Design Doc: https://oktawiki.atlassian.net/wiki/display/eng/Provisioning+API+Design
Highlights:
- Feature enabling & disabling operations are under [lifecycle endpoints] (#provisioning-lifecycle-operations)
- Continue using
Features
object to indicate the status of provisioning features, enabled features will show inFeatures
list - Use same
Feature
enums for lifecycle - 4 states (
"DISABLED"
,"ENABLED"
,"NOT_AUTHORIZED"
,"NOT_SUPPORTED"
) for [provisioning status] (#provisioning-status-state-machine) authorize
object is under_links
, this is hidden whenauthScheme
is notOAUTH2
GET /api/v1/internal/apps/0oaigsp4oKodxsVjn0g3/settings/provisioning
HTTP/1.1 200 OK
Content-Type: application/json
{
"status": "ENABLED | DISABLED | NOT_AUTHORIZED | NOT_SUPPORTED",
"authScheme": "OAUTH2",
"_links": {
"authorize": {
"href": "http://rain-admin.okta1.com:1802/admin/app/google/0oaj85ElLkiwyvmWe0g3/oauth/authorize",
"type": "text/html"
}
}
}
We currently only support managing three provisioning features: PUSH_PASSWORD_UPDATES, PUSH_PROFILE_UPDATES, PUSH_NEW_USERS
POST /api/v1/internal/apps/{appId}/lifecycle/enable-features
[
{
"feature": "PUSH_PASSWORD_UPDATES",
"settings": {
"pushPasswordSyncType": "SYNC_UNIQUE_PASSWORD | SYNC_OKTA_PASSWORD",
"cycleSyncedPassword": false
}
},
{
"feature": "PUSH_PROFILE_UPDATES"
},
{
"feature": "PUSH_NEW_USERS",
"settings": {}
}
]
HTTP/1.1 200 Success
Content-Type: application/json
{}
If Okta is not authorized, a 403 error will be thrown:
HTTP/1.1 403 Forbidden
Content-Type: application/json
{
"errorCode": "E0000099",
"errorSummary": "Enabling provisioning features forbidden",
"errorLink": "E0000099",
"errorId": "oaeHifznCllQ26xcRsO5vAk7A",
"errorCauses": [
{
"errorSummary": "Your Okta application is not authorized to consume third party API."
}
]
}
POST /api/v1/internal/apps/{appId}/lifecycle/disable-features
[
{
"feature": "PUSH_PASSWORD_UPDATES",
"settings": {}
},
{
"feature": "PUSH_PROFILE_UPDATES",
"settings": {}
},
{
"feature": "PUSH_NEW_USERS",
"settings": {}
}
]
Response
HTTP/1.1 200 Success
Content-Type: application/json
{}