yumingcao-okta/provisioning-api.md

## provisioning-api.md

      
    Raw
  

              provisioning-api.md
            
          
    Provisioning API

Design Doc: https://oktawiki.atlassian.net/wiki/display/eng/Provisioning+API+Design
Highlights:

Feature enabling & disabling operations are under [lifecycle endpoints] (#provisioning-lifecycle-operations)
Continue using Features object to indicate the status of provisioning features, enabled features will show in Features list
Use same Feature enums for lifecycle
4 states ("DISABLED", "ENABLED", "NOT_AUTHORIZED", "NOT_SUPPORTED") for [provisioning status] (#provisioning-status-state-machine)
authorize object is under _links, this is hidden when authScheme is not OAUTH2

Provisioning Settings Operations

Get Provisioning Settings

GET /api/v1/internal/apps/0oaigsp4oKodxsVjn0g3/settings/provisioning

HTTP/1.1 200 OK
Content-Type: application/json
{
  "status": "ENABLED | DISABLED | NOT_AUTHORIZED | NOT_SUPPORTED",
  "authScheme": "OAUTH2",
  "_links": {
    "authorize": {
      "href": "http://rain-admin.okta1.com:1802/admin/app/google/0oaj85ElLkiwyvmWe0g3/oauth/authorize",
      "type": "text/html"
    }
  }
}
Provisioning Status State Machine


Provisioning Lifecycle Operations

We currently only support managing three provisioning features: PUSH_PASSWORD_UPDATES, PUSH_PROFILE_UPDATES, PUSH_NEW_USERS
Enable provisioning feature

POST /api/v1/internal/apps/{appId}/lifecycle/enable-features

[
  {
    "feature": "PUSH_PASSWORD_UPDATES",
    "settings": {
      "pushPasswordSyncType": "SYNC_UNIQUE_PASSWORD | SYNC_OKTA_PASSWORD",
      "cycleSyncedPassword": false
    }
  },
  {
    "feature": "PUSH_PROFILE_UPDATES"
  },
  {
    "feature": "PUSH_NEW_USERS",
    "settings": {}
  }
]
HTTP/1.1 200 Success
Content-Type: application/json
{}
If Okta is not authorized, a 403 error will be thrown:
HTTP/1.1 403 Forbidden
Content-Type: application/json
{
  "errorCode": "E0000099",
  "errorSummary": "Enabling provisioning features forbidden",
  "errorLink": "E0000099",
  "errorId": "oaeHifznCllQ26xcRsO5vAk7A",
  "errorCauses": [
    {
      "errorSummary": "Your Okta application is not authorized to consume third party API."
    }
  ]
}
Disable provisioning feature

POST /api/v1/internal/apps/{appId}/lifecycle/disable-features

[
  {
    "feature": "PUSH_PASSWORD_UPDATES",
    "settings": {}
  },
  {
    "feature": "PUSH_PROFILE_UPDATES",
    "settings": {}
  },
  {
    "feature": "PUSH_NEW_USERS",
    "settings": {}
  }
]
Response
HTTP/1.1 200 Success
Content-Type: application/json
{}

  
## state-machine-form-auth.png

      
    Raw
  

              state-machine-form-auth.png
            
          
## state-machine-oauth.png

      
    Raw
  

              state-machine-oauth.png
            
          
## state-machine-provisioning.png

      
    Raw
  

              state-machine-provisioning.png