Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
CreateResourceInfo Object
Description
The CreateResourceInfo object is used to store creation info for a resource.
Usage Example
Use in the POST Resources endpoint.
The name of the remote resource.
"mongo-db-prod"
The type of the resource.
AWS_IAM_ROLE, AWS_EC2_INSTANCE, AWS_EKS_CLUSTER, AWS_RDS_POSTGRES_CLUSTER, AWS_RDS_POSTGRES_INSTANCE, AWS_RDS_MYSQL_CLUSTER, AWS_RDS_MYSQL_INSTANCE, AWS_ACCOUNT, AWS_SSO_PERMISSION_SET, AWS_ORGANIZATIONAL_UNIT, AZURE_MANAGEMENT_GROUP, AZURE_RESOURCE_GROUP, AZURE_SUBSCRIPTION, AZURE_VIRTUAL_MACHINE, AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_CONTAINER, AZURE_SQL_SERVER, AZURE_SQL_MANAGED_INSTANCE, AZURE_SQL_DATABASE, AZURE_SQL_MANAGED_DATABASE, AZURE_USER_ASSIGNED_MANAGED_Identity, AZURE_ENTRA_ID_ROLE, AZURE_ENTERPRISE_APP, CUSTOM, CUSTOM_CONNECTOR, DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL, GCP_ORGANIZATION, GCP_BUCKET, GCP_COMPUTE_INSTANCE, GCP_FOLDER, GCP_GKE_CLUSTER, GCP_PROJECT, GCP_CLOUD_SQL_POSTGRES_INSTANCE, GCP_CLOUD_SQL_MYSQL_INSTANCE, GCP_BIG_QUERY_DATASET, GCP_BIG_QUERY_TABLE, GCP_SERVICE_ACCOUNT, GIT_HUB_REPO, GIT_HUB_ORG_ROLE, GIT_LAB_PROJECT, GOOGLE_WORKSPACE_ROLE, MONGO_INSTANCE, MONGO_ATLAS_INSTANCE, OKTA_APP, OKTA_ROLE, OPAL_ROLE, OPAL_SCOPED_ROLE, PAGERDUTY_ROLE, TAILSCALE_SSH, SALESFORCE_PERMISSION_SET, SALESFORCE_PROFILE, SALESFORCE_ROLE, SNOWFLAKE_DATABASE, SNOWFLAKE_SCHEMA, SNOWFLAKE_TABLE, WORKDAY_ROLE, MYSQL_INSTANCE, MARIADB_INSTANCE, POSTGRES_INSTANCE, TELEPORT_ROLE, ILEVEL_ADVANCED_ROLE, DATASTAX_ASTRA_ROLE, COUPA_ROLE, CURSOR_ORGANIZATION, OPENAI_PLATFORM_PROJECT, OPENAI_PLATFORM_SERVICE_ACCOUNT, ANTHROPIC_WORKSPACE, GIT_HUB_ORG, ORACLE_FUSION_ROLE "AWS_IAM_ROLE"
The ID of the app for the resource.
"f454d283-ca87-4a8a-bdbb-df212eca5353"
A description of the remote resource.
"Engineering team Okta role."
Information that defines the remote resource. This replaces the deprecated remote_id and metadata fields.
Deprecated - use remote_info instead. The ID of the resource on the remote system. Include only for items linked to remote systems. See this guide for details on how to specify this field.
"API_ACCESS_MANAGEMENT_ADMIN-51d203da-313a-4fd9-8fcf-420ce6312345"
Deprecated - use remote_info instead.
JSON metadata about the remote resource. Include only for items linked to remote systems. See this guide for details on how to specify this field. The required format is dependent on resource_type and should have the following schema:
<style type="text/css"> code {max-height:300px !important} </style>{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "Resource Metadata",
"properties": {
"aws_ec2_instance": {
"properties": {
"instance_id": {
"type": "string"
},
"region": {
"type": "string"
}
},
"required": ["instance_id", "region"],
"additionalProperties": false,
"type": "object",
"title": "AWS EC2 Instance"
},
"aws_eks_cluster": {
"properties": {
"cluster_name": {
"type": "string"
},
"cluster_region": {
"type": "string"
},
"cluster_arn": {
"type": "string"
}
},
"required": ["cluster_name", "cluster_region", "cluster_arn"],
"additionalProperties": false,
"type": "object",
"title": "AWS EKS Cluster"
},
"aws_rds_instance": {
"properties": {
"instance_id": {
"type": "string"
},
"engine": {
"type": "string"
},
"region": {
"type": "string"
},
"resource_id": {
"type": "string"
},
"database_name": {
"type": "string"
}
},
"required": [
"instance_id",
"engine",
"region",
"resource_id",
"database_name"
],
"additionalProperties": false,
"type": "object",
"title": "AWS RDS Instance"
},
"aws_role": {
"properties": {
"arn": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": ["arn", "name"],
"additionalProperties": false,
"type": "object",
"title": "AWS Role"
},
"gcp_bucket": {
"properties": {
"bucket_id": {
"type": "string"
}
},
"required": ["bucket_id"],
"additionalProperties": false,
"type": "object",
"title": "GCP Bucket"
},
"gcp_compute_instance": {
"properties": {
"instance_id": {
"type": "string"
},
"project_id": {
"type": "string"
},
"zone": {
"type": "string"
}
},
"required": ["instance_id", "project_id", "zone"],
"additionalProperties": false,
"type": "object",
"title": "GCP Compute Instance"
},
"gcp_folder": {
"properties": {
"folder_id": {
"type": "string"
}
},
"required": ["folder_id"],
"additionalProperties": false,
"type": "object",
"title": "GCP Folder"
},
"gcp_gke_cluster": {
"properties": {
"cluster_name": {
"type": "string"
}
},
"required": ["cluster_name"],
"additionalProperties": false,
"type": "object",
"title": "GCP GKE Cluster"
},
"gcp_project": {
"properties": {
"project_id": {
"type": "string"
}
},
"required": ["project_id"],
"additionalProperties": false,
"type": "object",
"title": "GCP Project"
},
"gcp_sql_instance": {
"properties": {
"instance_id": {
"type": "string"
},
"project_id": {
"type": "string"
}
},
"required": ["instance_id", "project_id"],
"additionalProperties": false,
"type": "object",
"title": "GCP SQL Instance"
},
"git_hub_repo": {
"properties": {
"org_name": {
"type": "string"
},
"repo_name": {
"type": "string"
}
},
"required": ["org_name", "repo_name"],
"additionalProperties": false,
"type": "object",
"title": "GitHub Repo"
},
"okta_directory_app": {
"properties": {
"app_id": {
"type": "string"
},
"logo_url": {
"type": "string"
}
},
"required": ["app_id", "logo_url"],
"additionalProperties": false,
"type": "object",
"title": "Okta Directory App"
},
"okta_directory_role": {
"properties": {
"role_type": {
"type": "string"
},
"role_id": {
"type": "string"
}
},
"required": ["role_type", "role_id"],
"additionalProperties": false,
"type": "object",
"title": "Okta Directory Role"
},
"salesforce_profile": {
"properties": {
"user_license": {
"type": "string"
}
},
"required": ["user_license"],
"additionalProperties": false,
"type": "object",
"title": "Salesforce Profile"
}
},
"additionalProperties": false,
"minProperties": 1,
"maxProperties": 1,
"type": "object"
}"{\n \"okta_directory_role\":\n {\n \"role_id\": \"SUPER_ADMIN-b52aa037-4a35-4ac3-9350-f6260fd12345\",\n \"role_type\": \"SUPER_ADMIN\",\n },\n}"
Custom request notification sent upon request approval.
800"Check your email to register your account."
Indicates the level of potential impact misuse or unauthorized access may incur.
UNKNOWN, CRITICAL, HIGH, MEDIUM, LOW, NONE Response
The resource just created.
Resource Object
Description
The Resource object is used to represent a resource.
Usage Example
Update from the UPDATE Resources endpoint.
The ID of the resource.
"f454d283-ca87-4a8a-bdbb-df212eca5353"
The ID of the app.
"b5a5ca27-0ea3-4d86-9199-2126d57d1fbd"
The name of the resource.
"mongo-db-prod"
A description of the resource.
"This resource represents AWS IAM role \"SupportUser\"."
The ID of the owner of the resource.
"7c86c85d-0651-43e2-a748-d69d658418e8"
The ID of the resource on the remote system.
318038399
The name of the resource on the remote system.
"repo-name"
The type of the resource.
AWS_IAM_ROLE, AWS_EC2_INSTANCE, AWS_EKS_CLUSTER, AWS_RDS_POSTGRES_CLUSTER, AWS_RDS_POSTGRES_INSTANCE, AWS_RDS_MYSQL_CLUSTER, AWS_RDS_MYSQL_INSTANCE, AWS_ACCOUNT, AWS_SSO_PERMISSION_SET, AWS_ORGANIZATIONAL_UNIT, AZURE_MANAGEMENT_GROUP, AZURE_RESOURCE_GROUP, AZURE_SUBSCRIPTION, AZURE_VIRTUAL_MACHINE, AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_CONTAINER, AZURE_SQL_SERVER, AZURE_SQL_MANAGED_INSTANCE, AZURE_SQL_DATABASE, AZURE_SQL_MANAGED_DATABASE, AZURE_USER_ASSIGNED_MANAGED_Identity, AZURE_ENTRA_ID_ROLE, AZURE_ENTERPRISE_APP, CUSTOM, CUSTOM_CONNECTOR, DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL, GCP_ORGANIZATION, GCP_BUCKET, GCP_COMPUTE_INSTANCE, GCP_FOLDER, GCP_GKE_CLUSTER, GCP_PROJECT, GCP_CLOUD_SQL_POSTGRES_INSTANCE, GCP_CLOUD_SQL_MYSQL_INSTANCE, GCP_BIG_QUERY_DATASET, GCP_BIG_QUERY_TABLE, GCP_SERVICE_ACCOUNT, GIT_HUB_REPO, GIT_HUB_ORG_ROLE, GIT_LAB_PROJECT, GOOGLE_WORKSPACE_ROLE, MONGO_INSTANCE, MONGO_ATLAS_INSTANCE, OKTA_APP, OKTA_ROLE, OPAL_ROLE, OPAL_SCOPED_ROLE, PAGERDUTY_ROLE, TAILSCALE_SSH, SALESFORCE_PERMISSION_SET, SALESFORCE_PROFILE, SALESFORCE_ROLE, SNOWFLAKE_DATABASE, SNOWFLAKE_SCHEMA, SNOWFLAKE_TABLE, WORKDAY_ROLE, MYSQL_INSTANCE, MARIADB_INSTANCE, POSTGRES_INSTANCE, TELEPORT_ROLE, ILEVEL_ADVANCED_ROLE, DATASTAX_ASTRA_ROLE, COUPA_ROLE, CURSOR_ORGANIZATION, OPENAI_PLATFORM_PROJECT, OPENAI_PLATFORM_SERVICE_ACCOUNT, ANTHROPIC_WORKSPACE, GIT_HUB_ORG, ORACLE_FUSION_ROLE "AWS_IAM_ROLE"
The maximum duration for which the resource can be requested (in minutes).
120
The recommended duration for which the resource should be requested (in minutes). -1 represents an indefinite duration.
120
The duration for which access can be extended (in minutes). Set to 0 to disable extensions. When > 0, extensions are enabled for the specified duration.
120
A bool representing whether or not access requests to the resource require manager approval.
false
A bool representing whether or not access requests to the resource require an access ticket.
false
A bool representing whether or not to require MFA for reviewers to approve requests for this resource.
false
A bool representing whether or not to require MFA for requesting access to this resource.
false
A bool representing whether or not to require MFA to connect to this resource.
false
A bool representing whether or not to automatically approve requests to this resource.
false
The ID of the associated request template.
"06851574-e50d-40ca-8c78-f72ae6ab4304"
A bool representing whether or not to allow access requests to this resource.
false
The ID of the parent resource.
"06851574-e50d-40ca-8c78-f72ae6ab4305"
The ID of the associated configuration template.
"06851574-e50d-40ca-8c78-f72ae6ab4304"
A list of configurations for requests to this resource.
A list of configurations for requests to this resource. Deprecated in favor of request_configurations.
Configuration for ticket propagation, when enabled, a ticket will be created for access changes related to the users in this resource.
Custom request notification sent upon request approval.
800The risk sensitivity level for the resource. When an override is set, this field will match that. Indicates the level of potential impact misuse or unauthorized access may incur.
UNKNOWN, CRITICAL, HIGH, MEDIUM, LOW, NONE Indicates the level of potential impact misuse or unauthorized access may incur.
UNKNOWN, CRITICAL, HIGH, MEDIUM, LOW, NONE JSON metadata about the remote resource. Only set for items linked to remote systems. See this guide for details.
"{\n \"okta_directory_role\":\n {\n \"role_id\": \"SUPER_ADMIN-b52aa037-4a35-4ac3-9350-f6260fd12345\",\n \"role_type\": \"SUPER_ADMIN\",\n },\n}"
Information that defines the remote resource. This replaces the deprecated remote_id and metadata fields.
List of resource IDs that are ancestors of this resource.
[
"f454d283-ca67-4a8a-bdbb-df212eca5345",
"f454d283-ca67-4a8a-bdbb-df212eca5346"
]List of resource IDs that are descendants of this resource.
[
"f454d283-ca67-4a8a-bdbb-df212eca5347",
"f454d283-ca67-4a8a-bdbb-df212eca5348"
]Information about the last successful sync of this resource.
{
"id": "7c86c85d-0651-43e2-a748-d69d658418e8",
"completed_at": "2023-10-01T12:00:00.000Z"
}