiceIntegrationInstanceSecretResponse:
      summary: Deactivate Secret response example
      value:
        id: ocs2f4zrZbs8nUa7p0g4
        status: INACTIVE
        client_secret: '***DhOW'
        secret_hash: yk4SVx4sUWVJVbHt6M-UPA
        created: 2023-02-21T20:08:24.000Z
        lastUpdated: 2023-02-21T20:08:24.000Z
        _links:
          activate:
            href: "https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4/lifecycle/activate"
            hints:
              allow:
              - POST
          delete:
            href: "https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4"
            hints:
              allow:
              - DELETE
    list-all-policy-rule-response-array:
      description: List all policy rules response (Sign-on policy)
      summary: List all policy rules response (Sign-on policy)
      value:
      - id: 0prh1sd28q5sXGW08697
        status: ACTIVE
        name: Test Sign-on policy
        priority: 0
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
        system: false
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
          risk:
            behaviors: []
          riskScore:
            level: ANY
          identityProvider:
            provider: ANY
        actions:
          signon:
            requireFactor: false
            factorPromptMode: ALWAYS
            factorLifetime: 15
            access: ALLOW
            primaryFactor: PASSWORD_IDP_ANY_FACTOR
            session:
              maxSessionIdleMinutes: 720
              maxSessionLifetimeMinutes: 0
              usePersistentCookie: false
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - POST
        type: SIGN_ON
    list-apps-example:
      description: List all apps example
      summary: List apps example
      value:
      - id: 0oafwvZDWJKVLDCUWUAC
        name: template_basic_auth
        label: Sample Basic Auth App
        status: ACTIVE
        lastUpdated: 2013-09-30T00:56:52.000Z
        created: 2013-09-30T00:56:52.000Z
        accessibility:
          selfService: false
          errorRedirectUrl: null
        visibility:
          autoSubmitToolbar: false
          hide:
            iOS: false
            web: false
          appLinks:
            login: true
        features: []
        signOnMode: BASIC_AUTH
        credentials:
          scheme: EDIT_USERNAME_AND_PASSWORD
          userNameTemplate:
            template: "${source.login}"
            type: BUILT_IN
        settings:
          app:
            url: https://example.com/login.html
            authURL: https://example.com/auth.html
        _links:
          appLinks:
          - href: "https://{yourOktaDomain}/home/template_basic_auth/0oafwvZDWJKVLDCUWUAC/1438"
            name: login
            type: text/html
          users:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafwvZDWJKVLDCUWUAC/users"
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafwvZDWJKVLDCUWUAC/lifecycle/deactivate"
          groups:
            href: "https://{yourOktaDomain}/api/v1/apps/0oafwvZDWJKVLDCUWUAC/groups"
    list-group-rules-example:
      description: List all group rules example
      summary: List Group rules example
      value:
      - type: group_rule
        id: 0pr3f7zMZZHPgUoWO0g4
        status: INACTIVE
        name: Engineering group rule
        created: 2016-12-01T14:40:04.000Z
        lastUpdated: 2016-12-01T14:40:04.000Z
        conditions:
          people:
            users:
              exclude:
              - 00u22w79JPMEeeuLr0g4
            groups:
              exclude: []
          expression:
            value: user.role=="Engineer"
            type: urn:okta:expression:1.0
        actions:
          assignUserToGroups:
            groupIds:
            - 00gjitX9HqABSoqTB0g3
    list-groups-examples:
      description: Lists an example of an OKTA_GROUP and an APP_GROUP
      summary: List all groups example
      value:
      - id: 00g1emaKYZTWRYYRRTSK
        created: 2015-02-06T10:11:28.000Z
        lastUpdated: 2015-10-05T19:16:43.000Z
        lastMembershipUpdated: 2015-11-28T19:15:32.000Z
        objectClass:
        - okta:user_group
        type: OKTA_GROUP
        profile:
          name: West Coast Users
          description: All Users West of The Rockies
        _links:
          logo:
          - name: medium
            href: "https://{yourOktaDomain}/img/logos/groups/okta-medium.png"
            type: image/png
          - name: large
            href: "https://{yourOktaDomain}/img/logos/groups/okta-large.png"
            type: image/png
          users:
            href: "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/users"
          apps:
            href: "https://{yourOktaDomain}/api/v1/groups/00g1emaKYZTWRYYRRTSK/apps"
      - id: 00garwpuyxHaWOkdV0g4
        created: 2015-08-15T19:15:17.000Z
        lastUpdated: 2015-11-18T04:02:19.000Z
        lastMembershipUpdated: 2015-08-15T19:15:17.000Z
        objectClass:
        - okta:windows_security_principal
        type: APP_GROUP
        profile:
          name: Engineering Users
          description: corp.example.com/Engineering/Engineering Users
          groupType: Security
          samAccountName: Engineering Users
          objectSid: S-1-5-21-717838489-685202119-709183397-1177
          groupScope: Global
          dn: "CN=Engineering Users,OU=Engineering,DC=corp,DC=example,DC=com"
          windowsDomainQualifiedName: CORP\Engineering Users
          externalId: OZJdWdONCU6h7WjQKp+LPA==
        source:
          id: 0oa2v0el0gP90aqjJ0g7
        _links:
          logo:
          - name: medium
            href: "https://{yourOktaDomain}/img/logos/groups/active_directory-medium.png"
            type: image/png
          - name: large
            href: "https://{yourOktaDomain}/img/logos/groups/active_directory-large.png"
            type: image/png
          source:
            href: "https://{yourOktaDomain}/api/v1/apps/0oa2v0el0gP90aqjJ0g7"
          users:
            href: "https://{yourOktaDomain}/api/v1/groups/00garwpuyxHaWOkdV0g4/users"
          apps:
            href: "https://{yourOktaDomain}/api/v1/groups/00garwpuyxHaWOkdV0g4/apps"
    list-user-example:
      value:
      - id: 00u1f96ECLNVOKVMUSEA
        status: ACTIVE
        created: 2013-12-12T16:14:22.000Z
        activated: 2013-12-12T16:14:22.000Z
        statusChanged: 2013-12-12T22:14:22.000Z
        lastLogin: 2013-12-12T22:14:22.000Z
        lastUpdated: 2015-11-15T19:23:32.000Z
        passwordChanged: 2013-12-12T22:14:22.000Z
        profile:
          firstName: Easy
          lastName: E
          email: [email protected]
          login: [email protected]
          mobilePhone: null
        credentials:
          password: {}
          provider:
            type: OKTA
            name: OKTA
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u1f96ECLNVOKVMUSEA"
    listStreamConfigurationExample:
      summary: List of SSF Stream configurations example
      value:
      - aud: https://example.com
        delivery:
          method: urn:ietf:rfc:8935
          endpoint_url: https://example.com
        events_delivered:
        - https://schemas.openid.net/secevent/caep/event-type/session-revoked
        - https://schemas.openid.net/secevent/caep/event-type/credential-change
        events_requested:
        - https://schemas.openid.net/secevent/caep/event-type/session-revoked
        - https://schemas.openid.net/secevent/caep/event-type/credential-change
        events_supported:
        - https://schemas.openid.net/secevent/caep/event-type/session-revoked
        - https://schemas.openid.net/secevent/caep/event-type/credential-change
        format: iss_sub
        iss: "https://{yourOktaDomain}"
        min_verification_interval: 0
        stream_id: esc1k235GIIztAuGK0g5
    mfa-enroll-policy-response:
      summary: MFA_ENROLL
      value:
        type: MFA_ENROLL
        id: policyId
        status: ACTIVE
        name: Policy name
        description: Policy description
        priority: 1
        system: true
        created: createdDate
        lastUpdated: lastUpdated
        conditions:
          people:
            groups:
              include:
              - groupId
        settings:
          factors:
            okta_otp:
              enroll:
                self: OPTIONAL
              consent:
                type: NONE
            okta_push:
              enroll:
                self: OPTIONAL
              consent:
                type: NONE
            okta_password:
              enroll:
                self: OPTIONAL
              consent:
                type: NONE
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}"
            hints:
              allow:
              - GET
              - PUT
          rules:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules"
            hints:
              allow:
              - POST
              - GET
    newAPIServiceIntegrationInstanceSecretResponse:
      summary: New secret response example
      value:
        id: ocs2f50kZB0cITmYU0g4
        status: ACTIVE
        client_secret: DRUFXGF9XbLnS9k-Sla3x3POBiIxDreBCdZuFs5B
        secret_hash: FpCwXwSjTRQNtEI11I00-g
        created: 2023-04-06T21:32:33.000Z
        lastUpdated: 2023-04-06T21:32:33.000Z
        _links:
          deactivate:
            href: "https://{yourOktaDomain}/integrations/api/v1/api-services/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    oAuth2ClientSecretResponse:
      summary: Client secret response example
      value:
        id: ocs2f50kZB0cITmYU0g4
        status: ACTIVE
        client_secret: DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B
        secret_hash: FpCwXwSjTRQNtEI11I00-g
        created: 2023-04-06T21:32:33.000Z
        lastUpdated: 2023-04-06T21:32:33.000Z
        _links:
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    oAuthClientJsonWebKey:
      summary: JSON Web Key example
      value:
        id: pks2f50kZB0cITmYU0g4
        kid: ASHJHGasa782333-Sla3x3POBiIxDreBCdZuFs5B
        kty: RSA
        alg: RS256
        use: sig
        e: AQAB
        "n": AJncrzOrouIUCSMlRL0HU.....Kuine49_CEVR4GPn=
        status: ACTIVE
        created: 2023-04-06T21:32:33.000Z
        lastUpdated: 2023-04-06T21:32:33.000Z
        _links:
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/jwks/pks2f50kZB0cITmYU0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    oAuthClientJsonWebKeyListResponse:
      summary: JSON Web Key list response example
      value:
        jwks:
          keys:
          - id: pks2f4zrZbs8nUa7p0g4
            kid: DRUFXGF9XbLnS9k-Sla3x3POBiIxDreBCdZuFs5B
            kty: RSA
            alg: RS256
            use: sig
            e: AQAB
            "n": AJncrKuine49_CEVR4GPn.....zOrouIUCSMlRL0HU=
            status: INACTIVE
            created: 2023-02-21T20:08:24.000Z
            lastUpdated: 2023-02-21T20:08:24.000Z
            _links:
              activate:
                href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/jwks/pks2f4zrZbs8nUa7p0g4/lifecycle/activate"
                hints:
                  allow:
                  - POST
              delete:
                href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/jwks/pks2f4zrZbs8nUa7p0g4"
                hints:
                  allow:
                  - DELETE
          - id: pks2f50kZB0cITmYU0g4
            kid: ASHJHGasa782333-Sla3x3POBiIxDreBCdZuFs5B
            kty: RSA
            alg: RS256
            use: sig
            e: AQAB
            "n": AJncrzOrouIUCSMlRL0HU.....Kuine49_CEVR4GPn=
            status: ACTIVE
            created: 2023-04-06T21:32:33.000Z
            lastUpdated: 2023-04-06T21:32:33.000Z
            _links:
              deactivate:
                href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/jwks/pks2f50kZB0cITmYU0g4/lifecycle/deactivate"
                hints:
                  allow:
                  - POST
    oAuthClientJsonWebKeyRequest:
      summary: JSON Web Key Request example
      value:
        id: pks2f50kZB0cITmYU0g4
        kid: ASHJHGasa782333-Sla3x3POBiIxDreBCdZuFs5B
        kty: RSA
        alg: RS256
        use: sig
        e: AQAB
        "n": AJncrzOrouIUCSMlRL0HU.....Kuine49_CEVR4GPn=
        status: ACTIVE
    oAuthClientSecretListResponse:
      summary: Secrets list response example
      value:
      - id: ocs2f4zrZbs8nUa7p0g4
        status: INACTIVE
        client_secret: DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B
        secret_hash: yk4SVx4sUWVJVbHt6M-UPA
        created: 2023-02-21T20:08:24.000Z
        lastUpdated: 2023-02-21T20:08:24.000Z
        _links:
          activate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4/lifecycle/activate"
            hints:
              allow:
              - POST
          delete:
            href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f4zrZbs8nUa7p0g4"
            hints:
              allow:
              - DELETE
      - id: ocs2f50kZB0cITmYU0g4
        status: ACTIVE
        client_secret: HAGDTYU9XbLnS......3xasFDDwecdZuFs5B
        secret_hash: 0WOOvBSzV9clc4Nr7Rbaug
        created: 2023-04-06T21:32:33.000Z
        lastUpdated: 2023-04-06T21:32:33.000Z
        _links:
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/apps/0oa1nkheCuDn82XVI0g4/credentials/secrets/ocs2f50kZB0cITmYU0g4/lifecycle/deactivate"
            hints:
              allow:
              - POST
    oamp-id-proofing-policy-rule:
      description: This account management policy rule enables ID proofing for enrollment
        processes
      summary: Account Management Policy - Account management policy rule with ID
        proofing enabled
      value:
        id: ruleId
        name: Account Management Policy Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              id: entity_id
              type: ID_PROOFING
    oamp-id-proofing-policy-rule-response:
      description: This account management policy rule response enables ID proofing
        for enrollment processes
      summary: Account Management Policy - Account management policy rule with ID
        proofing enabled
      value:
        id: ruleId
        _links:
          self:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
        name: Account Management Policy Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              id: entity_id
              type: ID_PROOFING
    orgCommunicationOptInResponse:
      summary: Opt in to communication emails
      value:
        optOutEmailUsers: false
        _links:
          optOut:
            href: "https://{yourOktaDomain}/api/v1/org/privacy/oktaCommunication/optOut"
            hints:
              allow:
              - POST
    orgCommunicationOptOutResponse:
      summary: Opt out of communication emails
      value:
        optOutEmailUsers: true
        _links:
          optIn:
            href: "https://{yourOktaDomain}/api/v1/org/privacy/oktaCommunication/optIn"
            hints:
              allow:
              - POST
    orgContactTypeResponse:
      summary: Org Contact Types
      value:
      - contactType: BILLING
        _links:
          billing:
            href: "https://{yourOktaDomain}/api/v1/org/contacts/billing"
      - contactType: TECHNICAL
        _links:
          technical:
            href: "https://{yourOktaDomain}/api/v1/org/contacts/technical"
    orgContactUserResponse:
      summary: Contact User
      value:
        userId: 00ux3u0ujW1r5AfZC1d7
        _links:
          user:
            href: "https://{yourOktaDomain}/api/v1/users/00ux3u0ujW1r5AfZC1d7"
    orgHideFooterPrefResponse:
      summary: Hide footer response
      value:
        showEndUserFooter: false
        _links:
          showEndUserFooter:
            href: "https://{yourOktaDomain}/api/v1/org/preferences/showEndUserFooter"
            hints:
              allow:
              - POST
    orgShowFooterPrefResponse:
      summary: Show footer response
      value:
        showEndUserFooter: true
        _links:
          hideEndUserFooter:
            href: "https://{yourOktaDomain}/api/v1/org/preferences/hideEndUserFooter"
            hints:
              allow:
              - POST
    orgSupportSettingsResponse:
      summary: Org Support Settings
      value:
        support: ENABLED
        expiration: 2024-01-24T11:13:14.000Z
        _links:
          extend:
            href: "https://{yourOktaDomain}/api/v1/org/privacy/oktaSupport/extend"
            hints:
              allow:
              - POST
          revoke:
            href: "https://{yourOktaDomain}/api/v1/org/privacy/oktaSupport/revoke"
            hints:
              allow:
              - POST
    orgSupportSettingsRevokeResponse:
      summary: Revoked Org Support
      value:
        support: DISABLED
        expiration: null
        _links:
          grant:
            href: "https://{yourOktaDomain}/api/v1/org/privacy/oktaSupport/grant"
            hints:
              allow:
              - POST
    password-policy-response:
      summary: PASSWORD
      value:
        type: PASSWORD
        id: policyId
        status: ACTIVE
        name: Policy name
        description: Policy description
        priority: 1
        system: true
        created: createdDate
        lastUpdated: lastUpdated
        conditions:
          people:
            groups:
              include:
              - groupId
          authProvider:
            provider: provider
        settings:
          password:
            complexity:
              minLength: 8
              minLowerCase: 1
              minUpperCase: 1
              minNumber: null
              minSymbol: 0
              excludeUsername: true
              dictionary:
                common:
                  exclude: false
              excludeAttributes: []
            age:
              maxAgeDays: 0
              expireWarnDays: 0
              minAgeMinutes: 0
              historyCount: 4
            lockout:
              maxAttempts: 0
              autoUnlockMinutes: 0
              userLockoutNotificationChannels: []
              showLockoutFailures: false
          recovery:
            factors:
              recovery_question:
                status: ACTIVE
                properties:
                  complexity:
                    complexity: 4
              okta_email:
                status: ACTIVE
                properties:
                  recoveryToken:
                    tokenLifetimeMinutes: 10080
              okta_sms:
                status: INACTIVE
              okta_call:
                status: INACTIVE
          delegation:
            options:
              skipUnlock: false
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}"
            hints:
              allow:
              - GET
              - PUT
          rules:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules"
            hints:
              allow:
              - POST
              - GET
    policy-mapping-list-response:
      summary: List all Mappings for a policy
      value:
      - id: policyId
        _links:
          application:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/mappings/{mappingId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          policy:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    policy-mapping-response:
      summary: Policy Mapping for a Policy
      value:
        id: policyId
        _links:
          application:
            href: "https://{yourOktaDomain}/api/v1/apps/{appId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/mappings/{mappingId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          policy:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    postAPIServiceIntegrationRequest:
      value:
        type: my_app_cie
        grantedScopes:
        - okta.logs.read
        - okta.groups.read
        - okta.users.read
    postAPIServiceIntegrationResponse:
      summary: Post response example
      value:
        id: 0oa72lrepvp4WqEET1d9
        type: my_app_cie
        name: My App Cloud Identity Engine
        createdAt: 2023-02-21T20:08:24.000Z
        createdBy: 00uu3u0ujW1P6AfZC2d5
        clientSecret: CkF69kXtag0q0P4pXU8OnP5IAzgGlwx6eqGy7Fmg
        configGuideUrl: "https://{docDomain}/my-app-cie/configuration-guide"
        grantedScopes:
        - okta.logs.read
        - okta.groups.read
        - okta.users.read
        _links:
          self:
            href: "https://{yourOktaDomain}/integrations/api/v1/api-services/0oa72lrepvp4WqEET1d9"
            hints:
              allow:
              - GET
              - DELETE
          client:
            href: "https://{yourOktaDomain}/oauth2/v1/clients/0oa72lrepvp4WqEET1d9"
            hints:
              allow:
              - GET
          logo:
            name: small
            href: "https://{logoDomain}/{logoPath}/my_app_cie_small_logo"
    profile-enrollment-policy-response:
      summary: PROFILE_ENROLLMENT
      value:
        type: PROFILE_ENROLLMENT
        id: policyId
        status: ACTIVE
        name: Policy name
        description: Policy description
        priority: 1
        system: true
        created: createdDate
        lastUpdated: lastUpdated
        conditions: null
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}"
            hints:
              allow:
              - GET
              - PUT
          rules:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules"
            hints:
              allow:
              - POST
              - GET
    radius-rule:
      description: This global session policy uses a rule to challenge VPN users with
        Radius
      summary: Global session policy - Challenge VPN users with Radius
      value:
        type: SIGN_ON
        status: ACTIVE
        name: Challenge VPN users
        conditions:
          network:
            connection: ANYWHERE
          authContext:
            authType: RADIUS
          people:
            users:
              exclude: []
          risk:
            behaviors: []
          riskScore:
            level: ANY
          identityProvider:
            provider: ANY
        actions:
          signon:
            access: ALLOW
            requireFactor: true
            primaryFactor: PASSWORD_IDP_ANY_FACTOR
            factorPromptMode: ALWAYS
            rememberDeviceByDefault: false
            session:
              usePersistentCookie: false
              maxSessionIdleMinutes: 720
              maxSessionLifetimeMinutes: 0
    radius-rule-response:
      description: The response body from the creation of a global session policy
        that uses a rule to challenge VPN users with Radius
      summary: Global session policy - Challenge VPN users with Radius
      value:
        id: rule8jjozjGMGbHyC1d6
        status: ACTIVE
        type: SIGN_ON
        name: Challenge VPN users
        priority: 0
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
        system: false
        conditions:
          network:
            connection: ANYWHERE
          authContext:
            authType: RADIUS
        actions:
          signon:
            access: ALLOW
            requireFactor: true
            factorPromptMode: ALWAYS
            rememberDeviceByDefault: false
            session:
              usePersistentCookie: false
              maxSessionIdleMinutes: 720
              maxSessionLifetimeMinutes: 0
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    replace-user-request:
      value:
        credentials:
          password:
            value: tlpWENT2m
          recovery_question:
            question: Who's a major player in the cowboy scene?
            answer: Annie Oakley
          provider:
            type: OKTA
            name: OKTA
        profile:
          firstName: Isaac
          lastName: Brock
          email: [email protected]
          login: [email protected]
          mobilePhone: 555-415-1337
    settingsResponseBaseEx:
      value:
        notifications:
          vpn:
            network:
              connection: DISABLED
            message: null
            helpUrl: null
        manualProvisioning: false
        implicitAssignment: false
        notes:
          admin: null
          enduser: null
    sign-on-policy-rule:
      description: Sign-on policy rule with a factor mode always
      summary: Sign-on policy - Rule with factor mode always
      value:
        type: SIGN_ON
        name: Test Sign On
        conditions:
          network:
            connection: ANYWHERE
          riskScore:
            level: ANY
          identityProvider:
            provider: ANY
          authContext:
            authType: ANY
        actions:
          signon:
            requireFactor: false
            factorPromptMode: ALWAYS
            factorLifetime: 15
            access: ALLOW
            session:
              maxSessionIdleMinutes: 720
              maxSessionLifetimeMinutes: 0
              usePersistentCookie: false
            primaryFactor: PASSWORD_IDP_ANY_FACTOR
    sign-on-policy-rule-response:
      description: Sign-on policy rule with a factor mode always
      summary: Sign-on policy - Rule with factor mode always
      value:
        type: SIGN_ON
        name: Test Sign On
        id: 0prh1sd28q5sXGW08697
        priority: 0
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
        system: false
        status: ACTIVE
        conditions:
          network:
            connection: ANYWHERE
          riskScore:
            level: ANY
          identityProvider:
            provider: ANY
          authContext:
            authType: ANY
          people:
            users:
              exclude: []
        actions:
          signon:
            requireFactor: false
            factorPromptMode: ALWAYS
            factorLifetime: 15
            access: ALLOW
            session:
              maxSessionIdleMinutes: 720
              maxSessionLifetimeMinutes: 0
              usePersistentCookie: false
            primaryFactor: PASSWORD_IDP_ANY_FACTOR
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    skip-factor-challenge-on-prem-rule:
      description: This global session policy uses a rule to skip factor challenge
        for on-prem sign-in use
      summary: Global session policy - Skip factor challenge for on-prem sign-in use
      value:
        type: SIGN_ON
        status: ACTIVE
        name: Skip Factor Challenge when On-Prem
        conditions:
          network:
            connection: ZONE
            include:
            - 00u7yq5goxNFTiMjW1d7
          authContext:
            authType: ANY
        actions:
          signon:
            access: ALLOW
            requireFactor: false
            rememberDeviceByDefault: false
            session:
              usePersistentCookie: false
              maxSessionIdleMinutes: 720
              maxSessionLifetimeMinutes: 0
    skip-factor-challenge-on-prem-rule-response:
      description: The response body from the creation of a global session policy
        that uses a rule to skip the factor challenge for on-prem sign-in use
      summary: Global session policy - Skip factor challenge for on-prem sign-in use
      value:
        id: rule8jjozjGMGbHyC1d6
        status: ACTIVE
        name: Skip Factor Challenge when On-Prem
        priority: 0
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
        system: false
        conditions:
          network:
            connection: ZONE
            include:
            - 00u7yq5goxNFTiMjW1d7
          authContext:
            authType: ANY
          people:
            users:
              exclude: []
          risk:
            behaviors: []
          riskScore:
            level: ANY
          identityProvider:
            provider: ANY
        actions:
          signon:
            access: ALLOW
            requireFactor: false
            primaryFactor: PASSWORD_IDP_ANY_FACTOR
            rememberDeviceByDefault: false
            session:
              usePersistentCookie: false
              maxSessionIdleMinutes: 720
              maxSessionLifetimeMinutes: 0
        type: SIGN_ON
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
    sspr-enabled-OAMP:
      description: This policy defers to the Okta account management policy to define
        SSPR authentication requirements.
      summary: Password policy - SSPR with Okta account management policy
      value:
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              accessControl: AUTH_POLICY
              primary:
                methods:
                - sms
                - email
              stepUp:
                required: false
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-OAMP-response:
      summary: Password policy - SSPR with access control set to Okta account management
        policy
      value:
        id: ruleId
        _links:
          self:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              accessControl: AUTH_POLICY
              primary:
                methods:
                - sms
                - email
              stepUp:
                required: false
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-OAMP-update:
      description: This policy defers to the Okta account management policy to define
        SSPR authentication requirements.
      summary: Password policy - SSPR with Okta account management policy
      value:
        id: ruleId
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              accessControl: AUTH_POLICY
              primary:
                methods:
                - sms
                - email
              stepUp:
                required: false
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-no-step-up:
      description: "This password policy permits self-service password change, reset,\
        \ and unlock. Phone SMS or email are initial authenticators with no secondary\
        \ authentication required."
      summary: Password policy - SSPR with no step up
      value:
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - sms
                - email
              stepUp:
                required: false
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-no-step-up-response:
      summary: Password policy - SSPR with no step up
      value:
        id: ruleId
        _links:
          self:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - sms
                - email
              stepUp:
                required: false
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-no-step-up-update:
      description: "This password policy permits self-service password change, reset,\
        \ and unlock. Phone SMS or email are initial authenticators with no secondary\
        \ authentication required."
      summary: Password policy - SSPR with no step up
      value:
        id: ruleId
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - sms
                - email
              stepUp:
                required: false
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-sq-step-up:
      description: "This password policy permits self-service password change, reset,\
        \ and unlock. Phone SMS and Okta Verify push are the initial authenticators,\
        \ and the secondary authentication is a security question."
      summary: Password policy - SSPR with security question as step-up auth
      value:
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - push
                - sms
              stepUp:
                required: true
                methods:
                - security_question
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-sq-step-up-response:
      summary: Password policy - SSPR with security question as step up
      value:
        id: ruleId
        _links:
          self:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - push
                - sms
              stepUp:
                required: true
                methods:
                - security_question
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-sq-step-up-update:
      description: "This password policy permits self-service password change, reset,\
        \ and unlock. Phone SMS and Okta Verify push are initial authenticators, and\
        \ the secondary authentication is a security question."
      summary: Password policy - SSPR with security question as step up
      value:
        id: ruleId
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - push
                - sms
              stepUp:
                required: true
                methods:
                - security_question
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-sso-step-up:
      description: "This password policy permits self-service password change, reset,\
        \ and unlock. Phone SMS or email are initial authenticators. The step-up authentication\
        \ required is any active SSO authenticator."
      summary: Password policy - SSPR with any SSO authenticator as step up
      value:
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - push
                - sms
              stepUp:
                required: true
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-sso-step-up-response:
      summary: Password policy - SSPR with any SSO authenticator as step up
      value:
        id: ruleId
        _links:
          self:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - push
                - sms
              stepUp:
                required: true
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-sso-step-up-update:
      description: "This password policy permits self-service password change, reset,\
        \ and unlock. Phone SMS or email are initial authenticators. The step-up authentication\
        \ required is any active SSO authenticator."
      summary: Password policy - SSPR with any SSO authenticator as step up
      value:
        id: ruleId
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - push
                - sms
              stepUp:
                required: true
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-sso-step-up-with-constraints:
      description: "This password policy permits self-service password change, reset,\
        \ and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators.\
        \ The secondary authentication required is any SSO authenticator. The `methodConstraints`\
        \ property limits OTP authenticators to Google."
      summary: Password policy - Enable SSPR with OTP enabled and Google authenticator
        constraint
      value:
        id: ruleId
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - push
                - sms
                - otp
                methodConstraints:
                - method: otp
                  allowedAuthenticators:
                  - key: google_otp
              stepUp:
                required: true
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-sso-step-up-with-constraints-response:
      summary: Password policy - Enable SSPR with OTP enabled and Google authenticator
        constraint
      value:
        id: ruleId
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}"
            hints:
              allow:
              - GET
              - PUT
              - DELETE
          deactivate:
            href: "https://{yourOktaDomain}/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - push
                - sms
                - otp
                methodConstraints:
                - method: otp
                  allowedAuthenticators:
                  - key: google_otp
              stepUp:
                required: true
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    sspr-enabled-sso-step-up-with-constraints-update:
      description: "This password policy permits self-service password change, reset,\
        \ and unlock. Okta Verify push, Phone SMS, or Google OTP are initial authenticators.\
        \ The secondary authentication required is any SSO authenticator. The `methodConstraints`\
        \ property limits OTP authenticators to Google."
      summary: Password policy - Enable SSPR with OTP enabled and Google authenticator
        constraint
      value:
        id: ruleId
        name: SSPR Rule
        priority: 1
        status: ACTIVE
        conditions:
          people:
            users:
              exclude: []
          network:
            connection: ANYWHERE
        actions:
          passwordChange:
            access: ALLOW
          selfServicePasswordReset:
            access: ALLOW
            requirement:
              primary:
                methods:
                - push
                - sms
                - otp
                methodConstraints:
                - method: otp
                  allowedAuthenticators:
                  - key: google_otp
              stepUp:
                required: true
          selfServiceUnlock:
            access: ALLOW
        system: false
        type: PASSWORD
    streamConfigurationExample:
      summary: SSF Stream configuration example
      value:
        aud: https://example.com
        delivery:
          method: urn:ietf:rfc:8935
          endpoint_url: https://example.com
        events_delivered:
        - https://schemas.openid.net/secevent/caep/event-type/session-revoked
        - https://schemas.openid.net/secevent/caep/event-type/credential-change
        events_requested:
        - https://schemas.openid.net/secevent/caep/event-type/session-revoked
        - https://schemas.openid.net/secevent/caep/event-type/credential-change
        events_supported:
        - https://schemas.openid.net/secevent/caep/event-type/session-revoked
        - https://schemas.openid.net/secevent/caep/event-type/credential-change
        format: iss_sub
        iss: "https://{yourOktaDomain}"
        min_verification_interval: 0
        stream_id: esc1k235GIIztAuGK0g5
    twofa-enabled-disallow-password-allow-phishing:
      description: This two-factor authentication policy uses a rule to disallow passwords
        and require phishing resistance for possession authenticators for authentication.
      summary: Authentication policy - 2FA with granular authentication
      value:
        name: Passwordless 2FA
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              factorMode: 2FA
              type: ASSURANCE
              reauthenticateIn: PT0S
              constraints:
                knowledge:
                  excludedAuthenticationMethods:
                    key: okta_password
                possession:
                  deviceBound: REQUIRED
                  phishingREsistant: REQUIRED
        type: ACCESS_POLICY
    twofa-enabled-disallow-password-allow-phishing-response:
      description: The rule from a two-factor authentication policy that disallows
        passwords and requires phishing resistance
      summary: Authentication policy - 2FA with granular authentication
      value:
        id: rul7yut96gmsOzKAA1d6
        status: ACTIVE
        name: Passwordless 2FA
        priority: 0
        created: 2023-05-01T21:13:15.000Z
        lastUpdated: 2023-05-01T21:13:15.000Z
        system: false
        conditions: null
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              factorMode: 2FA
              type: ASSURANCE
              reauthenticateIn: PT0S
              constraints:
                knowledge:
                  excludedAuthenticationMethods:
                    key: okta_password
                  required: false
                possession:
                  deviceBound: REQUIRED
                  phishingREsistant: REQUIRED
                  required: true
        type: ACCESS_POLICY
        _links:
          self:
            href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
            hints:
              allow:
              - GET
              - PUT
    twofa-enabled-post-auth-kmsi-disabled:
      description: This two-factor authentication policy uses a rule that doesn't
        prompt the user to stay signed in post-authentication.
      summary: Authentication policy - 2FA with granular authentication (KMSI disabled)
      value:
        name: 2FA with Post Auth KMSI prompt disabled
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              factorMode: 2FA
              type: ASSURANCE
              reauthenticateIn: PT2H
              constraints:
                knowledge:
                  excludedAuthenticationMethods:
                    key: okta_password
            keepMeSignedIn:
              postAuth: NOT_ALLOWED
        type: ACCESS_POLICY
    twofa-enabled-post-auth-kmsi-disabled-response:
      description: This two-factor authentication policy uses a rule that doesn't
        prompt the user to stay signed in post-authentication.
      summary: Authentication policy - 2FA with granular authentication (KMSI disabled)
      value:
        id: rul7yut96gmsOzKAA1d6
        status: ACTIVE
        name: 2FA with Post Auth KMSI prompt disabled
        priority: 0
        created: 2023-05-01T21:13:15.000Z
        lastUpdated: 2023-05-01T21:13:15.000Z
        system: false
        conditions: null
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              factorMode: 2FA
              type: ASSURANCE
              reauthenticateIn: PT0S
              constraints:
                knowledge:
                  excludedAuthenticationMethods:
                    key: okta_password
                  required: true
            keepMeSignedIn:
              postAuth: NOT_ALLOWED
        type: ACCESS_POLICY
        _links:
          self:
            href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
            hints:
              allow:
              - GET
              - PUT
          deactivate:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
    twofa-enabled-post-auth-kmsi-enabled:
      description: This two-factor authentication policy uses a rule to prompt the
        user to stay signed in post authentication.
      summary: Authentication policy - 2FA with granular authentication (KMSI enabled)
      value:
        name: 2FA with Post Auth KMSI prompt enabled
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              factorMode: 2FA
              type: ASSURANCE
              reauthenticateIn: PT2H
              constraints:
                knowledge:
                  excludedAuthenticationMethods:
                    key: okta_password
            keepMeSignedIn:
              postAuth: ALLOWED
              postAuthPromptFrequency: P30D
    twofa-enabled-post-auth-kmsi-enabled-response:
      description: This two-factor authentication policy uses a rule to prompt the
        user to stay signed in post authentication.
      summary: Authentication policy - 2FA with granular authentication (KMSI enabled)
      value:
        id: rul7yut96gmsOzKAA1d6
        status: ACTIVE
        name: 2FA with Post Auth KMSI prompt enabled
        priority: 0
        created: 2023-05-01T21:13:15.000Z
        lastUpdated: 2023-05-01T21:13:15.000Z
        system: false
        conditions: null
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              factorMode: 2FA
              type: ASSURANCE
              reauthenticateIn: PT0S
              constraints:
                knowledge:
                  excludedAuthenticationMethods:
                    key: okta_password
                  required: true
            keepMeSignedIn:
              postAuth: ALLOWED
              postAuthPromptFrequency: PT720H
        type: ACCESS_POLICY
        _links:
          self:
            href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
            hints:
              allow:
              - GET
              - PUT
          deactivate:
            href: "https://sampleorg.okta.com/api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate"
            hints:
              allow:
              - POST
    update-auth-policy-rule-condition:
      description: Updates the conditions object on the request body of an authentication
        policy rule.
      summary: Authentication policy - Update rule with conditions
      value:
        type: ACCESS_POLICY
        name: Rule with conditions - exclude a group
        description: Updated policy rule
        conditions:
          userType:
            include: []
            exclude:
            - otyezu4m0xN6w5JEa1d7
          network:
            connection: ZONE
            exclude:
            - nzo9o4rctwQCJNE6y1d7
          riskScore:
            level: ANY
          people:
            users:
              exclude:
              - 00u7yq5goxNFTiMjW1d7
              include: []
            groups:
              include: []
              exclude:
              - 00g8vta8qzkxPEfKC1d7
          platform:
            include:
            - type: MOBILE
              os:
                type: IOS
            - type: MOBILE
              os:
                type: ANDROID
            - type: DESKTOP
              os:
                type: MACOS
          elCondition:
            condition: security.risk.level == 'HIGH'
    update-auth-policy-rule-condition-response:
      description: The response body from an updated conditions object of an authentication
        policy rule.
      summary: Authentication policy - Update rule with conditions
      value:
        id: rulezuo73ySrHndLb1d7
        status: ACTIVE
        name: Rule with conditions - exclude a group
        priority: 0
        created: 2024-04-25T17:35:02.000Z
        lastUpdated: 2024-04-25T17:35:02.000Z
        system: false
        conditions:
          people:
            users:
              exclude: []
            groups:
              exclude:
              - 00u7yq5goxNFTiMjW1d7
          network:
            connection: ZONE
            exclude:
            - nzo9o4rctwQCJNE6y1d7
          platform:
            include:
            - type: MOBILE
              os:
                type: IOS
            - type: MOBILE
              os:
                type: ANDROID
            - type: DESKTOP
              os:
                type: MACOS
            exclude: []
          riskScore:
            level: ANY
          userType:
            include: []
            exclude:
            - otyezu4m0xN6w5JEa1d7
          elCondition:
            condition: security.risk.level == 'HIGH'
        actions:
          appSignOn:
            access: ALLOW
            verificationMethod:
              factorMode: 2FA
              type: ASSURANCE
              reauthenticateIn: PT2H
              constraints:
                knowledge:
                  required: true
                  types:
                  - password
                  reauthenticateIn: PT2H
          type: ACCESS_POLICY
          _links:
            self:
              href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
              hints:
                allow:
                - GET
                - PUT
                - DELETE
            deactivate:
              href: https://sampleorg.okta.com/api/v1/policies/rst7xus97faIAgmti1d7/rules/rul7yut96gmsOzKAA1d6
              hints:
                allow:
                - GET
                - PUT
                - DELETE
    update-user-profile-request:
      value:
        profile:
          firstName: Isaac
          email: [email protected]
          mobilePhone: 555-415-1337
    update-user-set-password-request:
      value:
        credentials:
          password:
            value: "uTVM,TPw55"
    update-user-set-recovery-question-and-answer:
      value:
        credentials:
          recovery_question:
            question: How many roads must a man walk down?
            answer: forty two
    user-example:
      summary: User example
      value:
        id: 00ub0oNGTSWTBKOLGLNR
        status: ACTIVE
        created: 2013-06-24T16:39:18.000Z
        activated: 2013-06-24T16:39:19.000Z
        statusChanged: 2013-06-24T16:39:19.000Z
        lastLogin: 2013-06-24T17:39:19.000Z
        lastUpdated: 2013-07-02T21:36:25.344Z
        passwordChanged: 2013-07-02T21:36:25.344Z
        profile:
          login: [email protected]
          firstName: Isaac
          lastName: Brock
          nickName: issac
          displayName: Isaac Brock
          email: [email protected]
          secondEmail: [email protected]
          profileUrl: http://www.example.com/profile
          preferredLanguage: en-US
          userType: Employee
          organization: Okta
          title: Director
          division: R&D
          department: Engineering
          costCenter: "10"
          employeeNumber: "187"
          mobilePhone: +1-555-415-1337
          primaryPhone: +1-555-514-1337
          streetAddress: 301 Brannan St.
          city: San Francisco
          state: CA
          zipCode: "94107"
          countryCode: US
        credentials:
          password: {}
          recovery_question:
            question: What's my childhood elementary school?
          provider:
            type: OKTA
            name: OKTA
        _links:
          self:
            href: "https://{yourOktaDomain}/api/v1/users/00u1f96ECLNVOKVMUSEA"
    userNameTemplateResponseBaseEx:
      value:
        userNameTemplate:
          template: "${source.email}"
          type: BUILT_IN
    wellKnownSSFMetadataExample:
      summary: Well-Known SSF Metadata example
      value:
        configuration_endpoint: "https://{yourOktaDomain}/api/v1/ssf/stream"
        delivery_methods_supported:
        - https://schemas.openid.net/secevent/risc/delivery-method/push
        - urn:ietf:rfc:8935
        issuer: "https://{yourOktaDomain}"
        jwks_uri: "https://{yourOktaDomain}/oauth2/v1/keys"
  parameters:
    OktaResponse:
      description: |-
        Specifies the media type of the resource. Optional `okta-response` value can be included for performance optimization.

        Complex DelAuth configurations may degrade performance when fetching specific parts of the response, and passing this parameter can omit these parts, bypassing the bottleneck.

        Enum values for `okta-response`:
          * `omitCredentials`: Omits the credentials subobject from the response.
          * `omitCredentialsLinks`: Omits the following HAL links from the response: Change Password, Change Recovery Question, Forgot Password, Reset Password, Reset Factors, Unlock.
          * `omitTransitioningToStatus`: Omits the `transitioningToStatus` field from the response.
      examples:
        Omit credentials subobject and credentials links:
          summary: Omits the credentials subobject and credentials links from the
            response. Does not apply performance optimization.
          value: "application/json; okta-response=omitCredentials,omitCredentialsLinks"
        Omit credentials, credentials links, and `transitioningToStatus` field:
          summary: "Omits the credentials, credentials links, and `transitioningToStatus`\
            \ field from the response. Applies performance optimization."
          value: "application/json; okta-response=\"omitCredentials,omitCredentialsLinks,\
            \ omitTransitioningToStatus\""
      explode: false
      in: header
      name: Content-Type
      required: false
      schema:
        type: string
      style: simple
    UISchemaId:
      description: The unique ID of the UI Schema
      explode: false
      in: path
      name: id
      required: true
      schema:
        example: uis4a7liocgcRgcxZ0g7
        type: string
      style: simple
    appInstanceId:
      description: ID of the AD AppInstance in Okta
      explode: false
      in: path
      name: appInstanceId
      required: true
      schema:
        type: string
      style: simple
    assignmentId:
      description: '`id` of the Realm Assignment'
      explode: false
      in: path
      name: assignmentId
      required: true
      schema:
        example: rul2jy7jLUlnO3ng00g4
        type: string
      style: simple
    authenticatorEnrollmentId:
      description: ID for a WebAuthn Preregistration Factor in Okta
      explode: false
      in: path
      name: authenticatorEnrollmentId
      required: true
      schema:
        type: string
      style: simple
    domain:
      description: The okta domain name of your org or one of your custom domains
      explode: false
      in: path
      name: domain
      required: true
      schema:
        type: string
      style: simple
    limitParameter:
      description: "Defines the number of policy rules returned. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
      explode: true
      in: query
      name: limit
      required: false
      schema:
        type: string
      style: form
    pathApiServiceId:
      description: '`id` of the API Service Integration instance'
      example: 000lr2rLjZ6NsGn1P0g3
      explode: false
      in: path
      name: apiServiceId
      required: true
      schema:
        type: string
      style: simple
    pathApiTokenId:
      description: id of the API Token
      explode: false
      in: path
      name: apiTokenId
      required: true
      schema:
        example: 00Tabcdefg1234567890
        type: string
      style: simple
    pathAppId:
      description: Application ID
      explode: false
      in: path
      name: appId
      required: true
      schema:
        example: 0oafxqCAJWWGELFTYASJ
        type: string
      style: simple
    pathAppName:
      description: Application name for the app type
      explode: false
      in: path
      name: appName
      required: true
      schema:
        example: oidc_client
        type: string
      style: simple
    pathAppUserId:
      description: ID of an existing Okta user
      explode: false
      in: path
      name: userId
      required: true
      schema:
        example: 00u13okQOVWZJGDOAUVR
        type: string
      style: simple
    pathAssociatedServerId:
      description: '`id` of the associated Authorization Server'
      explode: false
      in: path
      name: associatedServerId
      required: true
      schema:
        example: aus6xt9jKPmCyn6kg0g4
        type: string
      style: simple
    pathAuthServerId:
      description: '`id` of the Authorization Server'
      explode: false
      in: path
      name: authServerId
      required: true
      schema:
        example: GeGRTEr7f3yu2n7grw22
        type: string
      style: simple
    pathAuthenticatorId:
      description: '`id` of the Authenticator'
      explode: false
      in: path
      name: authenticatorId
      required: true
      schema:
        example: aut1nd8PQhGcQtSxB0g4
        type: string
      style: simple
    pathBehaviorId:
      description: id of the Behavior Detection Rule
      explode: false
      in: path
      name: behaviorId
      required: true
      schema:
        example: abcd1234
        type: string
      style: simple
    pathBrandId:
      description: The ID of the brand
      explode: false
      in: path
      name: brandId
      required: true
      schema:
        type: string
      style: simple
    pathBundleId:
      description: The `id` of a bundle
      explode: false
      in: path
      name: bundleId
      required: true
      schema:
        example: 08ab2db568c7c300079fefd0
        type: string
      style: simple
    pathCaptchaId:
      description: The unique key used to identify your CAPTCHA instance
      explode: false
      in: path
      name: captchaId
      required: true
      schema:
        type: string
      style: simple
    pathClaimId:
      description: '`id` of Claim'
      explode: false
      in: path
      name: claimId
      required: true
      schema:
        example: hNJ3Uk76xLagWkGx5W3N
        type: string
      style: simple
    pathClientId:
      description: '`client_id` of the app'
      explode: false
      in: path
      name: clientId
      required: true
      schema:
        example: 52Uy4BUWVBOjFItcg2jWsmnd83Ad8dD
        type: string
      style: simple
    pathClientSecretId:
      description: Unique `id` of the OAuth 2.0 Client Secret
      example: ocs2f4zrZbs8nUa7p0g4
      explode: false
      in: path
      name: secretId
      required: true
      schema:
        type: string
      style: simple
    pathContactType:
      explode: false
      in: path
      name: contactType
      required: true
      schema:
        description: Type of contact
        enum:
        - BILLING
        - TECHNICAL
        example: BILLING
        type: string
      style: simple
    pathCredentialKeyId:
      description: '`id` of the certificate key'
      explode: false
      in: path
      name: keyId
      required: true
      schema:
        example: P7jXpG-LG2ObNgY9C0Mn2uf4InCQTmRZMDCZoVNxdrk
        type: string
      style: simple
    pathCsrId:
      description: '`id` of the CSR'
      explode: false
      in: path
      name: csrId
      required: true
      schema:
        example: fd7x1h7uTcZFx22rU1f7
        type: string
      style: simple
    pathCustomizationId:
      description: The ID of the email customization
      explode: false
      in: path
      name: customizationId
      required: true
      schema:
        type: string
      style: simple
    pathDeviceAssuranceId:
      description: Id of the Device Assurance Policy
      explode: false
      in: path
      name: deviceAssuranceId
      required: true
      schema:
        type: string
      style: simple
    pathDeviceCheckId:
      description: Id of the Device Check
      explode: false
      in: path
      name: deviceCheckId
      required: true
      schema:
        type: string
      style: simple
    pathDeviceId:
      description: '`id` of the device'
      explode: false
      in: path
      name: deviceId
      required: true
      schema:
        example: guo4a5u7JHHhjXrMK0g4
        type: string
      style: simple
    pathDomainId:
      description: '`id` of the Domain'
      explode: false
      in: path
      name: domainId
      required: true
      schema:
        example: OmWNeywfTzElSLOBMZsL
        type: string
      style: simple
    pathEmailDomainId:
      explode: false
      in: path
      name: emailDomainId
      required: true
      schema:
        description: The ID of the email domain.
        type: string
      style: simple
    pathEmailServerId:
      explode: false
      in: path
      name: emailServerId
      required: true
      schema:
        description: ID of your SMTP Server configuration
        type: string
      style: simple
    pathEntitlementId:
      description: The `id` of a bundle entitlement
      explode: false
      in: path
      name: entitlementId
      required: true
      schema:
        example: 0obfxqCAJWWGELFTYASJ
        type: string
      style: simple
    pathEventHookId:
      description: '`id` of the Event Hook'
      explode: false
      in: path
      name: eventHookId
      required: true
      schema:
        example: who8vt36qfNpCGz9H1e6
        type: string
      style: simple
    pathFactorId:
      description: ID of an existing user Factor
      explode: false
      in: path
      name: factorId
      required: true
      schema:
        example: zAgrsaBe0wVGRugDYtdv
        type: string
      style: simple
    pathFeatureId:
      description: '`id` of the feature'
      explode: false
      in: path
      name: featureId
      required: true
      schema:
        example: R5HjqNn1pEqWGy48E9jg
        type: string
      style: simple
    pathFeatureName:
      description: Name of the Feature
      explode: false
      in: path
      name: featureName
      required: true
      schema:
        $ref: '#/components/schemas/ApplicationFeatureType'
      style: simple
    pathFirstPartyAppName:
      description: |
        The key name for the Okta app.

        Supported apps:
          * Okta Admin Console (`admin-console`)
      explode: false
      in: path
      name: appName
      required: true
      schema:
        example: admin-console
        type: string
      style: simple
    pathGrantId:
      description: Grant ID
      explode: false
      in: path
      name: grantId
      required: true
      schema:
        example: iJoqkwx50mrgX4T9LcaH
        type: string
      style: simple
    pathGroupId:
      description: The `id` of the group
      explode: false
      in: path
      name: groupId
      required: true
      schema:
        example: 00g1emaKYZTWRYYRRTSK
        type: string
      style: simple
    pathGroupRuleId:
      description: The `id` of the group rule
      explode: false
      in: path
      name: groupRuleId
      required: true
      schema:
        example: 0pr3f7zMZZHPgUoWO0g4
        type: string
      style: simple
    pathHookKeyId:
      description: ID of the Hook Key
      explode: false
      in: path
      name: id
      required: true
      schema:
        example: XreKU5laGwBkjOTehusG
        type: string
      style: simple
    pathId:
      description: "`id`, `login`, or `login shortname` (as long as it is unambiguous)\
        \ of user"
      explode: false
      in: path
      name: id
      required: true
      schema:
        type: string
      style: simple
    pathIdentitySourceId:
      description: The ID of the Identity Source for which the session is created
      example: 0oa3l6l6WK6h0R0QW0g4
      explode: false
      in: path
      name: identitySourceId
      required: true
      schema:
        type: string
      style: simple
    pathIdentitySourceSessionId:
      description: The ID of the Identity Source Session
      example: aps1qqonvr2SZv6o70h8
      explode: false
      in: path
      name: sessionId
      required: true
      schema:
        type: string
      style: simple
    pathIdpCsrId:
      description: '`id` of the IdP CSR'
      explode: false
      in: path
      name: idpCsrId
      required: true
      schema:
        example: 1uEhyE65oV3H6KM9gYcN
        type: string
      style: simple
    pathIdpId:
      description: '`id` of IdP'
      explode: false
      in: path
      name: idpId
      required: true
      schema:
        example: 0oa62bfdjnK55Z5x80h7
        type: string
      style: simple
    pathInlineHookId:
      description: '`id` of the Inline Hook'
      explode: false
      in: path
      name: inlineHookId
      required: true
      schema:
        example: Y7Rzrd4g4xj6WdKzrBHH
        type: string
      style: simple
    pathJsonWebKeyId:
      description: Unique `id` of the OAuth 2.0 Client JSON Web Key
      example: pks2f4zrZbs8nUa7p0g4
      explode: false
      in: path
      name: keyId
      required: true
      schema:
        type: string
      style: simple
    pathKeyId:
      description: ID of the Key Credential for the application
      explode: false
      in: path
      name: keyId
      required: true
      schema:
        example: sjP9eiETijYz110VkhHN
        type: string
      style: simple
    pathKid:
      description: Unique `id` of the IdP Key Credential
      explode: false
      in: path
      name: kid
      required: true
      schema:
        example: KmMo85SSsU7TZzOShcGb
        type: string
      style: simple
    pathLifecycle:
      description: Whether to `ENABLE` or `DISABLE` the feature
      explode: false
      in: path
      name: lifecycle
      required: true
      schema:
        $ref: '#/components/schemas/FeatureLifecycle'
      style: simple
    pathLinkedObjectName:
      description: Primary or Associated name
      explode: false
      in: path
      name: linkedObjectName
      required: true
      schema:
        type: string
      style: simple
    pathLogStreamId:
      description: Unique identifier for the Log Stream
      explode: false
      in: path
      name: logStreamId
      required: true
      schema:
        example: 0oa1orzg0CHSgPcjZ0g4
        type: string
      style: simple
    pathLogStreamType:
      explode: false
      in: path
      name: logStreamType
      required: true
      schema:
        $ref: '#/components/schemas/LogStreamType'
      style: simple
    pathMappingId:
      description: '`id` of the Mapping'
      explode: false
      in: path
      name: mappingId
      required: true
      schema:
        example: cB6u7X8mptebWkffatKA
        type: string
      style: simple
    pathMemberId:
      description: '`id` of the Member'
      explode: false
      in: path
      name: memberId
      required: true
      schema:
        example: irb1qe6PGuMc7Oh8N0g4
        type: string
      style: simple
    pathMethodType:
      description: Type of authenticator method
      explode: false
      in: path
      name: methodType
      required: true
      schema:
        $ref: '#/components/schemas/AuthenticatorMethodType'
      style: simple
    pathNotificationType:
      explode: false
      in: path
      name: notificationType
      required: true
      schema:
        $ref: '#/components/schemas/NotificationType'
      style: simple
    pathOAuthProvisioningAppName:
      explode: false
      in: path
      name: appName
      required: true
      schema:
        $ref: '#/components/schemas/OAuthProvisioningEnabledApp'
      style: simple
    pathOperation:
      explode: false
      in: path
      name: operation
      required: true
      schema:
        type: string
      style: simple
    pathOwnerId:
      description: The `id` of the group owner
      explode: false
      in: path
      name: ownerId
      required: true
      schema:
        example: 00u1emaK22TWRYd3TtG
        type: string
      style: simple
    pathPermissionType:
      description: An okta permission type
      explode: false
      in: path
      name: permissionType
      required: true
      schema:
        example: okta.users.manage
        type: string
      style: simple
    pathPolicyId:
      description: '`id` of the Policy'
      explode: false
      in: path
      name: policyId
      required: true
      schema:
        example: 00plrilJ7jZ66Gn0X0g3
        type: string
      style: simple
    pathPolicyMappingId:
      description: '`id` of the policy resource Mapping'
      explode: false
      in: path
      name: mappingId
      required: true
      schema:
        example: maplr2rLjZ6NsGn1P0g3
        type: string
      style: simple
    pathPoolId:
      description: Id of the agent pool for which the settings will apply
      explode: false
      in: path
      name: poolId
      required: true
      schema:
        type: string
      style: simple
    pathPrimaryRelationshipName:
      description: Name of the `primary` relationship being assigned
      explode: false
      in: path
      name: primaryRelationshipName
      required: true
      schema:
        example: manager
        type: string
      style: simple
    pathPrimaryUserId:
      description: User ID to be assigned to the `primary` relationship for the `associated`
        user
      explode: false
      in: path
      name: primaryUserId
      required: true
      schema:
        type: string
      style: simple
    pathPrincipalRateLimitId:
      description: id of the Principal Rate Limit
      explode: false
      in: path
      name: principalRateLimitId
      required: true
      schema:
        example: abcd1234
        type: string
      style: simple
    pathPublicKeyId:
      description: id" of the Public Key
      explode: false
      in: path
      name: keyId
      required: true
      schema:
        example: FcH2P9Eg7wr0o8N2FuV0
        type: string
      style: simple
    pathPushProviderId:
      description: Id of the push provider
      explode: false
      in: path
      name: pushProviderId
      required: true
      schema:
        type: string
      style: simple
    pathQueryRoleExpand:
      description: "An optional parameter used to return targets configured for the\
        \ standard Role Assignment in the `embedded` property. Supported values: `targets/groups`\
        \ or `targets/catalog/apps`"
      examples:
        groupTarget:
          summary: Return Group targets
          value: targets/groups
        appTarget:
          summary: Return App targets
          value: targets/catalog/apps
      explode: true
      in: query
      name: expand
      required: false
      schema:
        type: string
      style: form
    pathRealmId:
      description: '`id` of the Realm'
      explode: false
      in: path
      name: realmId
      required: true
      schema:
        example: vvrcFogtKCrK9aYq3fgV
        type: string
      style: simple
    pathRelationshipName:
      description: Name of the `primary` or `associated` relationship being queried
      examples:
        manager:
          summary: Example of a `primary` name
          value: manager
        subordinate:
          summary: Example of an `associated` name
          value: subordinate
      explode: false
      in: path
      name: relationshipName
      required: true
      schema:
        type: string
      style: simple
    pathResourceId:
      description: '`id` of the Resource'
      explode: false
      in: path
      name: resourceId
      required: true
      schema:
        example: ire106sQKoHoXXsAe0g4
        type: string
      style: simple
    pathResourceSelectorId:
      description: '`id` of a Resource Selector'
      explode: false
      in: path
      name: resourceSelectorId
      required: true
      schema:
        example: rsl1hx31gVEa6x10v0g5
        type: string
      style: simple
    pathResourceSetIdOrLabel:
      description: '`id` or `label` the Resource Set'
      explode: false
      in: path
      name: resourceSetIdOrLabel
      required: true
      schema:
        example: iamoJDFKaJxGIr0oamd9g
        type: string
      style: simple
    pathRiskProviderId:
      description: '`id` of the Risk Provider object'
      explode: false
      in: path
      name: riskProviderId
      required: true
      schema:
        example: 00rp12r4skkjkjgsn
        type: string
      style: simple
    pathRoleAssignmentId:
      description: The `id` of the Role Assignment
      explode: false
      in: path
      name: roleAssignmentId
      required: true
      schema:
        example: JBCUYUC7IRCVGS27IFCE2SKO
        type: string
      style: simple
    pathRoleId:
      description: '`id` of the Role'
      explode: false
      in: path
      name: roleId
      required: true
      schema:
        example: 3Vg1Pjp3qzw4qcCK5EdO
        type: string
      style: simple
    pathRoleIdOrLabel:
      description: '`id` or `label` of the Role'
      explode: false
      in: path
      name: roleIdOrLabel
      required: true
      schema:
        example: cr0Yq6IJxGIr0ouum0g3
        type: string
      style: simple
    pathRoleRef:
      description: "A reference to an existing role. Standard roles require a `roleType`,\
        \ while Custom Roles require a `roleId`. See [Standard Roles](/openapi/okta-management/guides/roles/#standard-roles)."
      explode: false
      in: path
      name: roleRef
      required: true
      schema:
        $ref: '#/components/schemas/listSubscriptionsRole_roleRef_parameter'
      style: simple
    pathRuleId:
      description: '`id` of the Policy Rule'
      explode: false
      in: path
      name: ruleId
      required: true
      schema:
        example: ruld3hJ7jZh4fn0st0g3
        type: string
      style: simple
    pathSchemaId:
      explode: false
      in: path
      name: schemaId
      required: true
      schema:
        type: string
      style: simple
    pathScopeId:
      description: '`id` of Scope'
      explode: false
      in: path
      name: scopeId
      required: true
      schema:
        example: 0TMRpCWXRKFjP7HiPFNM
        type: string
      style: simple
    pathSecretId:
      description: '`id` of the API Service Integration instance Secret'
      example: ocs2f4zrZbs8nUa7p0g4
      explode: false
      in: path
      name: secretId
      required: true
      schema:
        type: string
      style: simple
    pathSection:
      explode: false
      in: path
      name: section
      required: true
      schema:
        type: string
      style: simple
    pathSecurityEventProviderId:
      description: '`id` of the Security Events Provider instance'
      explode: false
      in: path
      name: securityEventProviderId
      required: true
      schema:
        example: sse1qg25RpusjUP6m0g5
        type: string
      style: simple
    pathSessionId:
      description: '`id` of the Session'
      explode: false
      in: path
      name: sessionId
      required: true
      schema:
        example: l7FbDVqS8zHSy65uJD85
        type: string
      style: simple
    pathSubmissionId:
      description: OIN Integration ID
      explode: false
      in: path
      name: submissionId
      required: true
      schema:
        example: acme_submissionapp_1
        type: string
      style: simple
    pathTargetGroupId:
      explode: false
      in: path
      name: targetGroupId
      required: true
      schema:
        example: 00g1e9dfjHeLAsdX983d
        type: string
      style: simple
    pathTemplateId:
      description: '`id` of the Template'
      explode: false
      in: path
      name: templateId
      required: true
      schema:
        example: 6NQUJ5yR3bpgEiYmq8IC
        type: string
      style: simple
    pathTemplateName:
      description: The name of the email template
      explode: false
      in: path
      name: templateName
      required: true
      schema:
        type: string
      style: simple
    pathThemeId:
      description: The ID of the theme
      explode: false
      in: path
      name: themeId
      required: true
      schema:
        type: string
      style: simple
    pathTokenId:
      description: '`id` of Token'
      explode: false
      in: path
      name: tokenId
      required: true
      schema:
        example: sHHSth53yJAyNSTQKDJZ
        type: string
      style: simple
    pathTransactionId:
      description: ID of an existing Factor verification transaction
      explode: false
      in: path
      name: transactionId
      required: true
      schema:
        example: gPAQcN3NDjSGOCAeG2Jv
        type: string
      style: simple
    pathTrustedOriginId:
      description: '`id` of the Trusted Origin'
      explode: false
      in: path
      name: trustedOriginId
      required: true
      schema:
        example: 7j2PkU1nyNIDe26ZNufR
        type: string
      style: simple
    pathTypeId:
      explode: false
      in: path
      name: typeId
      required: true
      schema:
        description: The unique key for the User Type
        type: string
      style: simple
    pathUpdateId:
      description: Id of the update
      explode: false
      in: path
      name: updateId
      required: true
      schema:
        type: string
      style: simple
    pathUserId:
      description: ID of an existing Okta user
      explode: false
      in: path
      name: userId
      required: true
      schema:
        example: 00ub0oNGTSWTBKOLGLNR
        type: string
      style: simple
    pathUserIdOrLogin:
      description: |-
        If for the `self` link, the ID of the User for whom you want to get the primary User ID. If for the `associated` relation, the User ID or login value of the User assigned the associated relationship.

        This can be `me` to represent the current session User.
      examples:
        manager:
          summary: Example ID of `primary`
          value: 00u5zex6ztMbOZhF50h7
        subordinate:
          summary: Example ID of `associated`
          value: 00u5zex6ztMbOZhF50h7
      explode: false
      in: path
      name: userIdOrLogin
      required: true
      schema:
        type: string
      style: simple
    pathZoneId:
      description: '`id` of the Network Zone'
      example: nzowc1U5Jh5xuAK0o0g3
      explode: false
      in: path
      name: zoneId
      required: true
      schema:
        type: string
      style: simple
    privilegedAccountId:
      description: ID of an existing Privileged Account
      explode: false
      in: path
      name: id
      required: true
      schema:
        type: string
      style: simple
    privilegedResourceId:
      description: ID of an existing privileged resource
      explode: false
      in: path
      name: id
      required: true
      schema:
        type: string
      style: simple
    queryAfter:
      description: "The cursor to use for pagination. It is an opaque string that\
        \ specifies your current location in the list and is obtained from the `Link`\
        \ response header. See [Pagination](https://developer.okta.com/docs/api/#pagination)."
      explode: true
      in: query
      name: after
      required: false
      schema:
        type: string
      style: form
    queryAppAfter:
      description: "Specifies the pagination cursor for the next page of results.\
        \ Treat this as an opaque value obtained through the next link relationship.\
        \ See [Pagination](/#pagination)."
      explode: true
      in: query
      name: after
      required: false
      schema:
        example: "16275000448691"
        type: string
      style: form
    queryAppGrantsExpand:
      description: "An optional parameter to return scope details in the `_embedded`\
        \ property. Valid value: `scope`"
      explode: true
      in: query
      name: expand
      required: false
      schema:
        example: scope
        type: string
      style: form
    queryAppLimit:
      description: |
        Specifies the number of objects to return per page.
        If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it).
        See [Pagination](/#pagination).
      explode: true
      in: query
      name: limit
      required: false
      schema:
        default: 50
        format: int32
        maximum: 500
        minimum: 1
        type: integer
      style: form
    queryAppUserExpand:
      description: |-
        An optional query parameter to return the corresponding [User](/openapi/okta-management/management/tag/User/) object in the `_embedded` property.
        Valid value: `user`
      explode: true
      in: query
      name: expand
      required: false
      schema:
        example: user
        type: string
      style: form
    queryAppUserQ:
      description: |
        Specifies a filter for the list of Application Users returned based on their profile attributes.
        The value of `q` is matched against the beginning of the following profile attributes: `userName`, `firstName`, `lastName`, and `email`.
        This filter only supports the `startsWith` operation that matches the `q` string against the beginning of the attribute values.
        > **Note:** For OIDC apps, user profiles don't contain the `firstName` or `lastName` attributes. Therefore, the query only matches against the `userName` or `email` attributes.
      explode: true
      in: query
      name: q
      required: false
      schema:
        example: sam
        type: string
      style: form
    queryAppsExpand:
      description: |-
        An optional parameter used for link expansion to embed more resources in the response.
        Only supports `expand=user/{userId}` and must be used with the `user.id eq "{userId}"` filter query for the same user.
        Returns the assigned [Application User](/openapi/okta-management/management/tag/ApplicationUsers/) in the `_embedded` property.
      explode: true
      in: query
      name: expand
      required: false
      schema:
        example: user/0oa1gjh63g214q0Hq0g4
        type: string
      style: form
    queryExpand:
      description: "Valid value: `scope`. If specified, scope details are included\
        \ in the `_embedded` attribute."
      explode: true
      in: query
      name: expand
      required: false
      schema:
        type: string
      style: form
    queryExpandBrand:
      description: Specifies additional metadata to be included in the response
      explode: false
      in: query
      name: expand
      required: false
      schema:
        items:
          enum:
          - themes
          - domains
          - emailDomain
          type: string
        type: array
      style: form
    queryExpandEmailDomain:
      description: Specifies additional metadata to be included in the response
      explode: false
      in: query
      name: expand
      required: false
      schema:
        items:
          enum:
          - brands
          type: string
        type: array
      style: form
    queryExpandEmailTemplate:
      description: Specifies additional metadata to be included in the response
      explode: false
      in: query
      name: expand
      required: false
      schema:
        items:
          enum:
          - settings
          - customizationCount
          type: string
        type: array
      style: form
    queryExpandPageRoot:
      description: Specifies additional metadata to be included in the response
      explode: false
      in: query
      name: expand
      required: false
      schema:
        items:
          enum:
          - default
          - customized
          - customizedUrl
          - preview
          - previewUrl
          type: string
        type: array
      style: form
    queryFilter:
      description: Searches the records for matching value
      explode: true
      in: query
      name: q
      required: false
      schema:
        type: string
      style: form
    queryGroupAssignmentLimit:
      description: |-
        Specifies the number of objects to return per page.
        If there are multiple pages of results, the Link header contains a `next` link that you need to use as an opaque value (follow it, don't parse it).
        See [Pagination](/#pagination).
      examples:
        min:
          summary: Minimum limit value
          value: 20
        hundred:
          summary: Sample limit value
          value: 100
        max:
          summary: Maximum limit value
          value: 200
      explode: true
      in: query
      name: limit
      required: false
      schema:
        default: 20
        format: int32
        maximum: 200
        minimum: 20
        type: integer
      style: form
    queryGroupAssignmentWithGroupExpand:
      description: "An optional query parameter to return the corresponding assigned\
        \ [Group](/openapi/okta-management/management/tag/Group/) or \nthe group assignment\
        \ metadata details in the `_embedded` property. "
      examples:
        group:
          summary: Embedded assigned Group
          value: group
        metadata:
          summary: Embedded group assignment metadata
          value: metadata
      explode: true
      in: query
      name: expand
      required: false
      schema:
        example: group
        type: string
      style: form
    queryGroupAssignmentWithMetadataExpand:
      description: "An optional query parameter to return the corresponding assigned\
        \ [Group](/openapi/okta-management/management/tag/Group/) or \nthe group assignment\
        \ metadata details in the `_embedded` property. "
      examples:
        group:
          summary: Embedded assigned Group
          value: group
        metadata:
          summary: Embedded group assignment metadata
          value: metadata
      explode: true
      in: query
      name: expand
      required: false
      schema:
        example: metadata
        type: string
      style: form
    queryLanguage:
      description: The language to use for the email. Defaults to the current user's
        language if unspecified.
      explode: true
      in: query
      name: language
      required: false
      schema:
        $ref: '#/components/schemas/Language'
      style: form
    queryLimit:
      description: A limit on the number of objects to return
      explode: true
      in: query
      name: limit
      required: false
      schema:
        default: 20
        maximum: 200
        minimum: 1
        type: integer
      style: form
    queryLimitPerPoolType:
      description: Maximum number of AgentPools being returned
      explode: true
      in: query
      name: limitPerPoolType
      required: false
      schema:
        default: 5
        type: integer
      style: form
    queryPoolType:
      description: Agent type to search for
      explode: true
      in: query
      name: poolType
      required: false
      schema:
        $ref: '#/components/schemas/AgentType'
      style: form
    queryScheduled:
      description: Scope the list only to scheduled or ad-hoc updates. If the parameter
        is not provided we will return the whole list of updates.
      explode: true
      in: query
      name: scheduled
      required: false
      schema:
        type: boolean
      style: form
    queryUserExpand:
      description: "An optional parameter to include metadata in the `_embedded` attribute.\
        \ Valid value: `blocks`"
      explode: true
      in: query
      name: expand
      required: false
      schema:
        example: blocks
        type: string
      style: form
    simulateParameter:
      description: Use `expand=EVALUATED` to include a list of evaluated but not matched
        policies and policy rules. Use `expand=RULE` to include details about why
        a rule condition wasn't matched.
      explode: true
      in: query
      name: expand
      required: false
      schema:
        example: EVALUATED
        type: string
      style: form
    yubikeyTokenId:
      description: ID of a Yubikey token
      explode: false
      in: path
      name: tokenId
      required: true
      schema:
        example: ykkxdtCA1fKVxyu6R0g3
        type: string
      style: simple
  requestBodies:
    AuthenticatorRequestBody:
      content:
        application/json:
          examples:
            Duo:
              $ref: '#/components/examples/AuthenticatorRequestDuo'
          schema:
            $ref: '#/components/schemas/AuthenticatorBase'
      required: true
  responses:
    ErrorAppUserForbidden403:
      content:
        application/json:
          examples:
            AppUserProvEx:
              $ref: '#/components/examples/ErrorAppUserForbiddenAction'
            AccessDenied:
              $ref: '#/components/examples/ErrorAccessDenied'
          schema:
            $ref: '#/components/schemas/Error'
      description: Forbidden
    ErrorAppUserUpdateBadRequest400:
      content:
        application/json:
          examples:
            AppUserUpdateCredEx:
              $ref: '#/components/examples/ErrorAppUserUpdateBadRequest'
            APIValidationFailed:
              $ref: '#/components/examples/ErrorApiValidationFailed'
          schema:
            $ref: '#/components/schemas/Error'
      description: Bad Request
    AuthenticatorResponse:
      content:
        application/json:
          examples:
            Duo:
              $ref: '#/components/examples/AuthenticatorResponseDuo'
            Email:
              $ref: '#/components/examples/AuthenticatorResponseEmail'
            Password:
              $ref: '#/components/examples/AuthenticatorResponsePassword'
            Phone:
              $ref: '#/components/examples/AuthenticatorResponsePhone'
            WebAuthn:
              $ref: '#/components/examples/AuthenticatorResponseWebAuthn'
            SecurityQuestion:
              $ref: '#/components/examples/AuthenticatorResponseSecurityQuestion'
          schema:
            $ref: '#/components/schemas/AuthenticatorBase'
      description: OK
    AuthenticatorResponseInactiveWebAuthn:
      content:
        application/json:
          examples:
            WebAuthn:
              $ref: '#/components/examples/AuthenticatorResponseInactiveWebAuthn'
          schema:
            $ref: '#/components/schemas/AuthenticatorBase'
      description: OK
    ErrorApiValidationFailed400:
      content:
        application/json:
          examples:
            APIValidationFailed:
              $ref: '#/components/examples/ErrorApiValidationFailed'
          schema:
            $ref: '#/components/schemas/Error'
      description: Bad Request
    ErrorMissingRequiredParameter400:
      content:
        application/json:
          examples:
            MissingRequiredParameter:
              $ref: '#/components/examples/ErrorMissingRequiredParameter'
          schema:
            $ref: '#/components/schemas/Error'
      description: Bad Request
    ErrorInvalidToken401:
      content:
        application/json:
          examples:
            InvalidTokenProvided:
              $ref: '#/components/examples/ErrorInvalidTokenProvided'
          schema:
            $ref: '#/components/schemas/Error'
      description: Unauthorized
    ErrorAccessDenied403:
      content:
        application/json:
          examples:
            AccessDenied:
              $ref: '#/components/examples/ErrorAccessDenied'
          schema:
            $ref: '#/components/schemas/Error'
      description: Forbidden
    ErrorResourceNotFound404:
      content:
        application/json:
          examples:
            ResourceNotFound:
              $ref: '#/components/examples/ErrorResourceNotFound'
          schema:
            $ref: '#/components/schemas/Error'
      description: Not Found
    ErrorTooManyRequests429:
      content:
        application/json:
          examples:
            TooManyRequests:
              $ref: '#/components/examples/ErrorTooManyRequests'
          schema:
            $ref: '#/components/schemas/Error'
      description: Too Many Requests
    Error502NoConnectedAgents:
      content:
        application/json:
          examples:
            AgentTimeOut:
              $ref: '#/components/examples/ErrorAgentTimeOut'
          schema:
            $ref: '#/components/schemas/Error'
      description: There are no connected agents.
    Error504AgentTimeOut:
      content:
        application/json:
          examples:
            AgentTimeOut:
              $ref: '#/components/examples/ErrorNoConnectedAgents'
          schema:
            $ref: '#/components/schemas/Error'
      description: Timed out waiting for agent.
    DRStatusResponse:
      content:
        application/json:
          schema:
            description: List of domains and their disaster recovery status
            items:
              $ref: '#/components/schemas/DRStatusItem'
            type: array
      description: OK
      headers:
        Link:
          description: A link to the next page of responses
          explode: false
          schema:
            type: string
          style: simple
    ErrorResponse:
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
      description: |
        400 - When request validation fails 

        401 - When the user is not authenticated or the feature is not enabled 

        403 - When the user is not authorized 

        429 - When rate limits are exceeded 

        500 - When an internal server error is encountred 

        501 - When the operation is not supported 

    GetFactorResponse:
      content:
        application/json:
          examples:
            SMS:
              $ref: '#/components/examples/FactorResponseSms'
            Email:
              $ref: '#/components/examples/FactorEmail'
          schema:
            $ref: '#/components/schemas/UserFactor'
      description: Success
    Error-FF-NotEnabled-Response-401:
      content:
        application/json:
          examples:
            Unauthorized:
              value:
                errorCode: E0000015
                errorSummary: You do not have permission to access the feature you
                  are requesting
                errorLink: E0000015
                errorId: oaeStOuPPxDRUm3PJhf-tL7bQ
                errorCauses: []
      description: Unauthorized
    ErrorInternalServer500:
      content:
        application/json:
          examples:
            InternalServerError:
              $ref: '#/components/examples/ErrorInternalServer'
          schema:
            $ref: '#/components/schemas/Error'
      description: Internal Server Error
    NzErrorApiValidationFailed400:
      content:
        application/json:
          examples:
            APIValidationFailed:
              $ref: '#/components/examples/NzErrorApiValidationFailed'
          schema:
            $ref: '#/components/schemas/Error'
      description: Bad Request
    NzErrorResourceNotFound404:
      content:
        application/json:
          examples:
            ResourceNotFound:
              $ref: '#/components/examples/NzErrorResourceNotFound'
          schema:
            $ref: '#/components/schemas/Error'
      description: Not Found
  schemas:
    AAGUIDGroupObject:
      description: |
        
        The AAGUID Group object supports the Early Access (Self-Service) Allow List for FIDO2 (WebAuthn) Authenticators feature. Enable the feature for your org from the **Settings** > **Features** page in the Admin Console.

        This feature has several limitations when enrolling a security key:
          - Enrollment is currently unsupported on Firefox.
          - Enrollment is currently unsupported on Chrome if User Verification is set to DISCOURAGED and a PIN is set on the security key.
          - If prompted during enrollment, users must allow Okta to see the make and model of the security key.
      properties:
        aaguids:
          description: "A list of YubiKey hardware FIDO2 Authenticator Attestation\
            \ Global Unique Identifiers (AAGUIDs). The available [AAGUIDs](https://support.yubico.com/hc/en-us/articles/360016648959-YubiKey-Hardware-FIDO2-AAGUIDs)\
            \ (opens new window) are provided by the FIDO Alliance Metadata Service."
          items:
            description: AAGUID
            type: string
          type: array
        name:
          description: A name to identify the group of YubiKey hardware FIDO2 AAGUIDs
          type: string
      type: object
    APIServiceIntegrationInstance:
      example:
        createdAt: 2023-02-21T20:08:24.000Z
        grantedScopes:
        - okta.logs.read
        createdBy: 00uu3u0ujW1P6AfZC2d5
        _links:
          client:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          logo:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        name: My App Cloud Identity Engine
        id: 0oa72lrepvp4WqEET1d9
        type: my_app_cie
        configGuideUrl: "https://{docDomain}/my-app-cie/configuration-guide"
      properties:
        configGuideUrl:
          description: The URL to the API service integration configuration guide
          example: "https://{docDomain}/my-app-cie/configuration-guide"
          readOnly: true
          type: string
        createdAt:
          description: Timestamp when the API Service Integration instance was created
          example: 2023-02-21T20:08:24.000Z
          readOnly: true
          type: string
        createdBy:
          description: The user ID of the API Service Integration instance creator
          example: 00uu3u0ujW1P6AfZC2d5
          readOnly: true
          type: string
        grantedScopes:
          description: "The list of Okta management scopes granted to the API Service\
            \ Integration instance. See [Okta management OAuth 2.0 scopes](/oauth2/#okta-admin-management)."
          example:
          - okta.logs.read
          items:
            type: string
          type: array
        id:
          description: The ID of the API Service Integration instance
          example: 0oa72lrepvp4WqEET1d9
          readOnly: true
          type: string
        name:
          description: The name of the API service integration that corresponds with
            the `type` property. This is the full name of the API service integration
            listed in the Okta Integration Network (OIN) catalog.
          example: My App Cloud Identity Engine
          readOnly: true
          type: string
        type:
          description: "The type of the API service integration. This string is an\
            \ underscore-concatenated, lowercased API service integration name. For\
            \ example, `my_api_log_integration`."
          example: my_app_cie
          type: string
        _links:
          $ref: '#/components/schemas/APIServiceIntegrationLinks'
      type: object
    APIServiceIntegrationInstanceSecret:
      example:
        lastUpdated: 2023-02-21T20:08:24.000Z
        _links:
          activate:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          delete:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          deactivate:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        created: 2023-02-21T20:08:24.000Z
        secret_hash: yk4SVx4sUWVJVbHt6M-UPA
        client_secret: DRUFXGF9XbLnS9k-Sla3x3POBiIxDreBCdZuFs5B
        id: ocs2f4zrZbs8nUa7p0g4
        status: ACTIVE
      properties:
        client_secret:
          description: "The OAuth 2.0 client secret string. The client secret string\
            \ is returned in the response of a Secret creation request. In other responses\
            \ (such as list, activate, or deactivate requests), the client secret\
            \ is returned as an undisclosed hashed value."
          example: DRUFXGF9XbLnS9k-Sla3x3POBiIxDreBCdZuFs5B
          readOnly: true
          type: string
        created:
          description: Timestamp when the API Service Integration instance Secret
            was created
          example: 2023-02-21T20:08:24.000Z
          readOnly: true
          type: string
        id:
          description: The ID of the API Service Integration instance Secret
          example: ocs2f4zrZbs8nUa7p0g4
          readOnly: true
          type: string
        lastUpdated:
          description: Timestamp when the API Service Integration instance Secret
            was updated
          example: 2023-02-21T20:08:24.000Z
          readOnly: true
          type: string
        secret_hash:
          description: OAuth 2.0 client secret string hash
          example: yk4SVx4sUWVJVbHt6M-UPA
          readOnly: true
          type: string
        status:
          description: Status of the API Service Integration instance Secret
          enum:
          - ACTIVE
          - INACTIVE
          example: ACTIVE
          type: string
        _links:
          $ref: '#/components/schemas/APIServiceIntegrationSecretLinks'
      required:
      - _links
      - client_secret
      - created
      - id
      - lastUpdated
      - secret_hash
      - status
      type: object
    APIServiceIntegrationLinks:
      description: "Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288))\
        \ available for the current status of an application using the [JSON Hypertext\
        \ Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06)\
        \ specification. This object is used for dynamic discovery of related resources\
        \ and lifecycle operations."
      example:
        client:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        logo:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        self:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
      properties:
        client:
          $ref: '#/components/schemas/HrefObjectClientLink'
        logo:
          $ref: '#/components/schemas/HrefObjectLogoLink'
        self:
          $ref: '#/components/schemas/HrefObjectSelfLink'
      readOnly: true
    APIServiceIntegrationSecretLinks:
      description: "Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288))\
        \ available for the current status of an application using the [JSON Hypertext\
        \ Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06)\
        \ specification. This object is used for dynamic discovery of related resources\
        \ and lifecycle operations."
      example:
        activate:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        delete:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        deactivate:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
      properties:
        activate:
          $ref: '#/components/schemas/HrefObjectActivateLink'
        deactivate:
          $ref: '#/components/schemas/HrefObjectDeactivateLink'
        delete:
          $ref: '#/components/schemas/HrefObjectDeleteLink'
      readOnly: true
    APNSConfiguration:
      properties:
        fileName:
          description: (Optional) File name for Admin Console display
          type: string
        keyId:
          description: 10-character Key ID obtained from the Apple developer account
          type: string
        teamId:
          description: 10-character Team ID used to develop the iOS app
          type: string
        tokenSigningKey:
          description: APNs private authentication token signing key
          type: string
          writeOnly: true
    APNSPushProvider:
      allOf:
      - $ref: '#/components/schemas/PushProvider'
      - properties:
          configuration:
            $ref: '#/components/schemas/APNSConfiguration'
        type: object
    AccessPolicy:
      allOf:
      - $ref: '#/components/schemas/Policy'
      - properties:
          conditions:
            description: Policy conditions aren't supported. Conditions are applied
              at the rule level for this policy type.
            nullable: true
            type: string
        type: object
    AccessPolicyConstraint:
      properties:
        authenticationMethods:
          description: This property specifies the precise authenticator and method
            for authentication. 
          items:
            $ref: '#/components/schemas/AuthenticationMethodObject'
          type: array
        excludedAuthenticationMethods:
          description: This property specifies the precise authenticator and method
            to exclude from authentication. 
          items:
            $ref: '#/components/schemas/AuthenticationMethodObject'
          type: array
        methods:
          description: The Authenticator methods that are permitted
          items:
            enum:
            - PASSWORD
            - SECURITY_QUESTION
            - SMS
            - VOICE
            - EMAIL
            - PUSH
            - SIGNED_NONCE
            - OTP
            - TOTP
            - WEBAUTHN
            - DUO
            - IDP
            - CERT
            type: string
          type: array
        reauthenticateIn:
          description: "The duration after which the user must re-authenticate regardless\
            \ of user activity. This re-authentication interval overrides the Verification\
            \ Method object's `reauthenticateIn` interval. The supported values use\
            \ ISO 8601 period format for recurring time intervals (for example, `PT1H`)."
          type: string
        required:
          description: "This property indicates whether the knowledge or possession\
            \ factor is required by the assurance. It's optional in the request, but\
            \ is always returned in the response. By default, this field is `true`.\
            \ If the knowledge or possession constraint has values for `excludedAuthenticationMethods`\
            \ the `required` value is false. "
          type: boolean
        types:
          description: The Authenticator types that are permitted
          items:
            enum:
            - SECURITY_KEY
            - PHONE
            - EMAIL
            - PASSWORD
            - SECURITY_QUESTION
            - APP
            - FEDERATED
            type: string
          type: array
      type: object
    AccessPolicyConstraints:
      properties:
        knowledge:
          $ref: '#/components/schemas/KnowledgeConstraint'
        possession:
          $ref: '#/components/schemas/PossessionConstraint'
      type: object
    AccessPolicyLink:
      allOf:
      - $ref: '#/components/schemas/HrefObject'
      - description: Link to the app access policy resource
      example:
        templated: true
        hints:
          allow:
          - DELETE
          - DELETE
        name: name
        href: href
        type: type
    AccessPolicyRule:
      allOf:
      - $ref: '#/components/schemas/PolicyRule'
      - properties:
          actions:
            $ref: '#/components/schemas/AccessPolicyRuleActions'
          conditions:
            $ref: '#/components/schemas/AccessPolicyRuleConditions'
        type: object
    AccessPolicyRuleActions:
      allOf:
      - $ref: '#/components/schemas/PolicyRuleActions'
      - properties:
          appSignOn:
            $ref: '#/components/schemas/AccessPolicyRuleApplicationSignOn'
        type: object
    AccessPolicyRuleApplicationSignOn:
      properties:
        access:
          $ref: '#/components/schemas/AccessPolicyRuleApplicationSignOnAccess'
        verificationMethod:
          $ref: '#/components/schemas/VerificationMethod'
      type: object
    AccessPolicyRuleApplicationSignOnAccess:
      enum:
      - ALLOW
      - DENY
      type: string
    AccessPolicyRuleConditions:
      allOf:
      - properties:
          device:
            $ref: '#/components/schemas/DeviceAccessPolicyRuleCondition'
          elCondition:
            $ref: '#/components/schemas/AccessPolicyRuleCustomCondition'
          network:
            $ref: '#/components/schemas/PolicyNetworkCondition'
          people:
            $ref: '#/components/schemas/PolicyPeopleCondition'
          platform:
            $ref: '#/components/schemas/PlatformPolicyRuleCondition'
          riskScore:
            $ref: '#/components/schemas/RiskScorePolicyRuleCondition'
          userType:
            $ref: '#/components/schemas/UserTypeCondition'
        type: object
    AccessPolicyRuleCustomCondition:
      properties:
        condition:
          description: expression to match
          type: string
      required:
      - condition
    AcsEndpoint:
      description: An array of ACS endpoints. You can configure a maximum of 100 endpoints.
      properties:
        index:
          description: Index of the URL in the array of ACS endpoints
          example: 0
          type: integer
        url:
          description: URL of the ACS
          example: https://www.example.com/sso/saml
          maxLength: 1024
          type: string
      required:
      - index
      - url
      type: object
    Actions:
      example:
        assignUserToRealm:
          realmId: realmId
      properties:
        assignUserToRealm:
          $ref: '#/components/schemas/AssignUserToRealm'
      type: object
    AdminConsoleSettings:
      description: Settings specific to the Okta Admin Console
      example:
        sessionMaxLifetimeMinutes: 6077
        sessionIdleTimeoutMinutes: 62
      properties:
        sessionIdleTimeoutMinutes:
          default: 15
          description: The maximum idle time before the Okta Admin Console session
            expires. Must be no more than 12 hours.
          maximum: 720
          minimum: 5
          type: integer
        sessionMaxLifetimeMinutes:
          default: 720
          description: The absolute maximum session lifetime of the Okta Admin Console.
            Must be no more than 7 days.
          maximum: 10080
          minimum: 5
          type: integer
      title: Okta Admin Console Settings
      type: object
    Agent:
      description: Agent details
      example:
        operationalStatus: DEGRADED
        isLatestGAedVersion: true
        _links:
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        updateStatus: Cancelled
        name: name
        poolId: poolId
        id: id
        type: AD
        version: version
        updateMessage: updateMessage
        isHidden: true
        lastConnection: 2000-01-23T04:56:07.000+00:00
      properties:
        id:
          readOnly: true
          type: string
        isHidden:
          type: boolean
        isLatestGAedVersion:
          type: boolean
        lastConnection:
          format: date-time
          type: string
        name:
          type: string
        operationalStatus:
          $ref: '#/components/schemas/OperationalStatus'
        poolId:
          type: string
        type:
          $ref: '#/components/schemas/AgentType'
        updateMessage:
          type: string
        updateStatus:
          $ref: '#/components/schemas/AgentUpdateInstanceStatus'
        version:
          type: string
        _links:
          $ref: '#/components/schemas/LinksSelf'
      type: object
    AgentAction:
      description: Details about the AD Group membership update
      example:
        id: id
        parameters:
          values:
          - values
          - values
          action: ADD
          attribute: attribute
      properties:
        id:
          description: ID of the AD group to update
          type: string
        parameters:
          $ref: '#/components/schemas/Parameters'
      type: object
    AgentPool:
      description: "An AgentPool is a collection of agents that serve a common purpose.\
        \ An AgentPool has a unique ID within an org, and contains a collection of\
        \ agents disjoint to every other AgentPool (i.e. no two AgentPools share an\
        \ Agent)."
      example:
        operationalStatus: null
        name: name
        id: id
        type: null
        agents:
        - operationalStatus: DEGRADED
          isLatestGAedVersion: true
          _links:
            self:
              templated: true
              hints:
                allow:
                - DELETE
                - DELETE
              name: name
              href: href
              type: type
          updateStatus: Cancelled
          name: name
          poolId: poolId
          id: id
          type: AD
          version: version
          updateMessage: updateMessage
          isHidden: true
          lastConnection: 2000-01-23T04:56:07.000+00:00
        - operationalStatus: DEGRADED
          isLatestGAedVersion: true
          _links:
            self:
              templated: true
              hints:
                allow:
                - DELETE
                - DELETE
              name: name
              href: href
              type: type
          updateStatus: Cancelled
          name: name
          poolId: poolId
          id: id
          type: AD
          version: version
          updateMessage: updateMessage
          isHidden: true
          lastConnection: 2000-01-23T04:56:07.000+00:00
      properties:
        agents:
          items:
            $ref: '#/components/schemas/Agent'
          type: array
        id:
          readOnly: true
          type: string
        name:
          type: string
        operationalStatus:
          $ref: '#/components/schemas/OperationalStatus'
        type:
          $ref: '#/components/schemas/AgentType'
      type: object
    AgentPoolUpdate:
      description: Various information about agent auto update configuration
      example:
        reason: reason
        schedule:
          cron: cron
          duration: 6
          lastUpdated: 2000-01-23T04:56:07.000+00:00
          delay: 0
          timezone: timezone
        agentType: AD
        notifyAdmin: true
        _links:
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        sortOrder: 1
        name: name
        id: id
        enabled: true
        agents:
        - operationalStatus: DEGRADED
          isLatestGAedVersion: true
          _links:
            self:
              templated: true
              hints:
                allow:
                - DELETE
                - DELETE
              name: name
              href: href
              type: type
          updateStatus: Cancelled
          name: name
          poolId: poolId
          id: id
          type: AD
          version: version
          updateMessage: updateMessage
          isHidden: true
          lastConnection: 2000-01-23T04:56:07.000+00:00
        - operationalStatus: DEGRADED
          isLatestGAedVersion: true
          _links:
            self:
              templated: true
              hints:
                allow:
                - DELETE
                - DELETE
              name: name
              href: href
              type: type
          updateStatus: Cancelled
          name: name
          poolId: poolId
          id: id
          type: AD
          version: version
          updateMessage: updateMessage
          isHidden: true
          lastConnection: 2000-01-23T04:56:07.000+00:00
        status: Cancelled
        targetVersion: targetVersion
      properties:
        agents:
          items:
            $ref: '#/components/schemas/Agent'
          type: array
        agentType:
          $ref: '#/components/schemas/AgentType'
        enabled:
          type: boolean
        id:
          readOnly: true
          type: string
        name:
          type: string
        notifyAdmin:
          type: boolean
        reason:
          type: string
        schedule:
          $ref: '#/components/schemas/AutoUpdateSchedule'
        sortOrder:
          type: integer
        status:
          $ref: '#/components/schemas/AgentUpdateJobStatus'
        targetVersion:
          type: string
        _links:
          $ref: '#/components/schemas/LinksSelf'
      type: object
    AgentPoolUpdateSetting:
      description: Setting for auto-update
      example:
        releaseChannel: BETA
        agentType: AD
        latestVersion: latestVersion
        poolId: poolId
        continueOnError: true
        minimalSupportedVersion: minimalSupportedVersion
        poolName: poolName
      properties:
        agentType:
          $ref: '#/components/schemas/AgentType'
        continueOnError:
          type: boolean
        latestVersion:
          type: string
        minimalSupportedVersion:
          type: string
        poolId:
          readOnly: true
          type: string
        poolName:
          type: string
        releaseChannel:
          $ref: '#/components/schemas/ReleaseChannel'
      type: object
    AgentType:
      description: Agent types that are being monitored
      enum:
      - AD
      - IWA
      - LDAP
      - MFA
      - OPP
      - RUM
      - Radius
      type: string
    AgentUpdateInstanceStatus:
      description: Status for one agent regarding the status to auto-update that agent
      enum:
      - Cancelled
      - Failed
      - InProgress
      - PendingCompletion
      - Scheduled
      - Success
      type: string
    AgentUpdateJobStatus:
      description: Overall state for the auto-update job from admin perspective
      enum:
      - Cancelled
      - Failed
      - InProgress
      - Paused
      - Scheduled
      - Success
      type: string
    AllowedForEnum:
      description: The allowed types of uses for the Authenticator
      enum:
      - any
      - none
      - recovery
      - sso
      type: string
    ApiToken:
      description: An API token for an Okta User. This token is NOT scoped any further
        and can be used for any API the user has permissions to call.
      example:
        lastUpdated: 2000-01-23T04:56:07.000+00:00
        tokenWindow: tokenWindow
        _link:
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        clientName: clientName
        created: 2000-01-23T04:56:07.000+00:00
        name: name
        id: id
        userId: userId
        expiresAt: 2000-01-23T04:56:07.000+00:00
        network:
          include:
          - include
          - include
          connection: connection
          exclude:
          - exclude
          - exclude
      properties:
        clientName:
          readOnly: true
          type: string
        created:
          format: date-time
          readOnly: true
          type: string
        expiresAt:
          format: date-time
          readOnly: true
          type: string
        id:
          readOnly: true
          type: string
        lastUpdated:
          format: date-time
          readOnly: true
          type: string
        name:
          type: string
        network:
          $ref: '#/components/schemas/ApiToken_network'
        tokenWindow:
          description: "A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations)."
          pattern: ^P(?:$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?:\d)(\d+H)?(\d+M)?(\d+S)?)?$
          type: string
        userId:
          type: string
        _link:
          $ref: '#/components/schemas/LinksSelf'
      required:
      - name
      title: API Token
      type: object
    ApiTokenUpdate:
      description: An API Token Update Object for an Okta user. This token is NOT
        scoped any further and can be used for any API that the user has permissions
        to call.
      example:
        clientName: clientName
        created: 2000-01-23T04:56:07.000+00:00
        name: name
        userId: userId
        network:
          include:
          - include
          - include
          connection: connection
          exclude:
          - exclude
          - exclude
      properties:
        clientName:
          description: The client name associated with the API Token
          readOnly: true
          type: string
        created:
          description: The creation date of the API Token
          format: date-time
          readOnly: true
          type: string
        name:
          description: The name associated with the API Token
          type: string
        network:
          $ref: '#/components/schemas/ApiToken_network'
        userId:
          description: The userId of the user who created the API Token
          type: string
      title: API Token Update
      type: object
    AppAccountContainerDetails:
      description: Container details for resource type APP_ACCOUNT
      properties:
        appName:
          description: The application name
          example: google
          readOnly: true
          type: string
        containerId:
          description: The application ID associated with the privileged account
          example: 0oa103099SBEb3Z2b0g4
          type: string
        displayName:
          description: Human-readable name of the container that owns the privileged
            resource
          example: Google App1
          readOnly: true
          type: string
        globalAppId:
          description: The application global ID
          example: 964b82aa-85b4-5645-b790-83312c473480
          readOnly: true
          type: string
        passwordPushSupported:
          description: Indicates if the application supports password push
          example: true
          readOnly: true
          type: boolean
        provisioningEnabled:
          description: Indicates if provisioning is enabled for this application
          example: true
          readOnly: true
          type: boolean
        status:
          $ref: '#/components/schemas/AppInstanceContainerStatus'
        _links:
          $ref: '#/components/schemas/appLink'
      required:
      - containerId
      type: object
    AppAndInstanceConditionEvaluatorAppOrInstance:
      properties:
        id:
          description: ID of the app
          readOnly: false
          type: string
        name:
          description: Name of the app type
          type: string
        type:
          $ref: '#/components/schemas/AppAndInstanceType'
      type: object
    AppAndInstancePolicyRuleCondition:
      properties:
        exclude:
          description: The list of applications to exclude
          items:
            $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
          type: array
        include:
          description: The list of apps or app instances to match on
          items:
            $ref: '#/components/schemas/AppAndInstanceConditionEvaluatorAppOrInstance'
          type: array
      type: object
    AppAndInstanceType:
      description: Type of app
      enum:
      - APP
      - APP_TYPE
      type: string
    AppCsrPkcs10:
      description: Base64URL-encoded CSR in DER format
      format: base64
      type: string
    AppCustomHrefObject:
      properties:
        hints:
          $ref: '#/components/schemas/AppCustomHrefObject_hints'
        href:
          description: Link URI
          type: string
        title:
          description: Link name
          type: string
        type:
          description: "The media type of the link. If omitted, it is implicitly `application/json`."
          type: string
      readOnly: true
      required:
      - href
      type: object
    AppInstanceContainerStatus:
      description: Current status of the application instance
      enum:
      - ACTIVE
      - DELETED
      - INACTIVE
      readOnly: true
      type: string
    AppInstancePolicyRuleCondition:
      properties:
        exclude:
          items:
            type: string
          type: array
        include:
          items:
            type: string
          type: array
      type: object
    AppLink:
      example:
        appInstanceId: appInstanceId
        credentialsSetup: true
        hidden: true
        appName: appName
        appAssignmentId: appAssignmentId
        sortOrder: 0
        linkUrl: linkUrl
        id: id
        label: label
        logoUrl: logoUrl
      properties:
        appAssignmentId:
          readOnly: true
          type: string
        appInstanceId:
          readOnly: true
          type: string
        appName:
          readOnly: true
          type: string
        credentialsSetup:
          readOnly: true
          type: boolean
        hidden:
          readOnly: true
          type: boolean
        id:
          readOnly: true
          type: string
        label:
          readOnly: true
          type: string
        linkUrl:
          readOnly: true
          type: string
        logoUrl:
          readOnly: true
          type: string
        sortOrder:
          readOnly: true
          type: integer
      type: object
    AppResourceHrefObject:
      properties:
        href:
          description: Link URI
          example: "https://{yourOktaDomain}/api/v1/apps/0oabskvc6442nkvQO0h7"
          type: string
        title:
          description: Link name
          example: My App
          type: string
      type: object
    AppUser:
      description: The Application User object defines a user's app-specific profile
        and credentials for an app
      example:
        credentials:
          password:
            value: value
          userName: [email protected]
        _links:
          app:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          user:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          group:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        created: ""
        profile:
          key: ""
        syncState: SYNCHRONIZED
        externalId: 70c14cc17d3745e8a9f98d599a68329c
        lastUpdated: ""
        passwordChanged: 2014-06-24T15:27:59Z
        lastSync: 2014-06-24T15:27:59Z
        _embedded:
          key: "{}"
        scope: USER
        statusChanged: 2014-06-24T15:28:14Z
        id: 00u11z6WHMYCGPCHCRFK
        status: ACTIVE
      properties:
        created:
          allOf:
          - $ref: '#/components/schemas/createdProperty'
          - example: 2014-06-24T15:27:59.000Z
        credentials:
          $ref: '#/components/schemas/AppUserCredentials'
        externalId:
          description: |-
            The ID of the user in the target app that's linked to the Okta Application User object.
            This value is the native app-specific identifier or primary key for the user in the target app.

            The `externalId` is set during import when the user is confirmed (reconciled) or during provisioning when the user is created in the target app.
            This value isn't populated for SSO app assignments (for example, SAML or SWA) because it isn't synchronized with a target app.
          example: 70c14cc17d3745e8a9f98d599a68329c
          readOnly: true
          type: string
        id:
          description: Unique identifier for the Okta User
          example: 00u11z6WHMYCGPCHCRFK
          type: string
        lastSync:
          description: Timestamp of the last synchronization operation. This value
            is only updated for apps with the `IMPORT_PROFILE_UPDATES` or `PUSH PROFILE_UPDATES`
            feature.
          example: 2014-06-24T15:27:59Z
          format: date-time
          readOnly: true
          type: string
        lastUpdated:
          allOf:
          - $ref: '#/components/schemas/lastUpdatedProperty'
          - example: 2014-06-24T15:28:14.000Z
        passwordChanged:
          description: Timestamp when the Application User password was last changed
          example: 2014-06-24T15:27:59Z
          format: date-time
          nullable: true
          readOnly: true
          type: string
        profile:
          additionalProperties: true
          description: |
            Specifies the default and custom profile properties for a user.
            Properties that are visible in the Admin Console for an app assignment can also be assigned through the API.
            Some properties are reference properties that are imported from the target app and can't be configured.
            See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c=200&path=profile&t=response).
          type: object
        scope:
          description: Indicates if the assignment is direct (`USER`) or by group
            membership (`GROUP`).
          enum:
          - USER
          - GROUP
          example: USER
          type: string
        status:
          $ref: '#/components/schemas/AppUserStatus'
        statusChanged:
          description: Timestamp when the Application User status was last changed
          example: 2014-06-24T15:28:14Z
          format: date-time
          readOnly: true
          type: string
        syncState:
          $ref: '#/components/schemas/AppUserSyncState'
        _embedded:
          additionalProperties:
            properties: {}
            type: object
          description: "Embedded resources related to the Application User using the\
            \ [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06)\
            \ specification"
          readOnly: true
          type: object
        _links:
          $ref: '#/components/schemas/LinksAppAndUser'
      title: Application User
      type: object
    AppUserAssignRequest:
      allOf:
      - $ref: '#/components/schemas/AppUser'
      - required:
        - id
      example:
        credentials:
          password:
            value: value
          userName: [email protected]
        _links:
          app:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          user:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          group:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        created: ""
        profile:
          key: ""
        syncState: SYNCHRONIZED
        externalId: 70c14cc17d3745e8a9f98d599a68329c
        lastUpdated: ""
        passwordChanged: 2014-06-24T15:27:59Z
        lastSync: 2014-06-24T15:27:59Z
        _embedded:
          key: "{}"
        scope: USER
        statusChanged: 2014-06-24T15:28:14Z
        id: 00u11z6WHMYCGPCHCRFK
        status: ACTIVE
    AppUserCredentials:
      description: |
        Specifies a user's credentials for the app.
        This parameter can be omitted for apps with [sign-on mode](/openapi/okta-management/management/tag/Application/#tag/Application/operation/getApplication!c=200&path=0/signOnMode&t=response) (`signOnMode`) or [authentication schemes](/openapi/okta-management/management/tag/Application/#tag/Application/operation/getApplication!c=200&path=0/credentials/scheme&t=response) (`credentials.scheme`) that don't require credentials.
      example:
        password:
          value: value
        userName: [email protected]
      properties:
        password:
          $ref: '#/components/schemas/AppUserPasswordCredential'
        userName:
          description: |-
            The user's username in the app

            > **Note:** The [userNameTemplate](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=0/credentials/userNameTemplate&t=request) in the Application object defines the default username generated when a user is assigned to that app.
            > If you attempt to assign a username or password to an app with an incompatible [authentication scheme](/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication!path=0/credentials/scheme&t=request), the following error is returned:
            > "Credentials should not be set on this resource based on the scheme."
          example: [email protected]
          maxLength: 100
          minLength: 1
          type: string
      type: object
    AppUserCredentialsRequestPayload:
      description: Updates the assigned user credentials
      example:
        credentials:
          password:
            value: value
          userName: [email protected]
      properties:
        credentials:
          $ref: '#/components/schemas/AppUserCredentials'
      title: Credentials
      type: object
    AppUserPasswordCredential:
      description: The user's password. This is a write-only property. An empty `password`
        object is returned to indicate that a password value exists.
      example:
        value: value
      properties:
        value:
          description: Password value
          format: password
          type: string
          writeOnly: true
      type: object
    AppUserProfile:
      additionalProperties: true
      description: |
        Specifies the default and custom profile properties for a user.
        Properties that are visible in the Admin Console for an app assignment can also be assigned through the API.
        Some properties are reference properties that are imported from the target app and can't be configured.
        See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c=200&path=profile&t=response).
      type: object
    AppUserProfileRequestPayload:
      description: |-
        Updates the assigned user profile
        > **Note:** The Okta API currently doesn't support entity tags for conditional updates. As long as you're the only user updating the the user profile, Okta recommends you fetch the most recent profile with [Retrieve an Application User](/openapi/okta-management/management/tag/ApplicationUsers/#tag/ApplicationUsers/operation/getApplicationUser), apply your profile update, and then `POST` back the updated profile.
      properties:
        profile:
          additionalProperties: true
          description: |
            Specifies the default and custom profile properties for a user.
            Properties that are visible in the Admin Console for an app assignment can also be assigned through the API.
            Some properties are reference properties that are imported from the target app and can't be configured.
            See [profile](/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c=200&path=profile&t=response).
          type: object
      title: Profile
      type: object
    AppUserStatus:
      description: Status of an Application User
      enum:
      - ACTIVE
      - APPROVED
      - DEPROVISIONED
      - IMPLICIT
      - IMPORTED
      - INACTIVE
      - MATCHED
      - PENDING
      - PROVISIONED
      - REVOKED
      - STAGED
      - SUSPENDED
      - UNASSIGNED
      example: ACTIVE
      readOnly: true
      type: string
      x-enumDescriptions:
        ACTIVE: "The Application User is provisioned and is enabled to use the app.\
          \ This status also occurs if the app has the `IMPORT_PROFILE_UPDATES` feature\
          \ enabled and user import is confirmed, or if the app doesn't have provisioning\
          \ enabled."
        INACTIVE: "The Application User is provisioned, but isn't enabled to use the\
          \ app. Application Users in this status can be reactivated with a password\
          \ reset or permanently deleted."
        IMPORTED: The Application User is created based on imported data.
        MATCHED: The imported user is matched with an existing Application User.
        UNASSIGNED: "The Application User was imported, but the user-matching operation\
          \ was skipped."
        SUSPENDED: "The Application User is provisioned, but isn't enabled to use\
          \ the app. Application Users in this status can be reactivated without a\
          \ password reset."
        PENDING: "The Application User is provisioned, but in a pending state and\
          \ can't use the app. The status moves to `ACTIVE` when the Application User\
          \ is activated."
        APPROVED: The Application User was created but not provisioned. This status
          can occur when manual provisioning acknowledgment is required.
        REVOKED: The Application User is disabled and waiting for deprovisioning acknowledgment.
          The Application User can be deleted after deprovisioning acknowledgment.
        IMPLICIT: The Application User is now migrated to use implicit app assignment.
        STAGED: The Application User doesn't have `externalId` set and the background
          provisioning operation is queued. This applies to apps with the `PUSH_NEW_USERS`
          feature enabled.
        PROVISIONED: The background provisioning operation completed and the Application
          User was assigned an `externalId` successfully.
        DEPROVISIONED: The user was removed by the provisioning operation and the
          `externalId` property is unassigned.
    AppUserSyncState:
      description: |-
        The synchronization state for the Application User.
        The Application User's `syncState` depends on whether the `PROFILE_MASTERING` feature is enabled for the app.

        > **Note:** User provisioning currently must be configured through the Admin Console.
      enum:
      - DISABLED
      - ERROR
      - OUT_OF_SYNC
      - SYNCHRONIZED
      - SYNCING
      example: SYNCHRONIZED
      readOnly: true
      type: string
      x-enumDescriptions:
        DISABLED: The provisioning feature is disabled for the app (`PROFILE_MASTERING`
          feature is disabled).
        OUT_OF_SYNC: The Application User has changes that haven't been pushed to
          the target app.
        SYNCING: A background provisioning operation is running to update the user's
          profile in the target app.
        SYNCHRONIZED: All changes to the Application User profile have successfully
          been synchronized with the target app.
        ERROR: A background provisioning operation failed to update the user's profile
          in the target app. You must resolve the provisioning task in the Admin Console
          before you retry the operation.
    AppUserUpdateRequest:
      oneOf:
      - $ref: '#/components/schemas/AppUserCredentialsRequestPayload'
      - $ref: '#/components/schemas/AppUserProfileRequestPayload'
    AppleClientSigning:
      description: |-
        Information used to generate the secret JSON Web Token for the token requests to Apple IdP
        > **Note:** The `privateKey` property is required for a CREATE request. For an UPDATE request, it can be null and keeps the existing value if it's null. The `privateKey` property isn't returned for LIST and GET requests or UPDATE requests if it's null.
      properties:
        kid:
          description: The Key ID that you obtained from Apple when you created the
            private key for the client
          example: test key id
          maxLength: 1024
          type: string
        privateKey:
          description: The PKCS \#8 encoded private key that you created for the client
            and downloaded from Apple
          example: MIGTAgEAMBM........Cb9PnybCnzDv+3cWSGWqpAIsQQZ
          maxLength: 1024
          type: string
        teamId:
          description: The Team ID associated with your Apple developer account
          example: test team id
          maxLength: 1024
          type: string
      type: object
    Application:
      discriminator:
        mapping:
          AUTO_LOGIN: '#/components/schemas/AutoLoginApplication'
          BASIC_AUTH: '#/components/schemas/BasicAuthApplication'
          BOOKMARK: '#/components/schemas/BookmarkApplication'
          BROWSER_PLUGIN: '#/components/schemas/BrowserPluginApplication'
          OPENID_CONNECT: '#/components/schemas/OpenIdConnectApplication'
          SAML_1_1: '#/components/schemas/Saml11Application'
          SAML_2_0: '#/components/schemas/SamlApplication'
          SECURE_PASSWORD_STORE: '#/components/schemas/SecurePasswordStoreApplication'
          WS_FEDERATION: '#/components/schemas/WsFederationApplication'
        propertyName: signOnMode
      example:
        visibility:
          hide:
            web: true
            iOS: false
          appLinks:
            key: true
          autoLaunch: true
          autoSubmitToolbar: true
        accessibility:
          errorRedirectUrl: errorRedirectUrl
          selfService: true
          loginRedirectUrl: loginRedirectUrl
        _links:
          help:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          metadata:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          appLinks:
          - templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          - templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          activate:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          groups:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          logo:
          - templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          - templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          accessPolicy:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          users:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          deactivate:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        created: 2000-01-23T04:56:07.000+00:00
        profile:
          key: ""
        signOnMode: AUTO_LOGIN
        orn: orn
        label: label
        features:
        - GROUP_PUSH
        - GROUP_PUSH
        lastUpdated: 2000-01-23T04:56:07.000+00:00
        _embedded:
          user:
            key: "{}"
        id: id
        licensing:
          seatCount: 0
        status: ACTIVE
      properties:
        accessibility:
          $ref: '#/components/schemas/ApplicationAccessibility'
        created:
          description: Timestamp when the Application object was created
          format: date-time
          readOnly: true
          type: string
        features:
          description: |
            Enabled app features
            > **Note:** Some apps can support optional provisioning features. See [Application Features](/openapi/okta-management/management/tag/ApplicationFeatures/)
          items:
            enum:
            - GROUP_PUSH
            - IMPORT_NEW_USERS
            - IMPORT_PROFILE_UPDATES
            - IMPORT_USER_SCHEMA
            - PROFILE_MASTERING
            - PUSH_NEW_USERS
            - PUSH_PASSWORD_UPDATES
            - PUSH_PROFILE_UPDATES
            - PUSH_USER_DEACTIVATION
            - REACTIVATE_USERS
            - OUTBOUND_DEL_AUTH
            - DESKTOP_SSO
            - FEDERATED_PROFILE
            - SUPPRESS_ACTIVATION_EMAIL
            - PUSH_PENDING_USERS
            - MFA
            - UPDATE_EXISTING_USERNAME
            - EXCLUDE_USERNAME_UPDATE_ON_PROFILE_PUSH
            - EXCHANGE_ACTIVE_SYNC
            - IMPORT_SYNC
            - IMPORT_SYNC_CONTACTS
            - DEVICE_COMPLIANCE
            - VPN_CONFIG
            - IMPORT_SCHEMA_ENUM_VALUES
            - SCIM_PROVISIONING
            - DEVICE_FILTER_IN_SIGN_ON_RULES
            - PROFILE_TEMPLATE_UPGRADE
            - DEFAULT_PUSH_STATUS_TO_PUSH
            - REAL_TIME_SYNC
            - SSO
            - AUTHN_CONTEXT
            - JIT_PROVISIONING
            - GROUP_SYNC
            - OPP_SCIM_INCREMENTAL_IMPORTS
            - IN_MEMORY_APP_USER
            - LOG_STREAMING
            - OAUTH_INTEGRATION
            - IDP
            - PUSH_NEW_USERS_WITHOUT_PASSWORD
            - SKYHOOK_SERVICE
            - ENTITLEMENT_MANAGEMENT
            - PUSH_NEW_USERS_WITH_HASHED_PASSWORD
            type: string
            x-enumDescriptions:
              GROUP_PUSH: Creates or links a group in the app when a mapping is defined
                for a group in Okta. Okta is the source for group memberships and
                all group members in Okta who are also assigned to the app are synced
                as group members to the app.
              IMPORT_NEW_USERS: Creates or links a user in Okta to a user from the
                app
              IMPORT_PROFILE_UPDATES: Updates a linked user's app profile during manual
                or scheduled imports
              IMPORT_USER_SCHEMA: Discovers the profile schema for a user from the
                app automatically
              PROFILE_MASTERING: Designates the app as the identity lifecycle and
                profile attribute authority for linked users. The user's profile in
                Okta is read-only.
              PUSH_NEW_USERS: Creates or links a user account in the app when assigning
                the app to a user in Okta
              PUSH_PASSWORD_UPDATES: Updates the user's app password when their password
                changes in Okta
              PUSH_PROFILE_UPDATES: Updates a user's profile in the app when the user's
                profile changes in Okta (the profile source)
              PUSH_USER_DEACTIVATION: Deactivates a user's account in the app when
                unassigned from the app in Okta or deactivated
              REACTIVATE_USERS: Reactivates an existing inactive user when provisioning
                a user to the app
              OUTBOUND_DEL_AUTH: Okta user authentication requests are delegated to
                a third-party app
              DESKTOP_SSO: Okta user authentication requests are handled by desktop
                SSO negotiation (if possible)
              FEDERATED_PROFILE: App User profiles are synchronized at sign-in and
                profile-view instances instead of during bulk imports
              SUPPRESS_ACTIVATION_EMAIL: Activation emails aren't sent to users sourced
                by AD and orgs with DelAuth enabled
              PUSH_PENDING_USERS: Users are in PENDING state in Okta and are created
                but not active in the sourced app user
              MFA: App can verify credentials as a second factor
              UPDATE_EXISTING_USERNAME: App can update the user name for existing
                users
              EXCLUDE_USERNAME_UPDATE_ON_PROFILE_PUSH: Exclude username update during
                profile push
              EXCHANGE_ACTIVE_SYNC: App supports synchronizing credentials with OMM
                enrolled devices
              IMPORT_SYNC: Synchronize import events
              IMPORT_SYNC_CONTACTS: Synchronize contacts
              DEVICE_COMPLIANCE: Apps support device compliance rules
              VPN_CONFIG: App supports pushing VPN configuration to OMM enrolled devices
              IMPORT_SCHEMA_ENUM_VALUES: App supports downloading schema enum values.
                You can download custom objects and integrating them with UD without
                being tied to the type metadata system.
              SCIM_PROVISIONING: App supports generic SCIM client provisioning and
                can leverage SCIM standard for provisioning and push custom attributes
                to a third-party app
              DEVICE_FILTER_IN_SIGN_ON_RULES: App supports filtering by client type
                in app sign-on rules
              PROFILE_TEMPLATE_UPGRADE: App supports profile template upgrades. This
                is primarily to help roll out the profile template upgrade feature
                for individual apps
              DEFAULT_PUSH_STATUS_TO_PUSH: "App defaults Push status to `PUSH`. This\
                \ feature is for apps, such as SharePoint, that want to receive App\
                \ User profile updates even though they didn't implement traditional\
                \ PUSH_PROFILE_UPDATES in the client API."
              REAL_TIME_SYNC: Apps support real-time synchronization
              SSO: Apps support establishing a subject based on claims from an IdP
              AUTHN_CONTEXT: Apps support establishing an authentication context based
                on claims from an IdP
              JIT_PROVISIONING: Apps support provisioning a user based on claims from
                an IdP
              GROUP_SYNC: Apps support syncing group information based on claims from
                an IdP
              OPP_SCIM_INCREMENTAL_IMPORTS: Apps support incremental imports. Used
                for SCIM app instances
              IN_MEMORY_APP_USER: Apps support in-memory App Users. This feature is
                used as an alternative to Implicit App Assignment for a non-persisted
                App User.
              LOG_STREAMING: Apps support Log Streaming
              OAUTH_INTEGRATION: App is an OAuth 2.0 Integration
              IDP: Apps support IdP functionalities
              PUSH_NEW_USERS_WITHOUT_PASSWORD: Don't send generated password for new
                users
              SKYHOOK_SERVICE: Use the Skyhook microservice for LCM operations
              ENTITLEMENT_MANAGEMENT: Marker to showcase which OIN apps are entitlement
                enabled
              PUSH_NEW_USERS_WITH_HASHED_PASSWORD: Send hashed password for new users.
                This feature is only used for CIS to CIC migration.
          type: array
        id:
          description: Unique ID for the app instance
          readOnly: true
          type: string
        label:
          description: User-defined display name for app
          type: string
        lastUpdated:
          description: Timestamp when the Application object was last updated
          format: date-time
          readOnly: true
          type: string
        licensing:
          $ref: '#/components/schemas/ApplicationLicensing'
        orn:
          description: The Okta resource name (ORN) for the current app instance
          readOnly: true
          type: string
        profile:
          additionalProperties: true
          description: |-
            Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps).
            For example, add an app manager contact email address or define an allowlist of groups that you can then reference using the Okta Expression Language `getFilteredGroups` function.

            > **Notes:**
            > * `profile` isn't encrypted, so don't store sensitive data in it.
            > * `profile` doesn't limit the level of nesting in the JSON schema you created, but there is a practical size limit. Okta recommends a JSON schema size of 1 MB or less for best performance.
          type: object
        signOnMode:
          $ref: '#/components/schemas/ApplicationSignOnMode'
        status:
          $ref: '#/components/schemas/ApplicationLifecycleStatus'
        visibility:
          $ref: '#/components/schemas/ApplicationVisibility'
        _embedded:
          $ref: '#/components/schemas/Application__embedded'
        _links:
          $ref: '#/components/schemas/ApplicationLinks'
      required:
      - label
      - signOnMode
      type: object
    ApplicationAccessibility:
      description: Specifies access settings for the app
      example:
        errorRedirectUrl: errorRedirectUrl
        selfService: true
        loginRedirectUrl: loginRedirectUrl
      properties:
        errorRedirectUrl:
          description: Custom error page URL for the app
          type: string
        loginRedirectUrl:
          description: |-
            Custom login page URL for the app
            > **Note:** The `loginRedirectUrl` property is deprecated in Identity Engine. This property is used with the custom app login feature. Orgs that actively use this feature can continue to do so. See [Okta-hosted sign-in (redirect authentication)](https://developer.okta.com/docs/guides/redirect-authentication/) or [configure IdP routing rules](https://help.okta.com/okta_help.htm?type=oie&id=ext-cfg-routing-rules) to redirect users to the appropriate sign-in app for orgs that don't use the custom app login feature.
          type: string
        selfService:
          description: Represents whether the app can be self-assignable by users
          type: boolean
      type: object
    ApplicationCredentials:
      description: Credentials for the specified `signOnMode`
      properties:
        signing:
          $ref: '#/components/schemas/ApplicationCredentialsSigning'
        userNameTemplate:
          $ref: '#/components/schemas/ApplicationCredentialsUsernameTemplate'
      type: object
    ApplicationCredentialsOAuthClient:
      properties:
        autoKeyRotation:
          default: true
          description: Requested key rotation mode
          type: boolean
        client_id:
          description: |-
            Unique identifier for the OAuth 2.0 client app

            > **Notes:**
            > * If you don't specify the `client_id`, this immutable property is populated with the [Application instance ID](/openapi/okta-management/management/tag/Application/#tag/Application/operation/getApplication!c=200&path=4/id&t=response).
            > * The `client_id` must consist of alphanumeric characters or the following special characters: `$-_.+!*'(),`.
            > * You can't use the reserved word `ALL_CLIENTS`.
          maxLength: 100
          minLength: 6
          type: string
        client_secret:
          description: |-
            OAuth 2.0 client secret string (used for confidential clients)

            > **Notes:** If a `client_secret` isn't provided on creation, and the `token_endpoint_auth_method` requires one, Okta generates a random `client_secret` for the client app.
            > The `client_secret` is only shown when an OAuth 2.0 client app is created or updated (and only if the `token_endpoint_auth_method` requires a client secret).
          maxLength: 100
          minLength: 14
          type: string
        pkce_required:
          default: true
          description: "Requires Proof Key for Code Exchange (PKCE) for additional\
            \ verification. If `token_endpoint_auth_method` is `none`, then `pkce_required`\
            \ must be `true`. The default is `true` for browser and native app types."
          type: boolean
        token_endpoint_auth_method:
          $ref: '#/components/schemas/OAuthEndpointAuthenticationMethod'
      type: object
    ApplicationCredentialsScheme:
      description: |
        Apps with `BASIC_AUTH`, `BROWSER_PLUGIN`, or `SECURE_PASSWORD_STORE` sign-on modes have credentials vaulted by Okta and can be configured with the following schemes.
      enum:
      - ADMIN_SETS_CREDENTIALS
      - EDIT_PASSWORD_ONLY
      - EDIT_USERNAME_AND_PASSWORD
      - EXTERNAL_PASSWORD_SYNC
      - SHARED_USERNAME_AND_PASSWORD
      type: string
      x-enumDescriptions:
        ADMIN_SETS_CREDENTIALS: Admin sets username and password
        EDIT_PASSWORD_ONLY: "Admin sets username, user sets password"
        EDIT_USERNAME_AND_PASSWORD: User sets username and password
        EXTERNAL_PASSWORD_SYNC: "Admin sets username, password is the same as user's\
          \ Okta password"
        SHARED_USERNAME_AND_PASSWORD: Users share a single username and password set
          by the admin
    ApplicationCredentialsSigning:
      description: |
        App signing key properties
        > **Note:** Only apps with SAML_2_0, SAML_1_1, WS_FEDERATION, or OPENID_CONNECT `signOnMode` support the key rotation feature.
      properties:
        kid:
          description: |-
            Key identifier used for signing assertions
            > **Note:** Currently, only the X.509 JWK format is supported for apps with SAML_2_0 `signOnMode`.
          type: string
        lastRotated:
          description: Timestamp when the signing key was last rotated
          format: date-time
          readOnly: true
          type: string
        nextRotation:
          description: The scheduled time for the next signing key rotation
          format: date-time
          readOnly: true
          type: string
        rotationMode:
          description: The mode of key rotation
          type: string
        use:
          $ref: '#/components/schemas/ApplicationCredentialsSigningUse'
      type: object
    ApplicationCredentialsSigningUse:
      description: Specifies the intended use of the key
      enum:
      - sig
      type: string
    ApplicationCredentialsUsernameTemplate:
      description: The template used to generate the username when the app is assigned
        through a group or directly to a user
      properties:
        pushStatus:
          description: Determines if the username is pushed to the app on updates
            for CUSTOM `type`
          enum:
          - PUSH
          - DONT_PUSH
          - NOT_CONFIGURED
          type: string
        template:
          default: "${source.login}"
          description: |-
            Mapping expression used to generate usernames.

            The following are supported mapping expressions that are used with the `BUILT_IN` template type:

            | Name                            | Template Expression                            |
            | ------------------------------- | ---------------------------------------------- |
            | AD Employee ID                  | `${source.employeeID}`                         |
            | AD SAM Account Name             | `${source.samAccountName}`                     |
            | AD SAM Account Name (lowercase) | `${fn:toLowerCase(source.samAccountName)}`     |
            | AD User Principal Name          | `${source.userName}`                           |
            | AD User Principal Name prefix   | `${fn:substringBefore(source.userName, "@")}`  |
            | Email                           | `${source.email}`                              |
            | Email (lowercase)               | `${fn:toLowerCase(source.email)}`              |
            | Email prefix                    | `${fn:substringBefore(source.email, "@")}`     |
            | LDAP UID + custom suffix        | `${source.userName}${instance.userSuffix}`     |
            | Okta username                   | `${source.login}`                              |
            | Okta username prefix            | `${fn:substringBefore(source.login, "@")}`     |
          type: string
        type:
          default: BUILT_IN
          description: Type of mapping expression. Empty string is allowed.
          enum:
          - NONE
          - BUILT_IN
          - CUSTOM
          type: string
        userSuffix:
          description: An optional suffix appended to usernames for `BUILT_IN` mapping
            expressions
          type: string
      type: object
    ApplicationFeature:
      description: |
        The Feature object is used to configure app feature settings.
      discriminator:
        mapping:
          USER_PROVISIONING: '#/components/schemas/UserProvisioningApplicationFeature'
          INBOUND_PROVISIONING: '#/components/schemas/InboundProvisioningApplicationFeature'
        propertyName: name
      example:
        _links:
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        name: USER_PROVISIONING
        description: Settings for provisioning users from Okta to a downstream app
        status: ""
      properties:
        description:
          description: Description of the feature
          example: Settings for provisioning users from Okta to a downstream app
          readOnly: true
          type: string
        name:
          $ref: '#/components/schemas/ApplicationFeatureType'
        status:
          allOf:
          - $ref: '#/components/schemas/EnabledStatus'
          - default: DISABLED
          - example: ENABLED
          - readOnly: true
        _links:
          $ref: '#/components/schemas/ApplicationFeature__links'
      type: object
    ApplicationFeatureType:
      description: |
        Key name of the feature

        | Feature name | Description   |
        | --------- | ------------- |
        | USER_PROVISIONING  | User profiles are pushed from Okta to the third-party app. Represents the **To App** provisioning feature setting in the Admin Console. |
        | INBOUND_PROVISIONING | User profiles are imported from the third-party app into Okta. This feature represents the **To Okta** provisioning feature setting in the Admin Console. |

        Select the feature:
      enum:
      - USER_PROVISIONING
      - USER_PROVISIONING
      - INBOUND_PROVISIONING
      example: USER_PROVISIONING
      type: string
    ApplicationGroupAssignment:
      description: The Application Group object that defines a group of users' app-specific
        profile and credentials for an app
      example:
        lastUpdated: ""
        _embedded:
          key: "{}"
        _links:
          app:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          group:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        profile:
          key: ""
        id: 00g4hb1HChfUriNgW0g4
        priority: 99
      properties:
        id:
          description: "ID of the [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/)"
          example: 00g4hb1HChfUriNgW0g4
          readOnly: true
          type: string
        lastUpdated:
          allOf:
          - $ref: '#/components/schemas/lastUpdatedProperty'
          - example: 2014-06-24T15:28:14.000Z
        priority:
          description: |-
            Priority assigned to the group. If an app has more than one group assigned to the same user, then the group with the higher priority has its profile applied to the [Application User](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/).
            If a priority value isn't specified, then the next highest priority is assigned by default.
            See [Assign attribute group priority](https://help.okta.com/okta_help.htm?type=oie&id=ext-usgp-app-group-priority) and the [sample priority use case](https://help.okta.com/okta_help.htm?type=oie&id=ext-usgp-combine-values-use).
          example: 99
          type: integer
        profile:
          additionalProperties: true
          description: "Specifies the profile properties applied to [Application Users](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/ApplicationUsers/)\
            \ that are assigned to the app through group membership. \nSome reference\
            \ properties are imported from the target app and can't be configured.\
            \ See [profile](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/User/#tag/User/operation/getUser!c=200&path=profile&t=response)."
          type: object
        _embedded:
          additionalProperties:
            properties: {}
            type: object
          description: "Embedded resource related to the Application Group using the\
            \ [JSON Hypertext Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06)\
            \ specification.\nIf the `expand=group` query parameter is specified,\
            \ then the [Group](https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Group/)\
            \ object is embedded. \nIf the `expand=metadata` query parameter is specified,\
            \ then the group assignment metadata is embedded."
          readOnly: true
          type: object
        _links:
          $ref: '#/components/schemas/ApplicationGroupAssignment__links'
      title: Application Group Assignment
      type: object
    ApplicationLabel:
      description: User-defined display name for app
      type: string
    ApplicationLayout:
      properties:
        elements:
          items:
            additionalProperties: {}
            type: object
          type: array
        label:
          type: string
        options:
          additionalProperties: {}
          type: object
        rule:
          $ref: '#/components/schemas/ApplicationLayout_rule'
        scope:
          type: string
        type:
          type: string
      type: object
    ApplicationLayoutRuleCondition:
      properties:
        schema:
          additionalProperties: {}
          type: object
        scope:
          type: string
      type: object
    ApplicationLayouts:
      properties:
        _links:
          $ref: '#/components/schemas/ApplicationLayouts__links'
      type: object
    ApplicationLayoutsLinksItem:
      items:
        $ref: '#/components/schemas/HrefObject'
      type: array
    ApplicationLicensing:
      description: Licenses for the app
      example:
        seatCount: 0
      properties:
        seatCount:
          description: Number of licenses purchased for the app
          type: integer
      type: object
    ApplicationLifecycleStatus:
      description: App instance status
      enum:
      - ACTIVE
      - DELETED
      - INACTIVE
      readOnly: true
      type: string
    ApplicationLinks:
      description: Discoverable resources related to the app
      example:
        help:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        metadata:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        appLinks:
        - templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        - templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        activate:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        groups:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        logo:
        - templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        - templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        self:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        accessPolicy:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        users:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        deactivate:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
      properties:
        accessPolicy:
          $ref: '#/components/schemas/AccessPolicyLink'
        activate:
          $ref: '#/components/schemas/HrefObjectActivateLink'
        appLinks:
          description: List of app link resources
          items:
            $ref: '#/components/schemas/HrefObject'
          type: array
        deactivate:
          $ref: '#/components/schemas/HrefObjectDeactivateLink'
        groups:
          $ref: '#/components/schemas/GroupsLink'
        help:
          $ref: '#/components/schemas/HelpLink'
        logo:
          description: List of app logo resources
          items:
            $ref: '#/components/schemas/HrefObject'
          type: array
        metadata:
          $ref: '#/components/schemas/MetadataLink'
        self:
          $ref: '#/components/schemas/HrefObjectSelfLink'
        users:
          $ref: '#/components/schemas/UsersLink'
      readOnly: true
    ApplicationSettings:
      description: App settings
      properties:
        identityStoreId:
          description: "Identifies an additional identity store app, if your app supports\
            \ it. The `identityStoreId` value must be a valid identity store app ID.\
            \ This identity store app must be created in the same org as your app."
          type: string
        implicitAssignment:
          description: Controls whether Okta automatically assigns users to the app
            based on the user's role or group membership.
          type: boolean
        inlineHookId:
          description: "Identifier of an inline hook. Inline hooks are outbound calls\
            \ from Okta to your own custom code, triggered at specific points in Okta\
            \ process flows. They allow you to integrate custom functionality into\
            \ those flows. See [Inline hooks](/openapi/okta-management/management/tag/InlineHook/)."
          type: string
        notes:
          $ref: '#/components/schemas/ApplicationSettingsNotes'
        notifications:
          $ref: '#/components/schemas/ApplicationSettingsNotifications'
        signOn:
          $ref: '#/components/schemas/AutoLoginApplicationSettingsSignOn'
      type: object
    ApplicationSettingsNotes:
      description: App notes visible to either the admin or end user
      properties:
        admin:
          description: An app message that's visible to admins
          type: string
        enduser:
          description: A message that's visible in the End-User Dashboard
          type: string
      type: object
    ApplicationSettingsNotifications:
      description: Specifies notifications settings for the app
      properties:
        vpn:
          $ref: '#/components/schemas/ApplicationSettingsNotificationsVpn'
      type: object
    ApplicationSettingsNotificationsVpn:
      description: Sends customizable messages with conditions to end users when a
        VPN connection is required
      properties:
        helpUrl:
          description: An optional URL to a help page to assist your end users in
            signing in to your company VPN
          type: string
        message:
          description: A VPN requirement message that's displayed to users
          type: string
        network:
          $ref: '#/components/schemas/ApplicationSettingsNotificationsVpnNetwork'
      required:
      - network
      type: object
    ApplicationSettingsNotificationsVpnNetwork:
      description: Defines network zones for VPN notification
      properties:
        connection:
          description: Specifies the VPN connection details required to access the
            app
          enum:
          - DISABLED
          - ANYWHERE
          - ON_NETWORK
          - OFF_NETWORK
          - ZONE
          type: string
          x-enumDescriptions:
            DISABLED: The default state. Retain this setting for apps that don't require
              a VPN connection.
            ANYWHERE: Displays VPN connection information regardless of the browser's
              client IP. The notification appears before the end user can access the
              app.
            ON_NETWORK: Displays VPN connection information only when a browser's
              client IP matches the configured Public Gateway IPs. The notification
              appears before the end user can access the app.
            OFF_NETWORK: Displays VPN connection information only when the browser's
              client IP doesn't match the configured Public Gateway IPs. The notification
              appears before the end user can access the app.
        exclude:
          description: Defines the IP addresses or network ranges that are excluded
            from the VPN requirement
          items:
            type: string
          type: array
        include:
          description: Defines the IP addresses or network ranges that are required
            to use the VPN
          items:
            type: string
          type: array
      type: object
    ApplicationSignOnMode:
      description: |
        Authentication mode for the app

        | signOnMode | Description |
        | ---------- | ----------- |
        | AUTO_LOGIN | Secure Web Authentication (SWA) |
        | BASIC_AUTH | HTTP Basic Authentication with Okta Browser Plugin |
        | BOOKMARK | Just a bookmark (no-authentication) |
        | BROWSER_PLUGIN | Secure Web Authentication (SWA) with Okta Browser Plugin |
        | OPENID_CONNECT | Federated Authentication with OpenID Connect (OIDC) |
        | SAML_1_1 | Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) |
        | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO |
        | SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) |
        | WS_FEDERATION | Federated Authentication with WS-Federation Passive Requestor Profile |

        Select the `signOnMode` for your custom app:
      enum:
      - AUTO_LOGIN
      - BASIC_AUTH
      - BOOKMARK
      - BROWSER_PLUGIN
      - OPENID_CONNECT
      - SAML_1_1
      - SAML_2_0
      - SECURE_PASSWORD_STORE
      - WS_FEDERATION
      type: string
    ApplicationType:
      description: "The type of client application. Default value: `web`."
      enum:
      - browser
      - native
      - service
      - web
      type: string
    ApplicationVisibility:
      description: Specifies visibility settings for the app
      example:
        hide:
          web: true
          iOS: false
        appLinks:
          key: true
        autoLaunch: true
        autoSubmitToolbar: true
      properties:
        appLinks:
          additionalProperties:
            type: boolean
          description: Links or icons that appear on the End-User Dashboard if they're
            set to `true`.
          type: object
        autoLaunch:
          description: Automatically signs in to the app when user signs into Okta
          type: boolean
        autoSubmitToolbar:
          description: Automatically sign in when user lands on the sign-in page
          type: boolean
        hide:
          $ref: '#/components/schemas/ApplicationVisibilityHide'
      type: object
    ApplicationVisibilityHide:
      description: Hides the app for specific end-user apps
      example:
        web: true
        iOS: false
      properties:
        iOS:
          default: false
          description: Okta Mobile for iOS or Android (pre-dates Android)
          example: false
          type: boolean
        web:
          default: false
          description: Okta End-User Dashboard on a web browser
          example: true
          type: boolean
      type: object
    AssignGroupOwnerRequestBody:
      example:
        id: id
        type: GROUP
      properties:
        id:
          description: The `id` of the group owner
          type: string
        type:
          $ref: '#/components/schemas/GroupOwnerType'
      type: object
    AssignRoleRequest:
      properties:
        type:
          $ref: '#/components/schemas/RoleType'
      type: object
    AssignUserToRealm:
      example:
        realmId: realmId
      properties:
        realmId:
          type: string
      type: object
    AssociatedServerMediated:
      example:
        trusted:
        - trusted
        - trusted
      properties:
        trusted:
          description: A list of the authorization server IDs
          items:
            type: string
          type: array
      type: object
    AssuranceMethod:
      allOf:
      - $ref: '#/components/schemas/VerificationMethod'
      - properties:
          constraints:
            items:
              $ref: '#/components/schemas/AccessPolicyConstraints'
            type: array
          factorMode:
            $ref: '#/components/schemas/AssuranceMethodFactorMode'
          inactivityPeriod:
            description: "The inactivity duration after which the user must re-authenticate.\
              \ Use the ISO 8601 period format (for example, PT2H)."
            type: string
          reauthenticateIn:
            description: "The duration after which the user must re-authenticate,\
              \ regardless of user activity. Keep in mind that the re-authentication\
              \ intervals for constraints take precedent over this value. Use the\
              \ ISO 8601 period format for recurring time intervals (for example,\
              \ PT2H, PT0S, PT43800H, and so on)."
            type: string
        type: object
    AssuranceMethodFactorMode:
      enum:
      - 1FA
      - 2FA
      type: string
    AttackProtectionAuthenticatorSettings:
      example:
        verifyKnowledgeSecondWhen2faRequired: false
      properties:
        verifyKnowledgeSecondWhen2faRequired:
          default: false
          description: "If true, requires users to verify a possession factor before\
            \ verifying a knowledge factor when the assurance requires two-factor\
            \ authentication (2FA)."
          type: boolean
      type: object
    AuthServerLinks:
      allOf:
      - $ref: '#/components/schemas/LinksSelf'
      - properties:
          claims:
            $ref: '#/components/schemas/AuthServerLinks_allOf_claims'
          deactivate:
            allOf:
            - $ref: '#/components/schemas/HrefObjectDeactivateLink'
          metadata:
            description: Link to the authorization server metadata
            items:
              $ref: '#/components/schemas/HrefObject'
            type: array
          policies:
            $ref: '#/components/schemas/AuthServerLinks_allOf_policies'
          rotateKey:
            $ref: '#/components/schemas/AuthServerLinks_allOf_rotateKey'
          scopes:
            $ref: '#/components/schemas/AuthServerLinks_allOf_scopes'
        type: object
      example:
        metadata:
        - templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        - templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        rotateKey:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        claims:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        policies:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        self:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        scopes:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        deactivate: ""
    AuthenticationMethod:
      properties:
        hardwareProtection:
          default: OPTIONAL
          description: Indicates if any secrets or private keys used during authentication
            must be hardware protected and not exportable. This property is only set
            for `POSSESSION` constraints.
          enum:
          - OPTIONAL
          - REQUIRED
          type: string
        id:
          description: An ID that identifies the authenticator
          type: string
        key:
          description: A label that identifies the authenticator
          type: string
        method:
          description: Specifies the method used for the authenticator
          type: string
        phishingResistant:
          default: OPTIONAL
          description: Indicates if phishing-resistant Factors are required. This
            property is only set for `POSSESSION` constraints
          enum:
          - OPTIONAL
          - REQUIRED
          type: string
        userVerification:
          default: OPTIONAL
          description: Indicates the user interaction requirement (PIN or biometrics)
            to ensure verification of a possession factor
          enum:
          - OPTIONAL
          - REQUIRED
          type: string
      required:
      - key
      - method
      type: object
    AuthenticationMethodChain:
      properties:
        authenticationMethods:
          items:
            $ref: '#/components/schemas/AuthenticationMethod'
          type: array
        next:
          description: The next steps of the authentication method chain. This is
            an array of `AuthenticationMethodChain`. Only supports one item in the
            array.
          items:
            type: object
          type: array
        reauthenticateIn:
          description: "Specifies how often the user should be prompted for authentication\
            \ using duration format for the time period. \nFor example, `PT2H30M`\
            \ for two and a half hours. This parameter can't be set at the same time\
            \ as the `reauthenticateIn` property on the `verificationMethod`."
          type: string
      type: object
    AuthenticationMethodChainMethod:
      allOf:
      - $ref: '#/components/schemas/VerificationMethod'
      - properties:
          chains:
            description: Authentication method chains. Only supports 5 items in the
              array. Each chain can support maximum 3 steps.
            items:
              $ref: '#/components/schemas/AuthenticationMethodChain'
            type: array
          reauthenticateIn:
            description: "Specifies how often the user should be prompted for authentication\
              \ using duration format for the time period. \nFor example, `PT2H30M`\
              \ for two and a half hours. Don't set this parameter if you're setting\
              \ the `reauthenticateIn` parameter in `chains`."
            type: string
        type: object
      x-okta-lifecycle:
        lifecycle: EA
        isGenerallyAvailable: true
    AuthenticationMethodObject:
      properties:
        key:
          description: A label that identifies the authenticator
          type: string
        method:
          description: Specifies the method used for the authenticator
          type: string
      required:
      - key
      type: object
    AuthenticationProvider:
      description: |-
        Specifies the authentication provider that validates the User's password credential. The User's current provider
         is managed by the Delegated Authentication settings for your organization. The provider object is **read-only**.
      example:
        name: name
        type: ACTIVE_DIRECTORY
      properties:
        name:
          description: The name of the authentication provider
          type: string
        type:
          $ref: '#/components/schemas/AuthenticationProviderType'
      type: object
    AuthenticationProviderType:
      description: The type of authentication provider
      enum:
      - ACTIVE_DIRECTORY
      - FEDERATION
      - IMPORT
      - LDAP
      - OKTA
      - SOCIAL
      type: string
      x-enumDescriptions:
        ACTIVE_DIRECTORY: Specifies the directory instance name as the `name` property
        FEDERATION: Doesn't support a `password` or `recovery question` credential
          and must authenticate through a trusted Identity Provider
        IMPORT: Specifies a hashed password that was imported from an external source
        LDAP: Specifies the directory instance name as the `name` property
        OKTA: Specifies the Okta Identity Provider
        SOCIAL: Doesn't support a `password` or `recovery question` credential and
          must authenticate through a trusted Identity Provider
    AuthenticatorBase:
      discriminator:
        mapping:
          custom_app: '#/components/schemas/AuthenticatorKeyCustomApp'
          duo: '#/components/schemas/AuthenticatorKeyDuo'
          okta_email: '#/components/schemas/AuthenticatorKeyEmail'
          google_otp: '#/components/schemas/AuthenticatorKeyGoogleOtp'
          external_idp: '#/components/schemas/AuthenticatorKeyExternalIdp'
          okta_password: '#/components/schemas/AuthenticatorKeyPassword'
          okta_verify: '#/components/schemas/AuthenticatorKeyOktaVerify'
          onprem_mfa: '#/components/schemas/AuthenticatorKeyOnprem'
          phone_number: '#/components/schemas/AuthenticatorKeyPhone'
          security_key: '#/components/schemas/AuthenticatorKeySecurityKey'
          security_question: '#/components/schemas/AuthenticatorKeySecurityQuestion'
          symantec_vip: '#/components/schemas/AuthenticatorKeySymantecVip'
          smart_card_idp: '#/components/schemas/AuthenticatorKeySmartCard'
          webauthn: '#/components/schemas/AuthenticatorKeyWebauthn'
          yubikey_token: '#/components/schemas/AuthenticatorKeyYubikey'
        propertyName: key
      example:
        lastUpdated: 2000-01-23T04:56:07.000+00:00
        _links:
          methods: ""
          activate:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          deactivate:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        created: 2000-01-23T04:56:07.000+00:00
        name: name
        id: id
        type: app
        key: custom_app
        status: ACTIVE
      properties:
        created:
          description: Timestamp when the Authenticator was created
          format: date-time
          readOnly: true
          type: string
        id:
          description: A unique identifier for the Authenticator
          readOnly: true
          type: string
        key:
          $ref: '#/components/schemas/AuthenticatorKeyEnum'
        lastUpdated:
          description: Timestamp when the Authenticator was last modified
          format: date-time
          readOnly: true
          type: string
        name:
          description: Display name of the Authenticator
          type: string
        status:
          $ref: '#/components/schemas/LifecycleStatus'
        type:
          $ref: '#/components/schemas/AuthenticatorType'
        _links:
          $ref: '#/components/schemas/AuthenticatorLinks'
      type: object
    AuthenticatorEnrollmentPolicy:
      allOf:
      - $ref: '#/components/schemas/Policy'
      - properties:
          conditions:
            $ref: '#/components/schemas/AuthenticatorEnrollmentPolicyConditions'
          settings:
            $ref: '#/components/schemas/AuthenticatorEnrollmentPolicySettings'
        type: object
    AuthenticatorEnrollmentPolicyAuthenticatorSettings:
      properties:
        constraints:
          $ref: '#/components/schemas/AuthenticatorEnrollmentPolicyAuthenticatorSettings_constraints'
        enroll:
          $ref: '#/components/schemas/AuthenticatorEnrollmentPolicyAuthenticatorSettings_enroll'
        key:
          $ref: '#/components/schemas/AuthenticatorEnrollmentPolicyAuthenticatorType'
      type: object
    AuthenticatorEnrollmentPolicyAuthenticatorStatus:
      default: NOT_ALLOWED
      description: Requirements for the user-initiated enrollment
      enum:
      - NOT_ALLOWED
      - OPTIONAL
      - REQUIRED
      type: string
    AuthenticatorEnrollmentPolicyAuthenticatorType:
      description: A label that identifies the authenticator
      enum:
      - custom_app
      - custom_otp
      - duo
      - external_idp
      - google_otp
      - okta_email
      - okta_password
      - okta_verify
      - onprem_mfa
      - phone_number
      - rsa_token
      - security_question
      - symantec_vip
      - webauthn
      - yubikey_token
      type: string
    AuthenticatorEnrollmentPolicyConditions:
      allOf:
      - properties:
          people:
            $ref: '#/components/schemas/AuthenticatorEnrollmentPolicyConditions_allOf_people'
        type: object
    AuthenticatorEnrollmentPolicyRule:
      allOf:
      - $ref: '#/components/schemas/PolicyRule'
      - properties:
          actions:
            $ref: '#/components/schemas/AuthenticatorEnrollmentPolicyRuleActions'
          conditions:
            $ref: '#/components/schemas/AuthenticatorEnrollmentPolicyRuleConditions'
        type: object
    AuthenticatorEnrollmentPolicyRuleActionEnroll:
      description: "Specifies whether the User is to be enrolled the first time they\
        \ `LOGIN`, the next time they are in the `CHALLENGE` process, or `NEVER`"
      properties:
        self:
          enum:
          - CHALLENGE
          - LOGIN
          - NEVER
          type: string
      type: object
    AuthenticatorEnrollmentPolicyRuleActions:
      allOf:
      - $ref: '#/components/schemas/PolicyRuleActions'
      - properties:
          enroll:
            $ref: '#/components/schemas/AuthenticatorEnrollmentPolicyRuleActionEnroll'
        type: object
    AuthenticatorEnrollmentPolicyRuleConditions:
      properties:
        network:
          $ref: '#/components/schemas/PolicyNetworkCondition'
        people:
          $ref: '#/components/schemas/AuthenticatorEnrollmentPolicyRuleConditions_people'
      type: object
    AuthenticatorEnrollmentPolicySettings:
      description: "**Note:** In Identity Engine, the Multifactor (MFA) Enrollment\
        \ Policy name has changed to authenticator enrollment policy. The policy type\
        \ of `MFA_ENROLL` remains unchanged. However, the `settings` data is updated\
        \ for authenticators. Policy `settings` are included only for those authenticators\
        \ that are enabled."
      properties:
        authenticators:
          description: |
            List of authenticator policy settings

             For orgs with the Authenticator enrollment policy feature enabled, the new default authenticator enrollment policy created by Okta contains the `authenticators` property in the policy settings. Existing default authenticator enrollment policies from a migrated Classic Engine org remain unchanged. The policies still use the `factors` property in their settings. The `authenticators` parameter allows you to configure all available authenticators, including authentication and recovery. The `factors` parameter only allows you to configure multifactor authentication.
          items:
            $ref: '#/components/schemas/AuthenticatorEnrollmentPolicyAuthenticatorSettings'
          type: array
        type:
          $ref: '#/components/schemas/AuthenticatorEnrollmentPolicySettingsType'
      type: object
    AuthenticatorEnrollmentPolicySettingsType:
      default: FACTORS
      description: |
        Type of policy configuration object

         The `type` property in the policy `settings` is only applicable to the authenticator enrollment policy available in Identity Engine.
      enum:
      - AUTHENTICATORS
      - FACTORS
      type: string
    AuthenticatorIdentity:
      description: Represents a particular authenticator serving as a constraint on
        a method
      properties:
        key:
          type: string
      type: object
    AuthenticatorKeyCustomApp:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
      - properties:
          agreeToTerms:
            description: "A value of `true` indicates that the administrator accepts\
              \ the [terms](https://www.okta.com/privacy-policy/)for creating a new\
              \ authenticator. Okta requires that you accept the terms when creating\
              \ a new `custom_app` authenticator. Other authenticators don't require\
              \ this field."
            type: boolean
          provider:
            $ref: '#/components/schemas/AuthenticatorKeyCustomApp_allOf_provider'
          settings:
            $ref: '#/components/schemas/AuthenticatorKeyCustomApp_allOf_settings'
        type: object
    AuthenticatorKeyDuo:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
      - properties:
          provider:
            $ref: '#/components/schemas/AuthenticatorKeyDuo_allOf_provider'
        type: object
    AuthenticatorKeyEmail:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
      - properties:
          settings:
            $ref: '#/components/schemas/AuthenticatorKeyEmail_allOf_settings'
        type: object
    AuthenticatorKeyEnum:
      description: A human-readable string that identifies the Authenticator
      enum:
      - custom_app
      - duo
      - external_idp
      - google_otp
      - okta_email
      - okta_password
      - okta_verify
      - onprem_mfa
      - phone_number
      - security_key
      - security_question
      - smart_card_idp
      - symantec_vip
      - webauthn
      - yubikey_token
      type: string
    AuthenticatorKeyExternalIdp:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
    AuthenticatorKeyGoogleOtp:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
    AuthenticatorKeyOktaVerify:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
      - properties:
          settings:
            $ref: '#/components/schemas/AuthenticatorKeyOktaVerify_allOf_settings'
        type: object
    AuthenticatorKeyOnprem:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
    AuthenticatorKeyPassword:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
    AuthenticatorKeyPhone:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
      - properties:
          settings:
            $ref: '#/components/schemas/AuthenticatorKeyPhone_allOf_settings'
        type: object
    AuthenticatorKeySecurityKey:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
    AuthenticatorKeySecurityQuestion:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
      - properties:
          settings:
            $ref: '#/components/schemas/AuthenticatorKeyPhone_allOf_settings'
        type: object
    AuthenticatorKeySmartCard:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
    AuthenticatorKeySymantecVip:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
    AuthenticatorKeyWebauthn:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
    AuthenticatorKeyYubikey:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorSimple'
    AuthenticatorLinks:
      allOf:
      - $ref: '#/components/schemas/LinksSelfAndLifecycle'
      - properties:
          methods:
            allOf:
            - $ref: '#/components/schemas/HrefObject'
            description: Link to Authenticator methods
        type: object
      example:
        methods: ""
        activate:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        self:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
        deactivate:
          templated: true
          hints:
            allow:
            - DELETE
            - DELETE
          name: name
          href: href
          type: type
    AuthenticatorMethodAlgorithm:
      enum:
      - ES256
      - RS256
      type: string
    AuthenticatorMethodBase:
      discriminator:
        mapping:
          sms: '#/components/schemas/AuthenticatorMethodSimple'
          voice: '#/components/schemas/AuthenticatorMethodSimple'
          email: '#/components/schemas/AuthenticatorMethodSimple'
          push: '#/components/schemas/AuthenticatorMethodPush'
          signed_nonce: '#/components/schemas/AuthenticatorMethodSignedNonce'
          totp: '#/components/schemas/AuthenticatorMethodTotp'
          otp: '#/components/schemas/AuthenticatorMethodOtp'
          password: '#/components/schemas/AuthenticatorMethodSimple'
          webauthn: '#/components/schemas/AuthenticatorMethodWebAuthn'
          security_question: '#/components/schemas/AuthenticatorMethodSimple'
          idp: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
          duo: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
          cert: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
        propertyName: type
      example:
        _links:
          activate:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          deactivate:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        type: cert
        status: ACTIVE
      properties:
        status:
          $ref: '#/components/schemas/LifecycleStatus'
        type:
          $ref: '#/components/schemas/AuthenticatorMethodType'
        _links:
          $ref: '#/components/schemas/LinksSelfAndLifecycle'
      type: object
    AuthenticatorMethodConstraint:
      description: "Limits the authenticators that can be used for a given method.\
        \ Currently, only the `otp` method supports constraints, and Google authenticator\
        \ (key : 'google_otp') is the only allowed authenticator."
      properties:
        allowedAuthenticators:
          items:
            $ref: '#/components/schemas/AuthenticatorIdentity'
          type: array
        method:
          enum:
          - otp
          type: string
      type: object
    AuthenticatorMethodOtp:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorMethodWithVerifiableProperties'
      - properties:
          acceptableAdjacentIntervals:
            description: "The number of acceptable adjacent intervals, also known\
              \ as the clock drift interval. This setting allows you to build in tolerance\
              \ for any time difference between the token and the server. For example,\
              \ with a `timeIntervalInSeconds` of 60 seconds and an `acceptableAdjacentIntervals`\
              \ value of 5, Okta accepts passcodes within 300 seconds (60 * 5) before\
              \ or after the end user enters their code."
            maximum: 10
            minimum: 0
            type: integer
          algorithm:
            $ref: '#/components/schemas/OtpTotpAlgorithm'
          encoding:
            $ref: '#/components/schemas/OtpTotpEncoding'
          factorProfileId:
            description: The `id` value of the factor profile
            example: aut1nd8PQhGcQtSxB0g4
            type: string
          passCodeLength:
            $ref: '#/components/schemas/OtpTotpPassCodeLength'
          protocol:
            $ref: '#/components/schemas/OtpProtocol'
          timeIntervalInSeconds:
            $ref: '#/components/schemas/OtpTotpTimeIntervalInSeconds'
        type: object
    AuthenticatorMethodProperty:
      enum:
      - DEVICE_BOUND
      - HARDWARE_PROTECTED
      - PHISHING_RESISTANT
      - USER_PRESENCE
      - USER_VERIFYING
      type: string
    AuthenticatorMethodPush:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorMethodBase'
      - properties:
          settings:
            $ref: '#/components/schemas/AuthenticatorMethodPush_allOf_settings'
        type: object
    AuthenticatorMethodSignedNonce:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorMethodBase'
      - properties:
          settings:
            $ref: '#/components/schemas/AuthenticatorMethodSignedNonce_allOf_settings'
        type: object
    AuthenticatorMethodSimple:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorMethodBase'
    AuthenticatorMethodTotp:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorMethodBase'
      - properties:
          settings:
            $ref: '#/components/schemas/AuthenticatorMethodTotp_allOf_settings'
        type: object
    AuthenticatorMethodTransactionType:
      enum:
      - CIBA
      - LOGIN
      type: string
    AuthenticatorMethodType:
      description: The type of authenticator method
      enum:
      - cert
      - duo
      - email
      - idp
      - otp
      - password
      - push
      - security_question
      - signed_nonce
      - sms
      - totp
      - voice
      - webauthn
      type: string
    AuthenticatorMethodWebAuthn:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorMethodBase'
      - properties:
          settings:
            $ref: '#/components/schemas/AuthenticatorMethodWebAuthn_allOf_settings'
        type: object
    AuthenticatorMethodWithVerifiableProperties:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorMethodBase'
      - properties:
          verifiableProperties:
            items:
              $ref: '#/components/schemas/AuthenticatorMethodProperty'
            type: array
        type: object
    AuthenticatorSimple:
      allOf:
      - $ref: '#/components/schemas/AuthenticatorBase'
    AuthenticatorType:
      description: The type of Authenticator
      enum:
      - app
      - email
      - federated
      - password
      - phone
      - security_key
      - security_question
      type: string
    AuthorizationServer:
      example:
        lastUpdated: 2000-01-23T04:56:07.000+00:00
        credentials:
          signing:
            nextRotation: 2000-01-23T04:56:07.000+00:00
            use: sig
            kid: kid
            rotationMode: AUTO
            lastRotated: 2000-01-23T04:56:07.000+00:00
        _links:
          metadata:
          - templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          - templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          rotateKey:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          claims:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          policies:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          scopes:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          deactivate: ""
        created: 2000-01-23T04:56:07.000+00:00
        name: name
        audiences:
        - audiences
        - audiences
        description: description
        id: id
        issuer: issuer
        issuerMode: issuerMode
        status: ACTIVE
      properties:
        audiences:
          description: The recipients that the tokens are intended for. This becomes
            the `aud` claim in an access token. Okta currently supports only one audience.
          items:
            type: string
          type: array
        created:
          format: date-time
          readOnly: true
          type: string
        credentials:
          $ref: '#/components/schemas/AuthorizationServerCredentials'
        description:
          description: The description of the custom authorization server
          type: string
        id:
          description: The ID of the custom authorization server
          readOnly: true
          type: string
        issuer:
          description: The complete URL for the custom authorization server. This
            becomes the `iss` claim in an access token.
          type: string
        issuerMode:
          description: |-
            Indicates which value is specified in the issuer of the tokens that a custom authorization server returns: the Okta org domain URL or a custom domain URL.

            `issuerMode` is visible if you have a custom URL domain configured or the Dynamic Issuer Mode feature enabled. If you have a custom URL domain configured, you can set a custom domain URL in a custom authorization server, and this property is returned in the appropriate responses.

            When set to `ORG_URL`, then in responses, `issuer` is the Okta org domain URL: `https://${yourOktaDomain}`.

            When set to `CUSTOM_URL`, then in responses, `issuer` is the custom domain URL configured in the administration user interface.

            When set to `DYNAMIC`, then in responses, `issuer` is the custom domain URL if the OAuth 2.0 request was sent to the custom domain, or is the Okta org's domain URL if the OAuth 2.0 request was sent to the original Okta org domain.

            After you configure a custom URL domain, all new custom authorization servers use `CUSTOM_URL` by default. If the Dynamic Issuer Mode feature is enabled, then all new custom authorization servers use `DYNAMIC` by default. All existing custom authorization servers continue to use the original value until they're changed using the Admin Console or the API. This way, existing integrations with the client and resource server continue to work after the feature is enabled.
          type: string
        lastUpdated:
          format: date-time
          readOnly: true
          type: string
        name:
          description: The name of the custom authorization server
          type: string
        status:
          $ref: '#/components/schemas/LifecycleStatus'
        _links:
          $ref: '#/components/schemas/AuthServerLinks'
      type: object
    AuthorizationServerCredentials:
      example:
        signing:
          nextRotation: 2000-01-23T04:56:07.000+00:00
          use: sig
          kid: kid
          rotationMode: AUTO
          lastRotated: 2000-01-23T04:56:07.000+00:00
      properties:
        signing:
          $ref: '#/components/schemas/AuthorizationServerCredentialsSigningConfig'
      type: object
    AuthorizationServerCredentialsRotationMode:
      description: The Key rotation mode for the authorization server
      enum:
      - AUTO
      - MANUAL
      type: string
    AuthorizationServerCredentialsSigningConfig:
      example:
        nextRotation: 2000-01-23T04:56:07.000+00:00
        use: sig
        kid: kid
        rotationMode: AUTO
        lastRotated: 2000-01-23T04:56:07.000+00:00
      properties:
        kid:
          description: The ID of the JSON Web Key used for signing tokens issued by
            the authorization server
          readOnly: true
          type: string
        lastRotated:
          description: The timestamp when the authorization server started using the
            `kid` for signing tokens
          format: date-time
          readOnly: true
          type: string
        nextRotation:
          description: The timestamp when the authorization server changes the Key
            for signing tokens. This is only returned when `rotationMode` is set to
            `AUTO`.
          format: date-time
          readOnly: true
          type: string
        rotationMode:
          $ref: '#/components/schemas/AuthorizationServerCredentialsRotationMode'
        use:
          $ref: '#/components/schemas/AuthorizationServerCredentialsUse'
      type: object
    AuthorizationServerCredentialsUse:
      description: How the key is used
      enum:
      - sig
      type: string
    AuthorizationServerJsonWebKey:
      example:
        kty: kty
        e: e
        _links:
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        use: use
        kid: kid
        alg: alg
        "n": "n"
        status: status
      properties:
        alg:
          description: "The algorithm used with the Key. Valid value: `RS256`"
          type: string
        e:
          description: RSA key value (public exponent) for Key binding
          readOnly: true
          type: string
        kid:
          description: Unique identifier for the key
          readOnly: true
          type: string
        kty:
          description: "Cryptographic algorithm family for the certificate's keypair.\
            \ Valid value: `RSA`"
          readOnly: true
          type: string
        "n":
          description: RSA modulus value that is used by both the public and private
            keys and provides a link between them
          type: string
        status:
          description: |-
            An `ACTIVE` Key is used to sign tokens issued by the authorization server. Supported values: `ACTIVE`, `NEXT`, or `EXPIRED`

            A `NEXT` Key is the next Key that the authorization server uses to sign tokens when Keys are rotated. The `NEXT` Key might not be listed if it hasn't been generated.
            An `EXPIRED` Key is the previous Key that the authorization server used to sign tokens. The `EXPIRED` Key might not be listed if no Key has expired or the expired Key was deleted.
          type: string
        use:
          description: "Acceptable use of the key. Valid value: `sig`"
          readOnly: true
          type: string
        _links:
          $ref: '#/components/schemas/LinksSelf'
      type: object
    AuthorizationServerPolicy:
      allOf:
      - properties:
          id:
            description: ID of the Policy
            type: string
          type:
            description: Indicates that the Policy is an authorization server Policy
            enum:
            - OAUTH_AUTHORIZATION_POLICY
            type: string
          name:
            description: Name of the Policy
            type: string
          conditions:
            $ref: '#/components/schemas/AuthorizationServerPolicyConditions'
          description:
            description: Description of the Policy
            type: string
          priority:
            description: Specifies the order in which this Policy is evaluated in
              relation to the other Policies in a custom authorization server
            type: integer
          status:
            description: Specifies whether requests have access to this Policy
            enum:
            - ACTIVE
            - INACTIVE
            type: string
          system:
            description: Specifies whether Okta created this Policy
            type: boolean
          created:
            description: Timestamp when the Policy was created
            format: date-time
            readOnly: true
            type: string
          lastUpdated:
            description: Timestamp when the Policy was last updated
            format: date-time
            readOnly: true
            type: string
          _links:
            $ref: '#/components/schemas/AuthorizationServerPolicy_allOf__links'
        type: object
      example:
        lastUpdated: 2000-01-23T04:56:07.000+00:00
        system: true
        _links:
          activate:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          rules:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
          deactivate:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        created: 2000-01-23T04:56:07.000+00:00
        name: name
        description: description
        id: id
        type: OAUTH_AUTHORIZATION_POLICY
        conditions:
          clients:
            include:
            - include
            - include
        priority: 0
        status: ACTIVE
    AuthorizationServerPolicyConditions:
      example:
        clients:
          include:
          - include
          - include
      properties:
        clients:
          $ref: '#/components/schemas/ClientPolicyCondition'
      type: object
    AuthorizationServerPolicyPeopleCondition:
      description: Identifies Users and Groups that are used together
      example:
        groups:
          include:
          - include
          - include
        users:
          include:
          - include
          - include
      properties:
        groups:
          $ref: '#/components/schemas/AuthorizationServerPolicyRuleGroupCondition'
        users:
          $ref: '#/components/schemas/AuthorizationServerPolicyRuleUserCondition'
      type: object
    AuthorizationServerPolicyRule:
      example:
        lastUpdated: 2000-01-23T04:56:07.000+00:00
        system: true
        _links: ""
        created: 2000-01-23T04:56:07.000+00:00
        name: name
        id: id
        conditions:
          grantTypes:
            include:
            - include
            - include
          scopes:
            include:
            - include
            - include
          people:
            groups:
              include:
              - include
              - include
            users:
              include:
              - include
              - include
        priority: 5
        type: RESOURCE_ACCESS
        actions:
          token:
            refreshTokenWindowMinutes: 1
            accessTokenLifetimeMinutes: 0
            inlineHook:
              id: id
            refreshTokenLifetimeMinutes: 6
        status: ACTIVE
      properties:
        actions:
          $ref: '#/components/schemas/AuthorizationServerPolicyRuleActions'
        conditions:
          $ref: '#/components/schemas/AuthorizationServerPolicyRuleConditions'
        created:
          description: Timestamp when the rule was created
          format: date-time
          readOnly: true
          type: string
        id:
          description: Identifier of the rule
          readOnly: true
          type: string
        lastUpdated:
          description: Timestamp when the rule was last modified
          format: date-time
          readOnly: true
          type: string
        name:
          description: Name of the rule
          type: string
        priority:
          description: Priority of the rule
          type: integer
        status:
          description: Status of the rule
          enum:
          - ACTIVE
          - INACTIVE
          type: string
        system:
          description: Set to `true` for system rules. You can't delete system rules.
          type: boolean
        type:
          description: Rule type
          enum:
          - RESOURCE_ACCESS
          type: string
        _links:
          allOf:
          - $ref: '#/components/schemas/LinksSelfAndLifecycle'
      type: object
    AuthorizationServerPolicyRuleActions:
      allOf:
      - $ref: '#/components/schemas/PolicyRuleActions'
      - properties:
          token:
            $ref: '#/components/schemas/TokenAuthorizationServerPolicyRuleAction'
        type: object
      example:
        token:
          refreshTokenWindowMinutes: 1
          accessTokenLifetimeMinutes: 0
          inlineHook:
            id: id
          refreshTokenLifetimeMinutes: 6
    AuthorizationServerPolicyRuleConditions:
      example:
        grantTypes:
          include:
          - include
          - include
        scopes:
          include:
          - include
          - include
        people:
          groups:
            include:
            - include
            - include
          users:
            include:
            - include
            - include
      properties:
        grantTypes:
          $ref: '#/components/schemas/GrantTypePolicyRuleCondition'
        people:
          $ref: '#/components/schemas/AuthorizationServerPolicyPeopleCondition'
        scopes:
          $ref: '#/components/schemas/OAuth2ScopesMediationPolicyRuleCondition'
      type: object
    AuthorizationServerPolicyRuleGroupCondition:
      description: Specifies a set of Groups whose Users are to be included
      example:
        include:
        - include
        - include
      properties:
        include:
          description: Groups to be included
          items:
            type: string
          type: array
      type: object
    AuthorizationServerPolicyRuleRequest:
      allOf:
      - $ref: '#/components/schemas/AuthorizationServerPolicyRule'
      - required:
        - conditions
        - name
        - type
        type: object
      example:
        lastUpdated: 2000-01-23T04:56:07.000+00:00
        system: true
        _links: ""
        created: 2000-01-23T04:56:07.000+00:00
        name: name
        id: id
        conditions:
          grantTypes:
            include:
            - include
            - include
          scopes:
            include:
            - include
            - include
          people:
            groups:
              include:
              - include
              - include
            users:
              include:
              - include
              - include
        priority: 0
        type: RESOURCE_ACCESS
        actions:
          token:
            refreshTokenWindowMinutes: 1
            accessTokenLifetimeMinutes: 0
            inlineHook:
              id: id
            refreshTokenLifetimeMinutes: 6
        status: ACTIVE
    AuthorizationServerPolicyRuleUserCondition:
      description: Specifies a set of Users to be included
      example:
        include:
        - include
        - include
      properties:
        include:
          description: Users to be included
          items:
            type: string
          type: array
      type: object
    AuthorizationServerResourceHrefObject:
      properties:
        href:
          description: Link URI
          example: "https://{yourOktaDomain}/api/v1/authorizationServers/ausain6z9zIedDCxB0h7"
          type: string
        title:
          description: Link name
          example: Example Authorization Server
          type: string
      type: object
    AutoAssignAdminAppSetting:
      description: The org setting that automatically assigns the Okta Admin Console
        when an admin role is assigned
      properties:
        autoAssignAdminAppSetting:
          description: Automatically assigns the Okta Admin Console to the user when
            an admin role is assigned
          type: boolean
      type: object
    AutoLoginApplication:
      allOf:
      - $ref: '#/components/schemas/Application'
      - properties:
          credentials:
            $ref: '#/components/schemas/SchemeApplicationCredentials'
          name:
            description: A unique key is generated for the custom SWA app instance
              when you use AUTO_LOGIN `signOnMode`.
            readOnly: true
            type: string
          settings:
            $ref: '#/components/schemas/AutoLoginApplicationSettings'
        type: object
    AutoLoginApplicationSettings:
      allOf:
      - $ref: '#/components/schemas/ApplicationSettings'
      - properties:
          signOn:
            $ref: '#/components/schemas/AutoLoginApplicationSettingsSignOn'
        type: object
    AutoLoginApplicationSettingsSignOn:
      properties:
        loginUrl:
          description: Primary URL of the sign-in page for this app
          type: string
        redirectUrl:
          description: Secondary URL of the sign-in page for this app
          type: string
      required:
      - loginUrl
      type: object
    AutoUpdateSchedule:
      description: The schedule of auto-update configured by admin.
      example:
        cron: cron
        duration: 6
        lastUpdated: 2000-01-23T04:56:07.000+00:00
        delay: 0
        timezone: timezone
      properties:
        cron:
          type: string
        delay:
          description: delay in days
          type: integer
        duration:
          description: duration in minutes
          type: integer
        lastUpdated:
          description: "last time when the updated finished (success or failed, exclude\
            \ cancelled), null if job haven't finished once yet."
          format: date-time
          type: string
        timezone:
          type: string
      type: object
    AwsAccountId:
      description: Your AWS account ID
      example: "123456789012"
      maxLength: 12
      minLength: 12
      type: string
    AwsEventSourceName:
      description: An alphanumeric name (no spaces) to identify this event source
        in AWS EventBridge
      example: your-event-source-name
      maxLength: 75
      minLength: 1
      pattern: "^[a-zA-Z0-9.\\-_]$"
      type: string
    AwsRegion:
      description: The destination AWS region where your event source is located
      enum:
      - ap-northeast-1
      - ap-northeast-2
      - ap-northeast-3
      - ap-south-1
      - ap-southeast-1
      - ap-southeast-2
      - ca-central-1
      - eu-central-1
      - eu-north-1
      - eu-west-1
      - eu-west-2
      - eu-west-3
      - sa-east-1
      - us-east-1
      - us-east-2
      - us-west-1
      - us-west-2
      type: string
    BaseContext:
      description: "This object contains a number of sub-objects, each of which provide\
        \ some type of contextual information."
      properties:
        request:
          $ref: '#/components/schemas/InlineHookRequestObject'
        session:
          $ref: '#/components/schemas/BaseContext_session'
        user:
          $ref: '#/components/schemas/BaseContext_user'
      type: object
    BaseEmailDomain:
      properties:
        displayName:
          type: string
        userName:
          type: string
      required:
      - displayName
      - userName
      type: object
    BaseEmailServer:
      properties:
        alias:
          description: Human-readable name for your SMTP server
          example: CustomServer1
          type: string
        enabled:
          description: "If `true`, routes all email traffic through your SMTP server"
          type: boolean
        host:
          description: Hostname or IP address of your SMTP server
          example: 192.168.160.1
          type: string
        port:
          description: Port number of your SMTP server
          example: 587
          type: integer
        username:
          description: Username used to access your SMTP server
          example: aUser
          type: string
      type: object
    BaseToken:
      properties:
        claims:
          description: "Claims included in the token. Consists of name-value pairs\
            \ for each included claim. For descriptions of the claims that you can\
            \ include, see the Okta [OpenID Connect and OAuth 2.0 API reference](/openapi/okta-oauth/guides/overview/#claims)."
          type: object
        lifetime:
          $ref: '#/components/schemas/BaseToken_lifetime'
      type: object
    BasicApplicationSettings:
      allOf:
      - $ref: '#/components/schemas/ApplicationSettings'
      - properties:
          app:
            $ref: '#/components/schemas/BasicApplicationSettingsApplication'
        type: object
    BasicApplicationSettingsApplication:
      properties:
        authURL:
          description: The URL of the authenticating site for this app
          type: string
        url:
          description: The URL of the sign-in page for this app
          type: string
      required:
      - authURL
      - url
      type: object
    BasicAuthApplication:
      allOf:
      - $ref: '#/components/schemas/Application'
      - properties:
          credentials:
            $ref: '#/components/schemas/SchemeApplicationCredentials'
          name:
            description: '`template_basic_auth` is the key name for a Basic Authentication
              scheme app instance'
            enum:
            - template_basic_auth
            type: string
          settings:
            $ref: '#/components/schemas/BasicApplicationSettings'
        required:
        - name
        - settings
        type: object
      x-okta-defined-as:
        name: template_basic_auth
    BeforeScheduledActionPolicyRuleCondition:
      properties:
        duration:
          $ref: '#/components/schemas/Duration'
        lifecycleAction:
          $ref: '#/components/schemas/ScheduledUserLifecycleAction'
      type: object
    BehaviorRule:
      discriminator:
        mapping:
          ANOMALOUS_LOCATION: '#/components/schemas/BehaviorRuleAnomalousLocation'
          ANOMALOUS_IP: '#/components/schemas/BehaviorRuleAnomalousIP'
          ANOMALOUS_DEVICE: '#/components/schemas/BehaviorRuleAnomalousDevice'
          VELOCITY: '#/components/schemas/BehaviorRuleVelocity'
        propertyName: type
      example:
        lastUpdated: 2000-01-23T04:56:07.000+00:00
        _link:
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        created: 2000-01-23T04:56:07.000+00:00
        name: name
        id: id
        type: ANOMALOUS_DEVICE
        status: ACTIVE
      properties:
        created:
          format: date-time
          readOnly: true
          type: string
        id:
          readOnly: true
          type: string
        lastUpdated:
          format: date-time
          readOnly: true
          type: string
        name:
          maxLength: 128
          type: string
        status:
          $ref: '#/components/schemas/LifecycleStatus'
        type:
          $ref: '#/components/schemas/BehaviorRuleType'
        _link:
          $ref: '#/components/schemas/LinksSelf'
      required:
      - name
      - type
      title: Behavior Detection Rule
      type: object
    BehaviorRuleAnomalousDevice:
      allOf:
      - $ref: '#/components/schemas/BehaviorRule'
      - properties:
          settings:
            $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousDevice'
        type: object
    BehaviorRuleAnomalousIP:
      allOf:
      - $ref: '#/components/schemas/BehaviorRule'
      - properties:
          settings:
            $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousIP'
        type: object
    BehaviorRuleAnomalousLocation:
      allOf:
      - $ref: '#/components/schemas/BehaviorRule'
      - properties:
          settings:
            $ref: '#/components/schemas/BehaviorRuleSettingsAnomalousLocation'
        type: object
    BehaviorRuleSettings:
      title: Behavior Detection Rule Settings
      type: object
    BehaviorRuleSettingsAnomalousDevice:
      allOf:
      - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
    BehaviorRuleSettingsAnomalousIP:
      allOf:
      - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
      - properties:
          maxEventsUsedForEvaluation:
            default: 50
            maximum: 100
            minimum: 0
            type: integer
        type: object
    BehaviorRuleSettingsAnomalousLocation:
      allOf:
      - $ref: '#/components/schemas/BehaviorRuleSettingsHistoryBased'
      - properties:
          granularity:
            $ref: '#/components/schemas/LocationGranularity'
          radiusKilometers:
            description: Required when `granularity` is `LAT_LONG`. Radius from the
              provided coordinates in kilometers.
            type: integer
        required:
        - granularity
        type: object
    BehaviorRuleSettingsHistoryBased:
      allOf:
      - $ref: '#/components/schemas/BehaviorRuleSettings'
      - properties:
          maxEventsUsedForEvaluation:
            default: 20
            maximum: 100
            minimum: 1
            type: integer
          minEventsNeededForEvaluation:
            default: 0
            maximum: 10
            minimum: 0
            type: integer
        title: Behavior Detection Rule Settings based on Event History
        type: object
    BehaviorRuleSettingsVelocity:
      allOf:
      - $ref: '#/components/schemas/BehaviorRuleSettings'
      - properties:
          velocityKph:
            default: 805
            minimum: 1
            type: integer
        required:
        - velocityKph
        title: Behavior Detection Rule Settings based on device velocity in kilometers
          per hour.
        type: object
    BehaviorRuleType:
      enum:
      - ANOMALOUS_DEVICE
      - ANOMALOUS_IP
      - ANOMALOUS_LOCATION
      - VELOCITY
      type: string
    BehaviorRuleVelocity:
      allOf:
      - $ref: '#/components/schemas/BehaviorRule'
      - properties:
          settings:
            $ref: '#/components/schemas/BehaviorRuleSettingsVelocity'
        type: object
    BindingMethod:
      description: The method used to bind the out-of-band channel with the primary
        channel.
      enum:
      - none
      - prompt
      - transfer
      type: string
    BookmarkApplication:
      allOf:
      - $ref: '#/components/schemas/Application'
      - properties:
          credentials:
            $ref: '#/components/schemas/ApplicationCredentials'
          name:
            description: '`bookmark` is the key name for a Bookmark app'
            enum:
            - bookmark
            type: string
          settings:
            $ref: '#/components/schemas/BookmarkApplicationSettings'
        required:
        - name
        - settings
        type: object
      x-okta-defined-as:
        name: bookmark
    BookmarkApplicationSettings:
      allOf:
      - $ref: '#/components/schemas/ApplicationSettings'
      - properties:
          app:
            $ref: '#/components/schemas/BookmarkApplicationSettingsApplication'
        type: object
    BookmarkApplicationSettingsApplication:
      properties:
        requestIntegration:
          default: false
          description: Would you like Okta to add an integration for this app?
          type: boolean
        url:
          description: The URL of the launch page for this app
          type: string
      required:
      - url
      type: object
    BouncesRemoveListError:
      example:
        reason: reason
        emailAddress: emailAddress
      properties:
        emailAddress:
          description: An email address with a validation error
          type: string
        reason:
          description: Validation error reason
          type: string
      type: object
    BouncesRemoveListObj:
      example:
        emailAddresses:
        - emailAddresses
        - emailAddresses
      properties:
        emailAddresses:
          description: A list of email addresses to remove from the email-service
            bounce list
          items:
            description: Email address
            type: string
          type: array
      type: object
    BouncesRemoveListResult:
      example:
        errors:
        - reason: reason
          emailAddress: emailAddress
        - reason: reason
          emailAddress: emailAddress
      properties:
        errors:
          description: A list of emails that wasn't added to the email-bounced remove
            list and the error reason
          items:
            $ref: '#/components/schemas/BouncesRemoveListError'
          type: array
      type: object
    Brand:
      example:
        agreeToCustomPrivacyPolicy: true
        defaultApp:
          appInstanceId: appInstanceId
          appLinkName: appLinkName
          classicApplicationUri: classicApplicationUri
        isDefault: true
        removePoweredByOkta: false
        name: name
        id: id
        emailDomainId: emailDomainId
        locale: locale
        customPrivacyPolicyUrl: customPrivacyPolicyUrl
      properties:
        agreeToCustomPrivacyPolicy:
          description: Consent for updating the custom privacy URL. Not required when
            resetting the URL.
          type: boolean
        customPrivacyPolicyUrl:
          description: Custom privacy policy URL
          type: string
        defaultApp:
          $ref: '#/components/schemas/DefaultApp'
        emailDomainId:
          description: The ID of the email domain
          type: string
        id:
          description: The Brand ID
          readOnly: true
          type: string
        isDefault:
          description: "If `true`, the Brand is used for the Okta subdomain"
          readOnly: true
          type: boolean
        locale:
          description: "The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646)"
          type: string
        name:
          description: The name of the Brand
          type: string
        removePoweredByOkta:
          default: false
          description: "Removes \"Powered by Okta\" from the sign-in page in redirect\
            \ authentication deployments, and \"© [current year] Okta, Inc.\" from\
            \ the Okta End-User Dashboard"
          type: boolean
      type: object
    BrandDomains:
      items:
        $ref: '#/components/schemas/DomainResponse'
      title: BrandDomains
      type: array
    BrandRequest:
      example:
        agreeToCustomPrivacyPolicy: true
        defaultApp:
          appInstanceId: appInstanceId
          appLinkName: appLinkName
          classicApplicationUri: classicApplicationUri
        removePoweredByOkta: false
        name: name
        emailDomainId: emailDomainId
        locale: locale
        customPrivacyPolicyUrl: customPrivacyPolicyUrl
      properties:
        agreeToCustomPrivacyPolicy:
          description: Consent for updating the custom privacy URL. Not required when
            resetting the URL.
          type: boolean
        customPrivacyPolicyUrl:
          description: Custom privacy policy URL
          type: string
        defaultApp:
          $ref: '#/components/schemas/DefaultApp'
        emailDomainId:
          description: The ID of the email domain
          type: string
        locale:
          description: "The language specified as an [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/html/rfc5646)"
          type: string
        name:
          description: The name of the Brand
          type: string
        removePoweredByOkta:
          default: false
          description: "Removes \"Powered by Okta\" from the sign-in page in redirect\
            \ authentication deployments, and \"© [current year] Okta, Inc.\" from\
            \ the Okta End-User Dashboard"
          type: boolean
      required:
      - name
      type: object
    BrandWithEmbedded:
      allOf:
      - $ref: '#/components/schemas/Brand'
      example:
        _embedded: "{}"
        _links: ""
      properties:
        _embedded:
          properties:
            themes:
              items:
                $ref: '#/components/schemas/ThemeResponse'
              type: array
            domains:
              items:
                $ref: '#/components/schemas/DomainResponse'
              type: array
            emailDomain:
              $ref: '#/components/schemas/EmailDomainResponse'
          readOnly: true
          type: object
        _links:
          allOf:
          - $ref: '#/components/schemas/LinksSelf'
          - properties:
              themes:
                $ref: '#/components/schemas/HrefObject'
      type: object
    BrowserPluginApplication:
      allOf:
      - $ref: '#/components/schemas/Application'
      - properties:
          credentials:
            $ref: '#/components/schemas/SchemeApplicationCredentials'
          name:
            description: The key name for the app definition
            enum:
            - template_swa
            - template_swa3field
            type: string
            x-enumDescriptions:
              template_swa: The key name for a SWA app instance that requires a browser
                plugin
              template_swa3field: The key name for a SWA app instance that requires
                a browser plugin and supports three CSS selectors
          settings:
            $ref: '#/components/schemas/SwaApplicationSettings'
        required:
        - name
        - settings
        type: object
    BulkDeleteRequestBody:
      example:
        entityType: USERS
        profiles:
        - externalId: externalId
        - externalId: externalId
      properties:
        entityType:
          enum:
          - USERS
          type: string
        profiles:
          items:
            $ref: '#/components/schemas/IdentitySourceUserProfileForDelete'
          type: array
      type: object
    BulkUpsertRequestBody:
      example:
        entityType: USERS
        profiles:
        - profile:
            firstName: firstName
            lastName: lastName
            mobilePhone: mobilePhone
            secondEmail: secondEmail
            userName: userName
            email: email
            homeAddress: homeAddress
          externalId: externalId
        - profile:
            firstName: firstName
            lastName: lastName
            mobilePhone: mobilePhone
            secondEmail: secondEmail
            userName: userName
            email: email
            homeAddress: homeAddress
          externalId: externalId
      properties:
        entityType:
          enum:
          - USERS
          type: string
        profiles:
          items:
            $ref: '#/components/schemas/BulkUpsertRequestBody_profiles_inner'
          type: array
      type: object
    BundleEntitlement:
      properties:
        description:
          type: string
        id:
          type: string
        name:
          type: string
        role:
          type: string
        _links:
          $ref: '#/components/schemas/BundleEntitlement__links'
      type: object
    BundleEntitlementsResponse:
      properties:
        entitlements:
          items:
            $ref: '#/components/schemas/BundleEntitlement'
          type: array
        _links:
          $ref: '#/components/schemas/BundleEntitlementsResponse__links'
      type: object
    ByDateTimeExpiry:
      allOf:
      - $ref: '#/components/schemas/DateTime'
    ByDurationExpiry:
      allOf:
      - $ref: '#/components/schemas/TimeDuration'
      description: |-
        A time duration specified as an [ISO-8601 duration](https://en.wikipedia.org/wiki/ISO_8601#Durations).
        Must be between 1 and 180 days inclusive.
    CAPTCHAInstance:
      description: ""
      example:
        siteKey: siteKey
        secretKey: secretKey
        _links:
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        name: name
        id: id
        type: HCAPTCHA
      properties:
        id:
          description: The unique key for the CAPTCHA instance
          readOnly: true
          type: string
        name:
          description: The name of the CAPTCHA instance
          type: string
        secretKey:
          description: The secret key issued from the CAPTCHA provider to perform
            server-side validation for a CAPTCHA token
          type: string
          writeOnly: true
        siteKey:
          description: The site key issued from the CAPTCHA provider to render a CAPTCHA
            on a page
          type: string
        type:
          $ref: '#/components/schemas/CAPTCHAType'
        _links:
          $ref: '#/components/schemas/LinksSelf'
      title: CAPTCHAInstance
      type: object
    CAPTCHAType:
      description: The type of CAPTCHA provider
      enum:
      - HCAPTCHA
      - RECAPTCHA_V2
      type: string
    CSRLinks:
      description: "Specifies link relations (see [Web Linking](https://www.rfc-editor.org/rfc/rfc8288))\
        \ available for the current status of a CSR object using the [JSON Hypertext\
        \ Application Language](https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06)\
        \ specification. This object is used for dynamic discovery of related resources\
        \ and lifecycle operations."
      example:
        publish:
          hints:
            allow:
            - POST
            - POST
          href: "https://{yourOktaDomain}/api/v1/apps/0oad5lTSBOMUBOBVVQSC/credentials/csrs/h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50/lifecycle/publish"
        self:
          hints:
            allow:
            - GET
            - GET
          href: "https://{yourOktaDomain}/api/v1/apps/0oad5lTSBOMUBOBVVQSC/credentials/csrs/h9zkutaSe7fZX0SwN1GqDApofgD1OW8g2B5l2azha50"
      properties:
        publish:
          $ref: '#/components/schemas/HrefCsrPublishLink'
        self:
          $ref: '#/components/schemas/HrefCsrSelfLink'
      readOnly: true
    CaepDeviceComplianceChangeEvent:
      description: The subject's device compliance was revoked
      properties:
        current_status:
          description: Current device compliance status
          enum:
          - compliant
          - not-compliant
          example: non-compliant
          type: string
        event_timestamp:
          description: The time of the event (UNIX timestamp)
          example: 1702448550
          format: int64
          type: integer
        initiating_entity:
          description: The entity that initiated the event
          enum:
          - admin
          - user
          - policy
          - system
          type: string
        previous_status:
          description: Previous device compliance status
          enum:
          - compliant
          - not-compliant
          type: string
        reason_admin:
          $ref: '#/components/schemas/CaepDeviceComplianceChangeEvent_reason_admin'
        reason_user:
          $ref: '#/components/schemas/CaepDeviceComplianceChangeEvent_reason_user'
        subject:
          $ref: '#/components/schemas/SecurityEventSubject'
      required:
      - current_status
      - event_timestamp
      - previous_status
      - subject
      type: object
    CaepSecurityEvent:
      properties:
        event_timestamp:
          description: The time of the event (UNIX timestamp)
          example: 1702448550
          format: int64
          type: integer
        initiating_entity:
          description: The entity that initiated the event
          enum:
          - admin
          - user
          - policy
          - system
          type: string
        reason_admin:
          $ref: '#/components/schemas/CaepDeviceComplianceChangeEvent_reason_admin'
        reason_user:
          $ref: '#/components/schemas/CaepDeviceComplianceChangeEvent_reason_user'
        subject:
          $ref: '#/components/schemas/SecurityEventSubject'
      required:
      - event_timestamp
      - subject
      type: object
    CaepSessionRevokedEvent:
      description: The session of the subject was revoked
      properties:
        current_ip:
          description: Current IP of the session
          example: 123.4.5.6
          type: string
        current_user_agent:
          description: Current User Agent of the session
          example: CurrentUserAgent
          type: string
        event_timestamp:
          description: The time of the event (UNIX timestamp)
          example: 1702448550
          format: int64
          type: integer
        initiating_entity:
          description: The entity that initiated the event
          enum:
          - admin
          - user
          - policy
          - system
          type: string
        last_known_ip:
          description: Last known IP of the session
          example: 123.4.5.6
          type: string
        last_known_user_agent:
          description: Last known User Agent of the session
          example: LastUserAgent
          type: string
        reason_admin:
          $ref: '#/components/schemas/CaepDeviceComplianceChangeEvent_reason_admin'
        reason_user:
          $ref: '#/components/schemas/CaepDeviceComplianceChangeEvent_reason_user'
        subject:
          $ref: '#/components/schemas/SecurityEventSubject'
      required:
      - event_timestamp
      - subject
      type: object
    CapabilitiesCreateObject:
      description: |
        Determines whether Okta assigns a new app account to each user managed by Okta.

        Okta doesn't create a new account if it detects that the username specified in Okta already exists in the app.
        The user's Okta username is assigned by default.
      properties:
        lifecycleCreate:
          $ref: '#/components/schemas/LifecycleCreateSettingObject'
      type: object
    CapabilitiesImportRulesObject:
      description: Defines user import rules
      properties:
        userCreateAndMatch:
          $ref: '#/components/schemas/CapabilitiesImportRulesUserCreateAndMatchObject'
      type: object
    CapabilitiesImportRulesUserCreateAndMatchObject:
      description: Rules for matching and creating users
      properties:
        allowPartialMatch:
          description: "Allows user import upon partial matching. Partial matching\
            \ occurs when the first and last names of an imported user match those\
            \ of an existing Okta user, even if the username or email attributes don't\
            \ match."
          type: boolean
        autoActivateNewUsers:
          description: "If set to `true`, imported new users are automatically activated."
          type: boolean
        autoConfirmExactMatch:
          description: "If set to `true`, exact-matched users are automatically confirmed\
            \ on activation. If set to `false`, exact-matched users need to be confirmed\
            \ manually."
          type: boolean
        autoConfirmNewUsers:
          description: "If set to `true`, imported new users are automatically confirmed\
            \ on activation. This doesn't apply to imported users that already exist\
            \ in Okta."
          type: boolean
        autoConfirmPartialMatch:
          description: "If set to `true`, partially matched users are automatically\
            \ confirmed on activation. If set to `false`, partially matched users\
            \ need to be confirmed manually."
          type: boolean
        exactMatchCriteria:
          description: Determines the attribute to match users
          enum:
          - EMAIL
          - USERNAME
          type: string
      type: object
    CapabilitiesImportSettingsObject:
      description: Defines import settings
      properties:
        schedule:
          $ref: '#/components/schemas/ImportScheduleObject'
        username:
          $ref: '#/components/schemas/ImportUsernameObject'
      type: object
    CapabilitiesInboundProvisioningObject:
      description: Defines the configuration for the INBOUND_PROVISIONING feature
      properties:
        importRules:
          $ref: '#/components/schemas/CapabilitiesImportRulesObject'
        importSettings:
          $ref: '#/components/schemas/CapabilitiesImportSettingsObject'
      required:
      - importRules
      - importSettings
      title: INBOUND_PROVISIONING
      type: object
      x-okta-lifecycle:
        lifecycle: GA
        isGenerallyAvailable: true
    CapabilitiesObject:
      description: Defines the configurations for the USER_PROVISIONING feature
      properties:
        create:
          $ref: '#/components/schemas/CapabilitiesCreateObject'
        update:
          $ref: '#/components/schemas/CapabilitiesUpdateObject'
      title: USER_PROVISIONING
      type: object
    CapabilitiesUpdateObject:
      description: Determines whether updates to a user's profile are pushed to the
        app
      properties:
        lifecycleDeactivate:
          $ref: '#/components/schemas/LifecycleDeactivateSettingObject'
        password:
          $ref: '#/components/schemas/PasswordSettingObject'
        profile:
          $ref: '#/components/schemas/ProfileSettingObject'
      type: object
    CatalogApplication:
      example:
        features:
        - features
        - features
        lastUpdated: 2000-01-23T04:56:07.000+00:00
        website: website
        verificationStatus: verificationStatus
        _links:
          self:
            templated: true
            hints:
              allow:
              - DELETE
              - DELETE
            name: name
            href: href
            type: type
        displayName: displayName
        name: name
        description: description
        id: id
        category: category
        signOnModes:
        - signOnModes
        - signOnModes
        status: ACTIVE
      properties:
        category:
          type: string
        description:
          type: string
        displayName:
          type: string
        features:
          items:
            type: string
          type: array
        id:
          readOnly: true
          type: string
        lastUpdated:
          format: date-time
          readOnly: true
          type: string
        name:
          type: string
        signOnModes:
          items:
            type: string
          type: array
        status:
          $ref: '#/components/schemas/CatalogApplicationStatus'
        verificationStatus:
          type: string
        website:
          type: string
        _links:
          $ref: '#/components/schemas/LinksSelf'
      type: object
    CatalogApplicationStatus:
      enum:
      - ACTIVE
      - INACTIVE
      type: string
    ChallengeType:
      enum:
      - http://auth0.com/oauth/grant-type/mfa-oob
      - http://auth0.com/oauth/grant-type/mfa-otp
      type: string
    ChangeEnum:
      default: KEEP_EXISTING
      description: Determines whether a change in a user's password also updates the
        user's password in the app
      enum:
      - CHANGE
      - KEEP_EXISTING
      example: CHANGE
      type: string
    ChangePasswordRequest:
      example:
        oldPassword:
          hook:
            type: type
          value: pa$$word
          hash:
            iterationCount: 0
            salt: salt
            keySize: 6
            saltOrder: saltOrder
            workFactor: 3
            digestAlgorithm: SHA256_HMAC
            value: value
            algorithm: BCRYPT
        newPassword:
          hook:
            type: type
          value: pa$$word
          hash:
            iterationCount: 0
            salt: salt
            keySize: 6
            saltOrder: saltOrder
            workFactor: 3
            digestAlgorithm: SHA256_HMAC
            value: value
            algorithm: BCRYPT
        revokeSessions: false
      properties:
        newPassword:
          $ref: '#/components/schemas/PasswordCredential'
        oldPassword:
          $ref: '#/components/schemas/PasswordCredential'
        revokeSessions:
          default: false
          description: "When set to `true`, revokes all User sessions, except for\
            \ the current session"
          type: boolean
      type: object
    Channel:
      description: The out-of-band channel for use with authentication. Required for
        all `/oob-authenticate` requests and any `/challenge` request with an out-of-band
        authenticator.
      enum:
      - push
      - sms
      - voice
      type: string
    ChannelBinding:
      properties:
        required:
          $ref: '#/components/schemas/RequiredEnum'
        style:
          enum:
          - NUMBER_CHALLENGE
          type: string
      type: object
    ChildOrg:
      example:
        settings:
          key: ""
        website: https://www.okta.com
        _links:
          key: ""
        created: 2022-08-25T00:05:00Z
        admin:
          credentials:
            password:
              value: pa$$word
            recovery_question:
              answer: se7en
              question: what is your favourite movie?
          profile:
            firstName: firstName
            lastName: lastName
            login: login
            email: email
        edition: SKU
        token: token
        lastUpdated: 2022-08-25T00:05:00Z
        name: My Child Org 1
        subdomain: my-child-org-1
        id: 00o1n8sbwArJ7OQRw406
        tokenType: SSWS
        status: ACTIVE
      properties:
        admin:
          $ref: '#/components/schemas/OrgCreationAdmin'
        created:
          description: Timestamp when the Org was created
          example: 2022-08-25T00:05:00Z
          format: date-time
          readOnly: true
          type: string
        edition:
          description: Edition for the Org. `SKU` is the only supported value.
          enum:
          - SKU
          example: SKU
          type: string
        id:
          description: Org ID
          example: 00o1n8sbwArJ7OQRw406
          readOnly: true
          type: string
        lastUpdated:
          description: Timestamp when the Org was last updated
          example: 2022-08-25T00:05:00Z
          format: date-time
          readOnly: true
          type: string
        name:
          description: |-
            Unique name of the Org.
            This name appears in the HTML `