idp_users
Creates, updates, deletes, gets or lists an idp_users resource.
Overview
| Name | idp_users |
| Type | Resource |
| Id | okta.idps.idp_users |
Fields
The following fields are returned by SELECT queries:
- list_identity_provider_application_users
- get_identity_provider_application_user
| Name | Datatype | Description |
|---|---|---|
id | string | Unique key of the user |
_embedded | object | Embedded resources related to the IdP user |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
created | string (date-time) | Timestamp when the object was created (example: 2016-01-03T18:15:47.000Z) |
externalId | string | Unique IdP-specific identifier for the user (example: saml.jackson@example.com) |
lastUpdated | string (date-time) | Timestamp when the object was last updated (example: 2016-01-03T18:15:47.000Z) |
profile | object | IdP-specific profile for the user. IdP user profiles are IdP-specific but may be customized by the Profile Editor in the Admin Console. > Note: Okta variable names have reserved characters that may conflict with the name of an IdP assertion attribute. You can use the External name to define the attribute name as defined in an IdP assertion such as a SAML attribute name. |
| Name | Datatype | Description |
|---|---|---|
id | string | Unique key of the user |
_embedded | object | Embedded resources related to the IdP user |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
created | string (date-time) | Timestamp when the object was created (example: 2016-01-03T18:15:47.000Z) |
externalId | string | Unique IdP-specific identifier for the user (example: saml.jackson@example.com) |
lastUpdated | string (date-time) | Timestamp when the object was last updated (example: 2016-01-03T18:15:47.000Z) |
profile | object | IdP-specific profile for the user. IdP user profiles are IdP-specific but may be customized by the Profile Editor in the Admin Console. > Note: Okta variable names have reserved characters that may conflict with the name of an IdP assertion attribute. You can use the External name to define the attribute name as defined in an IdP assertion such as a SAML attribute name. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_identity_provider_application_users | select | subdomain | q, after, limit, expand | Lists all the users linked to an identity provider (IdP) |
get_identity_provider_application_user | select | subdomain | Retrieves a linked identity provider (IdP) user by ID | |
unlink_user_from_identity_provider | delete | subdomain | Unlinks the Okta user and the identity provider (IdP) user. The next time the user federates into Okta through this IdP, they have to re-link their account according to the account link policy. | |
link_user_to_identity_provider | exec | subdomain | Links an Okta user to an existing SAML or social identity provider (IdP). The SAML IdP must have honorPersistentNameId set to true to use this API.The Name Identifier Format of the incoming assertion must be urn:oasis:names:tc:SAML:2.0:nameid-format:persistent. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination. |
expand | string | Expand user data |
limit | integer | A limit on the number of objects to return |
q | string | Searches the records for matching value |
SELECT examples
- list_identity_provider_application_users
- get_identity_provider_application_user
Lists all the users linked to an identity provider (IdP)
SELECT
id,
_embedded,
_links,
created,
externalId,
lastUpdated,
profile
FROM okta.idps.idp_users
WHERE subdomain = '{{ subdomain }}' -- required
AND q = '{{ q }}'
AND after = '{{ after }}'
AND limit = '{{ limit }}'
AND expand = '{{ expand }}';
Retrieves a linked identity provider (IdP) user by ID
SELECT
id,
_embedded,
_links,
created,
externalId,
lastUpdated,
profile
FROM okta.idps.idp_users
WHERE subdomain = '{{ subdomain }}' -- required;
DELETE examples
- unlink_user_from_identity_provider
Unlinks the Okta user and the identity provider (IdP) user. The next time the user federates into Okta through this IdP, they have to re-link their account according to the account link policy.
DELETE FROM okta.idps.idp_users
WHERE subdomain = '{{ subdomain }}' --required;
Lifecycle Methods
- link_user_to_identity_provider
Links an Okta user to an existing SAML or social identity provider (IdP).
The SAML IdP must have honorPersistentNameId set to true to use this API.
The Name Identifier Format of the incoming assertion must be urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
EXEC okta.idps.idp_users.link_user_to_identity_provider
@subdomain='{{ subdomain }}' --required
@@json=
'{
"externalId": "{{ externalId }}"
}';