app_targets
Creates, updates, deletes, gets or lists an app_targets resource.
Overview
| Name | app_targets |
| Type | Resource |
| Id | okta.groups.app_targets |
Fields
The following fields are returned by SELECT queries:
- list_application_targets_for_application_administrator_role_for_group
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the app instance. Okta returns this property only for apps not in the OIN catalog. |
name | string | App key name. For OIN catalog apps, this is a unique key for the app definition. |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification |
category | string | Category for the app in the OIN catalog (example: SOCIAL) |
description | string | Description of the app in the OIN catalog |
displayName | string | OIN catalog app display name |
features | array | Features supported by the app. See app features. |
lastUpdated | string (date-time) | Timestamp when the object was last updated (example: 2024-09-19T23:37:37.000Z) |
signOnModes | array | Authentication mode for the app. See app signOnMode. |
status | string | App status |
verificationStatus | string | OIN verification status of the catalog app (example: OKTA_VERIFIED) |
website | string | Website of the OIN catalog app |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_application_targets_for_application_administrator_role_for_group | select | subdomain | after, limit | Lists all app targets for an APP_ADMIN role assignment to a group. The response includes a list of OIN-cataloged apps or app instances. The response payload for an app instance contains the id property, but an OIN-cataloged app doesn't. |
assign_app_target_to_admin_role_for_group | replace | subdomain | Assigns an OIN app target to an APP_ADMIN role assignment to a group. When you assign the first OIN app target, you reduce the scope of the role assignment. The role no longer applies to all app targets, but applies only to the specified target. An OIN app target that's assigned to the role overrides any existing instance targets of the OIN app. For example, if a user is assigned to administer a specific Facebook instance, a successful request to add an OIN app with facebook for appName makes that user the administrator for all Facebook instances. | |
unassign_app_target_to_admin_role_for_group | delete | subdomain | Unassigns an OIN app target from an APP_ADMIN role assignment to a group> Note: You can't remove the last app target from a role assignment. > If you need a role assignment that applies to all apps, delete the APP_ADMIN role assignment with the target and create another one. See Unassign a group role. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination. |
limit | integer | A limit on the number of objects to return |
SELECT examples
- list_application_targets_for_application_administrator_role_for_group
Lists all app targets for an APP_ADMIN role assignment to a group. The response includes a list of OIN-cataloged apps or app instances. The response payload for an app instance contains the id property, but an OIN-cataloged app doesn't.
SELECT
id,
name,
_links,
category,
description,
displayName,
features,
lastUpdated,
signOnModes,
status,
verificationStatus,
website
FROM okta.groups.app_targets
WHERE subdomain = '{{ subdomain }}' -- required
AND after = '{{ after }}'
AND limit = '{{ limit }}';
REPLACE examples
- assign_app_target_to_admin_role_for_group
Assigns an OIN app target to an APP_ADMIN role assignment to a group. When you assign the first OIN app target, you reduce the scope of the role assignment. The role no longer applies to all app targets, but applies only to the specified target. An OIN app target that's assigned to the role overrides any existing instance targets of the OIN app. For example, if a user is assigned to administer a specific Facebook instance, a successful request to add an OIN app with facebook for appName makes that user the administrator for all Facebook instances.
REPLACE okta.groups.app_targets
SET
-- No updatable properties
WHERE
subdomain = '{{ subdomain }}' --required;
DELETE examples
- unassign_app_target_to_admin_role_for_group
Unassigns an OIN app target from an APP_ADMIN role assignment to a group
> Note: You can't remove the last app target from a role assignment.
> If you need a role assignment that applies to all apps, delete the APP_ADMIN role assignment with the target and create another one. See Unassign a group role.
DELETE FROM okta.groups.app_targets
WHERE subdomain = '{{ subdomain }}' --required;