service_accounts
Creates, updates, deletes, gets or lists a service_accounts resource.
Overview
| Name | service_accounts |
| Type | Resource |
| Id | okta.privileged_access.service_accounts |
Fields
The following fields are returned by SELECT queries:
- list_app_service_accounts
- get_app_service_account
| Name | Datatype | Description |
|---|---|---|
id | string (regex) | The UUID of the app service account (pattern: (?i)^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$, example: a747a818-a4c4-4446-8a87-704216495a08) |
name | string (regex) | The user-defined name for the app service account (pattern: ^[\w-_. ]+$, example: salesforce Prod-5 account) |
containerGlobalName | string | The key name of the app in the Okta Integration Network (OIN) (example: salesforce) |
containerInstanceName | string | The app instance label (example: salesforce Prod 5) |
containerOrn | string | The ORN of the relevant resource. Use the specific app ORN format (orn:{partition}:idp:{yourOrgId}:apps:{appType}:{appId}) to identify an Okta app instance in your org. (example: orn:okta:idp:00o1n8sbwArJ7OQRw406:apps:salesforce:0oa1gjh63g214q0Hq0g4) |
created | string (date-time) | Timestamp when the app service account was created |
description | string (regex) | The description of the app service account (example: This is for accessing salesforce Prod-5) |
lastUpdated | string (date-time) | Timestamp when the app service account was last updated |
ownerGroupIds | array | A list of IDs of the Okta groups who own the app service account |
ownerUserIds | array | A list of IDs of the Okta users who own the app service account |
password | string (password) | The app service account password. Required for apps that don't have provisioning enabled or don't support password synchronization. |
status | string | Describes the current status of an app service account (example: UNSECURED) |
statusDetail | string | Describes the detailed status of an app service account (example: STAGED) |
username | string | The username that serves as the direct link to your managed app account. Ensure that this value precisely matches the identifier of the target app account. (example: testuser-salesforce-5@example.com) |
| Name | Datatype | Description |
|---|---|---|
id | string (regex) | The UUID of the app service account (pattern: (?i)^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$, example: a747a818-a4c4-4446-8a87-704216495a08) |
name | string (regex) | The user-defined name for the app service account (pattern: ^[\w-_. ]+$, example: salesforce Prod-5 account) |
containerGlobalName | string | The key name of the app in the Okta Integration Network (OIN) (example: salesforce) |
containerInstanceName | string | The app instance label (example: salesforce Prod 5) |
containerOrn | string | The ORN of the relevant resource. Use the specific app ORN format (orn:{partition}:idp:{yourOrgId}:apps:{appType}:{appId}) to identify an Okta app instance in your org. (example: orn:okta:idp:00o1n8sbwArJ7OQRw406:apps:salesforce:0oa1gjh63g214q0Hq0g4) |
created | string (date-time) | Timestamp when the app service account was created |
description | string (regex) | The description of the app service account (example: This is for accessing salesforce Prod-5) |
lastUpdated | string (date-time) | Timestamp when the app service account was last updated |
ownerGroupIds | array | A list of IDs of the Okta groups who own the app service account |
ownerUserIds | array | A list of IDs of the Okta users who own the app service account |
password | string (password) | The app service account password. Required for apps that don't have provisioning enabled or don't support password synchronization. |
status | string | Describes the current status of an app service account (example: UNSECURED) |
statusDetail | string | Describes the detailed status of an app service account (example: STAGED) |
username | string | The username that serves as the direct link to your managed app account. Ensure that this value precisely matches the identifier of the target app account. (example: testuser-salesforce-5@example.com) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_app_service_accounts | select | subdomain | limit, after, match | Lists all app service accounts |
get_app_service_account | select | subdomain | Retrieves an app service account specified by ID | |
create_app_service_account | insert | subdomain, data__name, data__containerOrn, data__username | Creates a new app service account for managing an app account | |
update_app_service_account | update | subdomain | Updates an existing app service account specified by ID | |
delete_app_service_account | delete | subdomain | Deletes an app service account specified by ID |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the Link response header. See Pagination. |
limit | integer | A limit on the number of objects to return |
match | string | Searches for app service accounts where the account name (name), username (username), app instance label (containerInstanceName), or OIN app key name (containerGlobalName) contains the given value |
SELECT examples
- list_app_service_accounts
- get_app_service_account
Lists all app service accounts
SELECT
id,
name,
containerGlobalName,
containerInstanceName,
containerOrn,
created,
description,
lastUpdated,
ownerGroupIds,
ownerUserIds,
password,
status,
statusDetail,
username
FROM okta.privileged_access.service_accounts
WHERE subdomain = '{{ subdomain }}' -- required
AND limit = '{{ limit }}'
AND after = '{{ after }}'
AND match = '{{ match }}';
Retrieves an app service account specified by ID
SELECT
id,
name,
containerGlobalName,
containerInstanceName,
containerOrn,
created,
description,
lastUpdated,
ownerGroupIds,
ownerUserIds,
password,
status,
statusDetail,
username
FROM okta.privileged_access.service_accounts
WHERE subdomain = '{{ subdomain }}' -- required;
INSERT examples
- create_app_service_account
- Manifest
Creates a new app service account for managing an app account
INSERT INTO okta.privileged_access.service_accounts (
data__containerOrn,
data__description,
data__name,
data__ownerGroupIds,
data__ownerUserIds,
data__password,
data__username,
subdomain
)
SELECT
'{{ containerOrn }}' --required,
'{{ description }}',
'{{ name }}' --required,
'{{ ownerGroupIds }}',
'{{ ownerUserIds }}',
'{{ password }}',
'{{ username }}' --required,
'{{ subdomain }}'
RETURNING
id,
name,
containerGlobalName,
containerInstanceName,
containerOrn,
created,
description,
lastUpdated,
ownerGroupIds,
ownerUserIds,
password,
status,
statusDetail,
username
;
# Description fields are for documentation purposes
- name: service_accounts
props:
- name: subdomain
value: string
description: Required parameter for the service_accounts resource.
- name: containerOrn
value: string
description: >
The [ORN](https://developer.okta.com/docs/api/openapi/okta-management/guides/roles/#okta-resource-name-orn) of the relevant resource.
Use the specific app ORN format (`orn:{partition}:idp:{yourOrgId}:apps:{appType}:{appId}`) to identify an Okta app instance in your org.
- name: description
value: string
description: >
The description of the app service account
- name: name
value: string
description: >
The user-defined name for the app service account
- name: ownerGroupIds
value: array
description: >
A list of IDs of the Okta groups who own the app service account
- name: ownerUserIds
value: array
description: >
A list of IDs of the Okta users who own the app service account
- name: password
value: string
description: >
The app service account password. Required for apps that don't have provisioning enabled or don't support password synchronization.
- name: username
value: string
description: >
The username that serves as the direct link to your managed app account. Ensure that this value precisely matches the identifier of the target app account.
UPDATE examples
- update_app_service_account
Updates an existing app service account specified by ID
UPDATE okta.privileged_access.service_accounts
SET
data__description = '{{ description }}',
data__name = '{{ name }}',
data__ownerGroupIds = '{{ ownerGroupIds }}',
data__ownerUserIds = '{{ ownerUserIds }}'
WHERE
subdomain = '{{ subdomain }}' --required
RETURNING
id,
name,
containerGlobalName,
containerInstanceName,
containerOrn,
created,
description,
lastUpdated,
ownerGroupIds,
ownerUserIds,
password,
status,
statusDetail,
username;
DELETE examples
- delete_app_service_account
Deletes an app service account specified by ID
DELETE FROM okta.privileged_access.service_accounts
WHERE subdomain = '{{ subdomain }}' --required;