assigned_apps

Creates, updates, deletes, gets or lists an assigned_apps resource.

Overview

Name	assigned_apps
Type	Resource
Id	okta.groups.assigned_apps

Fields

The following fields are returned by SELECT queries:

list_assigned_applications_for_group

Name	Datatype	Description
id	string	Unique ID for the app instance
_embedded	object	Embedded resources related to the app using the JSON Hypertext Application Language specification. If the expand=user/{userId} query parameter is specified, then the assigned Application User is embedded.
_links	object	Discoverable resources related to the app
accessibility	object	Specifies access settings for the app
created	string (date-time)	Timestamp when the application object was created
features	array	Enabled app features > Note: See Application Features for app provisioning features.
label	string	User-defined display name for app
lastUpdated	string (date-time)	Timestamp when the application object was last updated
licensing	object	Licenses for the app
orn	string	The Okta resource name (ORN) for the current app instance
profile	object	Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps). For example, add an app manager contact email address or define an allowlist of groups that you can then reference using the Okta Expression Language getFilteredGroups function. > Notes: > * profile isn't encrypted, so don't store sensitive data in it. > * profile doesn't limit the level of nesting in the JSON schema you created, but there is a practical size limit. Okta recommends a JSON schema size of 1 MB or less for best performance.
signOnMode	string	Authentication mode for the app | signOnMode | Description | | ---------- | ----------- | | AUTO_LOGIN | Secure Web Authentication (SWA) | | BASIC_AUTH | HTTP Basic Authentication with Okta Browser Plugin | | BOOKMARK | Just a bookmark (no-authentication) | | BROWSER_PLUGIN | Secure Web Authentication (SWA) with Okta Browser Plugin | | OPENID_CONNECT | Federated Authentication with OpenID Connect (OIDC) | | SAML_1_1 | Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) | | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO | | SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) | | WS_FEDERATION | Federated Authentication with WS-Federation Passive Requestor Profile | Select the signOnMode for your custom app:
status	string	App instance status
universalLogout	object	<div class="x-lifecycle-container"><x-lifecycle class="oie"></x-lifecycle></div> Universal Logout properties for the app. These properties are only returned and can't be updated. (example: ACTIVE)
visibility	object	Specifies visibility settings for the app

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
list_assigned_applications_for_group	select	subdomain	after, limit	Lists all apps that are assigned to a group. See Application Groups API.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
subdomain	string	The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org)
after	string	Specifies the pagination cursor for the next page of apps
limit	integer (int32)	Specifies the number of app results for a page

SELECT examples

list_assigned_applications_for_group

Lists all apps that are assigned to a group. See Application Groups API.

SELECT
id,
_embedded,
_links,
accessibility,
created,
features,
label,
lastUpdated,
licensing,
orn,
profile,
signOnMode,
status,
universalLogout,
visibility
FROM okta.groups.assigned_apps
WHERE subdomain = '{{ subdomain }}' -- required
AND after = '{{ after }}'
AND limit = '{{ limit }}';